-
Notifications
You must be signed in to change notification settings - Fork 409
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test:
avm/res/network/service-endpoint-policy - add RBAC test (#3182)
## Description - added `max` test case with roleAssignments test - moved `locks` test from `waf-aligned` to `max` - removed unnecessary comment lines in test cases ## Pipeline Reference <!-- Insert your Pipeline Status Badge below --> | Pipeline | | -------- | | [](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.network.service-endpoint-policy.yml) | ## Type of Change <!-- Use the checkboxes [x] on the options that are relevant. --> - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [ ] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation ## Checklist - [ ] I'm sure there are no other open Pull Requests for the same update/change - [ ] I have run `Set-AVMModule` locally to generate the supporting module files. - [ ] My corresponding pipelines / checks run clean and green without any errors or warnings <!-- Please keep up to date with the contribution guide at https://aka.ms/avm/contribute/bicep --> Co-authored-by: Erika Gressi <[email protected]>
- Loading branch information
](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.network.service-endpoint-policy.yml){kind=link}
Showing
5 changed files
with
206 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
avm/res/network/service-endpoint-policy/tests/e2e/max/dependencies.bicep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| @description('Optional. The location to deploy to.') | ||
| param location string = resourceGroup().location | ||
|
|
||
| @description('Required. The name of the Managed Identity to create.') | ||
| param managedIdentityName string | ||
|
|
||
| resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { | ||
| name: managedIdentityName | ||
| location: location | ||
| } | ||
|
|
||
| @description('The principal ID of the created Managed Identity.') | ||
| output managedIdentityPrincipalId string = managedIdentity.properties.principalId |
87 changes: 87 additions & 0 deletions
87
avm/res/network/service-endpoint-policy/tests/e2e/max/main.test.bicep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,87 @@ | ||
| targetScope = 'subscription' | ||
|
|
||
| metadata name = 'Using large parameter set' | ||
| metadata description = 'This instance deploys the module with most of its features enabled.' | ||
|
|
||
| // ========== // | ||
| // Parameters // | ||
| // ========== // | ||
|
|
||
| @description('Optional. The name of the resource group to deploy for testing purposes.') | ||
| @maxLength(90) | ||
| param resourceGroupName string = 'dep-${namePrefix}-network.serviceendpointpolicy-${serviceShort}-rg' | ||
|
|
||
| @description('Optional. The location to deploy resources to.') | ||
| param resourceLocation string = deployment().location | ||
|
|
||
| @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') | ||
| param serviceShort string = 'nsepmax' | ||
|
|
||
| @description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') | ||
| param namePrefix string = '#_namePrefix_#' | ||
|
|
||
| // ============ // | ||
| // Dependencies // | ||
| // ============ // | ||
|
|
||
| // General resources | ||
| // ================= | ||
| resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { | ||
| name: resourceGroupName | ||
| location: resourceLocation | ||
| } | ||
|
|
||
| module nestedDependencies 'dependencies.bicep' = { | ||
| scope: resourceGroup | ||
| name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' | ||
| params: { | ||
| managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' | ||
| location: resourceLocation | ||
| } | ||
| } | ||
|
|
||
| // ============== // | ||
| // Test Execution // | ||
| // ============== // | ||
| @batchSize(1) | ||
| module testDeployment '../../../main.bicep' = [ | ||
| for iteration in ['init', 'idem']: { | ||
| scope: resourceGroup | ||
| name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' | ||
| params: { | ||
| name: '${namePrefix}${serviceShort}001' | ||
| location: resourceLocation | ||
| lock: { | ||
| kind: 'CanNotDelete' | ||
| name: 'myCustomLockName' | ||
| } | ||
| roleAssignments: [ | ||
| { | ||
| name: '36fbc5db-13e9-4bda-9594-1b1cc9db2d6d' | ||
| roleDefinitionIdOrName: 'Owner' | ||
| principalId: nestedDependencies.outputs.managedIdentityPrincipalId | ||
| principalType: 'ServicePrincipal' | ||
| } | ||
| { | ||
| name: guid('Custom seed ${namePrefix}${serviceShort}') | ||
| roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' | ||
| principalId: nestedDependencies.outputs.managedIdentityPrincipalId | ||
| principalType: 'ServicePrincipal' | ||
| } | ||
| { | ||
| roleDefinitionIdOrName: subscriptionResourceId( | ||
| 'Microsoft.Authorization/roleDefinitions', | ||
| 'acdd72a7-3385-48ef-bd42-f606fba81ae7' | ||
| ) | ||
| principalId: nestedDependencies.outputs.managedIdentityPrincipalId | ||
| principalType: 'ServicePrincipal' | ||
| } | ||
| ] | ||
| tags: { | ||
| 'hidden-title': 'This is visible in the resource name' | ||
| Environment: 'Non-Prod' | ||
| Role: 'DeploymentValidation' | ||
| } | ||
| } | ||
| } | ||
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters