Skip to content

Update 4/25 #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
BigCat20196 merged 31 commits into from
Apr 25, 2021
Merged

Update 4/25 #9

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
959b19f
Remove APIs that are not available in Python 3.6 (#17716)
shenglol Apr 16, 2021
d1dfa89
[KeyVault] Hotfix: GA for managed-HSM ralated commands and parameters…
houk-ms Apr 19, 2021
c6c67ac
removing validation from onprem command (#17749)
fengzhou-msft Apr 19, 2021
135b525
{Core} Hotfix: Fix inifite extension install loop (#17698)
fengzhou-msft Apr 19, 2021
0294cb8
Hot fix for version 2.22.1 (#17752)
zhoxing-ms Apr 19, 2021
03bfa70
[Compute] Zone-redundant storage (ZRS) managed disks (#17754)
qwordy Apr 19, 2021
485fd9d
[AKS] Support updating Windows password (#17684)
AbelHu Apr 19, 2021
e207d54
[BACKUP] az backup vault create: Add tags as an optional argument (#1…
akshayneema Apr 20, 2021
0fa7095
Merge branch 'dev' into release_2.22.1
zhoxing-ms Apr 20, 2021
823b9c6
[Style] Define theme for Cloud Shell (#17283)
jiasli Apr 20, 2021
52096b5
{Network} Network support extendedLocation (#17623)
msyyc Apr 20, 2021
07e8013
Merge branch 'release_2.22.1' into dev
zhoxing-ms Apr 20, 2021
821ccb0
{DNS} Migrate to track 2 (#17787)
jsntcy Apr 21, 2021
b2e26af
{Network} Software Load Balance 100% depth (#17729)
kairu-ms Apr 21, 2021
89f9f2f
storage bump version (#17782)
evelyn-ys Apr 21, 2021
1f5f3e1
{SQL} Fixing failing test for log replay (#17672)
milanbrkic-ms Apr 21, 2021
84b1aef
{Network} application gateway 100% support (#17753)
kairu-ms Apr 21, 2021
0216604
{Core} `az login`: support `--scope` (#17778)
yonzhan Apr 21, 2021
dc32281
{batchai} Refine test with storage account APIs (#17799)
Juliehzl Apr 22, 2021
842de15
{KeyVault} Bump keyvault mgmt sdk version to 2021-04-01-preview (#17679)
houk-ms Apr 22, 2021
0ee45c4
[Role] `az role assignment create/update`: auto complete `assignee_pr…
evelyn-ys Apr 22, 2021
f65800a
[sqlvm] Make SqlServerLicenseType as optional #17766
vasivara-MSFT Apr 22, 2021
f3602f5
{KeyVault} Replace `_token_retriever` with `get_raw_token` (#17812)
jiasli Apr 22, 2021
6728379
{Logging} Redact headers from SDK HTTP log (#17671)
jiasli Apr 22, 2021
2ff95ab
fix 404 in LRO (#15884)
fengzhou-msft Apr 22, 2021
8a0cce9
{Doc} Update track 2 migration roadmap (#17730)
jsntcy Apr 22, 2021
902b942
{Core} Fix: In Cloud Shell, cross-tenant authentication fails for use…
jiasli Apr 22, 2021
cb4471d
{Core} Add `__init__.py` to `azure.cli.core.sdk` (#17817)
jiasli Apr 22, 2021
de212eb
[Compute] disk create: Trusted launch; [Compute] disk create: Hiberna…
qwordy Apr 23, 2021
993537f
{Core} Work around long-running delete or purge operation with 404 st…
houk-ms Apr 23, 2021
f82c201
{Network} vpn 100% support (#17664)
kairu-ms Apr 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
[Role] az role assignment create/update: auto complete `assignee_pr… 
…incipal_type` (Azure#17669)

* auto complete for assignee_principle_type
  • Loading branch information
@evelyn-ys
evelyn-ys authored Apr 22, 2021
commit 0ee45c4254a9d08397e04f7456f42977bfcb33fe
487 changes: 274 additions & 213 deletions ...azure/cli/command_modules/acs/tests/latest/recordings/test_aks_create_fqdn_subdomain.yaml
View file
Open in desktop

Large diffs are not rendered by default.

