diff --git a/src/databricks/labs/pytester/fixtures/iam.py b/src/databricks/labs/pytester/fixtures/iam.py index e86b14a..a411a58 100644 --- a/src/databricks/labs/pytester/fixtures/iam.py +++ b/src/databricks/labs/pytester/fixtures/iam.py @@ -240,6 +240,11 @@ def application_id(self) -> str: assert self._service_principal.application_id is not None return self._service_principal.application_id + @property + def id(self) -> str: + assert self._service_principal.id is not None + return self._service_principal.id + def __repr__(self): return f'RunAs({self.display_name})' @@ -339,8 +344,7 @@ def create(*, account_groups: list[str] | None = None): workspace_id = ws.get_workspace_id() service_principal = acc.service_principals.create(display_name=f'spn-{make_random()}') assert service_principal.id is not None - service_principal_id = int(service_principal.id) - created_secret = acc.service_principal_secrets.create(service_principal_id) + created_secret = acc.service_principal_secrets.create(service_principal.id) if account_groups: group_mapping = {} for group in acc.groups.list(attributes='id,displayName'): @@ -354,15 +358,15 @@ def create(*, account_groups: list[str] | None = None): acc.groups.patch( group_id, operations=[ - Patch(PatchOp.ADD, 'members', [ComplexValue(value=str(service_principal_id)).as_dict()]), + Patch(PatchOp.ADD, 'members', [ComplexValue(value=str(service_principal.id)).as_dict()]), ], schemas=[PatchSchema.URN_IETF_PARAMS_SCIM_API_MESSAGES_2_0_PATCH_OP], ) permissions = [WorkspacePermission.USER] - acc.workspace_assignment.update(workspace_id, service_principal_id, permissions=permissions) + acc.workspace_assignment.update(workspace_id, int(service_principal.id), permissions=permissions) ws_as_spn = _make_workspace_client(ws, created_secret, service_principal) - log_account_link('account service principal', f'users/serviceprincipals/{service_principal_id}') + log_account_link('account service principal', f'users/serviceprincipals/{service_principal.id}') return RunAs(service_principal, ws_as_spn, env_or_skip) diff --git a/tests/integration/fixtures/test_iam.py b/tests/integration/fixtures/test_iam.py index 0a237db..e50827b 100644 --- a/tests/integration/fixtures/test_iam.py +++ b/tests/integration/fixtures/test_iam.py @@ -7,9 +7,10 @@ def test_new_user(make_user, ws): assert home_dir.object_type == ObjectType.DIRECTORY -def test_new_group(make_group, make_user, ws): +def test_new_group(make_group, make_user, make_run_as, ws): user = make_user() - group = make_group(members=[user.id]) + service_principal = make_run_as() + group = make_group(members=[user.id, service_principal.id]) loaded = ws.groups.get(group.id) assert group.display_name == loaded.display_name assert group.members == loaded.members diff --git a/tests/unit/fixtures/test_iam.py b/tests/unit/fixtures/test_iam.py index f6e1039..f468bbe 100644 --- a/tests/unit/fixtures/test_iam.py +++ b/tests/unit/fixtures/test_iam.py @@ -5,7 +5,7 @@ import pytest -from databricks.labs.pytester.fixtures.iam import make_acc_group, make_group, make_user, Group +from databricks.labs.pytester.fixtures.iam import make_acc_group, make_group, make_user, make_run_as, Group from databricks.labs.pytester.fixtures.unwrap import call_stateful, CallContext @@ -17,6 +17,14 @@ def test_make_user_no_args() -> None: ctx['ws'].users.delete.assert_called_once() +def test_make_run_as_no_args() -> None: + ctx, run_as = call_stateful(make_run_as) + assert ctx is not None + assert run_as is not None + ctx['acc'].service_principals.create.assert_called_once() + ctx['acc'].service_principals.delete.assert_called_once() + + def _setup_groups_api(call_context: CallContext, *, client_fixture_name: str) -> CallContext: """Minimum mocking of the specific client so that when a group is created it is also visible via the list() method. This is required because the make_group and make_acc_group fixtures double-check after creating a group to ensure