Graph: support add/remove/list owners on app, sp, and group

src/azure-cli-testsdk/azure/cli/testsdk/__init__.py

@@ -7,17 +7,19 @@
 
 from .base import ScenarioTest, LiveScenarioTest
 from .preparers import (StorageAccountPreparer, ResourceGroupPreparer, RoleBasedServicePrincipalPreparer,
-                        KeyVaultPreparer)
+                        KeyVaultPreparer, AADGraphUserReplacer)
 from .exceptions import CliTestError
 from .checkers import (JMESPathCheck, JMESPathCheckExists, JMESPathCheckGreaterThan, NoneCheck, StringCheck,
                        StringContainCheck)
 from .decorators import api_version_constraint
 from .utilities import create_random_name
+from .patches import MOCKED_USER_NAME
 
 __all__ = ['ScenarioTest', 'LiveScenarioTest', 'ResourceGroupPreparer', 'StorageAccountPreparer',
            'RoleBasedServicePrincipalPreparer', 'CliTestError', 'JMESPathCheck', 'JMESPathCheckExists', 'NoneCheck',
            'live_only', 'record_only', 'StringCheck', 'StringContainCheck', 'get_sha1_hash', 'KeyVaultPreparer',
-           'JMESPathCheckGreaterThan', 'api_version_constraint', 'create_random_name']
+           'JMESPathCheckGreaterThan', 'api_version_constraint', 'create_random_name', 'MOCKED_USER_NAME',
+           'AADGraphUserReplacer']
 
 
 __version__ = '0.1.0'

src/azure-cli-testsdk/azure/cli/testsdk/patches.py

@@ -8,6 +8,8 @@
 
 from .exceptions import CliExecutionError
 
+MOCKED_USER_NAME = '[email protected]'
+
 
 def patch_progress_controller(unit_test):
     def _mock_pass(*args, **kwargs):  # pylint: disable=unused-argument
@@ -41,7 +43,7 @@ def _handle_load_cached_subscription(*args, **kwargs):  # pylint: disable=unused
         return [{
             "id": MOCKED_SUBSCRIPTION_ID,
             "user": {
-                "name": "[email protected]",
+                "name": MOCKED_USER_NAME,
                 "type": "user"
             },
             "state": "Enabled",

src/azure-cli-testsdk/azure/cli/testsdk/preparers.py

@@ -174,6 +174,29 @@ def remove_resource(self, name, **kwargs):
             execute(self.cli_ctx, 'az ad sp delete --id {}'.format(self.result['appId']))
 
 
+class AADGraphUserReplacer:
+    def __init__(self, test_user, mock_user):
+        self.test_user = test_user
+        self.mock_user = mock_user
+
+    def process_request(self, request):
+        test_user_encoded = self.test_user.replace('@', '%40')
+        if test_user_encoded in request.uri:
+            request.uri = request.uri.replace(test_user_encoded, self.mock_user.replace('@', '%40'))
+
+        if request.body:
+            body = str(request.body)
+            if self.test_user in body:
+                request.body = body.replace(self.test_user, self.mock_user)
+
+        return request
+
+    def process_response(self, response):
+        if response['body']['string']:
+            response['body']['string'] = response['body']['string'].replace(self.test_user,
+                                                                            self.mock_user)
+
+        return response
 # Utility
 
 

src/command_modules/azure-cli-acs/HISTORY.rst

@@ -2,7 +2,6 @@
 
 Release History
 ===============
-
 2.3.8
 +++++
 * Minor fixes.

src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py

@@ -1165,9 +1165,9 @@ def create_application(client, display_name, homepage, identifier_uris,
     password_creds, key_creds = _build_application_creds(password, key_value, key_type,
                                                          key_usage, start_date, end_date)
 
-    app_create_param = ApplicationCreateParameters(available_to_other_tenants,
-                                                   display_name,
-                                                   identifier_uris,
+    app_create_param = ApplicationCreateParameters(available_to_other_tenants=available_to_other_tenants,
+                                                   display_name=display_name,
+                                                   identifier_uris=identifier_uris,
                                                    homepage=homepage,
                                                    reply_urls=reply_urls,
                                                    key_credentials=key_creds,
@@ -1230,7 +1230,7 @@ def create_service_principal(cli_ctx, identifier, resolve_app=True, rbac_client=
     else:
         app_id = identifier
 
