Skip to content

Sync eng/common directory with azure-sdk-tools for PR 2412 #19082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jsquire merged 1 commit into from
Dec 9, 2021
Merged

Sync eng/common directory with azure-sdk-tools for PR 2412 #19082

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 12 additions & 8 deletions eng/common/TestResources/New-TestResources.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -580,14 +580,18 @@ try {
$PSBoundParameters['TestApplicationOid'] = $TestApplicationOid
$PSBoundParameters['TestApplicationSecret'] = $TestApplicationSecret

# Grant the test service principal ownership over the resource group. This may fail if the provisioner is a
# service principal without permissions to grant RBAC roles to other service principals. That should not be
# considered a critical failure, as the test application may have subscription-level permissions and not require
# the explicit grant.
#
# Ignore this check if $AzureTestPrincipal is specified as role assignment will already have been attempted on a
# previous run, and these error messages can be misleading for local runs.
if (!$resourceGroupRoleAssigned -and !$AzureTestPrincipal) {
# If the role hasn't been explicitly assigned to the resource group and a cached service principal is in use,
# query to see if the grant is needed.
if (!$resourceGroupRoleAssigned -and $AzureTestPrincipal) {
$roleAssignment = Get-AzRoleAssignment -ObjectId $AzureTestPrincipal.Id -RoleDefinitionName 'Owner' -ResourceGroupName "$ResourceGroupName" -ErrorAction SilentlyContinue
$resourceGroupRoleAssigned = ($roleAssignment.RoleDefinitionName -eq 'Owner')
}

# If needed, grant the test service principal ownership over the resource group. This may fail if the provisioner
# is a service principal without permissions to grant RBAC roles to other service principals. That should not be
# considered a critical failure, as the test application may have subscription-level permissions and not require
# the explicit grant.
if (!$resourceGroupRoleAssigned) {
Log "Attempting to assigning the 'Owner' role for '$ResourceGroupName' to the Test Application '$TestApplicationId'"
$principalOwnerAssignment = New-AzRoleAssignment -RoleDefinitionName "Owner" -ApplicationId "$TestApplicationId" -ResourceGroupName "$ResourceGroupName" -ErrorAction SilentlyContinue

Expand Down