yonzhan
commented
2 years ago Microsoft Graph migration
Open jiasli opened 2 years ago
yonzhan
commented
2 years ago Microsoft Graph migration
navba-MSFT
commented
2 years ago @jiasli @yonzhan Removing the CXP attention label since the SDK repo team is working actively on this.
jiasli
commented
2 years ago Test failures in CI:
=========================== short test summary info ============================
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_image_builder_commands.py::ImageTemplateTest::test_image_build_managed_image
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_image_builder_commands.py::ImageTemplateTest::test_defer_only_commands
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_image_builder_commands.py::ImageTemplateTest::test_image_builder_basic
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_image_builder_commands.py::ImageTemplateTest::test_image_build_shared_image
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_image_builder_commands.py::ImageTemplateTest::test_image_builder_cancel
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_image_builder_commands.py::ImageTemplateTest::test_image_builder_basic_sig
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_image_builder_commands.py::ImageTemplateTest::test_image_template_outputs
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_image_builder_commands.py::ImageTemplateTest::test_image_builder_customizers
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_vm_commands.py::VMGalleryImage::test_create_image_version_with_region_cvm_encryptio
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_vm_commands.py::VMGalleryImage::test_gallery_e2e
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_vm_commands.py::DiskEncryptionSetTest::test_disk_encryption_set_disk_update
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_vm_commands.py::DiskEncryptionSetTest::test_disk_encryption_set_snapshot
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_vm_commands.py::DiskEncryptionSetTest::test_disk_encryption_set
FAILED src/azure-cli/azure/cli/command_modules/vm/tests/latest/test_vm_commands.py::DiskEncryptionSetTest::test_disk_encryption_set_update
FAILED src/azure-cli/azure/cli/command_modules/ams/tests/latest/test_ams_sp_scenarios.py::AmsSpTests::test_ams_sp_create_reset
FAILED src/azure-cli/azure/cli/command_modules/sql/tests/latest/test_sql_commands.py::SqlManagedInstanceTransparentDataEncryptionScenarioTest::test_sql_mi_tdebyok
FAILED src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py::PolicyScenarioTest::test_resource_policy_identity
FAILED src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py::PolicyScenarioTest::test_resource_policy_identity_systemassigned
FAILED src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py::ManagedAppDefinitionScenarioTest::test_managedappdef
FAILED src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py::ManagedAppDefinitionScenarioTest::test_managedappdef_inline
FAILED src/azure-cli/azure/cli/command_modules/resource/tests/latest/test_resource.py::ManagedAppScenarioTest::test_managedapp
FAILED src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_aks_commands.py::AzureKubernetesServiceScenarioTest::test_aks_create_default_service_without_skip_role_assignment
FAILED src/azure-cli/azure/cli/command_modules/iot/tests/latest/test_iot_commands.py::IoTHubTest::test_hub_file_upload
FAILED src/azure-cli/azure/cli/command_modules/iot/tests/latest/test_iot_commands.py::IoTHubTest::test_identity_hub
FAILED src/azure-cli/azure/cli/command_modules/cosmosdb/tests/latest/test_cosmosdb_cassandrami_scenario.py::ManagedCassandraScenarioTest::test_managed_cassandra_cluster_without_datacenters
FAILED src/azure-cli/azure/cli/command_modules/cosmosdb/tests/latest/test_cosmosdb_cassandrami_scenario.py::ManagedCassandraScenarioTest::test_managed_cassandra_verify_lists
FAILED src/azure-cli/azure/cli/command_modules/cosmosdb/tests/latest/test_cosmosdb_commands.py::CosmosDBTests::test_cosmosdb_key_vault_key_uri
FAILED src/azure-cli/azure/cli/command_modules/cosmosdb/tests/latest/test_cosmosdb_commands.py::CosmosDBTests::test_cosmosdb_managed_service_identity
FAILED src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/test_appconfig_commands.py::AppConfigMgmtScenarioTest::test_azconfig_mgmt
FAILED src/azure-cli/azure/cli/command_modules/eventhubs/tests/latest/test_eventhub_commands_encryption_test.py::EHNamespaceMSITesting::test_eh_namespace_encryption
FAILED src/azure-cli/azure/cli/command_modules/servicebus/tests/latest/test_servicebus_encryption_commands.py::SBNamespaceMSITesting::test_sb_namespace_encryption
========== 31 failed, 2339 passed, 229 skipped in 1214.27s (0:20:14) ===========I haven't investigated why these modules' tests didn't fail:
Update: Since Graph-related commands are only called during live runs.
