Skip to content

[Key Vault Admin] Convenience layer - KeyVaultAccessControlClient #10815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sadasant merged 37 commits into from
Sep 4, 2020
Merged

[Key Vault Admin] Convenience layer - KeyVaultAccessControlClient #10815

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
7c3cfc5
constructor and some of the surrounding things
sadasant Aug 24, 2020
28b4eb6
createRoleAssignment
sadasant Aug 24, 2020
eb9cbe0
createRoleAssignment documentation
sadasant Aug 24, 2020
a5524f5
deleteRoleAssignment
sadasant Aug 24, 2020
167935d
getRoleAssignment
sadasant Aug 24, 2020
44e9eb3
listRoleAssignments
sadasant Aug 24, 2020
3790bd1
listRoleDefinitions
sadasant Aug 24, 2020
2188a87
api-extractor
sadasant Aug 24, 2020
60f4bd3
formatting
sadasant Aug 24, 2020
ac414c9
deleted the filter option on the list operations
sadasant Aug 24, 2020
9e5505a
fixing the build
sadasant Aug 24, 2020
57fd102
lint fixes
sadasant Aug 24, 2020
0ce383e
forgot to api extract the last commit
sadasant Aug 24, 2020
7f179ef
bad reference to a parameter
sadasant Aug 25, 2020
8919a93
Resolves https://github.com/Azure/azure-sdk-for-js/pull/10815#discuss…
sadasant Aug 25, 2020
ee1d71e
Addressing: https://github.com/Azure/azure-sdk-for-js/pull/10815#disc…
sadasant Aug 25, 2020
b7d3bf5
Feedback fixes
sadasant Aug 25, 2020
26e9583
role to roleScope, and RoleDefinitionPermission to KeyVaultPermission
sadasant Aug 26, 2020
a10a592
KeyVaultAccessControlClient documentation and removing lint from the …
sadasant Aug 26, 2020
09148fd
cleaned up bad reference to KeyClient
sadasant Aug 26, 2020
1b0f642
Addressing https://github.com/Azure/azure-sdk-for-js/pull/10815#discu…
sadasant Aug 27, 2020
4513d72
Merge remote-tracking branch 'Azure/master' into keyvault-admin/10799…
sadasant Aug 27, 2020
6ab4ae1
fixed bad references
sadasant Aug 27, 2020
7c845ca
Update sdk/keyvault/keyvault-admin/src/accessControlClient.ts
sadasant Sep 1, 2020
9030441
Apply suggestions from code review
sadasant Sep 2, 2020
18d7911
Fixes after updating from remote
sadasant Sep 2, 2020
74b7bfc
Addressing https://github.com/Azure/azure-sdk-for-js/pull/10815/files…
sadasant Sep 2, 2020
ca12be4
tsdoc cleanup
sadasant Sep 2, 2020
e306ff4
linting
sadasant Sep 2, 2020
d61f0b6
Merge remote-tracking branch 'Azure/master' into keyvault-admin/10799…
sadasant Sep 2, 2020
64a5d1d
fixes after updating the generated files
sadasant Sep 2, 2020
1386365
enforcing most of the properties, after discussing with .Net
sadasant Sep 2, 2020
590a835
Addressing https://github.com/Azure/azure-sdk-for-js/pull/10815#discu…
sadasant Sep 2, 2020
23431cc
no more operationOptionsToRequestOptionsBase
sadasant Sep 4, 2020
66bcdd4
Key Vault
sadasant Sep 4, 2020
8484177
Merge remote-tracking branch 'Azure/master' into keyvault-admin/10799…
sadasant Sep 4, 2020
24380a7
only 7.2-preview service version
sadasant Sep 4, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
role to roleScope, and RoleDefinitionPermission to KeyVaultPermission
  • Loading branch information
@sadasant
sadasant committed Aug 26, 2020
commit 26e95837b87e1b804e309fe45421ee01ead5d165
28 changes: 14 additions & 14 deletions sdk/keyvault/keyvault-admin/review/keyvault-admin.api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,22 @@ export interface GetRoleAssignmentOptions extends coreHttp.OperationOptions {
// @public (undocumented)
export class KeyVaultAccessControlClient {
constructor(vaultUrl: string, credential: TokenCredential, pipelineOptions?: AccessControlClientOptions);
createRoleAssignment(scope: RoleAssignmentScope, name: string, roleDefinitionId: string, principalId: string, options?: CreateRoleAssignmentOptions): Promise<KeyVaultRoleAssignment>;
deleteRoleAssignment(scope: RoleAssignmentScope, name: string, options?: DeleteRoleAssignmentOptions): Promise<KeyVaultRoleAssignment>;
getRoleAssignment(scope: RoleAssignmentScope, name: string, options?: GetRoleAssignmentOptions): Promise<KeyVaultRoleAssignment>;
listRoleAssignments(scope: RoleAssignmentScope, options?: ListRoleAssignmentsOptions): PagedAsyncIterableIterator<KeyVaultRoleAssignment>;
listRoleDefinitions(scope: RoleAssignmentScope, options?: ListRoleDefinitionsOptions): PagedAsyncIterableIterator<KeyVaultRoleDefinition>;
createRoleAssignment(roleScope: RoleAssignmentScope, name: string, roleDefinitionId: string, principalId: string, options?: CreateRoleAssignmentOptions): Promise<KeyVaultRoleAssignment>;
Copy link

@iscai-msft iscai-msft Sep 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in python we have it as role_assignment_name

Copy link

@iscai-msft iscai-msft Sep 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same for every name parameter for role assignments

Copy link
Contributor Author

@sadasant sadasant Sep 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.Net is using name. I don't mind, but I'd rather reach to an agreement with @heaths , @christothes

deleteRoleAssignment(roleScope: RoleAssignmentScope, name: string, options?: DeleteRoleAssignmentOptions): Promise<KeyVaultRoleAssignment>;
getRoleAssignment(roleScope: RoleAssignmentScope, name: string, options?: GetRoleAssignmentOptions): Promise<KeyVaultRoleAssignment>;
listRoleAssignments(roleScope: RoleAssignmentScope, options?: ListRoleAssignmentsOptions): PagedAsyncIterableIterator<KeyVaultRoleAssignment>;
listRoleDefinitions(roleScope: RoleAssignmentScope, options?: ListRoleDefinitionsOptions): PagedAsyncIterableIterator<KeyVaultRoleDefinition>;
readonly vaultUrl: string;
}

// @public
export interface KeyVaultPermission {
actions?: string[];
dataActions?: string[];
notActions?: string[];
notDataActions?: string[];
}

// @public
export interface KeyVaultRoleAssignment {
Copy link
Member

@heaths heaths Aug 26, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just RoleAssignment

Copy link
Contributor Author

@sadasant sadasant Aug 26, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before I do this change, let's argue about prefixes here: #10815 (comment)

Copy link
Contributor Author

@sadasant sadasant Sep 2, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@heaths I'm assuming KeyVaultRoleAssignment is favored after that conversation I mentioned ^

Copy link

@iscai-msft iscai-msft Sep 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

python has KeyVaultRoleAssignment

readonly id?: string;
Expand All @@ -50,7 +58,7 @@ export interface KeyVaultRoleDefinition {
description?: string;
readonly id?: string;
readonly name?: string;
permissions?: RoleDefinitionPermission[];
permissions?: KeyVaultPermission[];
roleName?: string;
roleType?: string;
readonly type?: string;
Expand Down Expand Up @@ -81,14 +89,6 @@ export interface RoleAssignmentPropertiesWithScope extends RoleAssignmentPropert
// @public
export type RoleAssignmentScope = "/" | "/keys" | string;
Copy link
Member

@xirzec xirzec Sep 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this feels like a weird type, though I'm not sure what would be better

Copy link
Contributor Author

@sadasant sadasant Sep 2, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The string part is because it accepts UUIDs. I wonder if we could have some UUID validator as a type? That would be generally helpful in our clients.


