Skip to content

[DONT MERGE] [documentdb] Add end-to-end mongocluster scenario test coverage and fix replica promote#10113

Draft
amatarritamicrosoft wants to merge 6 commits into
Azure:mainfrom
amatarritamicrosoft:feature-documentDB-v2
Draft

[DONT MERGE] [documentdb] Add end-to-end mongocluster scenario test coverage and fix replica promote#10113
amatarritamicrosoft wants to merge 6 commits into
Azure:mainfrom
amatarritamicrosoft:feature-documentDB-v2

Conversation

@amatarritamicrosoft

@amatarritamicrosoft amatarritamicrosoft commented Jul 14, 2026

Copy link
Copy Markdown
Member

Summary

Follow up to the DocumentDB (Azure Cosmos DB for MongoDB vCore) extension (1.0.0b1) that adds end to end scenario test coverage and fixes several command issues found while writing the tests. The extension version stays at 1.0.0b1 (no version bump).

Tests added

Splits the single lifecycle recording into nine independent scenario tests, each with its own recording so a failure in one does not mask the others and a single scenario can be re-recorded on its own:

  • cluster CRUD, connection strings and reset-password
  • firewall rules
  • Microsoft Entra users
  • managed identity (assign, show, remove)
  • cross region replica
  • point in time restore
  • customer managed key (CMK) encryption at rest
  • replica promote (forced switchover)
  • negative cases (client side validation and service rejections)

Fixes

  • Replica promote request shape and poller. The generated command sent mode and promoteOption at the request root, which the service rejects with a schema error, and passed a null long running operation callback, which raised a TypeError once the operation completed. The custom wrapper now nests the body under properties and supplies a no-op callback, mirroring how the generated delete handles its empty response.
  • Replica create and restore missing password. _keep_only_args deregistered the base create arguments a variant does not use but left them flagged required, so the parser rejected the command for a missing value (for example the inherited password on a replica). Hidden arguments are now also cleared of the required flag.
  • Administrator password option rename. --admin-password is now --password (with the -p short form) across create, update, reset-password and restore, for consistency across the command group and with peer database CLIs. Pairs with the aaz model change in [DONT MERGE ][documentdb] Rename mongocluster administrator password option to --password aaz#1044.
  • User show help typo. Corrects "defintion" to "definition".

Validation

All nine scenarios pass in playback (CI mode). azdev style and azdev linter both pass.

Addresses PR #10059 review feedback (missing tests for restore, replica, CMK, users).

amatarritamicrosoft and others added 4 commits July 13, 2026 16:03
Addresses PR review feedback.

Adds end to end scenario coverage for mongocluster user, cross region
replica (GeoAsyncReplica) and point in time restore, recorded live and
verified in playback. A _wait_for_restore_point helper waits (only while
recording) for the first backup, and _cmd_retry reissues a mutating
command while the service still reports an operation in progress.

Fixes _keep_only_args so deregistered arguments are also marked optional.
Previously a hidden but still required argument (the base create password
on a replica) failed schema validation with a missing required field
error, so replica create could not run.

Renames the administrator password flag to --password/-p on create and
update for consistency with reset-password and restore.

Fixes a typo in the user show help text.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 8bf5e49a-3c3e-4dfe-851d-1f2790a2852b
Each mongocluster scenario (crud, firewall, user, identity, replica,
restore, cmk) is now an independent test with its own recording, so a
failure in one does not mask the others and a single scenario can be
re-recorded on its own. Adds coverage for managed identity
(assign/show/remove) and customer-managed key (CMK) encryption at rest,
and replaces the monolithic lifecycle recording.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 8bf5e49a-3c3e-4dfe-851d-1f2790a2852b
The generated replica promote command sent {mode, promoteOption} at the
request root, which the service rejects with a schema error, and passed a
null final-result callback to the long-running-operation poller, which
raised a TypeError once the operation completed. The custom.py wrapper now
nests the body under "properties" and supplies a no-op callback, mirroring
how the generated delete handles its empty response. Adds an end-to-end
promote scenario test (source + cross-region replica, forced switchover,
asserts the replica settles into the primary role) plus a helper that waits
out the brief post-operation Updating state.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 8bf5e49a-3c3e-4dfe-851d-1f2790a2852b
Adds a negative test covering client-side validation (invalid --storage-type
and --high-availability enum values, invalid --mode, and a missing required
--promote-option, all asserted via SystemExit) and service rejections
(show/firewall-rule show/user show/replica list against a cluster that does
not exist, asserted with expect_failure). This matches the negative-case
convention used by the official cosmosdb CLI tests.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 8bf5e49a-3c3e-4dfe-851d-1f2790a2852b
@azure-client-tools-bot-prd

Copy link
Copy Markdown
Validation for Breaking Change Starting...

