-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Spring-cloud] Add support for AppMSI #4598
[Spring-cloud] Add support for AppMSI #4598
Conversation
… and re-generate the recording-test yaml files
Add helps for params in identity remove Add validators for params in identity remove Add unit test for params validator
spring-cloud app identity remove
spring-cloud app identity remove
spring-cloud app identity remove
1) Refine help info for command 2) Add parameters 3) Add validator 4) Add UT for validator
1. Add param 2. Add help info 3. Add validator 4. Add UT for validator
refactor validator
refine validator
implement and add partial recording test
add recording test for create app with user assigned managed identities
add recording test for create app with both assigned managed identities
1. add parameters 2. add validator 3. add method in help 4. add command 5. add stub implementation 6. add UT for validator
add recording test for force-set
…nformation. Will add not support and obsolete warning for specific cases.
Spring-cloud |
helps['spring-cloud app identity force-set'] = """ | ||
type: command | ||
short-summary: Force set managed identities on an app. | ||
examples: | ||
- name: Force remove all managed identities on an app. | ||
text: az spring-cloud app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned disable --user-assigned disable | ||
- name: Force remove all user-assigned managed identities on an app, and enable or keep system-assigned managed identity. | ||
text: az spring-cloud app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned enable --user-assigned disable | ||
- name: Force remove system-assigned managed identity on an app, and assign or keep user-assigned managed identities. | ||
text: az spring-cloud app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned disable --user-assigned IdentityResourceId1 IdentityResourceId2 | ||
""" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need this command? Can its function be replaced by the spring-cloud app identity remove
command?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Normally we don't need these commands. It's related to a data consistency problem among managed identity RP and my RP. There can be case when user identity is assigned to an app in my side, but deleted in managed identity RP due to data in-consistency. These commands leverage put method to reset data back with one command.
app identity remove/assign is done with patch http method, there can be case, there is no identity assigned to an app in my RP, but managed identity RP still has some identity assigned to the app.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it, thanks~
if _app_not_updatable(app): | ||
raise CLIError("Failed to remove managed identities since app is in {} state.".format(app.properties.provisioning_state)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we use the specific error type instead of CLIError
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated all 9 occurrences.
This checklist is used to make sure that common guidelines for a pull request are followed.
General Guidelines
azdev style <YOUR_EXT>
locally? (pip install azdev
required)python scripts/ci/test_index.py -q
locally?For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your PR is merged into master branch, a new PR will be created to update
src/index.json
automatically.The precondition is to put your code inside this repo and upgrade the version in the PR but do not modify
src/index.json
.