Repro for #2737

danielrbradley · danielrbradley · commit b0ffdc750366 · 2024-12-06T20:39:13.000Z
diff --git a/provider/provider_test.go b/provider/provider_test.go
@@ -55,6 +55,20 @@ func test(t *testing.T, dir string, opts ...optproviderupgrade.PreviewProviderUp
 	assertpreview.HasNoDeletes(t, previewResult)
 }
 
+func setupTest(t *testing.T, dir string) *pulumitest.PulumiTest {
+	t.Helper()
+	if testing.Short() {
+		t.Skipf("Skipping in testing.Short() mode, assuming this is a CI run without cloud credentials")
+		return nil
+	}
+	subscriptionID := getSubscriptionID(t)
+	rpFactory := providers.ResourceProviderFactory(providerServer)
+	pt := pulumitest.NewPulumiTest(t, dir,
+		opttest.AttachProvider("azure", rpFactory))
+	pt.SetConfig(t, "azure:subscriptionId", subscriptionID)
+	return pt
+}
+
 func TestUpgradeCoverage(t *testing.T) {
 	providertest.ReportUpgradeCoverage(t)
 }
diff --git a/provider/provider_yaml_test.go b/provider/provider_yaml_test.go
@@ -10,6 +10,7 @@ import (
 	"testing"
 
 	"github.com/pulumi/providertest/optproviderupgrade"
+	"github.com/pulumi/providertest/pulumitest/assertup"
 )
 
 func Test_appinsights(t *testing.T) {
@@ -100,3 +101,9 @@ func Test_hdinsight(t *testing.T) {
 	test(t, filepath.Join("test-programs", "hdinsight"),
 		optproviderupgrade.NewSourcePath(filepath.Join("test-programs", "hdinsight", "v6")))
 }
+
+func Test_RoleManagementPolicy(t *testing.T) {
+	pt := setupTest(t, filepath.Join("test-programs", "RoleManagementPolicy"))
+	upResult := pt.Up(t)
+	assertup.HasNoChanges(t, upResult)
+}
diff --git a/provider/test-programs/RoleManagementPolicy/Pulumi.yaml b/provider/test-programs/RoleManagementPolicy/Pulumi.yaml
@@ -0,0 +1,142 @@
+name: RoleManagementPolicy
+runtime: yaml
+
+resources:
+  exampleResourceGroup:
+    type: azure:core:ResourceGroup
+    properties:
+      location: East US
+
+  policy:
+    type: azure:pim:RoleManagementPolicy
+    properties:
+      scope: /subscriptions/06414010-48ba-4c6f-ac65-479ecad05c44/resourceGroups/${exampleResourceGroup.name}
+      roleDefinitionId: "/subscriptions/06414010-48ba-4c6f-ac65-479ecad05c44/providers/Microsoft.Authorization/roleDefinitions/roleDefinition.id"
+      activeAssignmentRules:
+        expirationRequired: false
+      eligibleAssignmentRules:
+        expirationRequired: false
+      activationRules:
+        requireApproval: true
+        approvalStage:
+          primaryApprovers:
+            - objectId: 06414010-48ba-4c6f-ac65-479ecad05c44
+              type: Group
+      notificationRules:
+        activeAssignments:
+          adminNotifications:
+            notificationLevel: All
+            defaultRecipients: true
+        eligibleAssignments:
+          adminNotifications:
+            notificationLevel: All
+            defaultRecipients: true
+        eligibleActivations:
+          adminNotifications:
+            notificationLevel: All
+            defaultRecipients: true
+# request from issue, missing expected Expiration_Admin_Assignment:
+#   {
+#     "id": "/subscriptions/<subscription-id>/resourceGroups/test-weu-fnd-jump-box-tmp0371/providers/Microsoft.Compute/virtualMachines/vm-test-weu-fnd-jump-box-tmp0371/providers/Microsoft.Authorization/roleManagementPolicies/1c0163c0-47e6-4577-8991-ea5c82e286e4",
+#     "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
+#     "properties":
+#       {
+#         "rules":
+#           [
+#             {
+#               "id": "Expiration_Admin_Eligibility",
+#               "isExpirationRequired": false,
+#               "maximumDuration": "P365D",
+#               "ruleType": "RoleManagementPolicyExpirationRule",
+#               "target":
+#                 {
+#                   "caller": "Admin",
+#                   "enforcedSettings": [],
+#                   "inheritableSettings": [],
+#                   "level": "Eligibility",
+#                   "operations": ["All"],
+#                   "targetObjects": [],
+#                 },
+#             },
+#             {
+#               "id": "Approval_EndUser_Assignment",
+#               "ruleType": "RoleManagementPolicyApprovalRule",
+#               "setting":
+#                 {
+#                   "approvalMode": "SingleStage",
+#                   "approvalStages":
+#                     [
+#                       {
+#                         "primaryApprovers":
+#                           [{ "id": "<group-id>", "userType": "Group" }],
+#                       },
+#                     ],
+#                   "isApprovalRequired": true,
+#                   "isApprovalRequiredForExtension": false,
+#                   "isRequestorJustificationRequired": true,
+#                 },
+#               "target":
+#                 {
+#                   "caller": "EndUser",
+#                   "enforcedSettings": [],
+#                   "inheritableSettings": [],
+#                   "level": "Assignment",
+#                   "operations": ["All"],
+#                   "targetObjects": [],
+#                 },
+#             },
+#             {
+#               "id": "Notification_Admin_Admin_Eligibility",
+#               "isDefaultRecipientsEnabled": true,
+#               "notificationLevel": "Critical",
+#               "notificationType": "Email",
+#               "recipientType": "Admin",
+#               "ruleType": "RoleManagementPolicyNotificationRule",
+#               "target":
+#                 {
+#                   "caller": "Admin",
+#                   "enforcedSettings": [],
+#                   "inheritableSettings": [],
+#                   "level": "Eligibility",
+#                   "operations": ["All"],
+#                   "targetObjects": [],
+#                 },
+#             },
+#             {
+#               "id": "Notification_Admin_Admin_Assignment",
+#               "isDefaultRecipientsEnabled": true,
+#               "notificationLevel": "Critical",
+#               "notificationType": "Email",
+#               "recipientType": "Admin",
+#               "ruleType": "RoleManagementPolicyNotificationRule",
+#               "target":
+#                 {
+#                   "caller": "Admin",
+#                   "enforcedSettings": [],
+#                   "inheritableSettings": [],
+#                   "level": "Assignment",
+#                   "operations": ["All"],
+#                   "targetObjects": [],
+#                 },
+#             },
+#             {
+#               "id": "Notification_Admin_EndUser_Assignment",
+#               "isDefaultRecipientsEnabled": true,
+#               "notificationLevel": "Critical",
+#               "notificationType": "Email",
+#               "recipientType": "Admin",
+#               "ruleType": "RoleManagementPolicyNotificationRule",
+#               "target":
+#                 {
+#                   "caller": "EndUser",
+#                   "enforcedSettings": [],
+#                   "inheritableSettings": [],
+#                   "level": "Assignment",
+#                   "operations": ["All"],
+#                   "targetObjects": [],
+#                 },
+#             },
+#           ],
+#       },
+#     "type": "Microsoft.Authorization/roleManagementPolicies",
+#   }
