[Role] az ad/role: Azure AD Graph API to Microsoft Graph API migration (#22432)

Author: jiasli

src/azure-cli-core/azure/cli/core/util.py

@@ -978,7 +978,9 @@ def send_raw_request(cli_ctx, method, url, headers=None, uri_parameters=None,  #
         reason = r.reason
         if r.text:
             reason += '({})'.format(r.text)
-        raise CLIError(reason)
+        ex = CLIError(reason)
+        ex.response = r
+        raise ex
     if output_file:
         with open(output_file, 'wb') as fd:
             for chunk in r.iter_content(chunk_size=128):

src/azure-cli-testsdk/azure/cli/testsdk/__init__.py

@@ -12,14 +12,14 @@
 from .checkers import (JMESPathCheck, JMESPathCheckExists, JMESPathCheckGreaterThan, NoneCheck, StringCheck,
                        StringContainCheck)
 from .decorators import api_version_constraint
-from .utilities import create_random_name, AADGraphUserReplacer
+from .utilities import create_random_name, MSGraphUserReplacer
 from .patches import MOCKED_USER_NAME
 
 __all__ = ['ScenarioTest', 'LiveScenarioTest', 'ResourceGroupPreparer', 'StorageAccountPreparer',
            'RoleBasedServicePrincipalPreparer', 'ManagedApplicationPreparer', 'CliTestError', 'JMESPathCheck',
            'JMESPathCheckExists', 'NoneCheck', 'live_only', 'record_only', 'StringCheck', 'StringContainCheck',
            'get_sha1_hash', 'KeyVaultPreparer', 'JMESPathCheckGreaterThan', 'api_version_constraint',
-           'create_random_name', 'MOCKED_USER_NAME', 'AADGraphUserReplacer', 'LocalContextScenarioTest',
+           'create_random_name', 'MOCKED_USER_NAME', 'MSGraphUserReplacer', 'LocalContextScenarioTest',
            'VirtualNetworkPreparer', 'VnetNicPreparer']
 
 

src/azure-cli-testsdk/azure/cli/testsdk/base.py

@@ -24,7 +24,7 @@
                       patch_progress_controller, patch_get_current_system_username)
 from .exceptions import CliExecutionError
 from .utilities import (find_recording_dir, StorageAccountKeyReplacer, GraphClientPasswordReplacer,
-                        AADAuthRequestFilter)
+                        MSGraphClientPasswordReplacer, AADAuthRequestFilter)
 from .reverse_dependency import get_dummy_cli
 
 logger = logging.getLogger('azure.cli.testsdk')
@@ -86,7 +86,8 @@ def __init__(self, method_name, config_file=None, recording_name=None,
         self.name_replacer = GeneralNameReplacer()
         self.kwargs = {}
         self.test_guid_count = 0
-        self._processors_to_reset = [StorageAccountKeyReplacer(), GraphClientPasswordReplacer()]
+        self._processors_to_reset = [StorageAccountKeyReplacer(), GraphClientPasswordReplacer(),
+                                     MSGraphClientPasswordReplacer()]
         default_recording_processors = [
             SubscriptionRecordingProcessor(MOCKED_SUBSCRIPTION_ID),
             AADAuthRequestFilter(),

src/azure-cli-testsdk/azure/cli/testsdk/utilities.py

@@ -48,14 +48,8 @@ def force_progress_logging():
     az_logger.handlers[0].level = old_az_level
 
 
-def _py3_byte_to_str(byte_or_str):
-    import logging
-    logger = logging.getLogger()
-    logger.warning(type(byte_or_str))
-    try:
-        return str(byte_or_str, 'utf-8') if isinstance(byte_or_str, bytes) else byte_or_str
-    except TypeError:  # python 2 doesn't allow decoding through str
-        return str(byte_or_str)
+def _byte_to_str(byte_or_str):
+    return str(byte_or_str, 'utf-8') if isinstance(byte_or_str, bytes) else byte_or_str
 
 
 class StorageAccountKeyReplacer(RecordingProcessor):
@@ -81,7 +75,7 @@ def process_request(self, request):  # pylint: disable=no-self-use
             pass
         for candidate in self._candidates:
             if request.body:
-                body_string = _py3_byte_to_str(request.body)
+                body_string = _byte_to_str(request.body)
                 request.body = body_string.replace(candidate, self.KEY_REPLACEMENT)
         return request
 
@@ -99,7 +93,7 @@ def process_response(self, response):
         for candidate in self._candidates:
             if response['body']['string']:
                 body = response['body']['string']
-                response['body']['string'] = _py3_byte_to_str(body)
+                response['body']['string'] = _byte_to_str(body)
                 response['body']['string'] = response['body']['string'].replace(candidate, self.KEY_REPLACEMENT)
         return response
 
@@ -127,11 +121,11 @@ def process_request(self, request):  # pylint: disable=no-self-use
             pattern = r"[^/]+/applications$"
             if re.search(pattern, request.path, re.I) and request.method.lower() == 'post':
                 self._activated = True
-                body = _py3_byte_to_str(request.body)
+                body = _byte_to_str(request.body)
                 body = json.loads(body)
                 for password_cred in body['passwordCredentials']:
                     if password_cred['value']:
-                        body_string = _py3_byte_to_str(request.body)
+                        body_string = _byte_to_str(request.body)
                         request.body = body_string.replace(password_cred['value'], self.PWD_REPLACEMENT)
 
         except (AttributeError, KeyError):
@@ -157,18 +151,48 @@ def process_response(self, response):
         return response
 
 
-class AADGraphUserReplacer:
+class MSGraphClientPasswordReplacer(RecordingProcessor):
+    """Replace 'secretText' property in 'addPassword' API's response."""
+
+    PWD_REPLACEMENT = 'replaced-microsoft-graph-password'
+
+    def __init__(self):
+        self._activated = False
+
+    def reset(self):
+        self._activated = False
+
+    def process_request(self, request):
+        if request.body and self.PWD_REPLACEMENT in _byte_to_str(request.body):
+            return request
+        if request.path.endswith('/addPassword') and request.method.lower() == 'post':
+            self._activated = True
+        return request
+
+    def process_response(self, response):
+        if self._activated:
+            import json
+
+            body = json.loads(response['body']['string'])
+            body['secretText'] = self.PWD_REPLACEMENT
+
+            response['body']['string'] = json.dumps(body)
+            self._activated = False
+
+        return response
+
+
+class MSGraphUserReplacer(RecordingProcessor):
     def __init__(self, test_user, mock_user):
         self.test_user = test_user
         self.mock_user = mock_user
 
     def process_request(self, request):
-        test_user_encoded = self.test_user.replace('@', '%40')
-        if test_user_encoded in request.uri:
-            request.uri = request.uri.replace(test_user_encoded, self.mock_user.replace('@', '%40'))
+        if self.test_user in request.uri:
+            request.uri = request.uri.replace(self.test_user, self.mock_user)
 
         if request.body:
-            body = _py3_byte_to_str(request.body)
+            body = _byte_to_str(request.body)
             if self.test_user in body:
                 request.body = body.replace(self.test_user, self.mock_user)
 

src/azure-cli/azure/cli/command_modules/acs/tests/hybrid_2020_09_01/test_aks_commands.py

@@ -25,8 +25,7 @@
 # is set with the environment varibale for sp_name. This method is compatible with
 # both cases.
 def _process_sp_name(sp_name):
-    from azure.cli.core.util import is_guid
-    return sp_name if is_guid(sp_name) else 'http://{}'.format(sp_name)
+    return sp_name
 
 
 class AzureKubernetesServiceScenarioTest(ScenarioTest):
@@ -493,7 +492,7 @@ def generate_user_assigned_identity_resource_id(self, resource_group):
             resource_group, identity_name)).get_output_in_json()
         return identity.get("id")
 
-    
+
         # reset the count so in replay mode the random names will start with 0
         self.test_resources_count = 0
         # kwargs for string formatting

src/azure-cli/azure/cli/command_modules/acs/tests/latest/custom_preparers.py

@@ -18,6 +18,10 @@
 
 
 class AKSCustomResourceGroupPreparer(ResourceGroupPreparer):
+    """
+    Override to support overriding the default location in test cases using this custom preparer with specific
+    environment variables, and a flag (preserve_default_location) to avoid being overridden by environment variables.
+    """
     def __init__(
         self,
         name_prefix="clitest.rg",
@@ -50,6 +54,11 @@ def __init__(
 
 
 class AKSCustomVirtualNetworkPreparer(VirtualNetworkPreparer):
+    """
+    Override to specify custom address_prefixes to avoid conflict with aks cluster/service cidr.
+
+    TODO: remove this.
+    """
     def __init__(
         self,
         name_prefix="clitest.vn",
@@ -143,6 +152,10 @@ def _update_address_prefixes(self, **kwargs):
 class AKSCustomRoleBasedServicePrincipalPreparer(
     RoleBasedServicePrincipalPreparer
 ):
+    """
+    Override to keep the recording consistent with the count in the mock request in scenarios such as the
+    check-in pipeline where the SP is pre-configured for testing and imported via environment variables.
+    """
     def __init__(
         self,
         name_prefix="clitest",
@@ -177,7 +190,7 @@ def create_resource(self, name, **kwargs):
                 pass
 
             if self.live_test or self.test_class_instance.in_recording:
-                sp_name = name
+                sp_name = self.result['appId']
                 sp_password = self.result.get("password") or GraphClientPasswordReplacer.PWD_REPLACEMENT
             else:
                 sp_name = MOCK_GUID