Skip to content

[Key Vault] Improved custom role definition support in administration #16556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mccoyp merged 11 commits into from
Feb 6, 2021
Merged

[Key Vault] Improved custom role definition support in administration #16556

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
71777d5
Regenerate code, update async client, update msrest req
mccoyp Jan 27, 2021
6de6e97
Add support for description, role_name
mccoyp Feb 1, 2021
2321053
Less kwarg passing, better docstrings
mccoyp Feb 5, 2021
ce2a072
Regenerate without arm flag
mccoyp Feb 5, 2021
cd52df3
Re-record tests to be safe
mccoyp Feb 5, 2021
50dedd4
Update msrest requirement in shared_requirements
mccoyp Feb 5, 2021
0fb8e4d
Explicitly convert UUID to string when passing
mccoyp Feb 5, 2021
99d99cb
Clear HttpChallengeCache between test cases
mccoyp Feb 5, 2021
68e7a61
Thanks, Charles!
mccoyp Feb 5, 2021
aee07b4
Simplify role_*_name fetching
mccoyp Feb 5, 2021
eaef44d
Probably shouldn't forget async
mccoyp Feb 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 16 additions & 7 deletions ...ult/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ def create_role_assignment(self, role_scope, role_definition_id, principal_id, *
:type role_assignment_name: str or uuid.UUID
:rtype: KeyVaultRoleAssignment
"""
role_assignment_name_provided = kwargs.pop("role_assignment_name", None)
role_assignment_name = str(role_assignment_name_provided) if role_assignment_name_provided else str(uuid4())

create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters(
properties=self._client.role_assignments.models.RoleAssignmentProperties(
principal_id=principal_id, role_definition_id=str(role_definition_id)
Expand All @@ -52,7 +55,7 @@ def create_role_assignment(self, role_scope, role_definition_id, principal_id, *
assignment = self._client.role_assignments.create(
vault_base_url=self._vault_url,
scope=role_scope,
role_assignment_name=kwargs.pop("role_assignment_name", None) or uuid4(),
role_assignment_name=role_assignment_name,
parameters=create_parameters,
**kwargs
)
Expand All @@ -66,7 +69,7 @@ def delete_role_assignment(self, role_scope, role_assignment_name, **kwargs):
:param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/<specific key identifier>"
:class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string.
:type role_scope: str or KeyVaultRoleScope
:param role_assignment_name: the assignment's name. Must be a UUID.
:param role_assignment_name: the assignment's name.
:type role_assignment_name: str or uuid.UUID
:returns: the deleted assignment
:rtype: KeyVaultRoleAssignment
Expand Down Expand Up @@ -121,14 +124,18 @@ def set_role_definition(self, role_scope, permissions, **kwargs):
:param permissions: the role definition's permissions. An empty list results in a role definition with no action
permissions.
:type permissions: Iterable[KeyVaultPermission]
:keyword str role_name: the role's name. If unspecified when creating or updating a role definition, the role
name will be set to an empty string.
:keyword role_definition_name: the role definition's name. Must be a UUID.
:type role_definition_name: str or uuid.UUID
:keyword assignable_scopes: the role definition's assignable scopes.
:type assignable_scopes: list[str]
:keyword str description: a description of the role definition. If unspecified when creating or updating a role
definition, the description will be set to an empty string.
:returns: The created or updated role definition
:rtype: KeyVaultRoleDefinition
"""
role_definition_name = kwargs.pop("role_definition_name", None) or uuid4()
role_definition_name_provided = kwargs.pop("role_definition_name", None)
role_definition_name = str(role_definition_name_provided) if role_definition_name_provided else str(uuid4())

permissions = [
self._client.role_definitions.models.Permission(
actions=p.allowed_actions,
Expand All @@ -140,7 +147,9 @@ def set_role_definition(self, role_scope, permissions, **kwargs):
]

properties = self._client.role_definitions.models.RoleDefinitionProperties(
role_name=role_definition_name, permissions=permissions, **kwargs
role_name=kwargs.pop("role_name", None),
description=kwargs.pop("description", None),
permissions=permissions
)
parameters = self._client.role_definitions.models.RoleDefinitionCreateParameters(properties=properties)