// @public
export interface RoleDefinitionPermission {
actions?: string[];
dataActions?: string[];
notActions?: string[];
notDataActions?: string[];
}

// @public
export const SDK_VERSION: string;

Expand Down
70 changes: 35 additions & 35 deletions sdk/keyvault/keyvault-admin/src/accessControlClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,14 +123,14 @@ export class KeyVaultAccessControlClient {
* const result = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517", roleDefinition, principalId);
* ```
* @summary Creates a new role assignment.
* @param {RoleAssignmentScope} scope The scope of the role assignment.
* @param {RoleAssignmentScope} roleScope The scope of the role assignment.
* @param {string} name The name of the role assignment. Must be a UUID.
* @param {string} roleDefinitionId The role definition ID used in the role assignment.
* @param {string} principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.
* @param {CreateRoleAssignmentOptions} [options] The optional parameters.
*/
public async createRoleAssignment(
scope: RoleAssignmentScope,
roleScope: RoleAssignmentScope,
name: string,
roleDefinitionId: string,
principalId: string,
Expand All @@ -139,17 +139,17 @@ export class KeyVaultAccessControlClient {
const requestOptions = operationOptionsToRequestOptionsBase(options || {});
const span = createSpan("createRoleAssignment", requestOptions);

if (!(scope && name && roleDefinitionId && principalId)) {
if (!(roleScope && name && roleDefinitionId && principalId)) {
throw new Error(
"createRoleAssignment requires non-empty strings for the parameters: scope, name, roleDefinitionId and principalId."
"createRoleAssignment requires non-empty strings for the parameters: roleScope, name, roleDefinitionId and principalId."
);
}

let response: RoleAssignmentsCreateResponse;
try {
response = await this.client.roleAssignments.create(
this.vaultUrl,
scope,
roleScope,
name,
{
properties: {
Expand All @@ -173,16 +173,16 @@ export class KeyVaultAccessControlClient {
* ```ts
* const client = new KeyVaultAccessControlClient(url, credentials);
* const roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517");
* const deletedRoleAssignment = const await client.deleteRoleAssignment(roleAssignment.properties.scope, roleAssignment.name);
* const deletedRoleAssignment = const await client.deleteRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);
* console.log(deletedRoleAssignment);
* ```
* @summary Deletes an existing role assignment.
* @param {string} scope The scope of the role assignment.
* @param {string} roleScope The scope of the role assignment.
* @param {string} name The name of the role assignment.
* @param {DeleteRoleAssignmentOptions} [options] The optional parameters.
*/
public async deleteRoleAssignment(
scope: RoleAssignmentScope,
roleScope: RoleAssignmentScope,
name: string,
options?: DeleteRoleAssignmentOptions
): Promise<KeyVaultRoleAssignment> {
Expand All @@ -193,7 +193,7 @@ export class KeyVaultAccessControlClient {
try {
response = await this.client.roleAssignments.delete(
this.vaultUrl,
scope,
roleScope,
name,
setParentSpan(span, requestOptions)
);
Expand All @@ -211,16 +211,16 @@ export class KeyVaultAccessControlClient {
* ```ts
* const client = new KeyVaultAccessControlClient(url, credentials);
* let roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517");
* roleAssignment = const await client.getRoleAssignment(roleAssignment.properties.scope, roleAssignment.name);
* roleAssignment = const await client.getRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);
