From 8a4aa42bf1a1b3afeb65e1becc6aa6a701c4ea38 Mon Sep 17 00:00:00 2001 From: Yitong Feng Date: Thu, 9 Jun 2022 13:27:07 +0800 Subject: [PATCH 1/3] [AKS] Trusted Access Role Binding CLI --- src/aks-preview/HISTORY.rst | 10 +++++++ .../azext_aks_preview/_client_factory.py | 4 +++ src/aks-preview/azext_aks_preview/_help.py | 30 +++++++++++++++++++ src/aks-preview/azext_aks_preview/_params.py | 16 ++++++++++ src/aks-preview/azext_aks_preview/commands.py | 17 ++++++++++- src/aks-preview/azext_aks_preview/custom.py | 19 ++++++++++++ src/aks-preview/setup.py | 2 +- 7 files changed, 96 insertions(+), 2 deletions(-) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index 5ce2a4053c8..eb2e87baf18 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -14,6 +14,16 @@ Pending * Fix: Remove permission prompt when saving config file to symlink with `az aks get-credentials`. +0.5.81 +++++++ + +* Add Trusted Access Role Binding commands + * az aks trustedaccess rolebinding create + * az aks trustedaccess rolebinding update + * az aks trustedaccess rolebinding list + * az aks trustedaccess rolebinding get + * az aks trustedaccess rolebinding delete + 0.5.80 ++++++ diff --git a/src/aks-preview/azext_aks_preview/_client_factory.py b/src/aks-preview/azext_aks_preview/_client_factory.py index d155618c33a..fdd749a4d05 100644 --- a/src/aks-preview/azext_aks_preview/_client_factory.py +++ b/src/aks-preview/azext_aks_preview/_client_factory.py @@ -22,6 +22,10 @@ def cf_trustedaccess_role(cli_ctx, *_): return get_container_service_client(cli_ctx).trusted_access_roles +def cf_trustedaccess_role_binding(cli_ctx, *_): + return get_container_service_client(cli_ctx).trusted_access_role_bindings + + def cf_container_services(cli_ctx, *_): return get_container_service_client(cli_ctx).container_services diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 6d3631c4868..fa04371405d 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -1767,6 +1767,36 @@ short-summary: List trusted access roles. """ +helps['aks trustedaccess rolebinding'] = """ + type: group + short-summary: Commands to manage trusted access role bindings. +""" + +helps['aks trustedaccess rolebinding list'] = """ + type: command + short-summary: List all the trusted access role bindings. +""" + +helps['aks trustedaccess rolebinding get'] = """ + type: command + short-summary: Get the specific trusted access role binding according to binding name. +""" + +helps['aks trustedaccess rolebinding create'] = """ + type: command + short-summary: Create a new trusted access role binding. +""" + +helps['aks trustedaccess rolebinding update'] = """ + type: command + short-summary: Update a trusted access role binding. +""" + +helps['aks trustedaccess rolebinding delete'] = """ + type: command + short-summary: Delete a trusted access role binding according to name. +""" + helps['aks draft'] = """ type: group short-summary: Commands to build deployment files in a project directory and deploy to an AKS cluster. diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 215c949558b..fe067213126 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -680,6 +680,22 @@ def load_arguments(self, _): c.argument('yes', options_list=[ '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + with self.argument_context('aks trustedaccess rolebinding') as c: + c.argument('cluster_name', help='The cluster name.') + + for scope in ['aks trustedaccess rolebinding get', 'aks trustedaccess rolebinding create', + 'aks trustedaccess rolebinding update', 'aks trustedaccess rolebinding delete']: + with self.argument_context(scope) as c: + c.argument('role_binding_name', options_list=[ + '--name', '-n'], required=True, help='The role binding name.') + + for scope in ['aks trustedaccess rolebinding create', 'aks trustedaccess rolebinding update']: + with self.argument_context(scope) as c: + c.argument('roles', nargs='*', + help='space-separated roles: Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer ...') + c.argument('source_resource_id', options_list=['--source-resource-id', '-s'], + help='The source resource id of the binding') + def _get_default_install_location(exe_name): system = platform.system() diff --git a/src/aks-preview/azext_aks_preview/commands.py b/src/aks-preview/azext_aks_preview/commands.py index ed7a417b347..eb5c5ce250c 100644 --- a/src/aks-preview/azext_aks_preview/commands.py +++ b/src/aks-preview/azext_aks_preview/commands.py @@ -11,6 +11,7 @@ from ._client_factory import cf_nodepool_snapshots from ._client_factory import cf_mc_snapshots from ._client_factory import cf_trustedaccess_role +from ._client_factory import cf_trustedaccess_role_binding from ._format import aks_show_table_format from ._format import aks_addon_list_available_table_format, aks_addon_list_table_format, aks_addon_show_table_format from ._format import aks_agentpool_show_table_format @@ -64,6 +65,12 @@ def load_command_table(self, _): client_factory=cf_trustedaccess_role ) + trustedaccess_role_binding_sdk = CliCommandType( + operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.' + 'operations._trusted_access_role_bindings_operations#TrustedAccessRoleBindingsOperations.