Skip to content

[ARM] Third party S2S Consent/Permission Enumeration #18433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zhoxing-ms merged 11 commits into from
Jun 23, 2021
Merged

[ARM] Third party S2S Consent/Permission Enumeration #18433

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
2d83615
feature permission list
00Kai0 Jun 10, 2021
e72447f
fix
00Kai0 Jun 10, 2021
f4e4740
Merge remote-tracking branch 'origin/dev' into feature-provider-permi…
00Kai0 Jun 10, 2021
2136995
fix
00Kai0 Jun 10, 2021
0c5b73b
fix
00Kai0 Jun 10, 2021
aa2315c
fix
00Kai0 Jun 10, 2021
ca6b89b
fix
00Kai0 Jun 11, 2021
64c33aa
Apply suggestions from code review
jsntcy Jun 16, 2021
714c674
fix test and help info
00Kai0 Jun 16, 2021
8932b64
Merge branch 'feature-provider-permission-list' of https://github.com…
00Kai0 Jun 16, 2021
f000087
fix
00Kai0 Jun 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions src/azure-cli/azure/cli/command_modules/resource/_client_factory.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@
# --------------------------------------------------------------------------------------------


def _resource_client_factory(cli_ctx, **_):
def _resource_client_factory(cli_ctx, api_version=None, **_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from azure.cli.core.profiles import ResourceType
return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES)
return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES, api_version=api_version)


def _resource_feature_client_factory(cli_ctx, **_):
Expand Down Expand Up @@ -72,8 +72,8 @@ def cf_resources(cli_ctx, _):
return _resource_client_factory(cli_ctx).resources


def cf_providers(cli_ctx, _):
return _resource_client_factory(cli_ctx).providers
def cf_providers(cli_ctx, _, api_version=None):
return _resource_client_factory(cli_ctx, api_version=api_version).providers


def cf_tags(cli_ctx, _):
Expand Down
10 changes: 10 additions & 0 deletions src/azure-cli/azure/cli/command_modules/resource/_help.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1846,6 +1846,16 @@
az provider list --query [?namespace=='Microsoft.Network'].resourceTypes[].resourceType
"""

helps['provider permission'] = """
type: group
short-summary: Manage permissions for a provider.
"""

helps['provider permission list'] = """
type: command
short-summary: List permissions from a provider.
"""

helps['provider operation'] = """
type: group
short-summary: Get provider operations metadatas.
Expand Down
1 change: 1 addition & 0 deletions src/azure-cli/azure/cli/command_modules/resource/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ def load_arguments(self, _):
c.argument('mg', help="The management group id to register.", options_list=['--management-group-id', '-m'])
c.argument('accept_terms', action='store_true', is_preview=True, help="Accept market place terms and RP terms for RPaaS. Required when registering RPs from RPaaS, such as 'Microsoft.Confluent' and 'Microsoft.Datadog'.")
c.argument('wait', action='store_true', help='wait for the registration to finish')
c.argument('consent_to_permissions', options_list=['--consent-to-permissions', '-c'], action='store_true', help='A value indicating whether authorization is consented or not.')

with self.argument_context('provider unregister') as c:
c.argument('wait', action='store_true', help='wait for unregistration to finish')
Expand Down
1 change: 1 addition & 0 deletions src/azure-cli/azure/cli/command_modules/resource/commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,7 @@ def load_command_table(self, _):
g.custom_command('register', 'register_provider')
g.custom_command('unregister', 'unregister_provider')
g.custom_command('operation list', 'list_provider_operations')
g.custom_command('permission list', 'list_provider_permissions')
g.custom_show_command('operation show', 'show_provider_operations')

# Resource feature commands
Expand Down
28 changes: 19 additions & 9 deletions src/azure-cli/azure/cli/command_modules/resource/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@

from azure.cli.command_modules.resource._client_factory import (
_resource_client_factory, _resource_policy_client_factory, _resource_lock_client_factory,
_resource_links_client_factory, _resource_deploymentscripts_client_factory, _authorization_management_client, _resource_managedapps_client_factory, _resource_templatespecs_client_factory)
_resource_links_client_factory, _resource_deploymentscripts_client_factory, _authorization_management_client, _resource_managedapps_client_factory, _resource_templatespecs_client_factory,
cf_providers)
from azure.cli.command_modules.resource._validators import _parse_lock_id

from azure.core.pipeline.policies import SansIOHTTPPolicy
Expand Down Expand Up @@ -1019,31 +1020,31 @@ def _get_auth_provider_latest_api_version(cli_ctx):
return api_version


def _update_provider(cli_ctx, namespace, registering, wait, mg_id=None, accept_terms=None):
def _update_provider(cli_ctx, namespace, registering, wait, properties=None, mg_id=None, accept_terms=None):
import time
target_state = 'Registered' if registering else 'Unregistered'
rcf = _resource_client_factory(cli_ctx)
client = cf_providers(cli_ctx, None, api_version='2021-04-01')
Copy link
Contributor

@zhoxing-ms zhoxing-ms Jun 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May I ask why you do not upgrade the api-version for ResourceType.MGMT_RESOURCE_RESOURCES, but specify a fixed version 2021-04-01 here?
Actually, If the current api-version does not support new features, we will generally bump the api-version

is_rpaas = namespace.lower() in RPAAS_APIS
if mg_id is None and registering:
if is_rpaas:
if not accept_terms:
raise RequiredArgumentMissingError("--accept-terms must be specified when registering the {} RP from RPaaS.".format(namespace))
wait = True
r = rcf.providers.register(namespace)
r = client.register(namespace, properties=properties)
elif mg_id and registering:
r = rcf.providers.register_at_management_group_scope(namespace, mg_id)
r = client.register_at_management_group_scope(namespace, mg_id)
if r is None:
return
else:
r = rcf.providers.unregister(namespace)
r = client.unregister(namespace)

if r.registration_state == target_state:
return

if wait:
while True:
time.sleep(10)
rp_info = rcf.providers.get(namespace)
rp_info = client.get(namespace)
if rp_info.registration_state == target_state:
break
if is_rpaas and registering and mg_id is None:
Expand Down Expand Up @@ -2036,8 +2037,12 @@ def list_resources(cmd, resource_group_name=None,
return list(resources)


def register_provider(cmd, resource_provider_namespace, mg=None, wait=False, accept_terms=None):
_update_provider(cmd.cli_ctx, resource_provider_namespace, registering=True, wait=wait, mg_id=mg, accept_terms=accept_terms)
def register_provider(cmd, resource_provider_namespace, consent_to_permissions=False, mg=None, wait=False, accept_terms=None):
properties = None
if consent_to_permissions:
from azure.mgmt.resource.resources.v2021_04_01.models import ProviderRegistrationRequest, ProviderConsentDefinition
Copy link
Contributor

@zhoxing-ms zhoxing-ms Jun 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not recommended to directly import the model from package under the specific version. If you plan to bump api-version, then you can use cmd.get_models() to get those models

properties = ProviderRegistrationRequest(third_party_provider_consent=ProviderConsentDefinition(consent_to_authorization=consent_to_permissions))
_update_provider(cmd.cli_ctx, resource_provider_namespace, registering=True, wait=wait, properties=properties, mg_id=mg, accept_terms=accept_terms)


def unregister_provider(cmd, resource_provider_namespace, wait=False):
Expand All @@ -2049,6 +2054,11 @@ def list_provider_operations(cmd):
return auth_client.provider_operations_metadata.list()


def list_provider_permissions(cmd, resource_provider_namespace):
client = cf_providers(cmd.cli_ctx, None, api_version='2021-04-01')
Copy link
Contributor

@zhoxing-ms zhoxing-ms Jun 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above

return client.provider_permissions(resource_provider_namespace)


def show_provider_operations(cmd, resource_provider_namespace):
version = getattr(get_api_version(cmd.cli_ctx, ResourceType.MGMT_AUTHORIZATION), 'provider_operations_metadata')
auth_client = _authorization_management_client(cmd.cli_ctx)
Expand Down
4 changes: 2 additions & 2 deletions ...mmand_modules/resource/tests/hybrid_2018_03_01/recordings/test_provider_registration.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ interactions:
User-Agent:
- AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
method: POST
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2018-02-01
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2021-04-01
response:
body:
string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East
Expand Down Expand Up @@ -176,7 +176,7 @@ interactions:
User-Agent:
- AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
method: POST
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2018-02-01
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2021-04-01
response:
body:
string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East
Expand Down
4 changes: 2 additions & 2 deletions ...mmand_modules/resource/tests/hybrid_2019_03_01/recordings/test_provider_registration.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ interactions:
User-Agent:
- AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
method: POST
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2018-05-01
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2021-04-01
response:
body:
string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East
Expand Down Expand Up @@ -176,7 +176,7 @@ interactions:
User-Agent:
- AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
method: POST
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2018-05-01
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2021-04-01
response:
body:
string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East
Expand Down
4 changes: 2 additions & 2 deletions ...zure/cli/command_modules/resource/tests/latest/recordings/test_provider_registration.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ interactions:
User-Agent:
- AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
method: POST
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2020-10-01
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2021-04-01
response:
body:
string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East
Expand Down Expand Up @@ -176,7 +176,7 @@ interactions:
User-Agent:
- AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
method: POST
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2020-10-01
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2021-04-01
response:
body:
string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East
Expand Down
2 changes: 1 addition & 1 deletion ...e/cli/command_modules/resource/tests/latest/recordings/test_provider_registration_mg.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ interactions:
accept-language:
- en-US
method: POST
uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/testmg/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2020-10-01
uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/testmg/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2021-04-01
response:
body:
string: ''
Expand Down
Loading