jiasli
commented
2 years ago Can't record cosmosdb tests because there are hard-coded SPs:
jiasli
commented
2 years ago acs's test test_aks_create_default_service_without_skip_role_assignment is sending the wrong objectId:
DEBUG msrest.http_logger:http_logger.py:50 Request URL: 'https://graph.windows.net/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a/getObjectsByObjectIds?api-version=1.6'
DEBUG msrest.http_logger:http_logger.py:51 Request method: 'POST'
DEBUG msrest.http_logger:http_logger.py:52 Request headers:
DEBUG msrest.http_logger:http_logger.py:56 'Accept': 'application/json'
DEBUG msrest.http_logger:http_logger.py:56 'Content-Type': 'application/json; charset=utf-8'
DEBUG msrest.http_logger:http_logger.py:56 'accept-language': 'en-US'
DEBUG msrest.http_logger:http_logger.py:56 'Content-Length': '92'
DEBUG msrest.http_logger:http_logger.py:56 'User-Agent': 'python/3.10.4 (Windows-10-10.0.19044-SP0) msrest/0.6.21 msrest_azure/0.6.4 azure-graphrbac/0.60.0 Azure-SDK-For-Python AZURECLI/2.36.0'
DEBUG msrest.http_logger:http_logger.py:57 Request body:
DEBUG msrest.http_logger:http_logger.py:63 {"objectIds": ["http://clitestjkfxa5dv5pmfbesmq"], "includeDirectoryObjectReferences": true}
DEBUG msrest.http_logger:http_logger.py:80 Response status: 400
DEBUG msrest.http_logger:http_logger.py:81 Response headers:
DEBUG msrest.http_logger:http_logger.py:83 'Cache-Control': 'no-cache'
DEBUG msrest.http_logger:http_logger.py:83 'Content-Type': 'application/json; odata=minimalmetadata; streaming=true; charset=utf-8'
DEBUG msrest.http_logger:http_logger.py:83 'x-ms-dirapi-data-contract-version': '1.6'
DEBUG msrest.http_logger:http_logger.py:83 'Duration': '2457715'
DEBUG msrest.http_logger:http_logger.py:83 'DataServiceVersion': '3.0;'
DEBUG msrest.http_logger:http_logger.py:83 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG msrest.http_logger:http_logger.py:83 'Date': 'Thu, 12 May 2022 15:14:27 GMT'
DEBUG msrest.http_logger:http_logger.py:83 'x-ms-resource-unit': '3'
DEBUG msrest.http_logger:http_logger.py:83 'request-id': 'c1425ac7-21da-49cb-8cbf-77b0610e3153'
DEBUG msrest.http_logger:http_logger.py:83 'ocp-aad-diagnostics-server-name': 'gPnpdqpwyGrDEewN8wjIW0CFeFa4Hzg72WshawB8akU='
DEBUG msrest.http_logger:http_logger.py:83 'Content-Length': '204'
DEBUG msrest.http_logger:http_logger.py:83 'client-request-id': '1640947c-d206-11ec-adc8-84a93e63aa78'
DEBUG msrest.http_logger:http_logger.py:83 'Pragma': 'no-cache'
DEBUG msrest.http_logger:http_logger.py:83 'Expires': '-1'
DEBUG msrest.http_logger:http_logger.py:83 'ocp-aad-session-key': 'GHjl1292Gt6HrT9DhFpvHMO0uqFrHpc0bYIm6XJjuGcRF4vbSP9ramPADInpl1cZD4_d8CAKKBCZQ3hTMqkxXEe93mURSaTIOiaO1ajv7WpIPYV3dxFAu1kwsrSFSEtDwUItO7-srxwWUtT_zslEF-lf5NgFGN20OTdqUHrZ9bY.ZYt-BaOpkMFlA_ukGK3kpBGih9TUL2_IpjNeKWQGmLg'
DEBUG msrest.http_logger:http_logger.py:83 'X-Powered-By': 'ASP.NET'
DEBUG msrest.http_logger:http_logger.py:83 'Access-Control-Allow-Origin': '*'
DEBUG msrest.http_logger:http_logger.py:83 'X-AspNet-Version': '4.0.30319'
DEBUG msrest.http_logger:http_logger.py:86 Response content:
DEBUG msrest.http_logger:http_logger.py:101 {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Invalid GUID:http://clitestjkfxa5dv5pmfbesmq"},"requestId":"c1425ac7-21da-49cb-8cbf-77b0610e3153","date":"2022-05-12T15:14:27"}}
objectIds should be a GUID, instead of identifierUri http://clitestjkfxa5dv5pmfbesmq.
