Add Dataactions support for Roledefinition calls#5646
Add Dataactions support for Roledefinition calls#5646maddieclayton merged 16 commits intoAzure:previewfrom
Conversation
darshanhs90
changed the title
darshanhs90
changed the title
|
@maddieclayton should this PR be assigned to you? |
| ResourcesController.NewInstance.RunPsTest("Test-RDDataActionsNegativeTestCases"); | ||
| } | ||
|
|
||
| [Fact] |
| $badIdException = "RoleDefinitionDoesNotExist: The specified role definition with ID '" + $Rd.Id + "' does not exist." | ||
| Assert-Throws { Remove-AzureRmRoleDefinition -Id $Rd.Id -Scope $scope -Force -PassThru} $badIdException | ||
|
|
||
| return |
There was a problem hiding this comment.
Why did you add this line?
|
|
||
| 1) NotActions: the set of operations that must be excluded from the Actions to determine the effective actions for the custom role. | ||
| If there is a specific operation that you do not wish to grant access to in a custom role, it is convenient to use NotActions to exclude it, rather than specifying all operations other than that specific operation in Actions. | ||
| 2) DataActions: the set of data operations to which the custom role grants access. |
There was a problem hiding this comment.
Please add this to the example below.
| Provide the updated role definition as an input to the command as a JSON file or a PSRoleDefinition object. | ||
| The role definition for the updated custom role MUST contain the Id and all other required properties of the role even if they are not updated: DisplayName, Description, Actions, AssignableScopes. | ||
| NotActions is optional. | ||
| NotActions, DataActions, NotDataActions are optional. |
| } | ||
|
|
||
| if (roleDefinition.Actions == null || !roleDefinition.Actions.Any()) | ||
| if ((roleDefinition.Actions == null || !roleDefinition.Actions.Any()) && (roleDefinition.DataActions == null || !roleDefinition.DataActions.Any())) |
There was a problem hiding this comment.
Will this cause any scripts to fail?
There was a problem hiding this comment.
No.
earlier the condition was if they had no value actions,it used to error out.
but now the condition is that if they dont have any value for actions and also no value for datactions,it will error out
maddieclayton
left a comment
maddieclayton
left a comment
There was a problem hiding this comment.
A few small comments
| } | ||
|
|
||
| [Fact(Skip = "Unskip after service side change")] | ||
| [Fact(Skip = "Unskip after service side change")] |
There was a problem hiding this comment.
Can you unskip this test now, or is this still waiting on other changes?
There was a problem hiding this comment.
it is still waiting for the changes
| \[ | ||
| "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" | ||
| \], | ||
| "AssignableScopes": \["/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f"\] |
There was a problem hiding this comment.
Change this to xxxx format - this looks like a real subscription.
| \[ | ||
| "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" | ||
| \], | ||
| "AssignableScopes": \["/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f"\] |
There was a problem hiding this comment.
Change this to xxxx format as well.
|
@darshanhs90 Once you fix the merge conflict that has come up, and fixed the text issue, I will merge this PR. |
4 participants
Currently waiting for the following pr to get completed
Azure/azure-sdk-for-net#4079
Description
Checklist
CONTRIBUTING.mdplatyPSmodule