-    return rbac_client.service_principals.create(ServicePrincipalCreateParameters(app_id, True))
+    return rbac_client.service_principals.create(ServicePrincipalCreateParameters(app_id=app_id, account_enabled=True))
 
 
 def create_role_assignment(cli_ctx, role, assignee, resource_group_name=None, scope=None):

src/command_modules/azure-cli-acs/setup.py

@@ -33,7 +33,7 @@
     'azure-mgmt-authorization==0.50.0',
     'azure-mgmt-compute==4.3.1',
     'azure-mgmt-containerservice==4.2.2',
-    'azure-graphrbac==0.40.0',
+    'azure-graphrbac==0.51.1',
     'azure-cli-core',
     'paramiko>=2.0.8',
     'pyyaml>=3.13',

src/command_modules/azure-cli-ams/HISTORY.rst

@@ -2,6 +2,9 @@
 
 Release History
 ===============
+0.2.4
++++++
+* Minor changes
 
 0.2.3
 +++++

src/command_modules/azure-cli-ams/azure/cli/command_modules/ams/operations/sp.py

@@ -98,9 +98,9 @@ def _update_password_credentials(client, app_object_id, sp_password, years):
 
 
 def _get_displayable_name(graph_object):
-    if graph_object.user_principal_name:
+    if getattr(graph_object, 'user_principal_name', None):
         return graph_object.user_principal_name
-    elif graph_object.service_principal_names:
+    elif getattr(graph_object, 'service_principal_names', None):
         return graph_object.service_principal_names[0]
     return graph_object.display_name or ''
 
@@ -217,7 +217,8 @@ def _create_service_principal(
     # retry till server replication is done
     for l in range(0, _RETRY_TIMES):
         try:
-            aad_sp = graph_client.service_principals.create(ServicePrincipalCreateParameters(app_id, True))
+            aad_sp = graph_client.service_principals.create(ServicePrincipalCreateParameters(app_id=app_id,
+                                                                                             account_enabled=True))
             break
         except Exception as ex:  # pylint: disable=broad-except
             if l < _RETRY_TIMES and (
@@ -237,9 +238,9 @@ def create_application(client, display_name, homepage, years, password, identifi
                        available_to_other_tenants=False, reply_urls=None):
     password_credential = _build_password_credential(password, years)
 
-    app_create_param = ApplicationCreateParameters(available_to_other_tenants,
-                                                   display_name,
-                                                   identifier_uris,
+    app_create_param = ApplicationCreateParameters(available_to_other_tenants=available_to_other_tenants,
+                                                   display_name=display_name,
+                                                   identifier_uris=identifier_uris,
                                                    homepage=homepage,
                                                    reply_urls=reply_urls,
                                                    password_credentials=[password_credential])

src/command_modules/azure-cli-ams/setup.py

@@ -14,7 +14,7 @@
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
     cmdclass = {}
 
-VERSION = "0.2.3"
+VERSION = "0.2.4"
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers
@@ -34,7 +34,7 @@
 DEPENDENCIES = [
     'azure-cli-core',
     'azure-mgmt-media==1.0.0rc1',
-    'azure-graphrbac==0.40.0'
+    'azure-graphrbac==0.51.1'
 ]
 
 with open('README.rst', 'r', encoding='utf-8') as f:

src/command_modules/azure-cli-keyvault/HISTORY.rst

@@ -2,6 +2,9 @@
 
 Release History
 ===============
+2.2.5
++++++
+* Minor changes
 
 2.2.4
 +++++

src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/custom.py

@@ -161,7 +161,7 @@ def list_keyvault(client, resource_group_name=None):
 def _get_current_user_object_id(graph_client):
     from msrestazure.azure_exceptions import CloudError
     try:
-        current_user = graph_client.objects.get_current_user()
+        current_user = graph_client.signed_in_user.get()
         if current_user and current_user.object_id:  # pylint:disable=no-member
             return current_user.object_id  # pylint:disable=no-member
     except CloudError:

src/command_modules/azure-cli-keyvault/setup.py

@@ -15,7 +15,7 @@
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
     cmdclass = {}
 
-VERSION = "2.2.4"
+VERSION = "2.2.5"
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers
@@ -36,7 +36,7 @@
 DEPENDENCIES = [
     'azure-mgmt-keyvault==1.1.0',
     'azure-keyvault==1.1.0',
-    'azure-graphrbac==0.40.0',
+    'azure-graphrbac==0.51.1',
     'azure-cli-core',
     'pyOpenSSL'
 ]

src/command_modules/azure-cli-lab/HISTORY.rst

@@ -2,6 +2,9 @@
 
 Release History
 ===============
+0.1.2
++++++
+* Minor changes
 
 0.1.1
 +++++

src/command_modules/azure-cli-lab/setup.py

@@ -12,7 +12,7 @@
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
     cmdclass = {}
 
