Clean up integration test a little

examples/examples_nodejs_test.go

@@ -300,6 +300,10 @@ func TestAccBlobContainerLegalHold(t *testing.T) {
 func TestAccPIMRoleManagementPolicies(t *testing.T) {
 	skipIfShort(t)
 
+	// A randomly chosen Role Management Policy, from the list obtained by
+	// az rest --method get --url https://management.azure.com/subscriptions/0282681f-7a9e-424b-80b2-96babd57a8a1/providers/Microsoft.Authorization/roleManagementPolicies\?api-version\=2020-10-01
+	const policyId = "7ed63469-c833-4fba-9032-803ce289eabc"
+
 	// Retrieve the `maximumDuration` property of the randomly chosen Expiration_Admin_Eligibility rule.
 	// Used in ExtraRuntimeValidation to assert that the rule has the expected duration.
 	// Uses the Azure SDK to be able to retrieve the actual value from Azure, independent of Pulumi.
@@ -316,7 +320,7 @@ func TestAccPIMRoleManagementPolicies(t *testing.T) {
 		require.NoError(t, err)
 		client := clientFactory.NewRoleManagementPoliciesClient()
 
-		resp, err := client.Get(context.Background(), "subscriptions/"+sub, "3faafb81-7f6f-4c66-b936-fb41ef4e4734", nil)
+		resp, err := client.Get(context.Background(), "subscriptions/"+sub, policyId, nil)
 		require.NoError(t, err)
 
 		var rule *armauthorization.RoleManagementPolicyExpirationRule
@@ -337,7 +341,10 @@ func TestAccPIMRoleManagementPolicies(t *testing.T) {
 
 	test := getJSBaseOptions(t).
 		With(integration.ProgramTestOptions{
+			Verbose:              true,
+			DebugLogLevel:        9,
 			Dir:                  filepath.Join(getCwd(t), "pim-rolemanagementpolicies"),
+			Config:               map[string]string{"policy": policyId},
 			ExpectRefreshChanges: false,
 			ExtraRuntimeValidation: func(t *testing.T, stackInfo integration.RuntimeValidationStackInfo) {
 				assert.Equal(t, "P365D", get_Expiration_Admin_Eligibility_RuleDuration())

examples/pim-rolemanagementpolicies/2-update-rule/index.ts

@@ -4,7 +4,7 @@ import * as pim from "@pulumi/azure-native/authorization";
 const clientConfig = pulumi.output(pim.getClientConfig());
 
 const policy = new pim.RoleManagementPolicy("policy", {
-    roleManagementPolicyName: "3faafb81-7f6f-4c66-b936-fb41ef4e4734",
+    roleManagementPolicyName: new pulumi.Config().requireSecret("policy"),
     scope: pulumi.interpolate`subscriptions/${clientConfig.subscriptionId}`,
     rules: [
         {

examples/pim-rolemanagementpolicies/3-remove-rule/index.ts

@@ -4,10 +4,11 @@ import * as pim from "@pulumi/azure-native/authorization";
 const clientConfig = pulumi.output(pim.getClientConfig());
 
 const policy = new pim.RoleManagementPolicy("policy", {
-    roleManagementPolicyName: "3faafb81-7f6f-4c66-b936-fb41ef4e4734",
+    roleManagementPolicyName: new pulumi.Config().requireSecret("policy"),
     scope: pulumi.interpolate`subscriptions/${clientConfig.subscriptionId}`,
     rules: [
         // rule removed, but it will still exist in Azure
+
         // we add another one since an empty list is not allowed
         {
             "id": "Notification_Admin_Admin_Eligibility",

examples/pim-rolemanagementpolicies/index.ts

@@ -4,7 +4,7 @@ import * as pim from "@pulumi/azure-native/authorization";
 const clientConfig = pulumi.output(pim.getClientConfig());
 
 const policy = new pim.RoleManagementPolicy("policy", {
-    roleManagementPolicyName: "3faafb81-7f6f-4c66-b936-fb41ef4e4734",
+    roleManagementPolicyName: new pulumi.Config().requireSecret("policy"),
     scope: pulumi.interpolate`subscriptions/${clientConfig.subscriptionId}`,
     rules: [
         {