update history

Azure · Apr 25, 2017 · 766b170 · 766b170
1 parent 48fb85d
commit 766b170
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 7 deletions.
diff --git a/src/command_modules/azure-cli-appservice/HISTORY.rst b/src/command_modules/azure-cli-appservice/HISTORY.rst
@@ -5,6 +5,7 @@ Release History
 
 0.1.3 (2017-04-17)
 ++++++++++++++++++++
+
 * Use the app service plan's resource group for cert operations (#2750)
 
 0.1.2 (2017-04-03)

diff --git a/src/command_modules/azure-cli-role/HISTORY.rst b/src/command_modules/azure-cli-role/HISTORY.rst
@@ -2,6 +2,9 @@
 
 Release History
 ===============
+2.0.3 (unreleased)
+++++++++++++++++++
+* create-for-rbac: ensure SP's end date will not exceed certificate's expiration date (#2989)
 
 2.0.2 (2017-04-17)
 ++++++++++++++++++

diff --git a/src/command_modules/azure-cli-role/azure/cli/command_modules/role/custom.py b/src/command_modules/azure-cli-role/azure/cli/command_modules/role/custom.py
@@ -507,7 +507,7 @@ def create_service_principal_for_rbac(
     :param str name: a display name or an app id uri. Command will generate one if missing.
     :param str password: the password used to login. If missing, command will generate one.
     :param str cert: PEM formatted public certificate. Do not include private key info.
-    :param str years: Years the password will be valid.
+    :param str years: Years the password will be valid. Default: 1 year
     :param str scopes: space separated scopes the service principal's role assignment applies to.
            Defaults to the root of the current subscription.
     :param str role: role the service principal has on the resources.
@@ -544,8 +544,11 @@ def create_service_principal_for_rbac(
         public_cert_string, cert_file = _create_self_signed_cert(years or 1)
     elif cert:
         public_cert_string, end_date = _normalize_cert(cert)
-        if years and start_date.replace(tzinfo=tzutc()) + relativedelta(years=years) > end_date:
-            logger.warning("Use cert's expiration date as supplied '--years' exceeds it")
+        if years:
+            if start_date.replace(tzinfo=tzutc()) + relativedelta(years=years) > end_date:
+                logger.warning("Use cert's expiration date as supplied '--years' exceeds it")
+            else:
+                end_date = None  # we will pick up --years
     else:
         password = password or str(uuid.uuid4())
 
@@ -697,7 +700,7 @@ def reset_service_principal_credential(name, password=None, create_cert=False,
     :param str name: the name, can be the app id uri, app id guid, or display name
     :param str password: the password used to login. If missing, command will generate one.
     :param str cert: PEM formatted public certificate. Do not include private key info.
-    :param str years: Years the password will be valid.
+    :param str years: Years the password will be valid. Default: 1 year
     '''
     client = _graph_client_factory()
 
@@ -724,8 +727,11 @@ def reset_service_principal_credential(name, password=None, create_cert=False,
         public_cert_string, cert_file = _create_self_signed_cert(years or 1)
     elif cert:
         public_cert_string, end_date = _normalize_cert(cert)
-        if years and start_date.replace(tzinfo=tzutc()) + relativedelta(years=years) > end_date:
-            logger.warning("Use cert's expiration date as supplied '--years' exceeds it")
+        if years:
+            if start_date.replace(tzinfo=tzutc()) + relativedelta(years=years) > end_date:
+                logger.warning("Use cert's expiration date as supplied '--years' exceeds it")
+            else:
+                end_date = None  # we will pick up --years
     else:
         password = password or str(uuid.uuid4())
     end_date = end_date or start_date + relativedelta(years=years or 1)

diff --git a/src/command_modules/azure-cli-role/tests/test_role_commands_thru_mock.py b/src/command_modules/azure-cli-role/tests/test_role_commands_thru_mock.py
@@ -126,6 +126,7 @@ def test_create_for_rbac_use_cert_date(self, logger_mock, graph_client_mock, aut
 
         def mock_app_create(parameters):
             end_date = parameters.key_credentials[0].end_date
+            # sample check the cert's expiration time
             self.assertEqual(end_date.day, 21)
             self.assertEqual(end_date.month, 4)
             return app
@@ -152,7 +153,7 @@ def mock_app_create(parameters):
         # assert
         self.assertEqual(result['name'], 'http://' + name)
         self.assertEqual(result['appId'], test_app_id)
-        self.assertTrue(logger_mock.warning.called)
+        self.assertTrue(logger_mock.warning.called)  # we should warn 'years' will be dropped
         self.assertTrue(faked_graph_client.applications.create.called)