Thanks for your contribution!

@azure-client-tools-bot-prd

Copy link
Copy Markdown

Hi @amatarritamicrosoft,
Please write the description of changes which can be perceived by customers into HISTORY.rst.
If you want to release a new extension version, please update the version in setup.py as well.

@azure-pipelines

Copy link
Copy Markdown
Azure Pipelines:
There may be pipelines that require an authorized user to comment /azp run to run.

@amatarritamicrosoft amatarritamicrosoft changed the title [documentdb] Add mongocluster scenario tests and fix replica promote [DO NOT MERGE] [documentdb] Add mongocluster scenario tests and fix replica promote Jul 14, 2026
@amatarritamicrosoft amatarritamicrosoft changed the title [DO NOT MERGE] [documentdb] Add mongocluster scenario tests and fix replica promote [documentdb] Add end-to-end mongocluster scenario test coverage and fix replica promote Jul 14, 2026
@amatarritamicrosoft amatarritamicrosoft changed the title [documentdb] Add end-to-end mongocluster scenario test coverage and fix replica promote [DONT MERGE] [documentdb] Add end-to-end mongocluster scenario test coverage and fix replica promote Jul 14, 2026
@yonzhan

yonzhan commented Jul 14, 2026

Copy link
Copy Markdown
Collaborator

documentdb

@yonzhan
yonzhan requested a review from Pan-Qi July 14, 2026 22:39
Comment thread src/documentdb/azext_documentdb/aaz/latest/documentdb/mongocluster/_create.py Outdated
Comment thread src/documentdb/azext_documentdb/aaz/latest/documentdb/mongocluster/_create.py Outdated
Comment thread src/documentdb/azext_documentdb/tests/latest/test_documentdb.py Outdated
Comment thread src/documentdb/azext_documentdb/tests/latest/test_documentdb.py Outdated
Comment thread src/documentdb/azext_documentdb/tests/latest/test_documentdb.py
…identity check

Resolve mongocluster scenario test review feedback:
* Expose all three password aliases (--admin-password, --password, -p) on
  create, update, reset-password, and restore. Examples show --admin-password.
* Exercise the native wait command explicitly: firewall uses create --no-wait
  then firewall-rule wait --created. Replace the two hand authored pollers with
  mongocluster wait --custom in the restore and promote tests.
* Use 0.0.0.0 firewall ranges instead of a hardcoded test IP.
* Validate the user assigned identity in the CMK test through identity show
  (type, key presence, and principalId).
* Fix user command examples to a pattern valid username (alice-entra).

Recorded the affected cassettes again (firewall, restore, promote, cmk). All
nine scenario tests pass in playback. Style and linter pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 8bf5e49a-3c3e-4dfe-851d-1f2790a2852b
Comment thread src/documentdb/azext_documentdb/aaz/latest/documentdb/mongocluster/user/_show.py Outdated
…id identifier

Address Oliver Towers' PR review on the mongocluster user commands: the users
API only supports Microsoft Entra ID principals today, so the generic `user`
naming misleads customers about what is provisioned and what identifier to pass.

- Rename command group `mongocluster user` -> `mongocluster entra-user`.
- Rename the identifier arg `--user-name` -> `--object-id` (keeps `-n`/`--name`
  aliases); help now states it is the Entra object (client) ID GUID, not a
  friendly name or UPN.
- Make all command/group help Entra-specific; fix "defintion" typo in show.
- Update examples to use a GUID object id.
- Fix roles singular option in the aaz model (was generating ----role).
- Re-record the entra-user and negative scenario tests live; both pass playback.

The flat --type wrapper (custom.py) and its command-table registration are
rewired to the entra-user name so the flattening survives the rename.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 40a4fbc4-fd62-4bcc-9b7d-6e70f80e114d

@olivertowers olivertowers left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving - but do consider the correct verbiage for the entra user command

:example: Delete a user.
az documentdb mongocluster user delete -n alice-entra --cluster-name MyCluster -g MyResourceGroup
:example: Delete an Entra ID user by object ID.
az documentdb mongocluster entra-user delete --object-id 11111111-1111-1111-1111-111111111111 --cluster-name MyCluster -g MyResourceGroup

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

naming convention here might be add/remove or assign/remove rather than create/delete since the entra user already exists it's just about granting the user admin access to the data plane.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants