"""Test cases for azure cli (az).""" from __future__ import annotations import pytest from conftest import is_approved, needs_confirmation # # ========================================================================== # Azure CLI (az) # ========================================================================== # TESTS = [ ("az --subscription delete vm list", True), ("az --query delete vm show", True), ("az -o delete vm list", True), ("az --subscription mysub vm delete foo", False), # Az with positional args before flags ("az vm list --resource-group mygroup", True), ("az vm show myvm --resource-group mygroup", True), ("az storage account list", True), ("az keyvault secret show --name mysecret --vault-name myvault", True), ("az vm delete myvm --resource-group mygroup", False), ("az vm delete list", False), # deleting vm named "list" ("az vm create myvm --resource-group mygroup", False), ("az vm start myvm", False), # Az nested services (variable depth) ("az boards work-item show --id 12345", True), ("az boards work-item list --project myproj", True), ("az boards work-item create --type Bug", False), ("az boards work-item update --id 12345", False), ("az boards query --wiql 'SELECT [System.Id] FROM WorkItems'", True), ("az boards iteration team list --team MyTeam", True), ("az deployment group show --resource-group rg --name main", True), ("az deployment group list --resource-group rg", True), ("az deployment group create --resource-group rg --template-file t.bicep", False), ("az deployment operation group list --resource-group rg --name main", True), ("az devops team list --project myproj", True), ("az devops team list-member --team MyTeam", True), ("az cognitiveservices model list --location eastus", True), ("az cognitiveservices account list", True), ("az cognitiveservices account show --name myaccount --resource-group rg", True), ( "az cognitiveservices account deployment list --name myaccount --resource-group rg", True, ), ( "az cognitiveservices account deployment show --name myaccount --resource-group rg --deployment-name dep", True, ), ( "az cognitiveservices account deployment create --name myaccount --resource-group rg", False, ), ( "az cognitiveservices account deployment delete --name myaccount --resource-group rg", False, ), ("az cognitiveservices account create --name foo", False), ("az containerapp show --name myapp --resource-group rg", True), ("az containerapp list --resource-group rg", True), ("az containerapp revision list --name myapp --resource-group rg", True), ("az containerapp logs show --name myapp --resource-group rg --type console", True), ("az containerapp delete --name myapp --resource-group rg", False), ("az acr repository list --name myacr", True), ("az acr repository show-tags --name myacr --repository myrepo", True), ("az acr repository delete --name myacr --repository myrepo", False), ("az monitor log-analytics query --workspace ws --analytics-query q", True), ("az monitor activity-log list", True), ("az resource list --resource-group rg", True), ("az resource show --ids /subscriptions/.../resource", True), ("az resource delete --ids /subscriptions/.../resource", False), # Az role (RBAC) ("az role assignment list", True), ("az role assignment list --assignee user@example.com", True), ("az role definition list", True), ("az role assignment create --assignee user@example.com --role Reader", False), ("az role assignment delete --assignee user@example.com --role Reader", False), # Az ML (Machine Learning) ("az ml workspace list", True), ("az ml workspace show --name myws --resource-group rg", True), ("az ml model list --workspace-name myws --resource-group rg", True), ("az ml endpoint list --workspace-name myws --resource-group rg", True), ("az ml workspace create --name myws --resource-group rg", False), ("az ml workspace delete --name myws --resource-group rg", False), ("az ml model delete --name mymodel --workspace-name myws", False), # Az - comprehensive coverage from tldr # az account - subscription management ("az account list", True), ("az account list --all", True), ("az account list --output table", True), ("az account show", True), ("az account show --output json", True), ("az account list-locations", True), ("az account get-access-token", True), ("az account get-access-token --resource-type ms-graph", True), ("az account set --subscription mysub", False), ("az account clear", False), # az login/logout ("az login", False), ("az login --use-device-code", False), ( "az login --service-principal --username id --password secret --tenant tenant", False, ), ("az logout", False), # az group - resource groups ("az group list", True), ("az group list --output table", True), ("az group show --name mygroup", True), ("az group exists --name mygroup", True), ("az group create --name newgroup --location eastus", False), ("az group delete --name mygroup", False), ("az group delete --name mygroup --yes", False), ("az group update --name mygroup --tags env=prod", False), ("az group wait --name mygroup --created", False), # az vm - virtual machines ("az vm list", True), ("az vm list --output table", True), ("az vm list --resource-group mygroup", True), ("az vm show --name myvm --resource-group mygroup", True), ("az vm show --name myvm -g mygroup --output json", True), ("az vm list-sizes --location eastus", True), ("az vm list-skus --location eastus", True), ("az vm list-ip-addresses --name myvm -g mygroup", True), ("az vm get-instance-view --name myvm -g mygroup", True), ("az vm image list", True), ("az vm image list --all", True), ("az vm image list --publisher Canonical", True), ("az vm image list-offers --publisher Canonical --location eastus", True), ( "az vm image list-skus --publisher Canonical --offer UbuntuServer --location eastus", True, ), ("az vm image show --urn Canonical:UbuntuServer:18.04-LTS:latest", True), ( "az vm create --name newvm -g mygroup --image UbuntuLTS --admin-user azureuser --generate-ssh-keys", False, ), ("az vm delete --name myvm -g mygroup", False), ("az vm delete --name myvm -g mygroup --yes", False), ("az vm start --name myvm -g mygroup", False), ("az vm stop --name myvm -g mygroup", False), ("az vm restart --name myvm -g mygroup", False), ("az vm deallocate --name myvm -g mygroup", False), ("az vm redeploy --name myvm -g mygroup", False), ("az vm resize --name myvm -g mygroup --size Standard_DS3_v2", False), ("az vm update --name myvm -g mygroup --set tags.env=prod", False), ("az vm capture --name myvm -g mygroup --vhd-name-prefix myimage", False), ("az vm generalize --name myvm -g mygroup", False), ("az vm open-port --name myvm -g mygroup --port 80", False), ( "az vm run-command invoke --name myvm -g mygroup --command-id RunShellScript --scripts 'ls -la'", False, ), # az disk - managed disks ("az disk list", True), ("az disk list --resource-group mygroup", True), ("az disk show --name mydisk -g mygroup", True), ("az disk list --query '[].{Name:name, Size:diskSizeGb}'", True), ("az disk create --name newdisk -g mygroup --size-gb 128", False), ("az disk delete --name mydisk -g mygroup", False), ("az disk delete --name mydisk -g mygroup --yes", False), ("az disk update --name mydisk -g mygroup --size-gb 256", False), ( "az disk grant-access --name mydisk -g mygroup --access-level Read --duration-in-seconds 3600", False, ), ("az disk revoke-access --name mydisk -g mygroup", False), # az snapshot ("az snapshot list", True), ("az snapshot list --resource-group mygroup", True), ("az snapshot show --name mysnap -g mygroup", True), ("az snapshot create --name newsnap -g mygroup --source mydisk", False), ("az snapshot delete --name mysnap -g mygroup", False), # az aks - Azure Kubernetes Service ("az aks list", True), ("az aks list --output table", True), ("az aks list --resource-group mygroup", True), ("az aks show --name mycluster -g mygroup", True), ("az aks show --name mycluster -g mygroup --output json", True), ("az aks get-versions --location eastus", True), ( "az aks get-credentials --name mycluster -g mygroup", False, ), # modifies kubeconfig ("az aks get-credentials --name mycluster -g mygroup --overwrite-existing", False), ("az aks get-upgrades --name mycluster -g mygroup", True), ("az aks nodepool list --cluster-name mycluster -g mygroup", True), ("az aks nodepool show --cluster-name mycluster --name nodepool1 -g mygroup", True), ( "az aks create --name newcluster -g mygroup --node-count 3 --node-vm-size Standard_DS2_v2", False, ), ("az aks delete --name mycluster -g mygroup", False), ("az aks delete --name mycluster -g mygroup --yes", False), ("az aks upgrade --name mycluster -g mygroup --kubernetes-version 1.27.0", False), ("az aks scale --name mycluster -g mygroup --node-count 5", False), ( "az aks update --name mycluster -g mygroup --enable-cluster-autoscaler --min-count 1 --max-count 10", False, ), ( "az aks nodepool add --cluster-name mycluster --name nodepool2 -g mygroup --node-count 2", False, ), ( "az aks nodepool delete --cluster-name mycluster --name nodepool2 -g mygroup", False, ), ( "az aks nodepool upgrade --cluster-name mycluster --name nodepool1 -g mygroup --kubernetes-version 1.27.0", False, ), ("az aks start --name mycluster -g mygroup", False), ("az aks stop --name mycluster -g mygroup", False), # az acr - Azure Container Registry ("az acr list", True), ("az acr list --resource-group mygroup", True), ("az acr show --name myacr", True), ("az acr show --name myacr --output json", True), ("az acr show-usage --name myacr", True), ("az acr repository list --name myacr", True), ("az acr repository list --name myacr --output table", True), ("az acr repository show --name myacr --repository myrepo", True), ("az acr repository show-tags --name myacr --repository myrepo", True), ( "az acr repository show-tags --name myacr --repository myrepo --orderby time_desc", True, ), ("az acr repository show-manifests --name myacr --repository myrepo", True), ("az acr credential show --name myacr", True), ("az acr check-health --name myacr", True), ("az acr create --name newacr -g mygroup --sku Basic", False), ("az acr delete --name myacr", False), ("az acr delete --name myacr --yes", False), ("az acr update --name myacr --admin-enabled true", False), ("az acr login --name myacr", False), ("az acr repository delete --name myacr --repository myrepo", False), ("az acr repository delete --name myacr --image myrepo:v1", False), ( "az acr import --name myacr --source docker.io/library/nginx:latest --image nginx:latest", False, ), ("az acr build --registry myacr --image myimage:v1 .", False), # az storage - storage accounts ("az storage account list", True), ("az storage account list --resource-group mygroup", True), ("az storage account show --name myaccount -g mygroup", True), ("az storage account show-connection-string --name myaccount -g mygroup", True), ("az storage account keys list --account-name myaccount -g mygroup", True), ("az storage account show-usage --location eastus", True), ( "az storage account create --name newaccount -g mygroup --location eastus --sku Standard_LRS", False, ), ("az storage account delete --name myaccount -g mygroup", False), ("az storage account delete --name myaccount -g mygroup --yes", False), ( "az storage account update --name myaccount -g mygroup --min-tls-version TLS1_2", False, ), ( "az storage account keys renew --account-name myaccount -g mygroup --key primary", False, ), # az storage container ("az storage container list --account-name myaccount", True), ("az storage container list --account-name myaccount --auth-mode login", True), ("az storage container show --name mycontainer --account-name myaccount", True), ( "az storage container show-permission --name mycontainer --account-name myaccount", True, ), ("az storage container create --name newcontainer --account-name myaccount", False), ("az storage container delete --name mycontainer --account-name myaccount", False), ( "az storage container set-permission --name mycontainer --account-name myaccount --public-access blob", False, ), # az storage blob ( "az storage blob list --container-name mycontainer --account-name myaccount", True, ), ( "az storage blob list --container-name mycontainer --account-name myaccount --prefix prefix/", True, ), ( "az storage blob show --name myblob --container-name mycontainer --account-name myaccount", True, ), ( "az storage blob exists --name myblob --container-name mycontainer --account-name myaccount", True, ), ( "az storage blob url --name myblob --container-name mycontainer --account-name myaccount", True, ), ( "az storage blob metadata show --name myblob --container-name mycontainer --account-name myaccount", True, ), ( "az storage blob download --name myblob --container-name mycontainer --account-name myaccount --file localfile", True, ), ( "az storage blob download-batch --source mycontainer --destination ./local --account-name myaccount", True, ), ( "az storage blob upload --name myblob --container-name mycontainer --account-name myaccount --file localfile", False, ), ( "az storage blob upload-batch --source ./local --destination mycontainer --account-name myaccount", False, ), ( "az storage blob delete --name myblob --container-name mycontainer --account-name myaccount", False, ), ( "az storage blob delete-batch --source mycontainer --account-name myaccount --pattern '*.log'", False, ), ( "az storage blob copy start --source-uri https://src.blob.core.windows.net/c/b --destination-blob b --destination-container c --account-name myaccount", False, ), ( "az storage blob generate-sas --name myblob --container-name mycontainer --account-name myaccount --permissions r --expiry 2024-12-31", False, ), # az network - networking ("az network vnet list", True), ("az network vnet list --resource-group mygroup", True), ("az network vnet show --name myvnet -g mygroup", True), ("az network vnet subnet list --vnet-name myvnet -g mygroup", True), ("az network vnet subnet show --name mysubnet --vnet-name myvnet -g mygroup", True), ("az network nic list", True), ("az network nic list --resource-group mygroup", True), ("az network nic show --name mynic -g mygroup", True), ("az network nic ip-config list --nic-name mynic -g mygroup", True), ("az network nsg list", True), ("az network nsg list --resource-group mygroup", True), ("az network nsg show --name mynsg -g mygroup", True), ("az network nsg rule list --nsg-name mynsg -g mygroup", True), ("az network nsg rule show --name myrule --nsg-name mynsg -g mygroup", True), ("az network public-ip list", True), ("az network public-ip list --resource-group mygroup", True), ("az network public-ip show --name mypip -g mygroup", True), ("az network lb list", True), ("az network lb show --name mylb -g mygroup", True), ("az network application-gateway list", True), ("az network application-gateway show --name myag -g mygroup", True), ("az network dns zone list", True), ("az network dns zone show --name mydomain.com -g mygroup", True), ("az network dns record-set list --zone-name mydomain.com -g mygroup", True), ("az network dns record-set a list --zone-name mydomain.com -g mygroup", True), ("az network private-dns zone list", True), ("az network private-dns zone show --name myprivatedns -g mygroup", True), ("az network list-usages --location eastus", True), ( "az network vnet create --name newvnet -g mygroup --address-prefix 10.0.0.0/16 --subnet-name default --subnet-prefix 10.0.0.0/24", False, ), ("az network vnet delete --name myvnet -g mygroup", False), ( "az network vnet update --name myvnet -g mygroup --address-prefixes 10.0.0.0/16 10.1.0.0/16", False, ), ( "az network vnet subnet create --name newsubnet --vnet-name myvnet -g mygroup --address-prefix 10.0.1.0/24", False, ), ( "az network vnet subnet delete --name mysubnet --vnet-name myvnet -g mygroup", False, ), ( "az network nic create --name newnic -g mygroup --vnet-name myvnet --subnet mysubnet", False, ), ("az network nic delete --name mynic -g mygroup", False), ( "az network nic update --name mynic -g mygroup --accelerated-networking true", False, ), ("az network nsg create --name newnsg -g mygroup", False), ("az network nsg delete --name mynsg -g mygroup", False), ( "az network nsg rule create --name newrule --nsg-name mynsg -g mygroup --priority 100 --access Allow --protocol Tcp --destination-port-ranges 22", False, ), ("az network nsg rule delete --name myrule --nsg-name mynsg -g mygroup", False), ( "az network public-ip create --name newpip -g mygroup --allocation-method Static --sku Standard", False, ), ("az network public-ip delete --name mypip -g mygroup", False), ( "az network dns record-set a add-record --zone-name mydomain.com -g mygroup --record-set-name www --ipv4-address 1.2.3.4", False, ), ( "az network dns record-set a remove-record --zone-name mydomain.com -g mygroup --record-set-name www --ipv4-address 1.2.3.4", False, ), # az webapp - web apps ("az webapp list", True), ("az webapp list --resource-group mygroup", True), ("az webapp show --name myapp -g mygroup", True), ("az webapp list-runtimes", True), ("az webapp list-runtimes --os-type linux", True), ("az webapp log show --name myapp -g mygroup", True), ("az webapp log tail --name myapp -g mygroup", True), ("az webapp config show --name myapp -g mygroup", True), ("az webapp config appsettings list --name myapp -g mygroup", True), ("az webapp config connection-string list --name myapp -g mygroup", True), ("az webapp deployment list-publishing-profiles --name myapp -g mygroup", True), ("az webapp deployment list-publishing-credentials --name myapp -g mygroup", True), ("az webapp deployment source show --name myapp -g mygroup", True), ( "az webapp create --name newapp -g mygroup --plan myplan --runtime 'NODE:18-lts'", False, ), ("az webapp delete --name myapp -g mygroup", False), ("az webapp up --name myapp -g mygroup --runtime 'PYTHON:3.9'", False), ("az webapp start --name myapp -g mygroup", False), ("az webapp stop --name myapp -g mygroup", False), ("az webapp restart --name myapp -g mygroup", False), ( "az webapp config appsettings set --name myapp -g mygroup --settings KEY=VALUE", False, ), ( "az webapp config appsettings delete --name myapp -g mygroup --setting-names KEY", False, ), ( "az webapp config set --name myapp -g mygroup --linux-fx-version 'PYTHON|3.9'", False, ), ( "az webapp deployment source config-zip --name myapp -g mygroup --src app.zip", False, ), # az functionapp - Azure Functions ("az functionapp list", True), ("az functionapp list --resource-group mygroup", True), ("az functionapp show --name myfunc -g mygroup", True), ("az functionapp config show --name myfunc -g mygroup", True), ("az functionapp config appsettings list --name myfunc -g mygroup", True), ("az functionapp function list --name myfunc -g mygroup", True), ( "az functionapp function show --name myfunc --function-name myfunction -g mygroup", True, ), ("az functionapp keys list --name myfunc -g mygroup", True), ( "az functionapp deployment list-publishing-profiles --name myfunc -g mygroup", True, ), ( "az functionapp create --name newfunc -g mygroup --storage-account myaccount --runtime python --runtime-version 3.9 --functions-version 4 --consumption-plan-location eastus", False, ), ("az functionapp delete --name myfunc -g mygroup", False), ("az functionapp start --name myfunc -g mygroup", False), ("az functionapp stop --name myfunc -g mygroup", False), ("az functionapp restart --name myfunc -g mygroup", False), ( "az functionapp config appsettings set --name myfunc -g mygroup --settings KEY=VALUE", False, ), ( "az functionapp deployment source config-zip --name myfunc -g mygroup --src func.zip", False, ), # az keyvault - Key Vault ("az keyvault list", True), ("az keyvault list --resource-group mygroup", True), ("az keyvault show --name myvault", True), ("az keyvault secret list --vault-name myvault", True), ("az keyvault secret show --name mysecret --vault-name myvault", True), ("az keyvault key list --vault-name myvault", True), ("az keyvault key show --name mykey --vault-name myvault", True), ("az keyvault certificate list --vault-name myvault", True), ("az keyvault certificate show --name mycert --vault-name myvault", True), ("az keyvault secret get-versions --name mysecret --vault-name myvault", True), ("az keyvault key get-versions --name mykey --vault-name myvault", True), ("az keyvault create --name newvault -g mygroup --location eastus", False), ("az keyvault delete --name myvault", False), ("az keyvault purge --name myvault", False), ("az keyvault recover --name myvault", False), ( "az keyvault secret set --name newsecret --vault-name myvault --value 'mysecretvalue'", False, ), ("az keyvault secret delete --name mysecret --vault-name myvault", False), ("az keyvault secret purge --name mysecret --vault-name myvault", False), ("az keyvault key create --name newkey --vault-name myvault", False), ("az keyvault key delete --name mykey --vault-name myvault", False), ( "az keyvault certificate create --name newcert --vault-name myvault --policy @policy.json", False, ), ("az keyvault certificate delete --name mycert --vault-name myvault", False), ( "az keyvault set-policy --name myvault --object-id objid --secret-permissions get list", False, ), # az sql - Azure SQL ("az sql server list", True), ("az sql server list --resource-group mygroup", True), ("az sql server show --name myserver -g mygroup", True), ("az sql db list --server myserver -g mygroup", True), ("az sql db show --name mydb --server myserver -g mygroup", True), ( "az sql db show-connection-string --name mydb --server myserver --client sqlcmd", True, ), ("az sql db list-editions --location eastus", True), ("az sql elastic-pool list --server myserver -g mygroup", True), ("az sql elastic-pool show --name mypool --server myserver -g mygroup", True), ("az sql failover-group list --server myserver -g mygroup", True), ("az sql server firewall-rule list --server myserver -g mygroup", True), ( "az sql server firewall-rule show --name myrule --server myserver -g mygroup", True, ), ( "az sql server create --name newserver -g mygroup --admin-user myadmin --admin-password mypassword", False, ), ("az sql server delete --name myserver -g mygroup", False), ("az sql db create --name newdb --server myserver -g mygroup", False), ("az sql db delete --name mydb --server myserver -g mygroup", False), ( "az sql db update --name mydb --server myserver -g mygroup --max-size 250GB", False, ), ( "az sql db copy --name mydb --server myserver -g mygroup --dest-name copydb", False, ), ( "az sql db restore --name mydb --server myserver -g mygroup --dest-name restoreddb --time 2023-12-01T00:00:00Z", False, ), ( "az sql server firewall-rule create --name myrule --server myserver -g mygroup --start-ip-address 1.2.3.4 --end-ip-address 1.2.3.4", False, ), ( "az sql server firewall-rule delete --name myrule --server myserver -g mygroup", False, ), # az cosmosdb - Cosmos DB ("az cosmosdb list", True), ("az cosmosdb list --resource-group mygroup", True), ("az cosmosdb show --name myaccount -g mygroup", True), ("az cosmosdb keys list --name myaccount -g mygroup", True), ("az cosmosdb sql database list --account-name myaccount -g mygroup", True), ( "az cosmosdb sql database show --name mydb --account-name myaccount -g mygroup", True, ), ( "az cosmosdb sql container list --database-name mydb --account-name myaccount -g mygroup", True, ), ( "az cosmosdb sql container show --name mycontainer --database-name mydb --account-name myaccount -g mygroup", True, ), ("az cosmosdb mongodb database list --account-name myaccount -g mygroup", True), ( "az cosmosdb create --name newaccount -g mygroup --locations regionName=eastus", False, ), ("az cosmosdb delete --name myaccount -g mygroup", False), ( "az cosmosdb update --name myaccount -g mygroup --default-consistency-level Session", False, ), ( "az cosmosdb sql database create --name newdb --account-name myaccount -g mygroup", False, ), ( "az cosmosdb sql database delete --name mydb --account-name myaccount -g mygroup", False, ), ( "az cosmosdb sql container create --name newcontainer --database-name mydb --account-name myaccount -g mygroup --partition-key-path /id", False, ), ( "az cosmosdb keys regenerate --name myaccount -g mygroup --key-kind primary", False, ), # az servicebus - Service Bus ("az servicebus namespace list", True), ("az servicebus namespace list --resource-group mygroup", True), ("az servicebus namespace show --name mynamespace -g mygroup", True), ( "az servicebus namespace authorization-rule list --namespace-name mynamespace -g mygroup", True, ), ( "az servicebus namespace authorization-rule keys list --name RootManageSharedAccessKey --namespace-name mynamespace -g mygroup", True, ), ("az servicebus queue list --namespace-name mynamespace -g mygroup", True), ( "az servicebus queue show --name myqueue --namespace-name mynamespace -g mygroup", True, ), ("az servicebus topic list --namespace-name mynamespace -g mygroup", True), ( "az servicebus topic show --name mytopic --namespace-name mynamespace -g mygroup", True, ), ( "az servicebus topic subscription list --topic-name mytopic --namespace-name mynamespace -g mygroup", True, ), ( "az servicebus namespace create --name newnamesapce -g mygroup --location eastus", False, ), ("az servicebus namespace delete --name mynamespace -g mygroup", False), ( "az servicebus queue create --name newqueue --namespace-name mynamespace -g mygroup", False, ), ( "az servicebus queue delete --name myqueue --namespace-name mynamespace -g mygroup", False, ), ( "az servicebus topic create --name newtopic --namespace-name mynamespace -g mygroup", False, ), ( "az servicebus topic delete --name mytopic --namespace-name mynamespace -g mygroup", False, ), # az eventhubs - Event Hubs ("az eventhubs namespace list", True), ("az eventhubs namespace list --resource-group mygroup", True), ("az eventhubs namespace show --name mynamespace -g mygroup", True), ("az eventhubs eventhub list --namespace-name mynamespace -g mygroup", True), ( "az eventhubs eventhub show --name myeventhub --namespace-name mynamespace -g mygroup", True, ), ( "az eventhubs eventhub consumer-group list --eventhub-name myeventhub --namespace-name mynamespace -g mygroup", True, ), ( "az eventhubs namespace create --name newnamesapce -g mygroup --location eastus", False, ), ("az eventhubs namespace delete --name mynamespace -g mygroup", False), ( "az eventhubs eventhub create --name neweventhub --namespace-name mynamespace -g mygroup", False, ), ( "az eventhubs eventhub delete --name myeventhub --namespace-name mynamespace -g mygroup", False, ), # az redis - Redis Cache ("az redis list", True), ("az redis list --resource-group mygroup", True), ("az redis show --name myredis -g mygroup", True), ("az redis list-keys --name myredis -g mygroup", True), ( "az redis create --name newredis -g mygroup --location