* console.log(roleAssignment);
* ```
* @summary Gets an existing role assignment.
* @param {string} scope The scope of the role assignment.
* @param {string} roleScope The scope of the role assignment.
* @param {string} name The name of the role assignment.
* @param {DeleteRoleAssignmentOptions} [options] The optional parameters.
*/
public async getRoleAssignment(
scope: RoleAssignmentScope,
roleScope: RoleAssignmentScope,
name: string,
options?: GetRoleAssignmentOptions
): Promise<KeyVaultRoleAssignment> {
Expand All @@ -231,7 +231,7 @@ export class KeyVaultAccessControlClient {
try {
response = await this.client.roleAssignments.get(
this.vaultUrl,
scope,
roleScope,
name,
setParentSpan(span, requestOptions)
);
Expand All @@ -246,12 +246,12 @@ export class KeyVaultAccessControlClient {
* @internal
* @ignore
* Deals with the pagination of {@link listRoleAssignments}.
* @param {string} scope The scope of the role assignments.
* @param {string} roleScope The scope of the role assignments.
* @param {PageSettings} continuationState An object that indicates the position of the paginated request.
* @param {ListRoleAssignmentsOptions} [options] Common options for the iterative endpoints.
*/
private async *listRoleAssignmentsPage(
scope: RoleAssignmentScope,
roleScope: RoleAssignmentScope,
continuationState: PageSettings,
options?: ListRoleAssignmentsOptions
): AsyncIterableIterator<KeyVaultRoleAssignment[]> {
Expand All @@ -263,7 +263,7 @@ export class KeyVaultAccessControlClient {
};
const currentSetResponse = await this.client.roleAssignments.listForScope(
this.vaultUrl,
scope,
roleScope,
optionsComplete
);
continuationState.continuationToken = currentSetResponse.nextLink;
Expand All @@ -274,7 +274,7 @@ export class KeyVaultAccessControlClient {
while (continuationState.continuationToken) {
const currentSetResponse = await this.client.roleAssignments.listForScopeNext(
this.vaultUrl,
scope,
roleScope,
continuationState.continuationToken,
options
);
Expand All @@ -291,16 +291,16 @@ export class KeyVaultAccessControlClient {
* @internal
* @ignore
* Deals with the iteration of all the available results of {@link listRoleAssignments}.
* @param {string} scope The scope of the role assignments.
* @param {string} roleScope The scope of the role assignments.
* @param {ListRoleAssignmentsOptions} [options] Common options for the iterative endpoints.
*/
private async *listRoleAssignmentsAll(
scope: RoleAssignmentScope,
roleScope: RoleAssignmentScope,
options?: ListRoleAssignmentsOptions
): AsyncIterableIterator<KeyVaultRoleAssignment> {
const f = {};

for await (const page of this.listRoleAssignmentsPage(scope, f, options)) {
for await (const page of this.listRoleAssignmentsPage(roleScope, f, options)) {
for (const item of page) {
yield item;
}
Expand All @@ -318,11 +318,11 @@ export class KeyVaultAccessControlClient {
* }
* ```
* @summary Lists all of the role assignments in a given scope.
* @param {string} scope The scope of the role assignments.
* @param {string} roleScope The scope of the role assignments.
* @param {ListRoleAssignmentsOptions} [options] The optional parameters.
*/
public listRoleAssignments(
scope: RoleAssignmentScope,
roleScope: RoleAssignmentScope,
options: ListRoleAssignmentsOptions = {}
): PagedAsyncIterableIterator<KeyVaultRoleAssignment> {
const requestOptions = operationOptionsToRequestOptionsBase(options);
Expand All @@ -332,7 +332,7 @@ export class KeyVaultAccessControlClient {
...setParentSpan(span, requestOptions)
};

