Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[AKS] Trusted Access Role Binding CLI #4955

Merged
merged 3 commits into from
Jun 14, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions src/aks-preview/HISTORY.rst
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,16 @@ Pending

* Fix: Remove permission prompt when saving config file to symlink with `az aks get-credentials`.

0.5.81
++++++

* Add Trusted Access Role Binding commands
* az aks trustedaccess rolebinding create
* az aks trustedaccess rolebinding update
* az aks trustedaccess rolebinding list
* az aks trustedaccess rolebinding show
* az aks trustedaccess rolebinding delete

0.5.80
++++++

Expand Down
4 changes: 4 additions & 0 deletions src/aks-preview/azext_aks_preview/_client_factory.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ def cf_trustedaccess_role(cli_ctx, *_):
return get_container_service_client(cli_ctx).trusted_access_roles


def cf_trustedaccess_role_binding(cli_ctx, *_):
return get_container_service_client(cli_ctx).trusted_access_role_bindings


def cf_container_services(cli_ctx, *_):
return get_container_service_client(cli_ctx).container_services

Expand Down
62 changes: 62 additions & 0 deletions src/aks-preview/azext_aks_preview/_help.py
Original file line number Diff line number Diff line change
Expand Up @@ -1767,6 +1767,68 @@
short-summary: List trusted access roles.
"""

helps['aks trustedaccess rolebinding'] = """
type: group
short-summary: Commands to manage trusted access role bindings.
"""

helps['aks trustedaccess rolebinding list'] = """
type: command
short-summary: List all the trusted access role bindings.
"""

helps['aks trustedaccess rolebinding show'] = """
type: command
short-summary: Get the specific trusted access role binding according to binding name.
parameters:
- name: --name -n
type: string
short-summary: Specify the role binding name.
"""

helps['aks trustedaccess rolebinding create'] = """
type: command
short-summary: Create a new trusted access role binding.
parameters:
- name: --name -n
type: string
short-summary: Specify the role binding name.
- name: --roles
type: string
short-summary: Specify the space-separated roles.
- name: --source-resource-id -s
type: string
short-summary: Specify the source resource id of the binding.

examples:
- name: Create a new trusted access role binding
text: az aks trustedaccess rolebinding create -g myResourceGroup --cluster-name myCluster -n bindingName -s /subscriptions/0000/resourceGroups/myResourceGroup/providers/Microsoft.Demo/samples --roles Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer
"""

helps['aks trustedaccess rolebinding update'] = """
type: command
short-summary: Update a trusted access role binding.
parameters:
- name: --name -n
type: string
short-summary: Specify the role binding name.
- name: --roles
type: string
short-summary: Specify the space-separated roles.
- name: --source-resource-id -s
type: string
short-summary: Specify the source resource id of the binding.
"""

helps['aks trustedaccess rolebinding delete'] = """
type: command
short-summary: Delete a trusted access role binding according to name.
parameters:
- name: --name -n
type: string
short-summary: Specify the role binding name.
"""

helps['aks draft'] = """
type: group
short-summary: Commands to build deployment files in a project directory and deploy to an AKS cluster.
Expand Down
16 changes: 16 additions & 0 deletions src/aks-preview/azext_aks_preview/_params.py
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,22 @@ def load_arguments(self, _):
c.argument('yes', options_list=[
'--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')

with self.argument_context('aks trustedaccess rolebinding') as c:
c.argument('cluster_name', help='The cluster name.')

for scope in ['aks trustedaccess rolebinding show', 'aks trustedaccess rolebinding create',
'aks trustedaccess rolebinding update', 'aks trustedaccess rolebinding delete']:
with self.argument_context(scope) as c:
c.argument('role_binding_name', options_list=[
'--name', '-n'], required=True, help='The role binding name.')

