[Role] Migrate azure-mgmt-authorization SDK to Track 2 and bump API version to 2022-04-01
#25452
Conversation
ghost
requested a review
from 
ghost
added
the
| definitions_client = _auth_client_factory(cmd.cli_ctx, scope).role_definitions | ||
| scope = _build_role_scope(resource_group_name, scope, | ||
| definitions_client.config.subscription_id) | ||
| definitions_client._config.subscription_id) |
There was a problem hiding this comment.
For breaking change 1-1, Track 2 now makes config a protected attribute as _config. I can't find a better way to extract subscription ID from the SDK client.
This pattern has already been used by resource command module:
azure-cli/src/azure-cli/azure/cli/command_modules/resource/custom.py
Lines 3551 to 3552 in 1b62d20
Another option is to let get_mgmt_service_client return the subscription ID during client creation:
but this is such a big breaking change that it will affect almost all command modules and extension which use get_mgmt_service_client to create a client.
There was a problem hiding this comment.
This change was mentioned in doc: https://github.com/Azure/azure-cli/blob/dev/doc/track_2_migration_guidance.md#obtaining-subscription
However, the doc is not accurate as the subscription used to create the client (possibly via --subscription) may not be the same as the current subscription. Assuming the subscription used to create the client being the same as the current subscription can introduce bugs very difficult to track down.
jiasli
changed the title
azure-mgmt-authorization SDK to Track 2 and bump API Version to 2022-04-01 azure-mgmt-authorization SDK to Track 2 and bump API Version to 2022-04-01
|
Migrate azure-mgmt-authorization SDK to Track 2 |
|
Affected modules: vm aro iot acs resource |
|
I accidentally discovered a problem with In "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleAssignments": {
"get": {
"tags": [
"RoleAssignments"
],
"operationId": "RoleAssignments_List", "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleAssignments": {
"get": {
"tags": [
"RoleAssignments"
],
"operationId": "RoleAssignments_ListForSubscription",so this line will fail: However, the azure-cli/src/azure-cli/azure/cli/command_modules/ams/operations/sp.py Lines 245 to 258 in 8058c09
See the doc for |
| auth_client = _authorization_management_client(cmd.cli_ctx) | ||
| if version == '2015-07-01': | ||
| return auth_client.provider_operations_metadata.get(resource_provider_namespace, version) | ||
| return auth_client.provider_operations_metadata.get(resource_provider_namespace, api_version=version) |
There was a problem hiding this comment.
This is to handle breaking change 3-1.
|
I discovered a problem with azure-cli/src/azure-cli/azure/cli/command_modules/iot/custom.py Lines 588 to 590 in 9ef066f
|
| parameters=parameters) | ||
| break | ||
| except CloudError as ex: | ||
| except HttpResponseError as ex: |
There was a problem hiding this comment.
This is to handle breaking change 1-3.
| ) | ||
| properties = RoleAssignmentProperties(role_definition_id=role_id, principal_id=object_id) | ||
| return assignments_client.create(scope, assignment_name, properties, custom_headers=custom_headers) | ||
| return assignments_client.create(scope, assignment_name, properties, headers=custom_headers) |
There was a problem hiding this comment.
This is to handle breaking change 1-2.
| # In 2022-04-01 API, principal_type is by default 'User', so we have to explicitly set it to None if we can't | ||
| # resolve principal type from Graph | ||
| # https://github.com/Azure/azure-rest-api-specs/issues/21664 | ||
| parameters = RoleAssignmentCreateParameters( | ||
| role_definition_id=role_id, principal_id=object_id, principal_type=assignee_principal_type, | ||
| description=description, condition=condition, condition_version=condition_version) |
There was a problem hiding this comment.
This is to handle breaking change 2-2.
jiasli
changed the title
azure-mgmt-authorization SDK to Track 2 and bump API Version to 2022-04-01azure-mgmt-authorization SDK to Track 2 and bump API version to 2022-04-01
| ResourceType.MGMT_AUTHORIZATION: SDKProfile('2022-04-01', { | ||
| 'classic_administrators': '2015-06-01', | ||
| 'role_definitions': '2018-01-01-preview', | ||
| 'role_definitions': '2022-04-01', |
There was a problem hiding this comment.
| 'role_definitions': '2022-04-01', |
We can simply remove this line if role_definitions uses the same API version with default one~
There was a problem hiding this comment.
role_definitions frequently diverges from role_assignments:
so it is merely a placeholder.
There was a problem hiding this comment.
role_definitions will again diverge from role_assignments: #26577
jiasli
dismissed stale reviews from evelyn-ys, calvinhzy, wangzelin007, and zhoxing-ms
via
35a3147
… version to 2022-04-01 (Azure#25452)
8 participants
Related command
az roleDescription
Close #23372
Migrate
azure-mgmt-authorizationSDK to Track 2 and bump API Version to2022-04-01:role_assignments:2020-04-01-preview->2022-04-01role_definitions:2018-01-01-preview->2022-04-01Breaking changes in
azure-mgmt-authorizationSDKFor SDK version
0.61.0(Track 1) ->3.0.0(Track 2):definitions_client.configandassignments_client.configare changed todefinitions_client._configandassignments_client._config.custom_headersare changed toheaders.msrestazure.azure_exceptions.CloudErrortoazure.core.exceptions.HttpResponseErrorFor API version
2020-04-01-preview->2022-04-01:RoleAssignmentsOperationschangeslistmethod tolist_for_subscription.RoleAssignmentCreateParameters.principal_type's default value is changed fromNonetoUser([Role]RoleAssignmentProperties.principalTypeshould not have default valueUserazure-rest-api-specs#21664)For API version
2015-07-01:ProviderOperationsMetadataOperations.getchangesapi_versionfrom positional argument to keyword argument.