const iter = this.listRoleAssignmentsAll(scope, updatedOptions);
const iter = this.listRoleAssignmentsAll(roleScope, updatedOptions);

span.end();
return {
Expand All @@ -343,20 +343,20 @@ export class KeyVaultAccessControlClient {
return this;
},
byPage: (settings: PageSettings = {}) =>
this.listRoleAssignmentsPage(scope, settings, updatedOptions)
this.listRoleAssignmentsPage(roleScope, settings, updatedOptions)
};
}

/**
* @internal
* @ignore
* Deals with the pagination of {@link listRoleDefinitions}.
* @param {string} scope The scope of the role definition.
* @param {string} roleScope The scope of the role definition.
* @param {PageSettings} continuationState An object that indicates the position of the paginated request.
* @param {ListRoleAssignmentsOptions} [options] Common options for the iterative endpoints.
*/
private async *listRoleDefinitionsPage(
scope: RoleAssignmentScope,
roleScope: RoleAssignmentScope,
continuationState: PageSettings,
options?: ListRoleDefinitionsOptions
): AsyncIterableIterator<KeyVaultRoleDefinition[]> {
Expand All @@ -368,7 +368,7 @@ export class KeyVaultAccessControlClient {
};
const currentSetResponse = await this.client.roleDefinitions.list(
this.vaultUrl,
scope,
roleScope,
optionsComplete
);
continuationState.continuationToken = currentSetResponse.nextLink;
Expand All @@ -379,7 +379,7 @@ export class KeyVaultAccessControlClient {
while (continuationState.continuationToken) {
const currentSetResponse = await this.client.roleDefinitions.listNext(
this.vaultUrl,
scope,
roleScope,
continuationState.continuationToken,
options
);
Expand All @@ -396,16 +396,16 @@ export class KeyVaultAccessControlClient {
* @internal
* @ignore
* Deals with the iteration of all the available results of {@link listRoleDefinitions}.
* @param {string} scope The scope of the role definition.
* @param {string} roleScope The scope of the role definition.
* @param {ListRoleDefinitionsOptions} [options] Common options for the iterative endpoints.
*/
private async *listRoleDefinitionsAll(
scope: RoleAssignmentScope,
roleScope: RoleAssignmentScope,
options?: ListRoleDefinitionsOptions
): AsyncIterableIterator<KeyVaultRoleDefinition> {
const f = {};

for await (const page of this.listRoleDefinitionsPage(scope, f, options)) {
for await (const page of this.listRoleDefinitionsPage(roleScope, f, options)) {
for (const item of page) {
yield item;
}
Expand All @@ -423,11 +423,11 @@ export class KeyVaultAccessControlClient {
* }
* ```
* @summary Lists all of the role definition in a given scope.
* @param {string} scope The scope of the role definition.
* @param {string} roleScope The scope of the role definition.
* @param {ListRoleDefinitionsOptions} [options] The optional parameters.
*/
public listRoleDefinitions(
scope: RoleAssignmentScope,
roleScope: RoleAssignmentScope,
options: ListRoleDefinitionsOptions = {}
): PagedAsyncIterableIterator<KeyVaultRoleDefinition> {
const requestOptions = operationOptionsToRequestOptionsBase(options);
Expand All @@ -437,7 +437,7 @@ export class KeyVaultAccessControlClient {
...setParentSpan(span, requestOptions)
};

const iter = this.listRoleDefinitionsAll(scope, updatedOptions);
const iter = this.listRoleDefinitionsAll(roleScope, updatedOptions);

span.end();
return {
Expand All @@ -448,7 +448,7 @@ export class KeyVaultAccessControlClient {
return this;
},
byPage: (settings: PageSettings = {}) =>
this.listRoleDefinitionsPage(scope, settings, updatedOptions)
this.listRoleDefinitionsPage(roleScope, settings, updatedOptions)
};
}
}
8 changes: 4 additions & 4 deletions sdk/keyvault/keyvault-admin/src/accessControlModels.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,9 @@ export interface KeyVaultRoleAssignment {
}

/**
* Role definition permissions.
* VaA list of Key Vault permissions.
*/
export interface RoleDefinitionPermission {
export interface KeyVaultPermission {
/**
* Allowed actions.
*/
Expand Down Expand Up @@ -87,9 +87,9 @@ export interface KeyVaultRoleDefinition {
*/
roleType?: string;
/**
* Role definition permissions.
* A list of Key Vault permissions.
*/
permissions?: RoleDefinitionPermission[];
permissions?: KeyVaultPermission[];
/**
* Role definition assignable scopes.
*/
Expand Down