From 0941a5150b2dcf72124ce3f6de91f7d3da69ade2 Mon Sep 17 00:00:00 2001 From: Chris Stackhouse Date: Thu, 27 Jun 2024 21:49:56 -0700 Subject: [PATCH] Wider fix for property round-trip through Update- Improve global test cleanup --- .../custom/Update-AzPolicyAssignment.ps1 | 35 ++-- .../custom/Update-AzPolicyDefinition.ps1 | 12 ++ .../custom/Update-AzPolicyExemption.ps1 | 20 +++ .../custom/Update-AzPolicySetDefinition.ps1 | 12 ++ .../test/PolicyAssignmentCRUD.Tests.ps1 | 25 +++ .../test/PolicyDefinitionCRUD.Tests.ps1 | 21 ++- .../test/PolicyExemptionCRUD.Tests.ps1 | 23 +++ .../test/PolicySetDefinitionCRUD.Tests.ps1 | 19 ++ src/Resources/Policy.Autorest/test/env.json | 162 +++++++++--------- .../Policy.Autorest/test/localEnv.json | 154 +++++++++-------- src/Resources/Policy.Autorest/test/utils.ps1 | 14 +- 11 files changed, 315 insertions(+), 182 deletions(-) diff --git a/src/Resources/Policy.Autorest/custom/Update-AzPolicyAssignment.ps1 b/src/Resources/Policy.Autorest/custom/Update-AzPolicyAssignment.ps1 index fc2484b85693..09024a7c5f81 100644 --- a/src/Resources/Policy.Autorest/custom/Update-AzPolicyAssignment.ps1 +++ b/src/Resources/Policy.Autorest/custom/Update-AzPolicyAssignment.ps1 @@ -319,13 +319,8 @@ process { } } - if (!$NotScope) { - if ($_.NotScope) { - $calledParameters.NotScope = $_.NotScope - } - elseif ($existing.NotScope) { - $calledParameters.NotScope = $existing.NotScope - } + if (!$NotScope -and !($NotScope -is [array])) { + $calledParameters.NotScope = $existing.NotScope } if (!$Location) { @@ -337,22 +332,20 @@ process { } } - if (!$DisplayName) { - if ($_.DisplayName) { - $calledParameters.DisplayName = $_.DisplayName - } - elseif ($existing.DisplayName) { - $calledParameters.DisplayName = $existing.DisplayName - } + if (!$calledParameters.DisplayName) { + $calledParameters.DisplayName = $existing.DisplayName } - if (!$Description) { - if ($_.Description) { - $calledParameters.Description = $_.Description - } - elseif ($existing.Description) { - $calledParameters.Description = $existing.Description - } + if (!$calledParameters.Description) { + $calledParameters.Description = $existing.Description + } + + if (!$calledParameters.Metadata) { + $calledParameters.Metadata = $existing.Metadata + } + + if (!$calledParameters.EnforcementMode -and $calledParameters.EnforcementMode) { + $calledParameters.EnforcementMode = $existing.EnforcementMode } if ($BackwardCompatible) { diff --git a/src/Resources/Policy.Autorest/custom/Update-AzPolicyDefinition.ps1 b/src/Resources/Policy.Autorest/custom/Update-AzPolicyDefinition.ps1 index dc2f024e0159..343386cb122d 100644 --- a/src/Resources/Policy.Autorest/custom/Update-AzPolicyDefinition.ps1 +++ b/src/Resources/Policy.Autorest/custom/Update-AzPolicyDefinition.ps1 @@ -286,6 +286,18 @@ process { $calledParameters.Parameter = ConvertTo-Json $existing.Parameter -Depth 100 } + if (!$calledParameters.DisplayName) { + $calledParameters.DisplayName = $existing.DisplayName + } + + if (!$calledParameters.Description) { + $calledParameters.Description = $existing.Description + } + + if (!$calledParameters.Metadata) { + $calledParameters.Metadata = $existing.Metadata + } + if ($BackwardCompatible) { $calledParameters.BackwardCompatible = $true } diff --git a/src/Resources/Policy.Autorest/custom/Update-AzPolicyExemption.ps1 b/src/Resources/Policy.Autorest/custom/Update-AzPolicyExemption.ps1 index e9fd6b908966..0fd1b615ff2e 100644 --- a/src/Resources/Policy.Autorest/custom/Update-AzPolicyExemption.ps1 +++ b/src/Resources/Policy.Autorest/custom/Update-AzPolicyExemption.ps1 @@ -254,6 +254,26 @@ process { $null = $calledParameters.Remove('ClearExpiration') } + if (!$calledParameters.DisplayName) { + $calledParameters.DisplayName = $existing.DisplayName + } + + if (!$calledParameters.Description) { + $calledParameters.Description = $existing.Description + } + + if (!$calledParameters.PolicyDefinitionReferenceId -and !($calledParameters.PolicyDefinitionReferenceId -is [array])) { + $calledParameters.PolicyDefinitionReferenceId = $existing.PolicyDefinitionReferenceId + } + + if (!$calledParameters.Metadata) { + $calledParameters.Metadata = $existing.Metadata + } + + if (!$calledParameters.AssignmentScopeValidation -and $existing.AssignmentScopeValidation) { + $calledParameters.AssignmentScopeValidation = $existing.AssignmentScopeValidation + } + if ($BackwardCompatible) { $calledParameters.BackwardCompatible = $true } diff --git a/src/Resources/Policy.Autorest/custom/Update-AzPolicySetDefinition.ps1 b/src/Resources/Policy.Autorest/custom/Update-AzPolicySetDefinition.ps1 index 5062466b8a44..1580414cf629 100644 --- a/src/Resources/Policy.Autorest/custom/Update-AzPolicySetDefinition.ps1 +++ b/src/Resources/Policy.Autorest/custom/Update-AzPolicySetDefinition.ps1 @@ -256,6 +256,18 @@ process { $calledParameters.PolicyDefinitionGroup = ConvertTo-Json -Depth 100 $existing.PolicyDefinitionGroup } + if (!$calledParameters.DisplayName) { + $calledParameters.DisplayName = $existing.DisplayName + } + + if (!$calledParameters.Description) { + $calledParameters.Description = $existing.Description + } + + if (!$calledParameters.Metadata) { + $calledParameters.Metadata = $existing.Metadata + } + if ($BackwardCompatible) { $calledParameters.BackwardCompatible = $true } diff --git a/src/Resources/Policy.Autorest/test/PolicyAssignmentCRUD.Tests.ps1 b/src/Resources/Policy.Autorest/test/PolicyAssignmentCRUD.Tests.ps1 index 3ceefb1835a5..31452be0d8b6 100644 --- a/src/Resources/Policy.Autorest/test/PolicyAssignmentCRUD.Tests.ps1 +++ b/src/Resources/Policy.Autorest/test/PolicyAssignmentCRUD.Tests.ps1 @@ -102,6 +102,31 @@ Describe 'PolicyAssignmentCRUD' { $update.NonComplianceMessage[1].PolicyDefinitionReferenceId | Should -Be $policyDefinitionReferenceId1 } + It 'Validate parameter round-trip' { + # get the definition, do an update with no changes, validate nothing is changed in response or backend + $expected = Get-AzPolicyAssignment -Name $testPA -Scope $rgScope + $response = Update-AzPolicyAssignment -Name $testPA -Scope $rgScope + $response.DisplayName | Should -Be $expected.DisplayName + $response.Description | Should -Be $expected.Description + $response.Metadata.$metadataName | Should -Be $expected.Metadata.$metadataName + $response.NonComplianceMessage[0] | Should -BeLike $expected.NonComplianceMessage[0] + $response.NonComplianceMessage[1] | Should -BeLike $expected.NonComplianceMessage[1] + $response.Parameter | Should -BeLike $expected.Parameter + $response.NotScope | Should -BeLike $expected.NotScope + $response.Location | Should -BeLike $expected.Location + $response.EnforcementMode | Should -BeLike $expected.EnforcementMode + $actual = Get-AzPolicyAssignment -Name $testPA -Scope $rgScope + $actual.DisplayName | Should -Be $expected.DisplayName + $actual.Description | Should -Be $expected.Description + $actual.Metadata.$metadataName | Should -Be $expected.Metadata.$metadataName + $actual.NonComplianceMessage[0] | Should -BeLike $expected.NonComplianceMessage[0] + $actual.NonComplianceMessage[1] | Should -BeLike $expected.NonComplianceMessage[1] + $actual.Parameter | Should -BeLike $expected.Parameter + $actual.NotScope | Should -Be $expected.NotScope + $actual.Location | Should -BeLike $expected.Location + $actual.EnforcementMode | Should -BeLike $expected.EnforcementMode + } + It 'Update the policy assignment to have a single non-compliance message' { # get original assignment back again $actual = Get-AzPolicyAssignment -Name $testPA -Scope $rgScope diff --git a/src/Resources/Policy.Autorest/test/PolicyDefinitionCRUD.Tests.ps1 b/src/Resources/Policy.Autorest/test/PolicyDefinitionCRUD.Tests.ps1 index c7a01f66b79c..ba126c72de0e 100644 --- a/src/Resources/Policy.Autorest/test/PolicyDefinitionCRUD.Tests.ps1 +++ b/src/Resources/Policy.Autorest/test/PolicyDefinitionCRUD.Tests.ps1 @@ -28,7 +28,26 @@ Describe 'PolicyDefinitionCRUD' -Tag 'LiveOnly' { $expected.DisplayName | Should -Be $actual.DisplayName $expected.Description | Should -Be $actual.Description $actual.Metadata | Should -Not -BeNullOrEmpty - $actual.Metadata.$metadataName| Should -Be $metadataValue + $actual.Metadata.$metadataName | Should -Be $metadataValue + } + + It 'Validate parameter round-trip' { + # get the definition, do an update with no changes, validate nothing is changed in response or backend + $expected = Get-AzPolicyDefinition -Name $policyName + $response = Update-AzPolicyDefinition -Name $policyName + $response.DisplayName | Should -Be $expected.DisplayName + $response.Description | Should -Be $expected.Description + $response.Metadata.$metadataName | Should -Be $expected.Metadata.$metadataName + $response.PolicyDefinition | Should -BeLike $expected.PolicyDefinition + $response.Parameter | Should -BeLike $expected.Parameter + $response.Mode | Should -BeLike $expected.Mode + $actual = Get-AzPolicyDefinition -Name $policyName + $actual.DisplayName | Should -Be $expected.DisplayName + $actual.Description | Should -Be $expected.Description + $actual.Metadata.$metadataName | Should -Be $expected.Metadata.$metadataName + $actual.PolicyDefinition | Should -BeLike $expected.PolicyDefinition + $actual.Parameter | Should -BeLike $expected.Parameter + $actual.Mode | Should -BeLike $expected.Mode } It 'Make policy definition from command line rule' { diff --git a/src/Resources/Policy.Autorest/test/PolicyExemptionCRUD.Tests.ps1 b/src/Resources/Policy.Autorest/test/PolicyExemptionCRUD.Tests.ps1 index 16ec547f3440..014100ca4b37 100644 --- a/src/Resources/Policy.Autorest/test/PolicyExemptionCRUD.Tests.ps1 +++ b/src/Resources/Policy.Autorest/test/PolicyExemptionCRUD.Tests.ps1 @@ -78,6 +78,29 @@ Describe 'PolicyExemptionCRUD' { $exemption.Metadata.$metadataName | Should -BeNull } + It 'Validate parameter round-trip' { + # get the definition, do an update with no changes, validate nothing is changed in response or backend + $expected = Get-AzPolicyExemption -Name $testExemption -Scope $rgScope + $response = Update-AzPolicyExemption -Name $testExemption -Scope $rgScope + $response.DisplayName | Should -Be $expected.DisplayName + $response.Description | Should -Be $expected.Description + $response.Metadata.