func (s *InteractiveSuite) TestInteractiveRoleAssignmentAlreadyExists(c *gc.C) { var requests []*http.Request senders := azuretesting.Senders{ oauthConfigSender(), deviceCodeSender(), tokenSender(), tokenSender(), tokenSender(), currentUserSender(), createServicePrincipalSender(), roleDefinitionListSender(), roleAssignmentAlreadyExistsSender(), } _, _, err := azureauth.InteractiveCreateServicePrincipal( ioutil.Discard, &senders, azuretesting.RequestRecorder(&requests), "https://arm.invalid", "https://graph.invalid", "22222222-2222-2222-2222-222222222222", s.clock, s.newUUID, ) c.Assert(err, jc.ErrorIsNil) }
func (s *InteractiveSuite) TestInteractiveServicePrincipalAlreadyExists(c *gc.C) { var requests []*http.Request senders := azuretesting.Senders{ oauthConfigSender(), deviceCodeSender(), tokenSender(), tokenSender(), tokenSender(), currentUserSender(), createServicePrincipalAlreadyExistsSender(), servicePrincipalListSender(), passwordCredentialsListSender(), updatePasswordCredentialsSender(), roleDefinitionListSender(), roleAssignmentAlreadyExistsSender(), } _, password, err := azureauth.InteractiveCreateServicePrincipal( ioutil.Discard, &senders, azuretesting.RequestRecorder(&requests), "https://arm.invalid", "https://graph.invalid", "22222222-2222-2222-2222-222222222222", s.clock, s.newUUID, ) c.Assert(err, jc.ErrorIsNil) c.Assert(password, gc.Equals, "33333333-3333-3333-3333-333333333333") c.Assert(requests, gc.HasLen, 10) c.Check(requests[0].URL.Path, gc.Equals, "/subscriptions/22222222-2222-2222-2222-222222222222") c.Check(requests[1].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/oauth2/devicecode") c.Check(requests[2].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/oauth2/token") c.Check(requests[3].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/me") c.Check(requests[4].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/servicePrincipals") // create c.Check(requests[5].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/servicePrincipals") // list c.Check(requests[6].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/servicePrincipals/sp-object-id/passwordCredentials") // list c.Check(requests[7].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/servicePrincipals/sp-object-id/passwordCredentials") // update c.Check(requests[8].URL.Path, gc.Equals, "/subscriptions/22222222-2222-2222-2222-222222222222/providers/Microsoft.Authorization/roleDefinitions") c.Check(requests[9].URL.Path, gc.Equals, "/subscriptions/22222222-2222-2222-2222-222222222222/providers/Microsoft.Authorization/roleAssignments/55555555-5555-5555-5555-555555555555") // Make sure that we don't wipe existing password credentials, and that // the new password credential matches the one returned from the // function. var params ad.PasswordCredentialsUpdateParameters err = json.NewDecoder(requests[7].Body).Decode(¶ms) c.Assert(err, jc.ErrorIsNil) c.Assert(params.Value, gc.HasLen, 2) c.Assert(params.Value[0], jc.DeepEquals, ad.PasswordCredential{ KeyId: "password-credential-key-id", StartDate: time.Time{}.UTC(), EndDate: time.Time{}.UTC(), }) assertPasswordCredential(c, params.Value[1]) }
func (s *storageSuite) SetUpTest(c *gc.C) { s.BaseSuite.SetUpTest(c) s.storageClient = azuretesting.MockStorageClient{} s.requests = nil envProvider := newProvider(c, azure.ProviderConfig{ Sender: &s.sender, NewStorageClient: s.storageClient.NewClient, RequestInspector: azuretesting.RequestRecorder(&s.requests), RandomWindowsAdminPassword: func() string { return "sorandom" }, InteractiveCreateServicePrincipal: azureauth.InteractiveCreateServicePrincipal, }) s.sender = nil var err error env := openEnviron(c, envProvider, &s.sender) s.provider, err = env.StorageProvider("azure") c.Assert(err, jc.ErrorIsNil) }
func (s *environProviderSuite) SetUpTest(c *gc.C) { s.BaseSuite.SetUpTest(c) s.provider = newProvider(c, azure.ProviderConfig{ Sender: &s.sender, RequestInspector: azuretesting.RequestRecorder(&s.requests), RandomWindowsAdminPassword: func() string { return "sorandom" }, InteractiveCreateServicePrincipal: azureauth.InteractiveCreateServicePrincipal, }) s.spec = environs.CloudSpec{ Type: "azure", Name: "azure", Region: "westus", Endpoint: "https://api.azurestack.local", IdentityEndpoint: "https://login.azurestack.local", StorageEndpoint: "https://storage.azurestack.local", Credential: fakeServicePrincipalCredential(), } s.sender = nil }
func (s *instanceSuite) SetUpTest(c *gc.C) { s.BaseSuite.SetUpTest(c) s.provider = newProvider(c, azure.ProviderConfig{ Sender: &s.sender, RequestInspector: azuretesting.RequestRecorder(&s.requests), RandomWindowsAdminPassword: func() string { return "sorandom" }, InteractiveCreateServicePrincipal: azureauth.InteractiveCreateServicePrincipal, }) s.env = openEnviron(c, s.provider, &s.sender) s.sender = nil s.requests = nil s.networkInterfaces = []network.Interface{ makeNetworkInterface("nic-0", "machine-0"), } s.publicIPAddresses = nil s.deployments = []resources.DeploymentExtended{ makeDeployment("machine-0"), makeDeployment("machine-1"), } }
