Added service principal, role assignment, and tags #14
Conversation
djyou
commented
Sep 27, 2016
djyou
commented
- Added App/SP creation and role assignment.
- Added tags to registry and storage account for cross reference.
- Added support to create resource group if the user does not specify one or the specified one does not exist.
- Updated SDK and ARM deployment templates.
1. Added commands to manage Azure container registries (create/delete/show/list/update). 2. Integrated repository list and show-tags commands. 3. Added mgmt_acr SDK for Python.
1. Added App/SP creation and role assignment. 2. Added tags to registry and storage account for cross reference. 3. Added support to create resource group if the user does not specify one or the specified one does not exist. 4. Updated SDK and ARM deployment templates.
| while newKey in tags: | ||
| newKey = key + '_' + str(index) | ||
| index += 1 | ||
| if index > 99: # Just a number to avoid infinite loops |
There was a problem hiding this comment.
I don't understand this loop. To me, it looks like it can be replaced by:
index = len(tags)
newKey = key + '_' + index
if index > 99:
raise ...
tags[newKey] = valueCan you elaborate on why we have the loop?
There was a problem hiding this comment.
I was adding a tag (key, value) to the storage account when creating a registry, so that when we/user look at the storage account, we/user would know which registry depends on the storage account (and the other way around, we have tags in registries to show the storage account). It is not a dependency but for informational purpose, since the user can add/delete/change any of the tags.
The loop here is to avoid conflict when the same storage account is used to create multiple registries. For example, we may have
{"acr":"myregistry","acr_1":"yourregistry","otherkey":"othervalue"}.
Making the index as the length of tags may not be enough since tags can be added/removed. For example, I may have
{"acr_1":"myregistry"}
and the new tag with key "acr_1" shouldn't be added.
| new_sp=None, | ||
| app_id=None, | ||
| password=None, | ||
| role='Owner'): |
There was a problem hiding this comment.
role='Owner' [](start = 15, length = 12)
lets just change the default to Reader. #Closed
| new_sp=None, | ||
| app_id=None, | ||
| password=None, | ||
| role='Owner'): |
There was a problem hiding this comment.
role='Owner' [](start = 15, length = 12)
Lets validate the roles to a small set at this point. #Closed
| Arguments | ||
| --name -n [Required]: Name of container registry. | ||
| --storage-account-name -s [Required]: Name of new or existing storage account. | ||
| --resource-group -g : Name of resource group. |
There was a problem hiding this comment.
Name of resource group. [](start = 45, length = 24)
this is options and if they don't pass it in then you query?
There was a problem hiding this comment.
Yes, make an ARM call to get resource id and parse it.
| 'reader' | ||
| ] | ||
|
|
||
| DEFAULT_ROLE = 'Reader' |
There was a problem hiding this comment.
DEFAULT_ROLE [](start = 0, length = 12)
why is the default role of a different case from the once allowed.
There was a problem hiding this comment.
They are case insensitive. The array is normalized role names for comparison. DEFAULT_ROLE will be shown to the user and 'Reader' looks nicer than 'reader', I think.
* Add batch data plane commands: -- Add custom commands -- Add auto execution data plane codes -- Import mgmt commands experience * Added file stream support * bug fixes * Fixed regex raw strings * Added support for JSON input * Custom and type validation (#4) * Additional validation and parsing * Some cleanups * Minor code refinements * Fix pylint errors and get rid unused codes. * List and type validation (#5) * list and type validation * Remove auth kwargs * Fixed typo * clean pylint error and add data plane command test. * Bug fixes (#6) * Remove auth kwargs * Bug fixes * Fixed kwargs * Move the update pool command to custom command. * Add custom commands test cases * Tests and delete confirmation (#7) * Added some tests * Bug fixes * Added tests to sln * Delete confirmation * Some pylint cleanup * More tests and fixes (#8) * Fix pylint and test errors. * Following PEP8 complaint. * Use this decroator on doc transfer * Deferred imports for performance (#9) * streamlined imports * pylint fixes * Renamed AzureDataPlaneCommand * PyLint and PEP8 clean up. * Use single parameter for storage account id and name. * Review feedback + help fixes (#10) * node-user -> node user * Review feedback * More feedback fixes * pep fixes * fixed underscore * More touch ups * Review fixes (#11) * Command refinements * More command feedback * Test fixes * More tests * Add enum list for vmsize and thumbprint algorithm. * Streamlined commands (#13) * streamlined commands * Updated tests * Fixed arg loading test * Further command refinements (#14) * support silent args * Fixed pool error message * Further command editing * last fixes * Fixed tests (#15) * Change the coding style.
* Initial support for VM and single zone VMSS (#14) * wire up the initial zone support work * add output * add tests * disable package verifications * use a private copy of network sdk with zone support (#15) * Support for zoned public IP. Make global zone_type and zones_type. (#16) * Support for zoned public IP. Make global zone_type and zones_type. * Code review feedback. * apply api version range on vm zone test (#19) * show zone in the table output (#20) * install: support to build out a msi installer from local sources (#17) * doc:add command examples using availability zones (#21) * Installer: build debian bundle from a local clone (#28) * skip a few expeneive travis builds * test: update tests to work with new azure-mgmt-compute with zone support * network: support zone in network lb create (#37) * VNet peering examples. (#51) * Add BrazilUS and Dogfood cloud config files. (#50) * undo all changes specifically for private repository * fix help per review feedback * fix lint error * use newer nrp sdk version