$metadataName | Should -Be $expected.Metadata.$metadataName + $response.ExemptionCategory | Should -BeLike $expected.ExemptionCategory + $response.Parameter | Should -BeLike $expected.Parameter + $response.PolicyDefinitionReferenceId | Should -BeLike $expected.PolicyDefinitionReferenceId + $response.ExpiresOn | Should -BeLike $expected.ExpiresOn + $response.AssignmentScopeValidation | Should -BeLike $expected.AssignmentScopeValidation + $actual = Get-AzPolicyExemption -Name $testExemption -Scope $rgScope + $actual.DisplayName | Should -Be $expected.DisplayName + $actual.Description | Should -Be $expected.Description + $actual.Metadata.$metadataName | Should -Be $expected.Metadata.$metadataName + $actual.ExemptionCategory | Should -BeLike $expected.ExemptionCategory + $actual.Parameter | Should -BeLike $expected.Parameter + $actual.PolicyDefinitionReferenceId | Should -BeLike $expected.PolicyDefinitionReferenceId + $actual.ExpiresOn | Should -BeLike $expected.ExpiresOn + $actual.AssignmentScopeValidation | Should -BeLike $expected.AssignmentScopeValidation + } + It 'Update policy exemption by clearing the expiration' { # get the exemption by name first $exemption = Get-AzPolicyExemption -Name $testExemption -Scope $rgScope diff --git a/src/Resources/Policy.Autorest/test/PolicySetDefinitionCRUD.Tests.ps1 b/src/Resources/Policy.Autorest/test/PolicySetDefinitionCRUD.Tests.ps1 index 642bf69b1342..d8ed63cf3f49 100644 --- a/src/Resources/Policy.Autorest/test/PolicySetDefinitionCRUD.Tests.ps1 +++ b/src/Resources/Policy.Autorest/test/PolicySetDefinitionCRUD.Tests.ps1 @@ -46,6 +46,25 @@ Describe 'PolicySetDefinitionCRUD' { $actual.Metadata.$metadataName | Should -Be $metadataValue } + It 'Validate parameter round-trip' { + # get the set definition, do an update with no changes, validate nothing is changed in response or backend + $expected = Get-AzPolicySetDefinition -Name $policySetDefName + $response = Update-AzPolicySetDefinition -Name $policySetDefName + $response.DisplayName | Should -Be $expected.DisplayName + $response.Description | Should -Be $expected.Description + $response.Metadata.$metadataName | Should -Be $expected.Metadata.$metadataName + $response.PolicyRule | Should -BeLike $expected.PolicyRule + $response.Parameter | Should -BeLike $expected.Parameter + $response.PolicyDefinitionGroup | Should -BeLike $expected.PolicyDefinitionGroup + $actual = Get-AzPolicySetDefinition -Name $policySetDefName + $actual.DisplayName | Should -Be $expected.DisplayName + $actual.Description | Should -Be $expected.Description + $actual.Metadata.$metadataName | Should -Be $expected.Metadata.$metadataName + $actual.PolicyRule | Should -BeLike $expected.PolicyRule + $actual.Parameter | Should -BeLike $expected.Parameter + $actual.PolicyDefinitionGroup | Should -BeLike $expected.PolicyDefinitionGroup + } + It 'List builtin and custom' { # ensure that only custom set definitions are returned using the custom flag $list = Get-AzPolicySetDefinition -Custom diff --git a/src/Resources/Policy.Autorest/test/env.json b/src/Resources/Policy.Autorest/test/env.json index e351df6b4d5f..76e579806554 100644 --- a/src/Resources/Policy.Autorest/test/env.json +++ b/src/Resources/Policy.Autorest/test/env.json @@ -1,117 +1,119 @@ { - "updatedMetadata": "{'testName':'testValue', 'newTestName': 'newTestValue'}", + "someIdentityId": "someIdentityId", + "missingParameters": "Cannot process command because of one or more missing mandatory parameters:", + "enforcementModeDefault": "Default", + "someJsonArray": "[{ 'someThing': 'someOtherThing' }]", "Tenant": "72f988bf-86f1-41af-91ab-2d7cd011db47", - "updatedMetadataValue": "newTestValue", + "policyDefinitionParameter": "One of PolicyDefinition or PolicySetDefinition must be provided.", + "someJsonSnippet": "{ 'someThing': 'someOtherThing' }", + "parameterDefinition": "{ 'listOfAllowedLocations': { 'type': 'array', 'metadata': { 'description': 'An array of permitted locations for resources.', 'strongType': 'location', 'displayName': 'List of locations' } } }", + "allSwitchNotSupported": "The IncludeDescendent switch is not supported for management group scopes.", + "customSubSetDefName": "ps02", "parameterDisplayName": "List of locations", + "invalidPolicyRule": "[InvalidPolicyRule] : Failed to parse policy rule: ", + "managementGroup": "AzGovPerfTest", + "metadataName": "testName", + "onlyDefinitionOrSetDefinition": "Only one of -PolicyDefinition or -PolicySetDefinition can be specified, not both.", + "someName": "someName", + "missingAnArgument": "Missing an argument for parameter ", + "updatedDescription": "Updated ", + "enforcemenG460tModeDoNotEnforce": "DoNotEnforce", + "missingSubscription": "[MissingSubscription] : The request did not have a subscription or a valid tenant level resource provider.", + "rgScope": "/subscriptions/597b2066-8f6f-4236-9c61-6d4e9891eef8/resourceGroups/rg01", + "invalidParameterValue": "Cannot