Skip to content

[Key Vault] Improved custom role definition support in administration #16556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mccoyp merged 11 commits into from
Feb 6, 2021
Merged

[Key Vault] Improved custom role definition support in administration #16556

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
71777d5
Regenerate code, update async client, update msrest req
mccoyp Jan 27, 2021
6de6e97
Add support for description, role_name
mccoyp Feb 1, 2021
2321053
Less kwarg passing, better docstrings
mccoyp Feb 5, 2021
ce2a072
Regenerate without arm flag
mccoyp Feb 5, 2021
cd52df3
Re-record tests to be safe
mccoyp Feb 5, 2021
50dedd4
Update msrest requirement in shared_requirements
mccoyp Feb 5, 2021
0fb8e4d
Explicitly convert UUID to string when passing
mccoyp Feb 5, 2021
99d99cb
Clear HttpChallengeCache between test cases
mccoyp Feb 5, 2021
68e7a61
Thanks, Charles!
mccoyp Feb 5, 2021
aee07b4
Simplify role_*_name fetching
mccoyp Feb 5, 2021
eaef44d
Probably shouldn't forget async
mccoyp Feb 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions ...ult/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ def create_role_assignment(self, role_scope, role_definition_id, principal_id, *
:type role_assignment_name: str or uuid.UUID
:rtype: KeyVaultRoleAssignment
"""
role_assignment_name_provided = kwargs.pop("role_assignment_name", None)
role_assignment_name = str(role_assignment_name_provided) if role_assignment_name_provided else str(uuid4())

create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters(
properties=self._client.role_assignments.models.RoleAssignmentProperties(
principal_id=principal_id, role_definition_id=str(role_definition_id)
Expand All @@ -52,7 +55,7 @@ def create_role_assignment(self, role_scope, role_definition_id, principal_id, *
assignment = self._client.role_assignments.create(
vault_base_url=self._vault_url,
scope=role_scope,
role_assignment_name=kwargs.pop("role_assignment_name", None) or str(uuid4()),
role_assignment_name=role_assignment_name,
parameters=create_parameters,
**kwargs
)
Expand Down Expand Up @@ -130,6 +133,9 @@ def set_role_definition(self, role_scope, permissions, **kwargs):
:returns: The created or updated role definition
:rtype: KeyVaultRoleDefinition
"""
role_definition_name_provided = kwargs.pop("role_definition_name", None)
role_definition_name = str(role_definition_name_provided) if role_definition_name_provided else str(uuid4())

permissions = [
self._client.role_definitions.models.Permission(
actions=p.allowed_actions,
Expand All @@ -150,7 +156,7 @@ def set_role_definition(self, role_scope, permissions, **kwargs):
definition = self._client.role_definitions.create_or_update(
vault_base_url=self._vault_url,
scope=role_scope,
role_definition_name=kwargs.pop("role_definition_name", None) or str(uuid4()),
role_definition_name=role_definition_name,
parameters=parameters,
**kwargs
)
Expand Down
10 changes: 8 additions & 2 deletions ...azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ async def create_role_assignment(
:type role_assignment_name: str or uuid.UUID
:rtype: KeyVaultRoleAssignment
"""
role_assignment_name_provided = kwargs.pop("role_assignment_name", None)
role_assignment_name = str(role_assignment_name_provided) if role_assignment_name_provided else str(uuid4())

create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters(
properties=self._client.role_assignments.models.RoleAssignmentProperties(
principal_id=principal_id, role_definition_id=str(role_definition_id)
Expand All @@ -54,7 +57,7 @@ async def create_role_assignment(
assignment = await self._client.role_assignments.create(
vault_base_url=self._vault_url,
scope=role_scope,
role_assignment_name=kwargs.pop("role_assignment_name", None) or str(uuid4()),
role_assignment_name=role_assignment_name,
parameters=create_parameters,
**kwargs
)
Expand Down Expand Up @@ -136,6 +139,9 @@ async def set_role_definition(
:returns: The created or updated role definition
:rtype: KeyVaultRoleDefinition
"""
role_definition_name_provided = kwargs.pop("role_definition_name", None)
role_definition_name = str(role_definition_name_provided) if role_definition_name_provided else str(uuid4())

permissions = [
self._client.role_definitions.models.Permission(
actions=p.allowed_actions,
Expand All @@ -156,7 +162,7 @@ async def set_role_definition(
definition = await self._client.role_definitions.create_or_update(
vault_base_url=self._vault_url,
scope=role_scope,
role_definition_name=kwargs.pop("role_definition_name", None) or str(uuid4()),
role_definition_name=role_definition_name,
parameters=parameters,
**kwargs
)
Expand Down