eastus --sku Basic --vm-size c0", False, ), ("az redis delete --name myredis -g mygroup", False), ( "az redis update --name myredis -g mygroup --set redisConfiguration.maxmemory-policy=allkeys-lru", False, ), ("az redis regenerate-keys --name myredis -g mygroup --key-type Primary", False), # az appservice - App Service plans ("az appservice plan list", True), ("az appservice plan list --resource-group mygroup", True), ("az appservice plan show --name myplan -g mygroup", True), ("az appservice plan create --name newplan -g mygroup --sku B1", False), ("az appservice plan delete --name myplan -g mygroup", False), ("az appservice plan update --name myplan -g mygroup --sku S1", False), # az resource - generic resources ("az resource list", True), ("az resource list --resource-group mygroup", True), ("az resource list --resource-type Microsoft.Compute/virtualMachines", True), ( "az resource show --ids /subscriptions/.../resourceGroups/.../providers/.../resource", True, ), ( "az resource show --name myresource -g mygroup --resource-type Microsoft.Web/sites", True, ), ( "az resource create --id /subscriptions/.../resourceGroups/.../providers/... --properties '{}'", False, ), ( "az resource delete --ids /subscriptions/.../resourceGroups/.../providers/.../resource", False, ), ("az resource update --ids /subscriptions/.../... --set properties.foo=bar", False), ( "az resource move --ids /subscriptions/.../... --destination-group newgroup", False, ), # az tag - resource tags ("az tag list", True), ("az tag list --resource-id /subscriptions/...", True), ("az tag create --name mytag", False), ("az tag delete --name mytag", False), ( "az tag update --resource-id /subscriptions/... --operation merge --tags env=prod", False, ), # az policy - Azure Policy ("az policy definition list", True), ("az policy definition show --name mypolicy", True), ("az policy assignment list", True), ("az policy assignment list --resource-group mygroup", True), ("az policy assignment show --name myassignment", True), ("az policy state list --resource-group mygroup", True), ("az policy state summarize --resource-group mygroup", True), ("az policy definition create --name newpolicy --rules @rules.json", False), ("az policy definition delete --name mypolicy", False), ("az policy assignment create --name newassignment --policy mypolicy", False), ("az policy assignment delete --name myassignment", False), # az monitor - monitoring ("az monitor metrics list --resource /subscriptions/.../...", True), ("az monitor metrics list-definitions --resource /subscriptions/.../...", True), ("az monitor activity-log list", True), ("az monitor activity-log list --resource-group mygroup", True), ( "az monitor activity-log list --start-time 2023-01-01 --end-time 2023-01-31", True, ), ("az monitor log-analytics workspace list", True), ( "az monitor log-analytics workspace show --workspace-name myworkspace -g mygroup", True, ), ( "az monitor log-analytics query --workspace myworkspace --analytics-query 'AzureActivity | take 10'", True, ), ("az monitor diagnostic-settings list --resource /subscriptions/.../...", True), ( "az monitor diagnostic-settings show --name mydiag --resource /subscriptions/.../...", True, ), ("az monitor alert list --resource-group mygroup", True), ("az monitor action-group list --resource-group mygroup", True), ( "az monitor log-analytics workspace create --workspace-name newworkspace -g mygroup", False, ), ( "az monitor log-analytics workspace delete --workspace-name myworkspace -g mygroup", False, ), ( "az monitor diagnostic-settings create --name newdiag --resource /subscriptions/.../... --logs '[]' --metrics '[]'", False, ), ( "az monitor diagnostic-settings delete --name mydiag --resource /subscriptions/.../...", False, ), # az ad - Azure Active Directory ("az ad user list", True), ("az ad user show --id user@example.com", True), ("az ad group list", True), ("az ad group show --group mygroup", True), ("az ad group member list --group mygroup", True), ("az ad app list", True), ("az ad app show --id appid", True), ("az ad sp list", True), ("az ad sp show --id spid", True), ("az ad signed-in-user show", True), ( "az ad user create --display-name 'New User' --user-principal-name newuser@example.com --password pass", False, ), ("az ad user delete --id user@example.com", False), ("az ad group create --display-name 'New Group' --mail-nickname newgroup", False), ("az ad group delete --group mygroup", False), ("az ad group