Merge pull request #20430 from Amrysliu/9699_following

Integrate AZ fencing permissions functions into one
os-autoinst · Oct 21, 2024 · 4657222 · 4657222
2 parents 0ef13d5 + 4be49cf
commit 4657222
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 105 deletions.
diff --git a/lib/qesapdeployment.pm b/lib/qesapdeployment.pm
@@ -100,8 +100,6 @@ our @EXPORT = qw(
   qesap_az_get_active_peerings
   qesap_az_clean_old_peerings
   qesap_az_setup_native_fencing_permissions
-  qesap_az_enable_system_assigned_identity
-  qesap_az_assign_role
   qesap_az_get_tenant_id
   qesap_az_create_sas_token
   qesap_az_list_container_files
@@ -2225,66 +2223,23 @@ sub qesap_az_setup_native_fencing_permissions {
         croak "Missing argument: '$_'" unless defined($args{$_});
     }
 
-    my $vm_id = qesap_az_enable_system_assigned_identity(vm_name => $args{vm_name}, resource_group => $args{resource_group});
-    qesap_az_assign_role(assignee => $vm_id, role => 'Virtual Machine Contributor', resource_group => $args{resource_group});
-}
-
-=head2 qesap_az_enable_system_assigned_identity
-
-    qesap_az_enable_system_assigned_identity($vm_name, $resource_group);
-
-    Enables 'System assigned identity' for specified VM.
-    Returns 'systemAssignedIdentity' ID.
-
-=over
-
-=item B<VM_NAME> - VM name
-
-=item B<RESOURCE_GROUP> - resource group resource belongs to
-
-=back
-=cut
-
-sub qesap_az_enable_system_assigned_identity {
-    my (%args) = @_;
-    foreach ('vm_name', 'resource_group') {
-        croak "Missing argument: '$_'" unless defined($args{$_});
-    }
-
-    my $identity_id = script_output(join(' ',
+    # Enable system assigned identity
+    my $vm_id = script_output(join(' ',
             'az vm identity assign',
             '--only-show-errors',
             "-g '$args{resource_group}'",
             "-n '$args{vm_name}'",
             "--query 'systemAssignedIdentity'",
             '-o tsv'));
-    die 'Returned output does not match ID pattern' if az_validate_uuid_pattern(uuid => $identity_id) eq 0;
-    return $identity_id;
-}
-
-=head2 qesap_az_assign_role
-
-    qesap_az_assign_role( assignee=>$assignee, role=>$role, resource_group=>$resource_group )
-
-    Assigns defined role to 'assignee' (user, vm, etc...) using subscription id.
-     assignee - UUID for the resource (VM in this case)
-     role - role to be assigned
-     resource_group - resource group resource belongs to
-
-=cut
-
-sub qesap_az_assign_role {
-    my (%args) = @_;
-    foreach ('assignee', 'role', 'resource_group') {
-        croak "Missing argument: '$_'" unless defined($args{$_});
-    }
+    die 'Returned output does not match ID pattern' if az_validate_uuid_pattern(uuid => $vm_id) eq 0;
 
+    # Assign role
     my $subscription_id = script_output('az account show --query "id" -o tsv');
     my $az_cmd = join(' ', 'az role assignment',
         'create --only-show-errors',
-        "--assignee-object-id '$args{assignee}'",
+        "--assignee-object-id $vm_id",
         '--assignee-principal-type ServicePrincipal',
-        "--role '$args{role}'",
+        "--role 'Virtual Machine Contributor'",
         "--scope '/subscriptions/$subscription_id/resourceGroups/$args{resource_group}'");
     assert_script_run($az_cmd);
 }

diff --git a/t/15_qesap_azure.t b/t/15_qesap_azure.t
@@ -147,9 +147,12 @@ subtest '[qesap_az_vnet_peering_delete] delete failure' => sub {
 };
 
 subtest '[qesap_az_setup_native_fencing_permissions]' => sub {
+    my $command;
+    my $vm_id = 'c0ffeeee-c0ff-eeee-1234-123456abcdef';
     my $qesap = Test::MockModule->new('qesapdeployment', no_auto => 1);
-    $qesap->redefine(qesap_az_enable_system_assigned_identity => sub { return 'WalkThePlank!'; });
-    $qesap->redefine(qesap_az_assign_role => sub { return 'AyeAyeCaptain!'; });
+    $qesap->redefine(script_output => sub { return $vm_id; });
+    $qesap->redefine(assert_script_run => sub { $command = shift; return 1; });
+
     my %mandatory_args = (
         vm_name => 'CaptainUsop',
         resource_group => 'StrawhatPirates'
@@ -163,58 +166,7 @@ subtest '[qesap_az_setup_native_fencing_permissions]' => sub {
     }
 
     ok qesap_az_setup_native_fencing_permissions(%mandatory_args), 'PASS with all args defined';
-};
-
-subtest '[qesap_az_assign_role] mandatory arguments' => sub {
-    my $qesap = Test::MockModule->new('qesapdeployment', no_auto => 1);
-    $qesap->redefine(assert_script_run => sub { return 1; });
-
-    my %mandatory_args = (
-        assignee => 'CaptainUsop',
-        resource_group => 'StrawhatPirates',
-        role => 'Liar'
-    );
-    # check mandatory args
-    foreach ('assignee', 'role', 'resource_group') {
-        $mandatory_args{$_} = undef;
-        dies_ok { qesap_az_assign_role(%mandatory_args) } "Expected failure: missing mandatory arg: $_";
-    }
-};
-
-subtest '[qesap_az_assign_role]' => sub {
-    my @calls;
-    my $qesap = Test::MockModule->new('qesapdeployment', no_auto => 1);
-    $qesap->redefine(assert_script_run => sub { push @calls, $_[0]; return 1; });
-    $qesap->redefine(script_output => sub { return 'SOME_ID'; });
-
-    my %mandatory_args = (
-        assignee => 'CaptainUsop',
-        resource_group => 'StrawhatPirates',
-        role => 'Liar'
-    );
-
-    qesap_az_assign_role(%mandatory_args);
-
-    note("\n  C-->  " . join("\n  C-->  ", @calls));
-    ok((any { /az role assignment/ } @calls), 'az command properly composed');
-};
-
-subtest '[qesap_az_enable_system_assigned_identity] Missing arguments' => sub {
-    my $vm_name = 'CaptainHook';
-
-    # Missing args
-    dies_ok { qesap_az_enable_system_assigned_identity(vm_name => $vm_name) } 'Fail with missing resource group';
-    dies_ok { qesap_az_enable_system_assigned_identity() } 'Fail with missing args';
-};
-
-subtest '[qesap_az_enable_system_assigned_identity]' => sub {
-    my $qesap = Test::MockModule->new('qesapdeployment', no_auto => 1);
-    my $vm_name = 'CaptainHook';
-    my $resource_group = 'TheJollyRoger';
-    my $good_uuid = 'c0ffeeee-c0ff-eeee-1234-123456abcdef';
-
-    $qesap->redefine(script_output => sub { return $good_uuid; });
-    is qesap_az_enable_system_assigned_identity(vm_name => $vm_name, resource_group => $resource_group), $good_uuid, 'PASS with valid UUID';
+    like($command, qr/az role assignment create.*--assignee-object-id $vm_id.*StrawhatPirates/, 'az command properly composed');
 };
 
 subtest '[qesap_az_get_tenant_id]' => sub {