-VERSION = "0.1.1"
+VERSION = "0.1.2"
 CLASSIFIERS = [
     'Development Status :: 4 - Beta',
     'Intended Audience :: Developers',
@@ -29,7 +29,7 @@
 
 DEPENDENCIES = [
     'azure-cli-core',
-    'azure-graphrbac==0.40.0',
+    'azure-graphrbac==0.51.1',
     'azure-mgmt-devtestlabs==2.2.0'
 ]
 

src/command_modules/azure-cli-role/HISTORY.rst

@@ -2,6 +2,9 @@
 
 Release History
 ===============
+2.1.8
+++++++
+* support add/remove/list owner on AAD Applciation and Group objects
 
 2.1.7
 ++++++

src/command_modules/azure-cli-role/azure/cli/command_modules/role/_help.py

@@ -167,6 +167,14 @@
     type: command
     short-summary: List application owners.
 """
+helps['ad app owner add'] = """
+    type: command
+    short-summary: add an application owner.
+"""
+helps['ad app owner remove'] = """
+    type: command
+    short-summary: remove an application owner.
+"""
 helps['ad user list'] = """
     type: command
     short-summary: List Azure Active Directory users.
@@ -300,6 +308,22 @@
     type: command
     short-summary: Check if a member is in a group.
 """
+helps['ad group owner'] = """
+    type: group
+    short-summary: Manage Azure Active Directory group owners.
+"""
+helps['ad group owner list'] = """
+    type: command
+    short-summary: List group owners.
+"""
+helps['ad group owner add'] = """
+    type: command
+    short-summary: add a group owner.
+"""
+helps['ad group owner remove'] = """
+    type: command
+    short-summary: remove a group owner.
+"""
 helps['ad sp'] = """
     type: group
     short-summary: Manage Azure Active Directory service principals for automation authentication.

src/command_modules/azure-cli-role/azure/cli/command_modules/role/_params.py

@@ -20,6 +20,7 @@
 def load_arguments(self, _):
     with self.argument_context('ad') as c:
         c.argument('_subscription')  # hide global subscription param
+        c.argument('owner_object_id', help="owner's object id")
 
     with self.argument_context('ad app') as c:
         c.argument('app_id', help='application id')

src/command_modules/azure-cli-role/azure/cli/command_modules/role/commands.py

@@ -24,7 +24,7 @@ def transform_assignment_list(result):
 
 
 def graph_err_handler(ex):
-    from azure.graphrbac.models.graph_error import GraphErrorException
+    from azure.graphrbac.models import GraphErrorException
     if isinstance(ex, GraphErrorException):
         from knack.util import CLIError
         raise CLIError(ex.message)
@@ -89,8 +89,9 @@ def load_command_table(self, _):
                                  custom_func_name='update_application', custom_func_type=role_custom)
 
     with self.command_group('ad app owner', exception_handler=graph_err_handler) as g:
-        g.custom_command('list', 'list_application_owners', client_factory=get_graph_client_applications)
-        # TODO: Add support for 'add' and 'remove'
+        g.custom_command('list', 'list_application_owners')
+        g.custom_command('add', 'add_application_owner')
+        g.custom_command('remove', 'remove_application_owner')
 
     with self.command_group('ad sp', resource_type=PROFILE_TYPE, exception_handler=graph_err_handler) as g:
         g.custom_command('create', 'create_service_principal')
@@ -100,7 +101,6 @@ def load_command_table(self, _):
 
     with self.command_group('ad sp owner', exception_handler=graph_err_handler) as g:
         g.custom_command('list', 'list_service_principal_owners')
-        # TODO: Add support for 'add' and 'remove'
 
     # RBAC related
     with self.command_group('ad sp', exception_handler=graph_err_handler) as g:
@@ -123,6 +123,11 @@ def load_command_table(self, _):
         g.command('get-member-groups', 'get_member_groups')
         g.custom_command('list', 'list_groups', client_factory=get_graph_client_groups)
 
+    with self.command_group('ad group owner', exception_handler=graph_err_handler) as g:
+        g.custom_command('list', 'list_group_owners')
+        g.custom_command('add', 'add_group_owner')
+        g.custom_command('remove', 'remove_group_owner')
+
     with self.command_group('ad group member', role_group_sdk, exception_handler=graph_err_handler) as g:
         g.command('list', 'get_group_members')
         g.command('add', 'add_member')