{}', + client_factory=cf_trustedaccess_role_binding + ) + # AKS managed cluster commands with self.command_group('aks', managed_clusters_sdk, client_factory=cf_managed_clusters) as g: g.custom_command('kollect', 'aks_kollect') @@ -179,6 +186,14 @@ def load_command_table(self, _): g.custom_command('delete', 'aks_snapshot_delete', supports_no_wait=True) - # AKS trusted access roles commands + # AKS trusted access role commands with self.command_group('aks trustedaccess role', trustedaccess_role_sdk, client_factory=cf_trustedaccess_role) as g: g.custom_command('list', 'aks_trustedaccess_role_list') + + # AKS trusted access rolebinding commands + with self.command_group('aks trustedaccess rolebinding', trustedaccess_role_binding_sdk, client_factory=cf_trustedaccess_role_binding) as g: + g.custom_command('list', 'aks_trustedaccess_role_binding_list') + g.custom_command('get', 'aks_trustedaccess_role_binding_get') + g.custom_command('create', 'aks_trustedaccess_role_binding_create_or_update', supports_no_wait=True) + g.custom_command('update', 'aks_trustedaccess_role_binding_create_or_update', supports_no_wait=True) + g.custom_command('delete', 'aks_trustedaccess_role_binding_delete', supports_no_wait=True) diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index caef6b1c0ad..911763affd2 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -154,6 +154,7 @@ UserAssignedIdentity, ManagedClusterIngressProfile, ManagedClusterIngressProfileWebAppRouting, + TrustedAccessRoleBinding, ) from azext_aks_preview.aks_draft.commands import ( @@ -3340,3 +3341,21 @@ def aks_nodepool_snapshot_list(cmd, client, resource_group_name=None): # pylint def aks_trustedaccess_role_list(cmd, client, location): # pylint: disable=unused-argument return client.list(location) + + +def aks_trustedaccess_role_binding_list(cmd, client, resource_group_name, cluster_name): # pylint: disable=unused-argument + return client.list(resource_group_name, cluster_name) + + +def aks_trustedaccess_role_binding_get(cmd, client, resource_group_name, cluster_name, role_binding_name): + return client.get(resource_group_name, cluster_name, role_binding_name) + + +def aks_trustedaccess_role_binding_create_or_update(cmd, client, resource_group_name, cluster_name, role_binding_name, + source_resource_id, roles): + roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roles) + return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding) + + +def aks_trustedaccess_role_binding_delete(cmd, client, resource_group_name, cluster_name, role_binding_name): + return client.delete(resource_group_name, cluster_name, role_binding_name) diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index 92bfc4b793a..379c6b33112 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import setup, find_packages -VERSION = "0.5.80" +VERSION = "0.5.81" CLASSIFIERS = [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", From d1311170b20169ba6ee8388116e129f4df1d346c Mon Sep 17 00:00:00 2001 From: Yitong Feng Date: Thu, 9 Jun 2022 14:25:00 +0800 Subject: [PATCH 2/3] help --- src/aks-preview/HISTORY.rst | 2 +- src/aks-preview/azext_aks_preview/_help.py | 34 ++++++++++++++++++- src/aks-preview/azext_aks_preview/_params.py | 2 +- src/aks-preview/azext_aks_preview/commands.py | 8 ++--- 4 files changed, 39 insertions(+), 7 deletions(-) diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index eb2e87baf18..eafcac711fc 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -21,7 +21,7 @@ Pending * az aks trustedaccess rolebinding create * az aks trustedaccess rolebinding update * az aks trustedaccess rolebinding list - * az aks trustedaccess rolebinding get + * az aks trustedaccess rolebinding show * az aks trustedaccess rolebinding delete 0.5.80 diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index fa04371405d..f2ec111f2bc 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -1777,24 +1777,56 @@ short-summary: List all the trusted access role bindings. """ -helps['aks trustedaccess rolebinding get'] = """ +helps['aks trustedaccess rolebinding show'] = """ type: command short-summary: Get the specific