func (s *environSuite) SetUpTest(c *gc.C) { s.BaseSuite.SetUpTest(c) s.storageClient = azuretesting.MockStorageClient{} s.sender = nil s.requests = nil s.retryClock = mockClock{Clock: gitjujutesting.NewClock(time.Time{})} s.provider = newProvider(c, azure.ProviderConfig{ Sender: azuretesting.NewSerialSender(&s.sender), RequestInspector: azuretesting.RequestRecorder(&s.requests), NewStorageClient: s.storageClient.NewClient, RetryClock: &gitjujutesting.AutoAdvancingClock{ &s.retryClock, s.retryClock.Advance, }, RandomWindowsAdminPassword: func() string { return "sorandom" }, InteractiveCreateServicePrincipal: azureauth.InteractiveCreateServicePrincipal, }) s.controllerUUID = testing.ControllerTag.Id() s.envTags = map[string]*string{ "juju-model-uuid": to.StringPtr(testing.ModelTag.Id()), "juju-controller-uuid": to.StringPtr(s.controllerUUID), } s.vmTags = map[string]*string{ "juju-model-uuid": to.StringPtr(testing.ModelTag.Id()), "juju-controller-uuid": to.StringPtr(s.controllerUUID), "juju-machine-name": to.StringPtr("machine-0"), } s.group = &resources.ResourceGroup{ Location: to.StringPtr("westus"), Tags: &s.envTags, Properties: &resources.ResourceGroupProperties{ ProvisioningState: to.StringPtr("Succeeded"), }, } vmSizes := []compute.VirtualMachineSize{{ Name: to.StringPtr("Standard_D1"), NumberOfCores: to.Int32Ptr(1), OsDiskSizeInMB: to.Int32Ptr(1047552), ResourceDiskSizeInMB: to.Int32Ptr(51200), MemoryInMB: to.Int32Ptr(3584), MaxDataDiskCount: to.Int32Ptr(2), }} s.vmSizes = &compute.VirtualMachineSizeListResult{Value: &vmSizes} s.storageAccount = &storage.Account{ Name: to.StringPtr("my-storage-account"), Type: to.StringPtr("Standard_LRS"), Tags: &s.envTags, Properties: &storage.AccountProperties{ PrimaryEndpoints: &storage.Endpoints{ Blob: to.StringPtr(fmt.Sprintf("https://%s.blob.storage.azurestack.local/", storageAccountName)), }, ProvisioningState: "Succeeded", }, } keys := []storage.AccountKey{{ KeyName: to.StringPtr("key-1-name"), Value: to.StringPtr("key-1"), Permissions: storage.FULL, }} s.storageAccountKeys = &storage.AccountListKeysResult{ Keys: &keys, } s.ubuntuServerSKUs = []compute.VirtualMachineImageResource{ {Name: to.StringPtr("12.04-LTS")}, {Name: to.StringPtr("12.10")}, {Name: to.StringPtr("14.04-LTS")}, {Name: to.StringPtr("15.04")}, {Name: to.StringPtr("15.10")}, {Name: to.StringPtr("16.04-LTS")}, } s.deployment = nil }
func (s *InteractiveSuite) TestInteractive(c *gc.C) { var requests []*http.Request senders := azuretesting.Senders{ oauthConfigSender(), deviceCodeSender(), tokenSender(), // CheckForUserCompletion returns a token. // Token.Refresh returns a token. We do this // twice: once for ARM, and once for AAD. tokenSender(), tokenSender(), currentUserSender(), createServicePrincipalSender(), roleDefinitionListSender(), roleAssignmentSender(), } var stderr bytes.Buffer subscriptionId := "22222222-2222-2222-2222-222222222222" appId, password, err := azureauth.InteractiveCreateServicePrincipal( &stderr, &senders, azuretesting.RequestRecorder(&requests), "https://arm.invalid", "https://graph.invalid", subscriptionId, s.clock, s.newUUID, ) c.Assert(err, jc.ErrorIsNil) c.Assert(appId, gc.Equals, "cbb548f1-5039-4836-af0b-727e8571f6a9") c.Assert(password, gc.Equals, "33333333-3333-3333-3333-333333333333") c.Assert(stderr.String(), gc.Equals, ` Initiating interactive authentication. open your browser, etc. Authenticated as "Foo Bar". Creating/updating service principal. Assigning Owner role to service principal. `[1:]) // Token refreshes don't go through the inspectors. c.Assert(requests, gc.HasLen, 7) c.Check(requests[0].URL.Path, gc.Equals, "/subscriptions/22222222-2222-2222-2222-222222222222") c.Check(requests[1].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/oauth2/devicecode") c.Check(requests[2].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/oauth2/token") c.Check(requests[3].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/me") c.Check(requests[4].URL.Path, gc.Equals, "/11111111-1111-1111-1111-111111111111/servicePrincipals") c.Check(requests[5].URL.Path, gc.Equals, "/subscriptions/22222222-2222-2222-2222-222222222222/providers/Microsoft.Authorization/roleDefinitions") c.Check(requests[6].URL.Path, gc.Equals, "/subscriptions/22222222-2222-2222-2222-222222222222/providers/Microsoft.Authorization/roleAssignments/55555555-5555-5555-5555-555555555555") // The service principal creation includes the password. Check that the // password returned from the function is the same as the one set in the // request. var params ad.ServicePrincipalCreateParameters err = json.NewDecoder(requests[4].Body).Decode(¶ms) c.Assert(err, jc.ErrorIsNil) c.Assert(params.PasswordCredentials, gc.HasLen, 1) assertPasswordCredential(c, params.PasswordCredentials[0]) }