From dd950ef5a82b06f9ad01c749cb28114bf900ba6c Mon Sep 17 00:00:00 2001 From: Yitong Feng <369397590@qq.com> Date: Tue, 14 Jun 2022 17:54:32 +0800 Subject: [PATCH] [AKS] Trusted Access Role Binding CLI (#4955) --- src/aks-preview/HISTORY.rst | 10 +++ .../azext_aks_preview/_client_factory.py | 4 ++ src/aks-preview/azext_aks_preview/_help.py | 62 +++++++++++++++++++ src/aks-preview/azext_aks_preview/_params.py | 16 +++++ src/aks-preview/azext_aks_preview/commands.py | 17 ++++- src/aks-preview/azext_aks_preview/custom.py | 19 ++++++ src/aks-preview/setup.py | 2 +- 7 files changed, 128 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index 5ce2a4053c8..eafcac711fc 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -14,6 +14,16 @@ Pending * Fix: Remove permission prompt when saving config file to symlink with `az aks get-credentials`. +0.5.81 +++++++ + +* Add Trusted Access Role Binding commands + * az aks trustedaccess rolebinding create + * az aks trustedaccess rolebinding update + * az aks trustedaccess rolebinding list + * az aks trustedaccess rolebinding show + * az aks trustedaccess rolebinding delete + 0.5.80 ++++++ diff --git a/src/aks-preview/azext_aks_preview/_client_factory.py b/src/aks-preview/azext_aks_preview/_client_factory.py index d155618c33a..fdd749a4d05 100644 --- a/src/aks-preview/azext_aks_preview/_client_factory.py +++ b/src/aks-preview/azext_aks_preview/_client_factory.py @@ -22,6 +22,10 @@ def cf_trustedaccess_role(cli_ctx, *_): return get_container_service_client(cli_ctx).trusted_access_roles +def cf_trustedaccess_role_binding(cli_ctx, *_): + return get_container_service_client(cli_ctx).trusted_access_role_bindings + + def cf_container_services(cli_ctx, *_): return get_container_service_client(cli_ctx).container_services diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 6d3631c4868..f2ec111f2bc 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -1767,6 +1767,68 @@ short-summary: List trusted access roles. """ +helps['aks trustedaccess rolebinding'] = """ + type: group + short-summary: Commands to manage trusted access role bindings. +""" + +helps['aks trustedaccess rolebinding list'] = """ + type: command + short-summary: List all the trusted access role bindings. +""" + +helps['aks trustedaccess rolebinding show'] = """ + type: command + short-summary: Get the specific trusted access role binding according to binding name. + parameters: + - name: --name -n + type: string + short-summary: Specify the role binding name. +""" + +helps['aks trustedaccess rolebinding create'] = """ + type: command + short-summary: Create a new trusted access role binding. + parameters: + - name: --name -n + type: string + short-summary: Specify the role binding name. + - name: --roles + type: string + short-summary: Specify the space-separated roles. + - name: --source-resource-id -s + type: string + short-summary: Specify the source resource id of the binding. + + examples: + - name: Create a new trusted access role binding + text: az aks trustedaccess rolebinding create -g myResourceGroup --cluster-name myCluster -n bindingName -s /subscriptions/0000/resourceGroups/myResourceGroup/providers/Microsoft.Demo/samples --roles Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer +""" + +helps['aks trustedaccess rolebinding update'] = """ + type: command + short-summary: Update a trusted access role binding. + parameters: + - name: --name -n + type: string + short-summary: Specify the role binding name. + - name: --roles + type: string + short-summary: Specify the space-separated roles. + - name: --source-resource-id -s + type: string + short-summary: Specify the source resource id of the binding. +""" + +helps['aks trustedaccess rolebinding delete'] = """ + type: command + short-summary: Delete a trusted access role binding according to name. + parameters: + - name: --name -n + type: string + short-summary: Specify the role binding name. +""" + helps['aks draft'] = """ type: group short-summary: Commands to build deployment files in a project directory and deploy to an AKS cluster. diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 215c949558b..d50d8e6f8a3 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -680,6 +680,22 @@ def load_arguments(self, _): c.argument('yes', options_list=[ '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + with self.argument_context('aks trustedaccess rolebinding') as c: + c.argument('cluster_name', help='The cluster name.') + + for scope in ['aks trustedaccess rolebinding show', 'aks trustedaccess rolebinding create', + 