Skip to content

Commit

Permalink
[AKS] Trusted Access Role Binding CLI (#4955)
Browse files Browse the repository at this point in the history
  • Loading branch information
YitongFeng-git authored Jun 14, 2022
1 parent 9d0cad6 commit dd950ef
Show file tree
Hide file tree
Showing 7 changed files with 128 additions and 2 deletions.
10 changes: 10 additions & 0 deletions src/aks-preview/HISTORY.rst
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,16 @@ Pending

* Fix: Remove permission prompt when saving config file to symlink with `az aks get-credentials`.

0.5.81
++++++

* Add Trusted Access Role Binding commands
* az aks trustedaccess rolebinding create
* az aks trustedaccess rolebinding update
* az aks trustedaccess rolebinding list
* az aks trustedaccess rolebinding show
* az aks trustedaccess rolebinding delete

0.5.80
++++++

Expand Down
4 changes: 4 additions & 0 deletions src/aks-preview/azext_aks_preview/_client_factory.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ def cf_trustedaccess_role(cli_ctx, *_):
return get_container_service_client(cli_ctx).trusted_access_roles


def cf_trustedaccess_role_binding(cli_ctx, *_):
return get_container_service_client(cli_ctx).trusted_access_role_bindings


def cf_container_services(cli_ctx, *_):
return get_container_service_client(cli_ctx).container_services

Expand Down
62 changes: 62 additions & 0 deletions src/aks-preview/azext_aks_preview/_help.py
Original file line number Diff line number Diff line change
Expand Up @@ -1767,6 +1767,68 @@
short-summary: List trusted access roles.
"""

helps['aks trustedaccess rolebinding'] = """
type: group
short-summary: Commands to manage trusted access role bindings.
"""

helps['aks trustedaccess rolebinding list'] = """
type: command
short-summary: List all the trusted access role bindings.
"""

helps['aks trustedaccess rolebinding show'] = """
type: command
short-summary: Get the specific trusted access role binding according to binding name.
parameters:
- name: --name -n
type: string
short-summary: Specify the role binding name.
"""

helps['aks trustedaccess rolebinding create'] = """
type: command
short-summary: Create a new trusted access role binding.
parameters:
- name: --name -n
type: string
short-summary: Specify the role binding name.
- name: --roles
type: string
short-summary: Specify the space-separated roles.
- name: --source-resource-id -s
type: string
short-summary: Specify the source resource id of the binding.
examples:
- name: Create a new trusted access role binding
text: az aks trustedaccess rolebinding create -g myResourceGroup --cluster-name myCluster -n bindingName -s /subscriptions/0000/resourceGroups/myResourceGroup/providers/Microsoft.Demo/samples --roles Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer
"""

helps['aks trustedaccess rolebinding update'] = """
type: command
short-summary: Update a trusted access role binding.
parameters:
- name: --name -n
type: string
short-summary: Specify the role binding name.
- name: --roles
type: string
short-summary: Specify the space-separated roles.
- name: --source-resource-id -s
type: string
short-summary: Specify the source resource id of the binding.
"""

helps['aks trustedaccess rolebinding delete'] = """
type: command
short-summary: Delete a trusted access role binding according to name.
parameters:
- name: --name -n
type: string
short-summary: Specify the role binding name.
"""

helps['aks draft'] = """
type: group
short-summary: Commands to build deployment files in a project directory and deploy to an AKS cluster.
Expand Down
16 changes: 16 additions & 0 deletions src/aks-preview/azext_aks_preview/_params.py
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,22 @@ def load_arguments(self, _):
c.argument('yes', options_list=[
'--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')

with self.argument_context('aks trustedaccess rolebinding') as c:
c.argument('cluster_name', help='The cluster name.')

for scope in ['aks trustedaccess rolebinding show', 'aks trustedaccess rolebinding create',
'aks trustedaccess rolebinding update', 'aks trustedaccess rolebinding delete']:
with self.argument_context(scope) as c:
c.argument('role_binding_name', options_list=[
'--name', '-n'], required=True, help='The role binding name.')

