Skip to content

Commit dffa3ed

Browse files
azure-sdkJoshLove-msftheaths
authored
Sync eng/common directory with azure-sdk-tools for PR 7584 (#5294)
* Fix role assignment for user auth * PR fb * Apply suggestions from code review Co-authored-by: Heath Stewart <[email protected]> --------- Co-authored-by: jolov <[email protected]> Co-authored-by: JoshLove-msft <[email protected]> Co-authored-by: Heath Stewart <[email protected]>
1 parent 55afd2d commit dffa3ed

File tree

1 file changed

+18
-15
lines changed

1 file changed

+18
-15
lines changed

eng/common/TestResources/New-TestResources.ps1

Lines changed: 18 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -619,9 +619,11 @@ try {
619619
Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when UserAuth is set."
620620
}
621621

622-
$TestApplicationOid = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id
622+
$userAccount = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account)
623+
$TestApplicationOid = $userAccount.Id
623624
$TestApplicationId = $testApplicationOid
624-
Log "User-based app id '$TestApplicationId' will be used."
625+
$userAccountName = $userAccount.UserPrincipalName
626+
Log "User authentication with user '$userAccountName' ('$TestApplicationId') will be used."
625627
}
626628
# If no test application ID was specified during an interactive session, create a new service principal.
627629
elseif (!$CI -and !$TestApplicationId) {
@@ -686,11 +688,11 @@ try {
686688
$PSBoundParameters['TestApplicationOid'] = $TestApplicationOid
687689
$PSBoundParameters['TestApplicationSecret'] = $TestApplicationSecret
688690

689-
# If the role hasn't been explicitly assigned to the resource group and a cached service principal is in use,
691+
# If the role hasn't been explicitly assigned to the resource group and a cached service principal or user authentication is in use,
690692
# query to see if the grant is needed.
691-
if (!$resourceGroupRoleAssigned -and $AzureTestPrincipal) {
693+
if (!$resourceGroupRoleAssigned -and $TestApplicationOid) {
692694
$roleAssignment = Get-AzRoleAssignment `
693-
-ObjectId $AzureTestPrincipal.Id `
695+
-ObjectId $TestApplicationOid `
694696
-RoleDefinitionName 'Owner' `
695697
-ResourceGroupName "$ResourceGroupName" `
696698
-ErrorAction SilentlyContinue
@@ -702,19 +704,20 @@ try {
702704
# considered a critical failure, as the test application may have subscription-level permissions and not require
703705
# the explicit grant.
704706
if (!$resourceGroupRoleAssigned) {
705-
Log "Attempting to assigning the 'Owner' role for '$ResourceGroupName' to the Test Application '$TestApplicationId'"
706-
$principalOwnerAssignment = New-AzRoleAssignment `
707-
-RoleDefinitionName "Owner" `
708-
-ApplicationId "$TestApplicationId" `
709-
-ResourceGroupName "$ResourceGroupName" `
710-
-ErrorAction SilentlyContinue
711-
712-
if ($principalOwnerAssignment.RoleDefinitionName -eq 'Owner') {
713-
Write-Verbose "Successfully assigned ownership of '$ResourceGroupName' to the Test Application '$TestApplicationId'"
707+
$idSlug = if ($userAuth) { "User '$userAccountName' ('$TestApplicationId')"} else { "Test Application '$TestApplicationId'"};
708+
Log "Attempting to assign the 'Owner' role for '$ResourceGroupName' to the $idSlug"
709+
$ownerAssignment = New-AzRoleAssignment `
710+
-RoleDefinitionName "Owner" `
711+
-ObjectId "$TestApplicationOId" `
712+
-ResourceGroupName "$ResourceGroupName" `
713+
-ErrorAction SilentlyContinue
714+
715+
if ($ownerAssignment.RoleDefinitionName -eq 'Owner') {
716+
Write-Verbose "Successfully assigned ownership of '$ResourceGroupName' to the $idSlug"
714717
} else {
715718
Write-Warning ("The 'Owner' role for '$ResourceGroupName' could not be assigned. " +
716719
"You may need to manually grant 'Owner' for the resource group to the " +
717-
"Test Application '$TestApplicationId' if it does not have subscription-level permissions.")
720+
"$idSlug if it does not have subscription-level permissions.")
718721
}
719722
}
720723

0 commit comments

Comments
 (0)