Skip to content

{Role} Bump ResourceType.MGMT_AUTHORIZATION to 2020-04-01-preview#14317

Merged
jiasli merged 5 commits intoAzure:devfrom
jiasli:role-live
Sep 11, 2020
Merged

{Role} Bump ResourceType.MGMT_AUTHORIZATION to 2020-04-01-preview#14317
jiasli merged 5 commits intoAzure:devfrom
jiasli:role-live

Conversation

@jiasli
Copy link
Member

@jiasli jiasli commented Jul 10, 2020
edited
Loading

Description

  1. Bump ResourceType.MGMT_AUTHORIZATION to 2020-04-01-preview.
  2. Fix live tests for Role module.

@jiasli
Copy link
Member Author

jiasli commented Jul 10, 2020
edited
Loading

test_create_for_rbac_with_existing_kv_cert fails, because of:

azure-devtools bug: incorrect bytes -> str conversion

Azure CLI pinned azure-devtools to 1.0.0, which has a bug with SingleValueReplacer (fixed in Azure/azure-python-devtools#56, but not released even until 1.1.1) at this line

https://github.com/Azure/azure-python-devtools/blob/1.0.0/src/azure_devtools/scenario_tests/preparers.py#L108

body = str(request.body)

This is the wrong way to convert bytes to str:

https://docs.python.org/3/library/stdtypes.html#str

Passing a bytes object to str() without the encoding or errors arguments falls under the first case of returning the informal string representation (see also the -b command-line option to Python)> . For example:

>>> str(b'Zoot!')
"b'Zoot!'"

This causes all the weird request.body in recorded YAMLs:

azure-cli/src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_generic_subscription_locks.yaml

Lines 303 to 304 in 55d53ba

body: 'b''b\''{"properties": {"level": "ReadOnly", "notes": "notes000002"}, "name":
"cli-test-lock000001"}\'''''

vcrpy bug: replacers are called twice

Due to another bug in vcrpy (kevin1024/vcrpy#543), replacers are called twice. When <Request (POST) https://graph.windows.net/00000000-0000-0000-0000-000000000000/applications?api-version=1.6> is recorded, the replacers are executed in the following order:

azure.cli.testsdk.utilities.GraphClientPasswordReplacer
azure.cli.testsdk.preparers.ResourceGroupPreparer        << This corrupts the JSON

azure.cli.testsdk.utilities.GraphClientPasswordReplacer  << This fails with JSONDecodeError
azure.cli.testsdk.preparers.ResourceGroupPreparer

As ResourceGroupPreparer inherits from SingleValueReplacer, it corrupts the JSON as

b'{"availableToOtherTenants": false, ...}'

Then GraphClientPasswordReplacer fails to load the JSON with JSONDecodeError:

azure-cli/src/azure-cli-testsdk/azure/cli/testsdk/utilities.py

Line 132 in a305967

body = json.loads(body)

Solution

We need to release the latest azure-devtools and use it to correctly converts bytes to str:

https://github.com/Azure/azure-python-devtools/blob/master/src/azure_devtools/scenario_tests/preparers.py#L108

body = str(request.body, 'utf-8') if isinstance(request.body, bytes) else str(request.body)

jiasli
jiasli commented Jul 10, 2020
View reviewed changes
...command_modules/role/tests/latest/recordings/test_create_for_rbac_with_existing_kv_cert.yaml Outdated
Copy link
Member Author

@jiasli jiasli Jul 10, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The weird b''b\'' prefix has been removed by using the latest azure-devtools.

- body: 'b''b\''{"availableToOtherTenants": false, "homepage": "https://cli_test_sp_with_kv_existing_cert000001",
+ body: '{"availableToOtherTenants": false, "homepage": "https://cli_test_sp_with_kv_existing_cert000001",

@jiasli jiasli marked this pull request as draft July 10, 2020 09:34
@yonzhan yonzhan added this to the S173 milestone Jul 10, 2020
@yonzhan
Copy link
Collaborator