validate argument on parameter", + "undefinedPolicyParameter": "[UndefinedPolicyParameter] : The policy assignment", + "listVersionsRequiresNameOrId": "ListVersions is only allowed if Name or Id are provided.", + "nonInteractiveMode": "PowerShell is in NonInteractive mode. Read and Prompt functionality is not available.", "policySetDefinitionNotFound": "[PolicySetDefinitionNotFound] : ", - "metadataValue": "testValue", - "allSwitchNotSupported": "The IncludeDescendent switch is not supported for management group scopes.", - "updatedMetadataName": "newTestName", "userAssignedIdentityName": "test-user-msi", - "enforcementModeDefault": "Default", - "customSubSetDefinition": { + "policyExemptionNotFound": "[PolicyExemptionNotFound] : ", + "updatedMetadataName": "newTestName", + "parameterSetError": "Parameter set cannot be resolved using the specified named parameters.", + "someScope": "someScope", + "invalidPolicyDefinitionReference": "InvalidPolicyDefinitionReference", + "someParameterObject": "{'parm1': 'a', 'parm2': 'b' }", + "authorizationFailed": "[AuthorizationFailed] : ", + "metadataValue": "testValue", + "rgName": "rg01", + "somePolicySetDefinition": "somePolicySetDefinition", + "policyAssignmentMissingLocation": "Location needs to be specified if a managed identity is to be assigned to the policy assignment.", + "metadata": "{'testName':'testValue'}", + "someId": "someId", + "invalidPolicySetDefinitionRequest": "[InvalidCreatePolicySetDefinitionRequest] : The policy set definition 'someName' create request is invalid. At least one policy definition must be referenced.", + "policyAssignmentMissingIdentityId": "A user assigned identity id needs to be specified if the identity type is 'UserAssigned'.", + "parameterNullError": ". The argument is null. Provide a valid value for the argument, and then try running the command again.", + "SubscriptionId": "597b2066-8f6f-4236-9c61-6d4e9891eef8", + "description": "Unit test junk: sorry for littering. Please delete me!", + "managementGroupScope": "/providers/Microsoft.Management/managementGroups/AzGovPerfTest", + "parameterNullOrEmpty": ". The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.", + "policyDefinitionNotFound": "[PolicyDefinitionNotFound] : ", + "location": "westus", + "somePolicyParameter": "somePolicyParameter", + "somePolicyDefinition": "somePolicyDefinition", + "versionRequiresNameOrId": "Version is only allowed if Name or Id are provided.", + "httpMethodNotSupported": "HttpMethodNotSupported : The http method 'DELETE' is not supported for a resource collection.", + "onlyManagementGroupOrSubscription": "Only ManagementGroupName or SubscriptionId can be provided, not both.", + "someDisplayName": "Some display name", + "policyAssignmentNotFound": "[PolicyAssignmentNotFound] : ", + "customSubDefinition": { "Description": null, "DisplayName": null, - "Id": "/subscriptions/edb2c18a-04d6-49e9-bc72-e23852f507ad/providers/Microsoft.Authorization/policySetDefinitions/ps02", + "Id": "/subscriptions/597b2066-8f6f-4236-9c61-6d4e9891eef8/providers/Microsoft.Authorization/policyDefinitions/ps01", "Metadata": {}, - "Name": "ps02", + "Mode": "All", + "Name": "ps01", "Parameter": {}, - "PolicyDefinition": [ - { - "DefinitionVersion": "1.*.*", - "GroupName": null, - "Id": "314070269761299634", - "Parameter": {}, - "PolicyDefinitionId": "/subscriptions/edb2c18a-04d6-49e9-bc72-e23852f507ad/providers/Microsoft.Authorization/policyDefinitions/ps01" - } - ], - "PolicyDefinitionGroup": null, + "PolicyRule": {}, "PolicyType": "Custom", - "SystemDataCreatedAt": "2024-06-27T04:07:18.6853162Z", + "SystemDataCreatedAt": "2024-06-28T04:20:15.3841032Z", "SystemDataCreatedBy": "cstack@ntdev.microsoft.com", "SystemDataCreatedByType": "User", - "SystemDataLastModifiedAt": "2024-06-27T04:07:18.6853162Z", + "SystemDataLastModifiedAt": "2024-06-28T04:20:15.3841032Z", "SystemDataLastModifiedBy": "cstack@ntdev.microsoft.com", "SystemDataLastModifiedByType": "User", - "Type": "Microsoft.Authorization/policySetDefinitions", + "Type": "Microsoft.Authorization/policyDefinitions", "Version": "1.0.0", "Versions": [ "1.0.0" ] }, - "somePolicySetDefinition": "somePolicySetDefinition", - "someJsonSnippet": "{ 'someThing': 'someOtherThing' }", - "policyDefinitionParameter": "One of PolicyDefinition or PolicySetDefinition must be provided.", - "updatedDescription": "Updated ", - "location": "westus", - "parameterSetError": "Parameter set cannot be resolved using the specified named parameters.", - "undefinedPolicyParameter": "[UndefinedPolicyParameter] : The policy assignment", - "parameterNullError": ". The argument is null. Provide a valid value for the argument, and then try running the command again.", - "someJsonArray": "[{ 'someThing': 'someOtherThing' }]", - "missingAnArgument": "Missing an argument for parameter ", - "managementGroup": "AzGovPerfTest", - "parameterDefinition": "{ 'listOfAllowedLocations': { 'type': 'array', 'metadata': { 'description': 'An array of