Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ARM] BREAKING CHANGE: az stack mg create: Enable mg scoped deployments for mg scoped stacks #27709

Merged
merged 3 commits into from
Nov 6, 2023
Merged

[ARM] BREAKING CHANGE: az stack mg create: Enable mg scoped deployments for mg scoped stacks #27709

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ed07781
enabling mg scoped deployments for mg stacks (and fixing sub stack rg…
dantedallag Oct 27, 2023
6e78854
retrigger checks
dantedallag Oct 30, 2023
14d237c
retrigger checks
dantedallag Oct 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 17 additions & 15 deletions src/azure-cli/azure/cli/command_modules/resource/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2392,22 +2392,23 @@ def create_deployment_stack_at_subscription(cmd, name, location, deny_settings_m
except: # pylint: disable=bare-except
pass

if not deployment_resource_group:
deployment_scope = "/subscriptions/" + get_subscription_id(cmd.cli_ctx)
else:
deployment_scope = "/subscriptions/" + \
get_subscription_id(cmd.cli_ctx) + "/resourceGroups/" + deployment_resource_group

action_on_unmanage_model = rcf.deployment_stacks.models.DeploymentStackPropertiesActionOnUnmanage(
resources=delete_resources_enum, resource_groups=delete_resource_groups_enum)
apply_to_child_scopes = deny_settings_apply_to_child_scopes
deny_settings_model = rcf.deployment_stacks.models.DenySettings(
mode=deny_settings_enum, excluded_principals=excluded_principals_array, excluded_actions=excluded_actions_array, apply_to_child_scopes=apply_to_child_scopes)
deployment_stack_model = rcf.deployment_stacks.models.DeploymentStack(
description=description, location=location, action_on_unmanage=action_on_unmanage_model, deployment_scope=deployment_scope, deny_settings=deny_settings_model, tags=tags)
description=description, location=location, action_on_unmanage=action_on_unmanage_model, deny_settings=deny_settings_model, tags=tags)

if deployment_resource_group:
deployment_stack_model.deployment_scope = "/subscriptions/" + \
get_subscription_id(cmd.cli_ctx) + "/resourceGroups/" + deployment_resource_group
deployment_scope = 'resourceGroup'
else:
deployment_scope = 'subscription'

deployment_stack_model = _prepare_stacks_templates_and_parameters(
cmd, rcf, 'subscription', deployment_stack_model, template_file, template_spec, template_uri, parameters, query_string)
cmd, rcf, deployment_scope, deployment_stack_model, template_file, template_spec, template_uri, parameters, query_string)

return sdk_no_wait(no_wait, rcf.deployment_stacks.begin_create_or_update_at_subscription, name, deployment_stack_model)

Expand Down Expand Up @@ -2643,21 +2644,22 @@ def create_deployment_stack_at_management_group(cmd, management_group_id, name,
except: # pylint: disable=bare-except
pass

if not deployment_subscription:
deployment_scope = "/subscriptions/" + get_subscription_id(cmd.cli_ctx)
else:
deployment_scope = "/subscriptions/" + deployment_subscription

action_on_unmanage_model = rcf.deployment_stacks.models.DeploymentStackPropertiesActionOnUnmanage(
resources=delete_resources_enum, resource_groups=delete_resource_groups_enum)
apply_to_child_scopes = deny_settings_apply_to_child_scopes
deny_settings_model = rcf.deployment_stacks.models.DenySettings(
mode=deny_settings_enum, excluded_principals=excluded_principals_array, excluded_actions=excluded_actions_array, apply_to_child_scopes=apply_to_child_scopes)
deployment_stack_model = rcf.deployment_stacks.models.DeploymentStack(
description=description, location=location, action_on_unmanage=action_on_unmanage_model, deployment_scope=deployment_scope, deny_settings=deny_settings_model, tags=tags)
description=description, location=location, action_on_unmanage=action_on_unmanage_model, deny_settings=deny_settings_model, tags=tags)

if deployment_subscription:
deployment_stack_model.deployment_scope = "/subscriptions/" + deployment_subscription
deployment_scope = 'subscription'
else:
deployment_scope = 'managementGroup'

deployment_stack_model = _prepare_stacks_templates_and_parameters(
cmd, rcf, 'managementGroup', deployment_stack_model, template_file, template_spec, template_uri, parameters, query_string)
cmd, rcf, deployment_scope, deployment_stack_model, template_file, template_spec, template_uri, parameters, query_string)

return sdk_no_wait(no_wait, rcf.deployment_stacks.begin_create_or_update_at_management_group, management_group_id, name, deployment_stack_model)

Expand Down
1,173 changes: 709 additions & 464 deletions ...dules/resource/tests/latest/recordings/test_create_deployment_stack_management_group.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2,391 changes: 1,342 additions & 1,049 deletions ...modules/resource/tests/latest/recordings/test_create_deployment_stack_resource_group.yaml
View file
Open in desktop

Large diffs are not rendered by default.

538 changes: 369 additions & 169 deletions ...ource/tests/latest/recordings/test_create_deployment_stack_resource_group_with_bicep.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2,612 changes: 1,310 additions & 1,302 deletions ...d_modules/resource/tests/latest/recordings/test_create_deployment_stack_subscription.yaml
View file
Open in desktop

Large diffs are not rendered by default.

266 changes: 136 additions & 130 deletions ...esource/tests/latest/recordings/test_create_deployment_stack_subscription_with_bicep.yaml
View file
Open in desktop

Large diffs are not rendered by default.

509 changes: 251 additions & 258 deletions ...dules/resource/tests/latest/recordings/test_delete_deployment_stack_management_group.yaml
View file
Open in desktop

Large diffs are not rendered by default.

1,236 changes: 693 additions & 543 deletions ...modules/resource/tests/latest/recordings/test_delete_deployment_stack_resource_group.yaml
View file
Open in desktop

Large diffs are not rendered by default.

1,474 changes: 628 additions & 846 deletions ...d_modules/resource/tests/latest/recordings/test_delete_deployment_stack_subscription.yaml
View file
Open in desktop

Large diffs are not rendered by default.

112 changes: 54 additions & 58 deletions ...ource/tests/latest/recordings/test_export_template_deployment_stack_management_group.yaml
View file
Open in desktop

Large diffs are not rendered by default.

102 changes: 51 additions & 51 deletions ...esource/tests/latest/recordings/test_export_template_deployment_stack_resource_group.yaml
View file
Open in desktop

Large diffs are not rendered by default.

114 changes: 55 additions & 59 deletions .../resource/tests/latest/recordings/test_export_template_deployment_stack_subscription.yaml
View file
Open in desktop

Large diffs are not rendered by default.

129 changes: 66 additions & 63 deletions ...modules/resource/tests/latest/recordings/test_list_deployment_stack_management_group.yaml
View file
Open in desktop

Large diffs are not rendered by default.

90 changes: 45 additions & 45 deletions ...d_modules/resource/tests/latest/recordings/test_list_deployment_stack_resource_group.yaml
View file
Open in desktop

Large diffs are not rendered by default.

1,021 changes: 222 additions & 799 deletions ...and_modules/resource/tests/latest/recordings/test_list_deployment_stack_subscription.yaml
View file
Open in desktop

Large diffs are not rendered by default.

130 changes: 60 additions & 70 deletions ...modules/resource/tests/latest/recordings/test_show_deployment_stack_management_group.yaml
View file
Open in desktop

Large diffs are not rendered by default.

110 changes: 55 additions & 55 deletions ...d_modules/resource/tests/latest/recordings/test_show_deployment_stack_resource_group.yaml
View file
Open in desktop

Large diffs are not rendered by default.

123 changes: 59 additions & 64 deletions ...and_modules/resource/tests/latest/recordings/test_show_deployment_stack_subscription.yaml
View file
Open in desktop

Large diffs are not rendered by default.

25 changes: 19 additions & 6 deletions src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2307,6 +2307,7 @@ def test_create_deployment_stack_subscription_with_bicep(self, resource_group):
# test bicep param file
self.cmd('stack sub create --name {name} --location {location} --deployment-resource-group {resource-group} -p "{bicep-param-file}" --deny-settings-mode "none" --delete-all --yes', checks=self.check('provisioningState', 'succeeded'))

# cleanup
self.cmd('stack sub delete --name {name} --yes')

def test_show_deployment_stack_subscription(self):
Expand Down Expand Up @@ -2919,7 +2920,18 @@ def test_create_deployment_stack_management_group(self, resource_group):
# cleanup
self.cmd('stack mg delete --name {name} --management-group-id {mg} --yes')

# create deployment stack with template file and parameter file
# create deployment stack with template file and parameter file (with subscription scoped deployment)
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --template-file "{template-file}" --deployment-subscription {subscription} --deny-settings-mode "none" --parameters "{parameter-file}" --description "MG stack deployment" --delete-all --deny-settings-excluded-principals "principal1 principal2" --deny-settings-excluded-actions "action1 action2" --deny-settings-apply-to-child-scopes --no-wait', checks=self.is_empty())

time.sleep(20)

# check if the stack was created successfully
self.cmd('stack mg show --name {name} --management-group-id {mg}', checks=self.check('provisioningState', 'succeeded'))

# cleanup
self.cmd('stack mg delete --name {name} --management-group-id {mg} --yes')

# create deployment stack with template file and parameter file (with management group scoped deployment)
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --template-file "{template-file}" --deny-settings-mode "none" --parameters "{parameter-file}" --description "MG stack deployment" --delete-all --deny-settings-excluded-principals "principal1 principal2" --deny-settings-excluded-actions "action1 action2" --deny-settings-apply-to-child-scopes --no-wait', checks=self.is_empty())

time.sleep(20)
Expand All @@ -2931,10 +2943,10 @@ def test_create_deployment_stack_management_group(self, resource_group):
self.cmd('stack mg delete --name {name} --management-group-id {mg} --yes')

# test delete flag --delete-resource-groups - create stack with resource1
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --template-file "{template-file-rg}" --deny-settings-mode "none" --parameters "name={resource-one}" --delete-resources --tags "tag1 tag2"', checks=self.check('provisioningState', 'succeeded'))
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --template-file "{template-file-rg}" --deployment-subscription {subscription} --deny-settings-mode "none" --parameters "name={resource-one}" --delete-resources --tags "tag1 tag2"', checks=self.check('provisioningState', 'succeeded'))

# update stack with resource2 set to detach
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --template-file "{template-file-rg}" --deny-settings-mode "none" --parameters "name={resource-two}"', checks=self.check('provisioningState', 'succeeded'))
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --template-file "{template-file-rg}" --deployment-subscription {subscription} --deny-settings-mode "none" --parameters "name={resource-two}"', checks=self.check('provisioningState', 'succeeded'))

# check resource1 still exists in Azure
self.cmd('group show -n {resource-one}')
Expand All @@ -2943,7 +2955,7 @@ def test_create_deployment_stack_management_group(self, resource_group):
self.cmd('group show -n {resource-two}')

# update stack with resource3 set to delete
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --template-file "{template-file-rg}" --deny-settings-mode "none" --parameters "name={resource-three}" --delete-resources', checks=self.check('provisioningState', 'succeeded'))
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --template-file "{template-file-rg}" --deployment-subscription {subscription} --deny-settings-mode "none" --parameters "name={resource-three}" --delete-resources', checks=self.check('provisioningState', 'succeeded'))

# check resource1 still exists in Azure
self.cmd('group show -n {resource-one}')
Expand Down Expand Up @@ -2996,6 +3008,7 @@ def test_delete_deployment_stack_management_group(self):
self.kwargs.update({
'name': deployment_stack_name,
'location': location,
'subscription': self.get_subscription_id(),
'template-file': os.path.join(curr_dir, 'simple_template.json').replace('\\', '\\\\'),
'parameter-file': os.path.join(curr_dir, 'simple_template_params.json').replace('\\', '\\\\'),
'template-file-spec': os.path.join(curr_dir, 'simple_template_spec.json').replace('\\', '\\\\'),
Expand Down Expand Up @@ -3033,7 +3046,7 @@ def test_delete_deployment_stack_management_group(self):
self.cmd('stack mg delete --id {id} --management-group-id {mg} --yes')

# test delete flag --delete-resource-groups - create stack with resource1
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --template-file "{template-file-rg}" --deny-settings-mode "none" --parameters "name={resource-one}" --yes', checks=self.check('provisioningState', 'succeeded'))
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --deployment-subscription {subscription} --template-file "{template-file-rg}" --deny-settings-mode "none" --parameters "name={resource-one}" --yes', checks=self.check('provisioningState', 'succeeded'))

# delete stack with resource1 set to detach
self.cmd('stack mg delete --name {name} --management-group-id {mg} --yes')
Expand All @@ -3042,7 +3055,7 @@ def test_delete_deployment_stack_management_group(self):
self.cmd('group show -n {resource-one}')

# update stack with resource3 set to delete
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --template-file "{template-file-rg}" --deny-settings-mode "none" --parameters "name={resource-two}" --delete-resources --delete-resource-groups --yes', checks=self.check('provisioningState', 'succeeded'))
self.cmd('stack mg create --name {name} --management-group-id {mg} --location {location} --deployment-subscription {subscription} --template-file "{template-file-rg}" --deny-settings-mode "none" --parameters "name={resource-two}" --delete-resources --delete-resource-groups --yes', checks=self.check('provisioningState', 'succeeded'))

# delete stack with resource1 set to detach
self.cmd('stack mg delete --name {name} --management-group-id {mg} --delete-resources --delete-resource-groups --yes')
Expand Down