member add --group mygroup --member-id userid", False), ("az ad group member remove --group mygroup --member-id userid", False), ("az ad app create --display-name 'New App'", False), ("az ad app delete --id appid", False), ("az ad sp create --id appid", False), ("az ad sp delete --id spid", False), ("az ad sp credential reset --id spid", False), # az container - Container Instances ("az container list", True), ("az container list --resource-group mygroup", True), ("az container show --name mycontainer -g mygroup", True), ("az container logs --name mycontainer -g mygroup", True), ("az container logs --name mycontainer -g mygroup --follow", True), ( "az container create --name newcontainer -g mygroup --image nginx --cpu 1 --memory 1", False, ), ("az container delete --name mycontainer -g mygroup", False), ("az container delete --name mycontainer -g mygroup --yes", False), ("az container start --name mycontainer -g mygroup", False), ("az container stop --name mycontainer -g mygroup", False), ("az container restart --name mycontainer -g mygroup", False), ("az container exec --name mycontainer -g mygroup --exec-command /bin/bash", False), # az devops / pipelines / repos / boards (existing tests expanded) ("az devops configure --list", True), ("az devops project list --organization https://dev.azure.com/myorg", True), ( "az devops project show --project myproject --organization https://dev.azure.com/myorg", True, ), ("az devops service-endpoint list --project myproject", True), ("az devops wiki list --project myproject", True), ("az devops wiki show --wiki mywiki --project myproject", True), ("az devops wiki page show --path /page --wiki mywiki --project myproject", True), ( "az devops configure --defaults project=myproject organization=https://dev.azure.com/myorg", False, ), ("az devops login --organization https://dev.azure.com/myorg", False), ( "az devops project create --name newproject --organization https://dev.azure.com/myorg", False, ), ( "az devops project delete --id projectid --organization https://dev.azure.com/myorg --yes", False, ), ("az pipelines list --project myproject", True), ("az pipelines show --name mypipeline --project myproject", True), ("az pipelines runs list --pipeline-id 1 --project myproject", True), ("az pipelines runs show --id 100 --project myproject", True), ("az pipelines build list --project myproject", True), ("az pipelines build show --id 100 --project myproject", True), ("az pipelines variable-group list --project myproject", True), ("az pipelines variable-group show --group-id 1 --project myproject", True), ( "az pipelines agent list --pool-id 1 --organization https://dev.azure.com/myorg", True, ), ( "az pipelines create --name newpipeline --repository myrepo --branch main --project myproject", False, ), ("az pipelines delete --id 1 --project myproject --yes", False), ("az pipelines run --name mypipeline --project myproject", False), ( "az pipelines update --name mypipeline --new-name newname --project myproject", False, ), ("az repos list --project myproject", True), ("az repos show --repository myrepo --project myproject", True), ("az repos pr list --project myproject", True), ("az repos pr list --project myproject --status active", True), ("az repos pr show --id 1 --project myproject", True), ("az repos ref list --repository myrepo --project myproject", True), ("az repos create --name newrepo --project myproject", False), ("az repos delete --id repoid --project myproject --yes", False), ( "az repos pr create --repository myrepo --source-branch feature --target-branch main --project myproject", False, ), ("az repos pr update --id 1 --status completed --project myproject", False), ("az repos policy list --repository-id repoid --project myproject", True), ( "az repos policy build create --repository-id repoid --branch main --blocking --enabled --build-definition-id 1 --project myproject", False, ), # az version/upgrade/interactive/feedback/configure ("az version", True), ("az --version", True), ("az upgrade", False), ("az interactive", False), ("az feedback", False), ("az configure", False), ("az configure --defaults group=mygroup", False), ] @pytest.mark.parametrize("command,expected", TESTS) def test_az(check, command: str, expected: bool) -> None: """Test command safety.""" result = check(command) if expected: assert is_approved(result), f"Expected approved for: {command}" else: assert needs_confirmation(result), f"Expected confirmation for: {command}"