permitted locations for resources.', 'strongType': 'location', 'displayName': 'List of locations' } } }", - "someIdentityId": "someIdentityId", - "enforcementModeDoNotEnforce": "DoNotEnforce", - "somePolicyDefinition": "somePolicyDefinition", - "rgScope": "/subscriptions/edb2c18a-04d6-49e9-bc72-e23852f507ad/resourceGroups/rg01", + "userAssignedIdentityId": "/subscriptions/597b2066-8f6f-4236-9c61-6d4e9891eef8/resourcegroups/rg01/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-user-msi", + "someManagementGroup": "someManagementGroup", + "updatedMetadataValue": "newTestValue", "parameterDescription": "An array of permitted locations for resources.", - "policyAssignmentMissingLocation": "Location needs to be specified if a managed identity is to be assigned to the policy assignment.", "fullParameterDefinition": "{ 'listOfAllowedLocations': { 'type': 'array', 'metadata': { 'description': 'An array of permitted locations for resources.', 'strongType': 'location', 'displayName': 'List of locations' } }, 'effectParam': { 'type': 'string', 'defaultValue': 'deny' } }", - "invalidPolicyDefinitionReference": "InvalidPolicyDefinitionReference", - "somePolicyParameter": "somePolicyParameter", - "missingSubscription": "[MissingSubscription] : The request did not have a subscription or a valid tenant level resource provider.", - "someScope": "someScope", - "onlyDefinitionOrSetDefinition": "Only one of -PolicyDefinition or -PolicySetDefinition can be specified, not both.", - "missingParameters": "Cannot process command because of one or more missing mandatory parameters:", - "policyExemptionNotFound": "[PolicyExemptionNotFound] : ", - "metadata": "{'testName':'testValue'}", - "userAssignedIdentityId": "/subscriptions/edb2c18a-04d6-49e9-bc72-e23852f507ad/resourcegroups/rg01/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-user-msi", - "SubscriptionId": "edb2c18a-04d6-49e9-bc72-e23852f507ad", - "rgName": "rg01", "multiplePolicyDefinitionParams": "Cannot bind parameter because parameter 'PolicyDefinition' is specified more than once", - "managementGroupScope": "/providers/Microsoft.Management/managementGroups/AzGovPerfTest", - "someParameterObject": "{'parm1': 'a', 'parm2': 'b' }", - "invalidRequestContent": "[InvalidRequestContent] : The request content was invalid and could not be deserialized: ", - "policyAssignmentMissingIdentityId": "A user assigned identity id needs to be specified if the identity type is 'UserAssigned'.", - "policyAssignmentNotFound": "[PolicyAssignmentNotFound] : ", - "metadataName": "testName", - "nonInteractiveMode": "PowerShell is in NonInteractive mode. Read and Prompt functionality is not available.", - "someManagementGroup": "someManagementGroup", - "customSubDefinition": { + "customSubSetDefinition": { "Description": null, "DisplayName": null, - "Id": "/subscriptions/edb2c18a-04d6-49e9-bc72-e23852f507ad/providers/Microsoft.Authorization/policyDefinitions/ps01", + "Id": "/subscriptions/597b2066-8f6f-4236-9c61-6d4e9891eef8/providers/Microsoft.Authorization/policySetDefinitions/ps02", "Metadata": {}, - "Mode": "All", - "Name": "ps01", + "Name": "ps02", "Parameter": {}, - "PolicyRule": {}, + "PolicyDefinition": [ + { + "DefinitionVersion": "1.*.*", + "GroupName": null, + "Id": "14184440715074676626", + "Parameter": {}, + "PolicyDefinitionId": "/subscriptions/597b2066-8f6f-4236-9c61-6d4e9891eef8/providers/Microsoft.Authorization/policyDefinitions/ps01" + } + ], + "PolicyDefinitionGroup": null, "PolicyType": "Custom", - "SystemDataCreatedAt": "2024-06-27T04:07:18.1459363Z", + "SystemDataCreatedAt": "2024-06-28T04:20:16.3470998Z", "SystemDataCreatedBy": "cstack@ntdev.microsoft.com", "SystemDataCreatedByType": "User", - "SystemDataLastModifiedAt": "2024-06-27T04:07:18.1459363Z", + "SystemDataLastModifiedAt": "2024-06-28T04:20:16.3470998Z", "SystemDataLastModifiedBy": "cstack@ntdev.microsoft.com", "SystemDataLastModifiedByType": "User", - "Type": "Microsoft.Authorization/policyDefinitions", + "Type": "Microsoft.Authorization/policySetDefinitions", "Version": "1.0.0", "Versions": [ "1.0.0" ] }, - "policyDefinitionNotFound": "[PolicyDefinitionNotFound] : ", - "listVersionsRequiresNameOrId": "ListVersions is only allowed if Name or Id are provided.", - "invalidPolicyRule": "[InvalidPolicyRule] : Failed to parse policy rule: ", - "versionRequiresNameOrId": "Version is only allowed if Name or Id are provided.", - "someDisplayName": "Some display name", - "parameterNullOrEmpty": ". The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.", - "description": "Unit test junk: sorry for littering. Please delete me!", - "someName": "someName", - "someId": "someId", - "invalidPolicySetDefinitionRequest": "[InvalidCreatePolicySetDefinitionRequest] : The policy set definition 'someName' create request is invalid. At least one policy definition must be referenced.", - "authorizationFailed": "[AuthorizationFailed] : ", - "onlyManagementGroupOrSubscription": "Only ManagementGroupName or SubscriptionId can be provided, not both.", - "invalidParameterValue": "Cannot validate argument on parameter", - "httpMethodNotSupported": "HttpMethodNotSupported : The http method 'DELETE' is not supported for a resource collection." + "invalidRequestContent": "[InvalidRequestContent] : The request content was invalid and could not be deserialized: ", + "updatedMetadata": "{'testName':'testValue', 'newTestName': 'newTestValue'}", + "customSubDefName": "ps01" } diff --git a/src/Resources/Policy.Autorest/test/localEnv.json b/src/Resources/Policy.Autorest/test/localEnv.json index bec2798968f8..5ad7b4ec29d3 100644 --- a/src/Resources/Policy.Autorest/test/localEnv.json +++ b/src/Resources/Policy.Autorest/test/localEnv.json @@ -1,117 +1,119 @@ { - "someId": "someId", + "nonInteractiveMode": "PowerShell is in NonInteractive mode. Read and Prompt functionality is not available.", + "someDisplayName": "Some display name", "policyAssignmentMissingLocation": "Location needs to be specified if a managed identity is to be assigned to the policy assignment.", - "policyAssignmentNotFound": "[PolicyAssignmentNotFound] : ", - "updatedMetadata": "{'testName':'testValue', 'newTestName': 'newTestValue'}", - "parameterDisplayName": "List of locations", - "updatedMetadataName": "newTestName", + "policyExemptionNotFound": "[PolicyExemptionNotFound] : ", "authorizationFailed": "[AuthorizationFailed] : ", - "someJsonSnippet": "{ 'someThing': 'someOtherThing' }", - "parameterDescription": "An array of permitted locations for resources.", + "updatedDescription": "Updated ", + "multiplePolicyDefinitionParams": "Cannot bind parameter because parameter 'PolicyDefinition' is specified more than once", + "userAssignedIdentityName": "test-user-msi", + "parameterDefinition": "{ 'listOfAllowedLocations': { 'type': 'array', 'metadata': { 'description': 'An array of permitted locations for resources.', 'strongType': 'location', 'displayName': 'List of locations' } } }", + "parameterSetError": "Parameter set cannot be resolved using the specified named parameters.", + "somePolicyParameter": "somePolicyParameter", + "someManagementGroup": "someManagementGroup", + "rgScope": "/subscriptions/597b2066-8f6f-4236-9c61-6d4e9891eef8/resourceGroups/rg01", + "somePolicySetDefinition": "somePolicySetDefinition", + "missingParameters": "Cannot process command because of one or more missing mandatory parameters:", "policyDefinitionNotFound": "[PolicyDefinitionNotFound] : ", - "invalidRequestContent": "[InvalidRequestContent] : The request content was invalid and could not be deserialized: ", + "customSubSetDefName": "ps02", + "managementGroup": "AzGovPerfTest", + "invalidParameterValue": "Cannot validate argument on parameter", + "updatedMetadata": "{'testName':'testValue', 'newTestName': 'newTestValue'}", + "someJsonSnippet": "{ 'someThing': 'someOtherThing' }", + "enforcementModeDefault": "Default", + "SubscriptionId": "597b2066-8f6f-4236-9c61-6d4e9891eef8", + "someIdentityId": "someIdentityId", + "managementGroupScope": "/providers/Microsoft.Management/managementGroups/AzGovPerfTest", "fullParameterDefinition": "{ 'listOfAllowedLocations': { 'type': 'array', 'metadata': { 'description': 'An array of permitted locations for resources.', 'strongType': 'location', 'displayName': 'List of locations' } }, 'effectParam': { 'type': 'string', 'defaultValue': 'deny' } }", - "location": "westus", - "somePolicySetDefinition": "somePolicySetDefinition", - "invalidPolicySetDefinitionRequest": "[InvalidCreatePolicySetDefinitionRequest] : The policy set definition 'someName' create request is invalid. At least one policy definition must be referenced.", - "missingAnArgument": "Missing an argument for parameter ", - "policyExemptionNotFound": "[PolicyExemptionNotFound] : ", + "userAssignedIdentityId": "/subscriptions/597b2066-8f6f-4236-9c61-6d4e9891eef8/resourcegroups/rg01/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-user-msi", + "parameterNullOrEmpty": ". The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.", + "parameterDescription": "An array of permitted locations for resources.", "allSwitchNotSupported": "The IncludeDescendent switch is not supported for management group scopes.", + "someScope": "someScope", + "undefinedPolicyParameter": "[UndefinedPolicyParameter] : The policy assignment", + "missingAnArgument": "Missing an argument for parameter ", + "Tenant": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "description": "Unit test junk: sorry for littering. Please delete me!", + "metadataName": "testName", "missingSubscription": "[MissingSubscription] : The request did not have a subscription or a valid tenant level resource provider.", - "parameterDefinition": "{ 'listOfAllowedLocations': { 'type': 'array', 'metadata': { 'description': 'An array of permitted locations for resources.', 'strongType': 'location', 'displayName': 'List of locations' } } }", - "rgScope": "/subscriptions/edb2c18a-04d6-49e9-bc72-e23852f507ad/resourceGroups/rg01", - "managementGroupScope": "/providers/Microsoft.Management/managementGroups/AzGovPerfTest", - "someName": "someName", - "someParameterObject": "{'parm1': 'a', 'parm2': 'b' }", - "onlyDefinitionOrSetDefinition": "Only one of -PolicyDefinition or -PolicySetDefinition can be specified, not both.", - "userAssignedIdentityId": "/subscriptions/edb2c18a-04d6-49e9-bc72-e23852f507ad/resourcegroups/rg01/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-user-msi", - "policyDefinitionParameter": "One of PolicyDefinition or PolicySetDefinition must be provided.", - "httpMethodNotSupported": "HttpMethodNotSupported : The http method 'DELETE' is not supported for a resource collection.", - "metadataValue": "testValue", - "parameterNullError": ". The argument is null. Provide a valid value for the argument, and then try running the command again.", - "listVersionsRequiresNameOrId": "ListVersions is only allowed if Name or Id are provided.", + "customSubDefName": "ps01", + "invalidPolicyRule": "[InvalidPolicyRule] : Failed to parse policy rule: ", + "onlyManagementGroupOrSubscription": "Only ManagementGroupName or SubscriptionId can be provided, not both.", "invalidPolicyDefinitionReference": "InvalidPolicyDefinitionReference", - "managementGroup": "AzGovPerfTest", - "customSubDefinition": { + "metadataValue": "testValue", + "location": "westus", + "customSubSetDefinition": { "Description": null, "DisplayName": null, - "Id": "/subscriptions/edb2c18a-04d6-49e9-bc72-e23852f507ad/providers/Microsoft.Authorization/policyDefinitions/ps01", + "Id": "/subscriptions/597b2066-8f6f-4236-9c61-6d4e9891eef8/providers/Microsoft.Authorization/policySetDefinitions/ps02", "Metadata": {}, - "Mode": "All", - "Name": "ps01", + "Name": "ps02", "Parameter": {}, - "PolicyRule": {}, + "PolicyDefinition": [ + { + "DefinitionVersion": "1.*.*", + "GroupName": null, + "Id": "14184440715074676626", + "Parameter": {}, + "PolicyDefinitionId": "/subscriptions/597b2066-8f6f-4236-9c61-6d4e9891eef8/providers/Microsoft.Authorization/policyDefinitions/ps01" + } + ], + "PolicyDefinitionGroup": null, "PolicyType": "Custom", - "SystemDataCreatedAt": "2024-06-27T03:36:48.4121938Z", + "SystemDataCreatedAt": "2024-06-28T04:20:16.3470998Z", "SystemDataCreatedBy": "cstack@ntdev.microsoft.com", "SystemDataCreatedByType": "User", - "SystemDataLastModifiedAt": "2024-06-27T03:36:48.4121938Z", + "SystemDataLastModifiedAt": "2024-06-28T04:24:35.3181193Z", "SystemDataLastModifiedBy": "cstack@ntdev.microsoft.com", "SystemDataLastModifiedByType": "User", - "Type": "Microsoft.Authorization/policyDefinitions", + "Type": "Microsoft.Authorization/policySetDefinitions", "Version": "1.0.0", "Versions": [ "1.0.0" ] }, - "missingParameters": "Cannot process command because of one or more missing mandatory parameters:", - "nonInteractiveMode": "PowerShell is in NonInteractive mode. Read and Prompt functionality is not available.", + "metadata": "{'testName':'testValue'}", + "parameterNullError": ". The argument is null. Provide a valid value for the argument, and then try running the command again.", + "invalidRequestContent": "[InvalidRequestContent] : The request content was invalid and could not be deserialized: ", + "enforcementModeDoNotEnforce": "DoNotEnforce", "someJsonArray": "[{ 'someThing': 'someOtherThing' }]", - "multiplePolicyDefinitionParams": "Cannot bind parameter because parameter 'PolicyDefinition' is specified more than once", - "undefinedPolicyParameter": "[UndefinedPolicyParameter] : The policy assignment", + "updatedMetadataName": "newTestName", "versionRequiresNameOrId": "Version is only allowed if Name or Id are provided.", - "Tenant": "72f988bf-86f1-41af-91ab-2d7cd011db47", - "customSubSetDefinition": { + "rgName": "rg01", + "invalidPolicySetDefinitionRequest": "[InvalidCreatePolicySetDefinitionRequest] : The policy set definition 'someName' create request is invalid. At least one policy definition must be referenced.", + "policySetDefinitionNotFound": "[PolicySetDefinitionNotFound] : ", + "parameterDisplayName": "List of locations", + "httpMethodNotSupported": "HttpMethodNotSupported : The http method 'DELETE' is not supported for a resource collection.", + "someName": "someName", + "listVersionsRequiresNameOrId": "ListVersions is only allowed if Name or Id are provided.", + "policyDefinitionParameter": "One of PolicyDefinition or PolicySetDefinition must be provided.", + "someId": "someId", + "policyAssignmentNotFound": "[PolicyAssignmentNotFound] : ", + "customSubDefinition": { "Description": null, "DisplayName": null, - "Id": "/subscriptions/edb2c18a-04d6-49e9-bc72-e23852f507ad/providers/Microsoft.Authorization/policySetDefinitions/ps02", + "Id": "/subscriptions/597b2066-8f6f-4236-9c61-6d4e9891eef8/providers/Microsoft.Authorization/policyDefinitions/ps01", "Metadata": {}, - "Name": "ps02", + "Mode": "All", + "Name": "ps01", "Parameter": {}, - "PolicyDefinition": [ - { - "DefinitionVersion": "1.*.