Expand Down Expand Up @@ -178,7 +187,7 @@ def delete_role_definition(self, role_scope, role_definition_name, **kwargs):
:param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes.
Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value.
:type role_scope: str or KeyVaultRoleScope
:param role_definition_name: the role definition's name. Must be a UUID.
:param role_definition_name: the role definition's name.
:type role_definition_name: str or uuid.UUID
:returns: the deleted role definition
:rtype: KeyVaultRoleDefinition
Expand Down
4 changes: 2 additions & 2 deletions ...lt-administration/azure/keyvault/administration/_generated/aio/_key_vault_client_async.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ def role_assignments(self):
"""
api_version = self._get_api_version('role_assignments')
if api_version == '7.2-preview':
from ..v7_2_preview.aio.operations_async import RoleAssignmentsOperations as OperationClass
from ..v7_2_preview.aio.operations import RoleAssignmentsOperations as OperationClass
else:
raise NotImplementedError("APIVersion {} is not available".format(api_version))
return OperationClass(self._client, self._config, Serializer(self._models_dict(api_version)), Deserializer(self._models_dict(api_version)))
Expand All @@ -102,7 +102,7 @@ def role_definitions(self):
"""
api_version = self._get_api_version('role_definitions')
if api_version == '7.2-preview':
from ..v7_2_preview.aio.operations_async import RoleDefinitionsOperations as OperationClass
from ..v7_2_preview.aio.operations import RoleDefinitionsOperations as OperationClass
else:
raise NotImplementedError("APIVersion {} is not available".format(api_version))
return OperationClass(self._client, self._config, Serializer(self._models_dict(api_version)), Deserializer(self._models_dict(api_version)))
Expand Down
10 changes: 5 additions & 5 deletions ...lt-administration/azure/keyvault/administration/_generated/aio/_operations_mixin_async.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ async def begin_full_backup(
"""
api_version = self._get_api_version('begin_full_backup')
if api_version == '7.2-preview':
from ..v7_2_preview.aio.operations_async import KeyVaultClientOperationsMixin as OperationClass
from ..v7_2_preview.aio.operations import KeyVaultClientOperationsMixin as OperationClass
else:
raise NotImplementedError("APIVersion {} is not available".format(api_version))
mixin_instance = OperationClass()
Expand Down Expand Up @@ -83,7 +83,7 @@ async def begin_full_restore_operation(
"""
api_version = self._get_api_version('begin_full_restore_operation')
if api_version == '7.2-preview':
from ..v7_2_preview.aio.operations_async import KeyVaultClientOperationsMixin as OperationClass
from ..v7_2_preview.aio.operations import KeyVaultClientOperationsMixin as OperationClass
else:
raise NotImplementedError("APIVersion {} is not available".format(api_version))
mixin_instance = OperationClass()
Expand Down Expand Up @@ -122,7 +122,7 @@ async def begin_selective_key_restore_operation(
"""
api_version = self._get_api_version('begin_selective_key_restore_operation')
if api_version == '7.2-preview':
from ..v7_2_preview.aio.operations_async import KeyVaultClientOperationsMixin as OperationClass
from ..v7_2_preview.aio.operations import KeyVaultClientOperationsMixin as OperationClass
else:
raise NotImplementedError("APIVersion {} is not available".format(api_version))
mixin_instance = OperationClass()
Expand Down Expand Up @@ -151,7 +151,7 @@ async def full_backup_status(
"""
api_version = self._get_api_version('full_backup_status')
if api_version == '7.2-preview':
from ..v7_2_preview.aio.operations_async import KeyVaultClientOperationsMixin as OperationClass
from ..v7_2_preview.aio.operations import KeyVaultClientOperationsMixin as OperationClass
else:
raise NotImplementedError("APIVersion {} is not available".format(api_version))
mixin_instance = OperationClass()
Expand Down Expand Up @@ -180,7 +180,7 @@ async def restore_status(
"""
api_version = self._get_api_version('restore_status')
if api_version == '7.2-preview':
from ..v7_2_preview.aio.operations_async import KeyVaultClientOperationsMixin as OperationClass
from ..v7_2_preview.aio.operations import KeyVaultClientOperationsMixin as OperationClass
else:
raise NotImplementedError("APIVersion {} is not available".format(api_version))
mixin_instance = OperationClass()
Expand Down
2 changes: 1 addition & 1 deletion ...administration/azure/keyvault/administration/_generated/v7_2_preview/_key_vault_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@
from typing import Any

from ._configuration import KeyVaultClientConfiguration
from .operations import KeyVaultClientOperationsMixin
from .operations import RoleDefinitionsOperations
from .operations import RoleAssignmentsOperations
from .operations import KeyVaultClientOperationsMixin
from . import models


Expand Down
Loading