for scope in ['aks trustedaccess rolebinding create', 'aks trustedaccess rolebinding update']:
with self.argument_context(scope) as c:
c.argument('roles', nargs='*',
help='space-separated roles: Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer ...')
c.argument('source_resource_id', options_list=['--source-resource-id', '-s'],
help='The source resource id of the binding')


def _get_default_install_location(exe_name):
system = platform.system()
Expand Down
17 changes: 16 additions & 1 deletion src/aks-preview/azext_aks_preview/commands.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
from ._client_factory import cf_nodepool_snapshots
from ._client_factory import cf_mc_snapshots
from ._client_factory import cf_trustedaccess_role
from ._client_factory import cf_trustedaccess_role_binding
from ._format import aks_show_table_format
from ._format import aks_addon_list_available_table_format, aks_addon_list_table_format, aks_addon_show_table_format
from ._format import aks_agentpool_show_table_format
Expand Down Expand Up @@ -64,6 +65,12 @@ def load_command_table(self, _):
client_factory=cf_trustedaccess_role
)

trustedaccess_role_binding_sdk = CliCommandType(
operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.'
'operations._trusted_access_role_bindings_operations#TrustedAccessRoleBindingsOperations.{}',
client_factory=cf_trustedaccess_role_binding
)

# AKS managed cluster commands
with self.command_group('aks', managed_clusters_sdk, client_factory=cf_managed_clusters) as g:
g.custom_command('kollect', 'aks_kollect')
Expand Down Expand Up @@ -179,6 +186,14 @@ def load_command_table(self, _):
g.custom_command('delete', 'aks_snapshot_delete',
supports_no_wait=True)

# AKS trusted access roles commands
# AKS trusted access role commands
with self.command_group('aks trustedaccess role', trustedaccess_role_sdk, client_factory=cf_trustedaccess_role) as g:
g.custom_command('list', 'aks_trustedaccess_role_list')

# AKS trusted access rolebinding commands
with self.command_group('aks trustedaccess rolebinding', trustedaccess_role_binding_sdk, client_factory=cf_trustedaccess_role_binding) as g:
g.custom_command('list', 'aks_trustedaccess_role_binding_list')
g.custom_show_command('show', 'aks_trustedaccess_role_binding_get')
g.custom_command('create', 'aks_trustedaccess_role_binding_create_or_update')
g.custom_command('update', 'aks_trustedaccess_role_binding_create_or_update')
g.custom_command('delete', 'aks_trustedaccess_role_binding_delete', confirmation=True)
19 changes: 19 additions & 0 deletions src/aks-preview/azext_aks_preview/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@
UserAssignedIdentity,
ManagedClusterIngressProfile,
ManagedClusterIngressProfileWebAppRouting,
TrustedAccessRoleBinding,
)

from azext_aks_preview.aks_draft.commands import (
Expand Down Expand Up @@ -3340,3 +3341,21 @@ def aks_nodepool_snapshot_list(cmd, client, resource_group_name=None): # pylint

def aks_trustedaccess_role_list(cmd, client, location): # pylint: disable=unused-argument
return client.list(location)


def aks_trustedaccess_role_binding_list(cmd, client, resource_group_name, cluster_name): # pylint: disable=unused-argument
return client.list(resource_group_name, cluster_name)


def aks_trustedaccess_role_binding_get(cmd, client, resource_group_name, cluster_name, role_binding_name):
return client.get(resource_group_name, cluster_name, role_binding_name)


def aks_trustedaccess_role_binding_create_or_update(cmd, client, resource_group_name, cluster_name, role_binding_name,
source_resource_id, roles):
roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roles)
return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding)


def aks_trustedaccess_role_binding_delete(cmd, client, resource_group_name, cluster_name, role_binding_name):
return client.delete(resource_group_name, cluster_name, role_binding_name)
2 changes: 1 addition & 1 deletion src/aks-preview/setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

from setuptools import setup, find_packages

VERSION = "0.5.80"
VERSION = "0.5.81"
CLASSIFIERS = [
"Development Status :: 4 - Beta",
"Intended Audience :: Developers",
Expand Down

0 comments on commit dd950ef

Please sign in to comment.