trusted access role binding according to binding name. + parameters: + - name: --name -n + type: string + short-summary: Specify the role binding name. """ helps['aks trustedaccess rolebinding create'] = """ type: command short-summary: Create a new trusted access role binding. + parameters: + - name: --name -n + type: string + short-summary: Specify the role binding name. + - name: --roles + type: string + short-summary: Specify the space-separated roles. + - name: --source-resource-id -s + type: string + short-summary: Specify the source resource id of the binding. + + examples: + - name: Create a new trusted access role binding + text: az aks trustedaccess rolebinding create -g myResourceGroup --cluster-name myCluster -n bindingName -s /subscriptions/0000/resourceGroups/myResourceGroup/providers/Microsoft.Demo/samples --roles Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer """ helps['aks trustedaccess rolebinding update'] = """ type: command short-summary: Update a trusted access role binding. + parameters: + - name: --name -n + type: string + short-summary: Specify the role binding name. + - name: --roles + type: string + short-summary: Specify the space-separated roles. + - name: --source-resource-id -s + type: string + short-summary: Specify the source resource id of the binding. """ helps['aks trustedaccess rolebinding delete'] = """ type: command short-summary: Delete a trusted access role binding according to name. + parameters: + - name: --name -n + type: string + short-summary: Specify the role binding name. """ helps['aks draft'] = """ diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index fe067213126..d50d8e6f8a3 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -683,7 +683,7 @@ def load_arguments(self, _): with self.argument_context('aks trustedaccess rolebinding') as c: c.argument('cluster_name', help='The cluster name.') - for scope in ['aks trustedaccess rolebinding get', 'aks trustedaccess rolebinding create', + for scope in ['aks trustedaccess rolebinding show', 'aks trustedaccess rolebinding create', 'aks trustedaccess rolebinding update', 'aks trustedaccess rolebinding delete']: with self.argument_context(scope) as c: c.argument('role_binding_name', options_list=[ diff --git a/src/aks-preview/azext_aks_preview/commands.py b/src/aks-preview/azext_aks_preview/commands.py index eb5c5ce250c..f09c4fe4a81 100644 --- a/src/aks-preview/azext_aks_preview/commands.py +++ b/src/aks-preview/azext_aks_preview/commands.py @@ -193,7 +193,7 @@ def load_command_table(self, _): # AKS trusted access rolebinding commands with self.command_group('aks trustedaccess rolebinding', trustedaccess_role_binding_sdk, client_factory=cf_trustedaccess_role_binding) as g: g.custom_command('list', 'aks_trustedaccess_role_binding_list') - g.custom_command('get', 'aks_trustedaccess_role_binding_get') - g.custom_command('create', 'aks_trustedaccess_role_binding_create_or_update', supports_no_wait=True) - g.custom_command('update', 'aks_trustedaccess_role_binding_create_or_update', supports_no_wait=True) - g.custom_command('delete', 'aks_trustedaccess_role_binding_delete', supports_no_wait=True) + g.custom_command('show', 'aks_trustedaccess_role_binding_get') + g.custom_command('create', 'aks_trustedaccess_role_binding_create_or_update') + g.custom_command('update', 'aks_trustedaccess_role_binding_create_or_update') + g.custom_command('delete', 'aks_trustedaccess_role_binding_delete', confirmation=True) From 0d972efecc20a8d6ac3fef7f162f4f0eb7a15470 Mon Sep 17 00:00:00 2001 From: Yitong Feng Date: Mon, 13 Jun 2022 14:56:53 +0800 Subject: [PATCH 3/3] showcommand --- src/aks-preview/azext_aks_preview/commands.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-preview/azext_aks_preview/commands.py b/src/aks-preview/azext_aks_preview/commands.py index f09c4fe4a81..b9a1c8500a0 100644 --- a/src/aks-preview/azext_aks_preview/commands.py +++ b/src/aks-preview/azext_aks_preview/commands.py @@ -193,7 +193,7 @@ def load_command_table(self, _): # AKS trusted access rolebinding commands with self.command_group('aks trustedaccess rolebinding', trustedaccess_role_binding_sdk, client_factory=cf_trustedaccess_role_binding) as g: g.custom_command('list', 'aks_trustedaccess_role_binding_list') - g.custom_command('show', 'aks_trustedaccess_role_binding_get') + g.custom_show_command('show', 'aks_trustedaccess_role_binding_get') g.custom_command('create', 'aks_trustedaccess_role_binding_create_or_update') g.custom_command('update', 'aks_trustedaccess_role_binding_create_or_update') g.custom_command('delete', 'aks_trustedaccess_role_binding_delete', confirmation=True)