Using non-verified identifierUri has been forbidden long ago (https://github.com/Azure/azure-cli/issues/19892), but the tests are not re-run since then. It didn't fail before because VCRPY doesn't care about the request body which contains http://clitestjkfxa5dv5pmfbesmq. @FumingZhang
jiasli
commented
2 years ago I am not able to re-run sql test test_sql_mi_tdebyok:
> azdev test test_sql_mi_tdebyok --live --series
E knack.util.CLIError: Subscriptions are restricted from provisioning in this region. Please choose a different region. For exceptions to this rule please open a support request with Issue type of 'Service and subscription limits'. See https://docs.microsoft.com/en-us/azure/sql-database/quota-increase-request for more details.Now we only have these tests that can't be run, as explained above and in the issue description:
=========================== short test summary info ============================
FAILED src/azure-cli/azure/cli/command_modules/sql/tests/latest/test_sql_commands.py::SqlManagedInstanceTransparentDataEncryptionScenarioTest::test_sql_mi_tdebyok
FAILED src/azure-cli/azure/cli/command_modules/iot/tests/latest/test_iot_commands.py::IoTHubTest::test_hub_file_upload
FAILED src/azure-cli/azure/cli/command_modules/iot/tests/latest/test_iot_commands.py::IoTHubTest::test_identity_hub
FAILED src/azure-cli/azure/cli/command_modules/cosmosdb/tests/latest/test_cosmosdb_cassandrami_scenario.py::ManagedCassandraScenarioTest::test_managed_cassandra_cluster_without_datacenters
FAILED src/azure-cli/azure/cli/command_modules/cosmosdb/tests/latest/test_cosmosdb_cassandrami_scenario.py::ManagedCassandraScenarioTest::test_managed_cassandra_verify_lists
FAILED src/azure-cli/azure/cli/command_modules/cosmosdb/tests/latest/test_cosmosdb_commands.py::CosmosDBTests::test_cosmosdb_key_vault_key_uri
FAILED src/azure-cli/azure/cli/command_modules/cosmosdb/tests/latest/test_cosmosdb_commands.py::CosmosDBTests::test_cosmosdb_managed_service_identity
=========== 7 failed, 2363 passed, 229 skipped in 1267.99s (0:21:07) ===========All these tests are disabled by https://github.com/Azure/azure-cli/pull/22361 and need to be re-recorded by service team.
hivyas
commented
2 years ago Hello, I tried updating the ams module to use the new graph api which you can see the code for here. But I am running into this error:
azure.cli.core.azclierror.AuthenticationError: AADSTS53000: Device is not in required device state: compliant. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune.
The error is happening from this line.
jiasli
commented
2 years ago Hi @hivyas, this is because your machine is not compliant. You need to make sure your machine is AD or domain joined, and sync your computer's group policy.
Click Info button, and you will see a Sync button.
hivyas
commented
2 years ago Hi @jiasli, thanks for the response! I checked my accounts and resynced but I am still getting the same error.
Modules to migrate
az adaz roleazure-graphrbacSDKCLI: @zhoxing-ms
identifierUri, # 22649CLI: @zhoxing-ms
CLI: @zhoxing-ms
not is_playbackaz keyvaultCLI: @zhoxing-ms
@live_onlyaz keyvaultCLI: @zhoxing-ms
az keyvaultLiveScenarioTest⏳: SDK migration can be delayed
Work items
For modules calling
az adoraz rolecommandsFor modules calling
azure-graphrbacSDKazure.cli.command_modules.role._msgrpah.GraphClientto invoke Microsoft Graph API. Detailed documentation forGraphClientis at https://github.com/Azure/azure-cli/blob/dev/doc/microsoft_graph_client.mddict, instead of SDKmsrest.serialization.Modelobject. Change your code accordinglyReferences
Additional information
az adcommand invocations are searched using regexcmd\(['"]ad|az adaz rolecommand invocations are searched using regexcmd\(['"]role|az roleazure-graphrbacSDK invocations are searched usingazure.graphrbac