*", - "GroupName": null, - "Id": "314070269761299634", - "Parameter": {}, - "PolicyDefinitionId": "/subscriptions/edb2c18a-04d6-49e9-bc72-e23852f507ad/providers/Microsoft.Authorization/policyDefinitions/ps01" - } - ], - "PolicyDefinitionGroup": null, + "PolicyRule": {}, "PolicyType": "Custom", - "SystemDataCreatedAt": "2024-06-27T03:36:48.900515Z", + "SystemDataCreatedAt": "2024-06-28T04:20:15.3841032Z", "SystemDataCreatedBy": "cstack@ntdev.microsoft.com", "SystemDataCreatedByType": "User", - "SystemDataLastModifiedAt": "2024-06-27T03:36:48.900515Z", + "SystemDataLastModifiedAt": "2024-06-28T04:24:34.3171041Z", "SystemDataLastModifiedBy": "cstack@ntdev.microsoft.com", "SystemDataLastModifiedByType": "User", - "Type": "Microsoft.Authorization/policySetDefinitions", + "Type": "Microsoft.Authorization/policyDefinitions", "Version": "1.0.0", "Versions": [ "1.0.0" ] }, - "invalidPolicyRule": "[InvalidPolicyRule] : Failed to parse policy rule: ", - "description": "Unit test junk: sorry for littering. Please delete me!", - "userAssignedIdentityName": "test-user-msi", - "someScope": "someScope", - "onlyManagementGroupOrSubscription": "Only ManagementGroupName or SubscriptionId can be provided, not both.", - "enforcementModeDoNotEnforce": "DoNotEnforce", - "policySetDefinitionNotFound": "[PolicySetDefinitionNotFound] : ", - "SubscriptionId": "edb2c18a-04d6-49e9-bc72-e23852f507ad", - "metadata": "{'testName':'testValue'}", - "parameterNullOrEmpty": ". The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.", - "someManagementGroup": "someManagementGroup", - "invalidParameterValue": "Cannot validate argument on parameter", + "someParameterObject": "{'parm1': 'a', 'parm2': 'b' }", + "somePolicyDefinition": "somePolicyDefinition", "policyAssignmentMissingIdentityId": "A user assigned identity id needs to be specified if the identity type is 'UserAssigned'.", "updatedMetadataValue": "newTestValue", - "somePolicyDefinition": "somePolicyDefinition", - "updatedDescription": "Updated ", - "somePolicyParameter": "somePolicyParameter", - "rgName": "rg01", - "parameterSetError": "Parameter set cannot be resolved using the specified named parameters.", - "someDisplayName": "Some display name", - "metadataName": "testName", - "someIdentityId": "someIdentityId", - "enforcementModeDefault": "Default" + "onlyDefinitionOrSetDefinition": "Only one of -PolicyDefinition or -PolicySetDefinition can be specified, not both." } diff --git a/src/Resources/Policy.Autorest/test/utils.ps1 b/src/Resources/Policy.Autorest/test/utils.ps1 index 3205f36ba883..08b354ca0de9 100644 --- a/src/Resources/Policy.Autorest/test/utils.ps1 +++ b/src/Resources/Policy.Autorest/test/utils.ps1 @@ -251,6 +251,7 @@ if ($UsePreviousConfigForRecord) { # example: $val = $env.AddWithCache('key', $val, $true) $env | Add-Member -Type ScriptMethod -Value { param( [string]$key, [object]$val, [bool]$useCache) if ($this.Contains($key) -and $useCache) { return $this[$key] } else { $this[$key] = $val; return $val } } -Name 'AddWithCache' function setupEnv() { + Write-Host -ForegroundColor Magenta "Setting up globals" # Preload subscriptionId and tenant from context, which will be used in test # as default. You could change them if needed. $env.SubscriptionId = Get-SubscriptionId @@ -333,8 +334,10 @@ function setupEnv() { $env['listVersionsRequiresNameOrId'] = 'ListVersions is only allowed if Name or Id are provided.' # create a couple of test objects - $env['customSubDefinition'] = New-AzPolicyDefinition -Name (Get-ResourceName) -Policy '{ "if": { "field": "location", "equals": "westus" }, "then": { "effect": "audit" } }' - $env['customSubSetDefinition'] = New-AzPolicySetDefinition -Name (Get-ResourceName) -PolicyDefinition ("[{""policyDefinitionId"":""" + $($env.customSubDefinition).Id + """}]") + $env['customSubDefName'] = Get-ResourceName + $env['customSubDefinition'] = New-AzPolicyDefinition -Name $env.customSubDefName -Policy '{ "if": { "field": "location", "equals": "westus" }, "then": { "effect": "audit" } }' + $env['customSubSetDefName'] = Get-ResourceName + $env['customSubSetDefinition'] = New-AzPolicySetDefinition -Name $env.customSubSetDefName -PolicyDefinition ("[{""policyDefinitionId"":""" + $($env.customSubDefinition).Id + """}]") $envFile = 'env.json' if ($TestMode -eq 'live') { $envFile = 'localEnv.json' @@ -344,9 +347,12 @@ function setupEnv() { set-content -Path (Join-Path $PSScriptRoot $envFile) -Value (ConvertTo-Json $env -Depth 100) } function cleanupEnv() { + + Write-Host -ForegroundColor Magenta "Cleaning up globals" # Clean resources you create for testing - $env['customSubSetDefinition'] | Remove-AzPolicySetDefinition -Confirm:$false - $env['customSubDefinition'] | Remove-AzPolicyDefinition -Confirm:$false + $null = Remove-AzPolicySetDefinition -Name $env.customSubSetDefName -Confirm:$false + $null = Remove-AzPolicyDefinition -Name $env.customSubDefName -Confirm:$false $null = Remove-AzUserAssignedIdentity -ResourceGroupName $env.rgName -Name $env.userAssignedIdentityName $null = Remove-ResourceGroup -Name $env.rgName + Write-Host -ForegroundColor Magenta "Finished cleaning up globals" } \ No newline at end of file