yonzhan commented Jul 10, 2020

add to S173

@jiasli jiasli mentioned this pull request Jul 22, 2020
Merged
@jiasli jiasli modified the milestones: S173, S174 Jul 29, 2020
@yonzhan yonzhan modified the milestones: S174, S175 - For Ignite Aug 22, 2020
@yonzhan yonzhan requested a review from jsntcy August 22, 2020 17:01
@jiasli jiasli closed this Aug 28, 2020
@jiasli jiasli mentioned this pull request Aug 28, 2020
Merged
@jiasli jiasli reopened this Sep 9, 2020
@jiasli jiasli changed the title {Role} Fix live tests {Role} Bump ResourceType.MGMT_AUTHORIZATION to 2020-04-01-preview Sep 9, 2020
@jiasli jiasli marked this pull request as ready for review September 9, 2020 03:09
qwordy
qwordy reviewed Sep 9, 2020
View reviewed changes
src/azure-cli-core/azure/cli/core/profiles/_shared.py
ResourceType.MGMT_AUTHORIZATION: SDKProfile('2018-09-01-preview', {
ResourceType.MGMT_AUTHORIZATION: SDKProfile('2020-04-01-preview', {
'classic_administrators': '2015-06-01',
'role_definitions': '2018-01-01-preview',
Copy link
Member

@qwordy qwordy Sep 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need update this line?

Copy link
Member Author

@jiasli jiasli Sep 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2018-01-01-preview is the latest version which contains RoleDefinition.

@jiasli
Merge branch 'dev' into role-live
93109b0 
# Conflicts:
#	src/azure-cli/azure/cli/command_modules/role/custom.py
#	src/azure-cli/azure/cli/command_modules/vm/tests/latest/recordings/test_disk_encryption_set.yaml
#	src/azure-cli/azure/cli/command_modules/vm/tests/latest/recordings/test_disk_encryption_set_disk_update.yaml
#	src/azure-cli/azure/cli/command_modules/vm/tests/latest/recordings/test_disk_encryption_set_snapshot.yaml
#	src/azure-cli/azure/cli/command_modules/vm/tests/latest/recordings/test_disk_encryption_set_update.yaml
#	src/azure-cli/azure/cli/command_modules/vm/tests/latest/recordings/test_gallery_e2e.yaml
@jiasli
rerun tests
fd9a419
jiasli
jiasli commented Sep 10, 2020
View reviewed changes
src/azure-cli/azure/cli/command_modules/role/tests/hybrid_2018_03_01/test_role.py
class RbacSPKeyVaultScenarioTest2(ScenarioTest):
@ResourceGroupPreparer(name_prefix='cli_test_sp_with_kv_new_cert')
@KeyVaultPreparer(name_prefix='test_create_for_rbac_with_new_kv_cert')
@KeyVaultPreparer(name_prefix='test-rbac-new-kv')
Copy link
Member Author

@jiasli jiasli Sep 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name is too long for name_prefix. Shortening it.

src/azure-cli/azure/cli/command_modules/role/tests/latest/test_graph.py
# TODO: https://github.com/Azure/azure-cli/pull/13769 fails to work
# Cert created with
# openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 10000 -out certificate.pem
self.kwargs['cert_file'] = """
Copy link
Member Author

@jiasli jiasli Sep 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regenerate an un-expired cert.

arrownj
arrownj reviewed Sep 10, 2020
View reviewed changes
src/azure-cli/azure/cli/command_modules/role/tests/util.py
# Due to unstable role definition ARIs: https://github.com/Azure/azure-cli/issues/3187
import time
result = None
while not result:
Copy link
Contributor

@arrownj arrownj Sep 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better to add a max_retry

Copy link
Member Author

@jiasli jiasli Sep 10, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't exactly know what number is suitable. The result is pretty unpredictable. It won't affect the CI as the tests will definitely succeed. So I want to put it on hold for now.

Copy link
Member Author

@jiasli jiasli Sep 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added as requested. Let's use ROLE_COMMAND_MAX_RETRY = 20 for now.

@jiasli jiasli requested a review from arrownj September 10, 2020 06:11
@jiasli jiasli merged commit 5b30f29 into Azure:dev Sep 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsntcy jsntcy jsntcy approved these changes

@zhoxing-ms zhoxing-ms zhoxing-ms approved these changes

@haroldrandom haroldrandom Awaiting requested review from haroldrandom

@fengzhou-msft fengzhou-msft Awaiting requested review from fengzhou-msft

@Juliehzl Juliehzl Awaiting requested review from Juliehzl

+3 more reviewers

@arrownj arrownj arrownj approved these changes

@qwordy qwordy qwordy approved these changes

@mmyyrroonn mmyyrroonn mmyyrroonn approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jiasli jiasli

Labels

None yet

Projects

None yet

Milestone

S175 - For Ignite

Development

Successfully merging this pull request may close these issues.

7 participants

@jiasli @yonzhan @arrownj @qwordy @jsntcy @zhoxing-ms @mmyyrroonn