for scope in ['aks trustedaccess rolebinding create', 'aks trustedaccess rolebinding update']:
with self.argument_context(scope) as c:
c.argument('roles', nargs='*',
help='space-separated roles: Microsoft.Demo/samples/reader Microsoft.Demo/samples/writer ...')
c.argument('source_resource_id', options_list=['--source-resource-id', '-s'],
help='The source resource id of the binding')


def _get_default_install_location(exe_name):
system = platform.system()
Expand Down
17 changes: 16 additions & 1 deletion src/aks-preview/azext_aks_preview/commands.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
from ._client_factory import cf_nodepool_snapshots
from ._client_factory import cf_mc_snapshots
from ._client_factory import cf_trustedaccess_role
from ._client_factory import cf_trustedaccess_role_binding
from ._format import aks_show_table_format
from ._format import aks_addon_list_available_table_format, aks_addon_list_table_format, aks_addon_show_table_format
from ._format import aks_agentpool_show_table_format
Expand Down Expand Up @@ -64,6 +65,12 @@ def load_command_table(self, _):
client_factory=cf_trustedaccess_role
)

trustedaccess_role_binding_sdk = CliCommandType(
operations_tmpl='azext_aks_preview.vendored_sdks.azure_mgmt_preview_aks.'
'operations._trusted_access_role_bindings_operations#TrustedAccessRoleBindingsOperations.{}',
client_factory=cf_trustedaccess_role_binding
)

# AKS managed cluster commands
with self.command_group('aks', managed_clusters_sdk, client_factory=cf_managed_clusters) as g:
g.custom_command('kollect', 'aks_kollect')
Expand Down Expand Up @@ -179,6 +186,14 @@ def load_command_table(self, _):
g.custom_command('delete', 'aks_snapshot_delete',
supports_no_wait=True)

# AKS trusted access roles commands
# AKS trusted access role commands
with self.command_group('aks trustedaccess role', trustedaccess_role_sdk, client_factory=cf_trustedaccess_role) as g:
g.custom_command('list', 'aks_trustedaccess_role_list')

# AKS trusted access rolebinding commands
with self.command_group('aks trustedaccess rolebinding', trustedaccess_role_binding_sdk, client_factory=cf_trustedaccess_role_binding) as g:
g.custom_command('list', 'aks_trustedaccess_role_binding_list')
g.custom_show_command('show', 'aks_trustedaccess_role_binding_get')
g.custom_command('create', 'aks_trustedaccess_role_binding_create_or_update')
g.custom_command('update', 'aks_trustedaccess_role_binding_create_or_update')
g.custom_command('delete', 'aks_trustedaccess_role_binding_delete', confirmation=True)
19 changes: 19 additions & 0 deletions src/aks-preview/azext_aks_preview/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@
UserAssignedIdentity,
ManagedClusterIngressProfile,
ManagedClusterIngressProfileWebAppRouting,
TrustedAccessRoleBinding,
)

from azext_aks_preview.aks_draft.commands import (
Expand Down Expand Up @@ -3340,3 +3341,21 @@ def aks_nodepool_snapshot_list(cmd, client, resource_group_name=None): # pylint

def aks_trustedaccess_role_list(cmd, client, location): # pylint: disable=unused-argument
return client.list(location)


def aks_trustedaccess_role_binding_list(cmd, client, resource_group_name, cluster_name): # pylint: disable=unused-argument
return client.list(resource_group_name, cluster_name)


def aks_trustedaccess_role_binding_get(cmd, client, resource_group_name, cluster_name, role_binding_name):
return client.get(resource_group_name, cluster_name, role_binding_name)


def aks_trustedaccess_role_binding_create_or_update(cmd, client, resource_group_name, cluster_name, role_binding_name,
source_resource_id, roles):
roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roles)
return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding)


def aks_trustedaccess_role_binding_delete(cmd, client, resource_group_name, cluster_name, role_binding_name):
return client.delete(resource_group_name, cluster_name, role_binding_name)
2 changes: 1 addition & 1 deletion src/aks-preview/setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

from setuptools import setup, find_packages

VERSION = "0.5.80"
VERSION = "0.5.81"
CLASSIFIERS = [
"Development Status :: 4 - Beta",
"Intended Audience :: Developers",
Expand Down