'aks trustedaccess rolebinding update', 'aks trustedaccess rolebinding delete']: + with self.argument_context(scope) as c: + c.argument('role_binding_name', options_list=[ + '--name', '-n'], required=True, help='The role binding name.') + + for scope in ['aks trustedaccess rolebinding create', 'aks trustedaccess rolebinding update']: + with self.argument_context(scope) as c: + c.argument('roles', nargs='*', + help='space-separated roles: Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer ...') + c.argument('source_resource_id', options_list=['--source-resource-id', '-s'], + help='The source resource id of the binding') + def _get_default_install_location(exe_name): system = platform.system() diff --git a/src/aks-preview/azext_aks_preview/commands.py b/src/aks-preview/azext_aks_preview/commands.py index ed7a417b347..b9a1c8500a0 100644 --- a/src/aks-preview/azext_aks_preview/commands.py +++ b/src/aks-preview/azext_aks_preview/commands.py @@ -11,6 +11,7 @@ from ._client_factory import cf_nodepool_snapshots from ._client_factory import cf_mc_snapshots from ._client_factory import cf_trustedaccess_role +from ._client_factory import cf_trustedaccess_role_binding from ._format import aks_show_table_format from ._format import aks_addon_list_available_table_format, aks_addon_list_table_format, aks_addon_show_table_format from ._format import aks_agentpool_show_table_format @@ -64,6 +65,12 @@ def load_command_table(self, _): client_factory=cf_trustedaccess_role ) + trustedaccess_role_binding_sdk = CliCommandType( + operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.' + 'operations._trusted_access_role_bindings_operations#TrustedAccessRoleBindingsOperations.{}', + client_factory=cf_trustedaccess_role_binding + ) + # AKS managed cluster commands with self.command_group('aks', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: g.custom_command('kollect', 'aks_kollect') @@ -179,6 +186,14 @@ def load_command_table(self, _): g.custom_command('delete', 'aks_snapshot_delete', supports_no_wait=True) - # AKS trusted access roles commands + # AKS trusted access role commands with self.command_group('aks trustedaccess role', trustedaccess_role_sdk, client_factory=cf_trustedaccess_role) as g: g.custom_command('list', 'aks_trustedaccess_role_list') + + # AKS trusted access rolebinding commands + with self.command_group('aks trustedaccess rolebinding', trustedaccess_role_binding_sdk, client_factory=cf_trustedaccess_role_binding) as g: + g.custom_command('list', 'aks_trustedaccess_role_binding_list') + g.custom_show_command('show', 'aks_trustedaccess_role_binding_get') + g.custom_command('create', 'aks_trustedaccess_role_binding_create_or_update') + g.custom_command('update', 'aks_trustedaccess_role_binding_create_or_update') + g.custom_command('delete', 'aks_trustedaccess_role_binding_delete', confirmation=True) diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index caef6b1c0ad..911763affd2 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -154,6 +154,7 @@ UserAssignedIdentity, ManagedClusterIngressProfile, ManagedClusterIngressProfileWebAppRouting, + TrustedAccessRoleBinding, ) from azext_aks_preview.aks_draft.commands import ( @@ -3340,3 +3341,21 @@ def aks_nodepool_snapshot_list(cmd, client, resource_group_name=None): # pylint def aks_trustedaccess_role_list(cmd, client, location): # pylint: disable=unused-argument return client.list(location) + + +def aks_trustedaccess_role_binding_list(cmd, client, resource_group_name, cluster_name): # pylint: disable=unused-argument + return client.list(resource_group_name, cluster_name) + + +def aks_trustedaccess_role_binding_get(cmd, client, resource_group_name, cluster_name, role_binding_name): + return client.get(resource_group_name, cluster_name, role_binding_name) + + +def aks_trustedaccess_role_binding_create_or_update(cmd, client, resource_group_name, cluster_name, role_binding_name, + source_resource_id, roles): + roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roles) + return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding) + + +def aks_trustedaccess_role_binding_delete(cmd, client, resource_group_name, cluster_name, role_binding_name): + return client.delete(resource_group_name, cluster_name, role_binding_name) diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index 92bfc4b793a..379c6b33112 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import setup, find_packages -VERSION = "0.5.80" +VERSION = "0.5.81" CLASSIFIERS = [ "Development Status :: 4 - Beta", "Intended Audience :: Developers",