53 changes: 49 additions & 4 deletions src/azure-cli/azure/cli/command_modules/role/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,10 +154,12 @@ def create_role_assignment(cmd, role, assignee=None, assignee_object_id=None, re
if condition_version and not condition:
raise CLIError('usage error: When --condition-version is set, --condition must be set as well.')

object_id, principal_type = _resolve_assignee_object(cmd.cli_ctx, assignee, assignee_object_id,
assignee_principal_type)

try:
return _create_role_assignment(cmd.cli_ctx, role, assignee or assignee_object_id, resource_group_name, scope,
resolve_assignee=(not assignee_object_id),
assignee_principal_type=assignee_principal_type, description=description,
return _create_role_assignment(cmd.cli_ctx, role, object_id, resource_group_name, scope, resolve_assignee=False,
assignee_principal_type=principal_type, description=description,
condition=condition, condition_version=condition_version)
except Exception as ex: # pylint: disable=broad-except
if _error_caused_by_role_assignment_exists(ex): # for idempotent
Expand Down Expand Up @@ -281,6 +283,9 @@ def update_role_assignment(cmd, role_assignment):
original_assignment.condition_version.startswith('2.') and assignment.condition_version.startswith('1.')):
raise CLIError("Condition version cannot be downgraded to '1.X'.")

if not assignment.principal_type:
assignment.principal_type = original_assignment.principal_type

return assignments_client.create(scope, name, parameters=assignment)


Expand Down Expand Up @@ -1479,7 +1484,8 @@ def create_service_principal_for_rbac(
logger.warning("Creating '%s' role assignment under scope '%s'", role, scope)
for retry_time in range(0, _RETRY_TIMES):
try:
_create_role_assignment(cmd.cli_ctx, role, sp_oid, None, scope, resolve_assignee=False)
_create_role_assignment(cmd.cli_ctx, role, sp_oid, None, scope, resolve_assignee=False,
assignee_principal_type='ServicePrincipal')
break
except Exception as ex:
if retry_time < _RETRY_TIMES and ' does not exist in the directory ' in str(ex):
Expand Down Expand Up @@ -1780,6 +1786,45 @@ def _encode_custom_key_description(key_description):
return key_description.encode('utf-16')


def _resolve_assignee_object(cli_ctx, assignee, assignee_object_id, assignee_principal_type):
client = _graph_client_factory(cli_ctx)
result = None

# resolve assignee (same as _resolve_object_id)
if assignee:
if assignee.find('@') >= 0: # looks like a user principal name
result = list(client.users.list(filter="userPrincipalName eq '{}'".format(assignee)))
if not result:
result = list(client.service_principals.list(
filter="servicePrincipalNames/any(c:c eq '{}')".format(assignee)))
if not result and is_guid(assignee): # assume an object id, let us verify it
result = _get_object_stubs(client, [assignee])

# 2+ matches should never happen, so we only check 'no match' here
if not result:
raise CLIError("Cannot find user or service principal in graph database for '{assignee}'. "
"If the assignee is an appId, make sure the corresponding service principal is created "
"with 'az ad sp create --id {assignee}'.".format(assignee=assignee))

return result[0].object_id, result[0].object_type

# try to resolve assignee object id
try:
result = _get_object_stubs(client, [assignee_object_id])
if result:
return result[0].object_id, result[0].object_type
except CloudError:
pass

# If failed to verify assignee object id, DO NOT raise exception
# since --assignee-object-id is exposed to bypass Graph API
if not assignee_principal_type:
logger.warning('Failed to query --assignee-principal-type for %s by invoking Graph API.\n'
'RBAC server might reject creating role assignment without --assignee-principal-type '
'in the future. Better to specify --assignee-principal-type manually.', assignee_object_id)
return assignee_object_id, assignee_principal_type


def _resolve_object_id(cli_ctx, assignee, fallback_to_object_id=False):
client = _graph_client_factory(cli_ctx)
result = None
Expand Down
Loading