[AKS] role-assignment-fix: Azure#357 (Azure#7222)

timwarner-msft · Sep 5, 2018 · a056f5f · a056f5f
1 parent bce6671
commit a056f5f
Show file tree

Hide file tree

Showing 5 changed files with 1,568 additions and 2 deletions.
diff --git a/src/command_modules/azure-cli-acs/HISTORY.rst b/src/command_modules/azure-cli-acs/HISTORY.rst
@@ -3,6 +3,10 @@
 Release History
 ===============
 
+2.3.3
++++++
+* bugfix: creating role assignment for vnet-subnet-id when not specifying service principal and skip-role-assignemnt
+
 2.3.2
 +++++
 * `az aks create` now defaults to Standard_DS2_v2 VMs.

diff --git a/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py b/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py
@@ -1432,7 +1432,8 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value,  # pylint:
     if (vnet_subnet_id and not skip_subnet_role_assignment and
             not subnet_role_assignment_exists(cmd.cli_ctx, vnet_subnet_id)):
         scope = vnet_subnet_id
-        if not _add_role_assignment(cmd.cli_ctx, 'Network Contributor', service_principal, scope=scope):
+        if not _add_role_assignment(cmd.cli_ctx, 'Network Contributor',
+                                    service_principal_profile.client_id, scope=scope):
             logger.warning('Could not create a role assignment for subnet. '
                            'Are you an Owner on this subscription?')
 

diff --git a/...atest/recordings/test_aks_create_default_service_without_SP_and_with_role_assignment.yaml b/...atest/recordings/test_aks_create_default_service_without_SP_and_with_role_assignment.yaml
diff --git a/...and_modules/azure-cli-acs/azure/cli/command_modules/acs/tests/latest/test_aks_commands.py b/...and_modules/azure-cli-acs/azure/cli/command_modules/acs/tests/latest/test_aks_commands.py
@@ -274,6 +274,28 @@ def test_aks_create_default_service_with_skip_role_assignment(self, resource_gro
             self.is_empty()
         ])
 
+    @ResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='eastus')
+    def test_aks_create_default_service_without_SP_and_with_role_assignment(self, resource_group, resource_group_location):
+        aks_name = self.create_random_name('cliakstest', 16)
+        self.kwargs.update({
+            'resource_group': resource_group,
+            'name': aks_name,
+            'location': resource_group_location,
+            'vnet_subnet_id': self.generate_vnet_subnet_id(resource_group)
+        })
+        # create cluster without skip_role_assignment
+        create_cmd = 'aks create --resource-group={resource_group} --name={name} --location={location} ' \
+                     '--node-count=1 --vnet-subnet-id={vnet_subnet_id}  --no-ssh-key' 
+
+        self.cmd(create_cmd, checks=[
+            self.check('provisioningState', 'Succeeded')
+        ])
+
+        check_role_assignment_cmd = 'role assignment list --scope={vnet_subnet_id}'
+        self.cmd(check_role_assignment_cmd, checks=[
+            self.check('[0].scope', '{vnet_subnet_id}')
+        ])
+
 
     # It works in --live mode but fails in replay mode.get rid off @live_only attribute once this resolved
     @live_only()

diff --git a/src/command_modules/azure-cli-acs/setup.py b/src/command_modules/azure-cli-acs/setup.py
@@ -14,7 +14,7 @@
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
     cmdclass = {}
 
-VERSION = "2.3.2"
+VERSION = "2.3.3"
 CLASSIFIERS = [
     'Development Status :: 5 - Production/Stable',
     'Intended Audience :: Developers',