diff --git a/examples/examples_nodejs_test.go b/examples/examples_nodejs_test.go index 3b9d572fe417..a14e3188913d 100644 --- a/examples/examples_nodejs_test.go +++ b/examples/examples_nodejs_test.go @@ -300,6 +300,10 @@ func TestAccBlobContainerLegalHold(t *testing.T) { func TestAccPIMRoleManagementPolicies(t *testing.T) { skipIfShort(t) + // A randomly chosen Role Management Policy, from the list obtained by + // az rest --method get --url https://management.azure.com/subscriptions/0282681f-7a9e-424b-80b2-96babd57a8a1/providers/Microsoft.Authorization/roleManagementPolicies\?api-version\=2020-10-01 + const policyId = "7ed63469-c833-4fba-9032-803ce289eabc" + // Retrieve the `maximumDuration` property of the randomly chosen Expiration_Admin_Eligibility rule. // Used in ExtraRuntimeValidation to assert that the rule has the expected duration. // Uses the Azure SDK to be able to retrieve the actual value from Azure, independent of Pulumi. @@ -316,7 +320,7 @@ func TestAccPIMRoleManagementPolicies(t *testing.T) { require.NoError(t, err) client := clientFactory.NewRoleManagementPoliciesClient() - resp, err := client.Get(context.Background(), "subscriptions/"+sub, "3faafb81-7f6f-4c66-b936-fb41ef4e4734", nil) + resp, err := client.Get(context.Background(), "subscriptions/"+sub, policyId, nil) require.NoError(t, err) var rule *armauthorization.RoleManagementPolicyExpirationRule @@ -337,7 +341,10 @@ func TestAccPIMRoleManagementPolicies(t *testing.T) { test := getJSBaseOptions(t). With(integration.ProgramTestOptions{ + Verbose: true, + DebugLogLevel: 9, Dir: filepath.Join(getCwd(t), "pim-rolemanagementpolicies"), + Config: map[string]string{"policy": policyId}, ExpectRefreshChanges: false, ExtraRuntimeValidation: func(t *testing.T, stackInfo integration.RuntimeValidationStackInfo) { assert.Equal(t, "P365D", get_Expiration_Admin_Eligibility_RuleDuration()) diff --git a/examples/pim-rolemanagementpolicies/2-update-rule/index.ts b/examples/pim-rolemanagementpolicies/2-update-rule/index.ts index 08bee9ff23e1..2e5aeacf9fc4 100644 --- a/examples/pim-rolemanagementpolicies/2-update-rule/index.ts +++ b/examples/pim-rolemanagementpolicies/2-update-rule/index.ts @@ -4,7 +4,7 @@ import * as pim from "@pulumi/azure-native/authorization"; const clientConfig = pulumi.output(pim.getClientConfig()); const policy = new pim.RoleManagementPolicy("policy", { - roleManagementPolicyName: "3faafb81-7f6f-4c66-b936-fb41ef4e4734", + roleManagementPolicyName: new pulumi.Config().requireSecret("policy"), scope: pulumi.interpolate`subscriptions/${clientConfig.subscriptionId}`, rules: [ { diff --git a/examples/pim-rolemanagementpolicies/3-remove-rule/index.ts b/examples/pim-rolemanagementpolicies/3-remove-rule/index.ts index 65afea62e3f2..cfaae239dd1f 100644 --- a/examples/pim-rolemanagementpolicies/3-remove-rule/index.ts +++ b/examples/pim-rolemanagementpolicies/3-remove-rule/index.ts @@ -4,10 +4,11 @@ import * as pim from "@pulumi/azure-native/authorization"; const clientConfig = pulumi.output(pim.getClientConfig()); const policy = new pim.RoleManagementPolicy("policy", { - roleManagementPolicyName: "3faafb81-7f6f-4c66-b936-fb41ef4e4734", + roleManagementPolicyName: new pulumi.Config().requireSecret("policy"), scope: pulumi.interpolate`subscriptions/${clientConfig.subscriptionId}`, rules: [ // rule removed, but it will still exist in Azure + // we add another one since an empty list is not allowed { "id": "Notification_Admin_Admin_Eligibility", diff --git a/examples/pim-rolemanagementpolicies/index.ts b/examples/pim-rolemanagementpolicies/index.ts index 9c31df5daea3..db988245d2ce 100644 --- a/examples/pim-rolemanagementpolicies/index.ts +++ b/examples/pim-rolemanagementpolicies/index.ts @@ -4,7 +4,7 @@ import * as pim from "@pulumi/azure-native/authorization"; const clientConfig = pulumi.output(pim.getClientConfig()); const policy = new pim.RoleManagementPolicy("policy", { - roleManagementPolicyName: "3faafb81-7f6f-4c66-b936-fb41ef4e4734", + roleManagementPolicyName: new pulumi.Config().requireSecret("policy"), scope: pulumi.interpolate`subscriptions/${clientConfig.subscriptionId}`, rules: [ {