From f530a98728473a64002573f40b3fcb7a38102625 Mon Sep 17 00:00:00 2001
From: Paymaun <Paymaunh@microsoft.com>
Date: Mon, 1 Feb 2021 11:10:50 -0800
Subject: [PATCH] Assign MSI principal IT (#308)

* Assign MSI principal test.
* add skip test decorator
---
 .../test_dt_resource_lifecycle_int.py         | 81 +++++++++++++++----
 1 file changed, 65 insertions(+), 16 deletions(-)

diff --git a/azext_iot/tests/digitaltwins/test_dt_resource_lifecycle_int.py b/azext_iot/tests/digitaltwins/test_dt_resource_lifecycle_int.py
index f282a5cdb..8dcc093a2 100644
--- a/azext_iot/tests/digitaltwins/test_dt_resource_lifecycle_int.py
+++ b/azext_iot/tests/digitaltwins/test_dt_resource_lifecycle_int.py
@@ -57,9 +57,36 @@ class TestDTResourceLifecycle(DTLiveScenarioTest):
     def __init__(self, test_case):
         super(TestDTResourceLifecycle, self).__init__(test_case)
 
+    @pytest.mark.skipif(
+        not all(
+            [
+                settings.env.azext_dt_ep_rg,
+                settings.env.azext_dt_ep_eventgrid_topic,
+                settings.env.azext_dt_ep_servicebus_topic,
+                settings.env.azext_dt_ep_servicebus_namespace,
+            ]
+        ),
+        reason="Required env vars missing.",
+    )
     def test_dt_resource(self):
         self.wait_for_capacity(capacity=3)
 
+        eventgrid_topic_id = self.cmd(
+            "eventgrid topic show -g {} -n {}".format(
+                settings.env.azext_dt_ep_rg, settings.env.azext_dt_ep_eventgrid_topic
+            )
+        ).get_output_in_json()["id"]
+
+        servicebus_topic_id = self.cmd(
+            "servicebus topic show -g {} -n {} --namespace-name {}".format(
+                settings.env.azext_dt_ep_rg,
+                settings.env.azext_dt_ep_servicebus_topic,
+                settings.env.azext_dt_ep_servicebus_namespace,
+            )
+        ).get_output_in_json()["id"]
+
+        scope_ids = [eventgrid_topic_id, servicebus_topic_id]
+
         instance_names = [generate_resource_id(), generate_resource_id()]
         create_output = self.cmd(
             "dt create -n {} -g {} -l {} --tags {}".format(
@@ -79,6 +106,18 @@ def test_dt_resource(self):
             MOCK_RESOURCE_TAGS_DICT,
         )
 
+        show_output = self.cmd(
+            "dt show -n {}".format(instance_names[0])
+        ).get_output_in_json()
+
+        assert_common_resource_attributes(
+            show_output,
+            instance_names[0],
+            self.rg,
+            self.region,
+            MOCK_RESOURCE_TAGS_DICT,
+        )
+
         # Explictly assert create prevents provisioning on a name conflict (across regions)
         self.cmd(
             "dt create -n {} -g {} -l {} --tags {}".format(
@@ -92,7 +131,9 @@ def test_dt_resource(self):
 
         # No location specified. Use the resource group location.
         create_msi_output = self.cmd(
-            "dt create -n {} -g {} --assign-identity".format(instance_names[1], self.rg)
+            "dt create -n {} -g {} --assign-identity --scopes {}".format(
+                instance_names[1], self.rg, " ".join(scope_ids)
+            )
         ).get_output_in_json()
         self.track_instance(create_msi_output)
 
@@ -105,18 +146,6 @@ def test_dt_resource(self):
             assign_identity=True,
         )
 
-        show_output = self.cmd(
-            "dt show -n {}".format(instance_names[0])
-        ).get_output_in_json()
-
-        assert_common_resource_attributes(
-            show_output,
-            instance_names[0],
-            self.rg,
-            self.region,
-            MOCK_RESOURCE_TAGS_DICT,
-        )
-
         show_msi_output = self.cmd(
             "dt show -n {} -g {}".format(instance_names[1], self.rg)
         ).get_output_in_json()
@@ -130,11 +159,27 @@ def test_dt_resource(self):
             assign_identity=True,
         )
 
+        role_assignment_egt_list = self.cmd(
+            "role assignment list --scope {} --assignee {}".format(
+                eventgrid_topic_id, show_msi_output["identity"]["principalId"]
+            )
+        ).get_output_in_json()
+        assert len(role_assignment_egt_list) == 1
+
+        role_assignment_sbt_list = self.cmd(
+            "role assignment list --scope {} --assignee {}".format(
+                servicebus_topic_id, show_msi_output["identity"]["principalId"]
+            )
+        ).get_output_in_json()
+        assert len(role_assignment_sbt_list) == 1
+
         # Update tags and disable MSI
         updated_tags = "env=test tier=premium"
         updated_tags_dict = {"env": "test", "tier": "premium"}
         remove_msi_output = self.cmd(
-            "dt create -n {} -g {} --assign-identity false --tags {}".format(instance_names[1], self.rg, updated_tags)
+            "dt create -n {} -g {} --assign-identity false --tags {}".format(
+                instance_names[1], self.rg, updated_tags
+            )
         ).get_output_in_json()
 
         assert_common_resource_attributes(
@@ -633,10 +678,14 @@ def assert_common_endpoint_attributes(
     assert endpoint_output["properties"]["createdTime"]
 
     if dead_letter_secret:
-        assert endpoint_output["properties"]["deadLetterSecret"]
+        assert endpoint_output["properties"][
+            "deadLetterSecret"
+        ], "Expected deadletter secret."
 
     if dead_letter_endpoint:
-        assert endpoint_output["properties"]["deadLetterUri"]
+        assert endpoint_output["properties"][
+            "deadLetterUri"
+        ], "Expected deadletter Uri."
 
     # Currently DT -> EventGrid is only key based.
     if endpoint_type == ADTEndpointType.eventgridtopic: