[DONT MERGE] [documentdb] Add end-to-end mongocluster scenario test coverage and fix replica promote#10113
Conversation
Addresses PR review feedback. Adds end to end scenario coverage for mongocluster user, cross region replica (GeoAsyncReplica) and point in time restore, recorded live and verified in playback. A _wait_for_restore_point helper waits (only while recording) for the first backup, and _cmd_retry reissues a mutating command while the service still reports an operation in progress. Fixes _keep_only_args so deregistered arguments are also marked optional. Previously a hidden but still required argument (the base create password on a replica) failed schema validation with a missing required field error, so replica create could not run. Renames the administrator password flag to --password/-p on create and update for consistency with reset-password and restore. Fixes a typo in the user show help text. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Copilot-Session: 8bf5e49a-3c3e-4dfe-851d-1f2790a2852b
Each mongocluster scenario (crud, firewall, user, identity, replica, restore, cmk) is now an independent test with its own recording, so a failure in one does not mask the others and a single scenario can be re-recorded on its own. Adds coverage for managed identity (assign/show/remove) and customer-managed key (CMK) encryption at rest, and replaces the monolithic lifecycle recording. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Copilot-Session: 8bf5e49a-3c3e-4dfe-851d-1f2790a2852b
The generated replica promote command sent {mode, promoteOption} at the
request root, which the service rejects with a schema error, and passed a
null final-result callback to the long-running-operation poller, which
raised a TypeError once the operation completed. The custom.py wrapper now
nests the body under "properties" and supplies a no-op callback, mirroring
how the generated delete handles its empty response. Adds an end-to-end
promote scenario test (source + cross-region replica, forced switchover,
asserts the replica settles into the primary role) plus a helper that waits
out the brief post-operation Updating state.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 8bf5e49a-3c3e-4dfe-851d-1f2790a2852b
Adds a negative test covering client-side validation (invalid --storage-type and --high-availability enum values, invalid --mode, and a missing required --promote-option, all asserted via SystemExit) and service rejections (show/firewall-rule show/user show/replica list against a cluster that does not exist, asserted with expect_failure). This matches the negative-case convention used by the official cosmosdb CLI tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Copilot-Session: 8bf5e49a-3c3e-4dfe-851d-1f2790a2852b
|
Validation for Breaking Change Starting...
Thanks for your contribution! |
|
Hi @amatarritamicrosoft, |
|
Azure Pipelines: There may be pipelines that require an authorized user to comment /azp run to run. |
|
documentdb |
|
|
||
| :example: Create a mongo cluster with Premium SSD v2 storage. | ||
| az documentdb mongocluster create -n MyCluster -g MyResourceGroup --location eastus --admin-user dbadmin --admin-password MyP@ssw0rd123! --tier M30 --storage-size 128 --storage-type PremiumSSDv2 --shard-count 1 --high-availability Disabled | ||
| az documentdb mongocluster create -n MyCluster -g MyResourceGroup --location eastus --admin-user dbadmin --password MyP@ssw0rd123! --tier M30 --storage-size 128 --storage-type PremiumSSDv2 --shard-count 1 --high-availability Disabled |
There was a problem hiding this comment.
My original comment was that this should have an alias so that just password can be used - but contextual for example docs it makes sense that admin-user and admin-password are used for easier interpretation
| _args_schema.admin_password = AAZPasswordArg( | ||
| options=["-p", "--admin-password"], | ||
| _args_schema.password = AAZPasswordArg( | ||
| options=["-p", "--password"], |
There was a problem hiding this comment.
you should have all three aliases - and in password refresh command it should support the same three.
| time.sleep(delay) | ||
| return None | ||
|
|
||
| def _wait_until_provisioned(self, target, retries=40, delay=30): |
There was a problem hiding this comment.
Good to note - but you should still be testing variants of implicit wait and explicit wait commands. I don't see any of the latter.
| ) | ||
| self.cmd( | ||
| 'documentdb mongocluster firewall-rule show -n {fw} --cluster-name {cluster} -g {rg}', | ||
| '--start-ip-address 203.0.113.0 --end-ip-address 203.0.113.255', |
There was a problem hiding this comment.
What IP address is this? Rather than something hand coded, either user 0.0.0.0-0.0.0.0 (allow any azure service) OR use the test machines current IP address.
|
|
||
| @AllowLargeResponse() | ||
| @ResourceGroupPreparer(name_prefix='cli_test_documentdb_cmk', location='eastus2') | ||
| def test_documentdb_mongocluster_cmk(self, resource_group): |
There was a problem hiding this comment.
CMK as a workflow should also validate identity assignment since that's the only scenario the identity is used for on the cluster today.
…identity check Resolve mongocluster scenario test review feedback: * Expose all three password aliases (--admin-password, --password, -p) on create, update, reset-password, and restore. Examples show --admin-password. * Exercise the native wait command explicitly: firewall uses create --no-wait then firewall-rule wait --created. Replace the two hand authored pollers with mongocluster wait --custom in the restore and promote tests. * Use 0.0.0.0 firewall ranges instead of a hardcoded test IP. * Validate the user assigned identity in the CMK test through identity show (type, key presence, and principalId). * Fix user command examples to a pattern valid username (alice-entra). Recorded the affected cassettes again (firewall, restore, promote, cmk). All nine scenario tests pass in playback. Style and linter pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Copilot-Session: 8bf5e49a-3c3e-4dfe-851d-1f2790a2852b
Summary
Follow up to the DocumentDB (Azure Cosmos DB for MongoDB vCore) extension (1.0.0b1) that adds end to end scenario test coverage and fixes several command issues found while writing the tests. The extension version stays at 1.0.0b1 (no version bump).
Tests added
Splits the single lifecycle recording into nine independent scenario tests, each with its own recording so a failure in one does not mask the others and a single scenario can be re-recorded on its own:
Fixes
modeandpromoteOptionat the request root, which the service rejects with a schema error, and passed a null long running operation callback, which raised aTypeErroronce the operation completed. The custom wrapper now nests the body underpropertiesand supplies a no-op callback, mirroring how the generated delete handles its empty response._keep_only_argsderegistered the base create arguments a variant does not use but left them flagged required, so the parser rejected the command for a missing value (for example the inherited password on a replica). Hidden arguments are now also cleared of the required flag.--admin-passwordis now--password(with the-pshort form) across create, update, reset-password and restore, for consistency across the command group and with peer database CLIs. Pairs with the aaz model change in [DONT MERGE ][documentdb] Rename mongocluster administrator password option to --password aaz#1044.Validation
All nine scenarios pass in playback (CI mode). azdev style and azdev linter both pass.
Addresses PR #10059 review feedback (missing tests for restore, replica, CMK, users).