Support --token-store, --sas-url-secret, --sas-url-secret-name, --yes for container app auth #6660

njuCZ · 2023-08-18T07:06:28Z

… for az cotnainerapp auth

This checklist is used to make sure that common guidelines for a pull request are followed.

Related command

General Guidelines

Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
Have you run python scripts/ci/test_index.py -q locally?

For new extensions:

My extension description/summary conforms to the Extension Summary Guidelines.

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update src/index.json automatically.
You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify src/index.json.

… for az cotnainerapp auth

azure-client-tools-bot-prd · 2023-08-18T07:06:30Z

⚠️Azure CLI Extensions Breaking Change Test

⚠️containerapp

rule cmd_name rule_message suggest_message

⚠️ 1006 - ParaAdd containerapp auth update cmd containerapp auth update added parameter sas_url_secret_name

⚠️ 1006 - ParaAdd containerapp auth update cmd containerapp auth update added parameter sas_url_secret

⚠️ 1006 - ParaAdd containerapp auth update cmd containerapp auth update added parameter token_store

⚠️ 1006 - ParaAdd containerapp auth update cmd containerapp auth update added parameter yes

azure-client-tools-bot-prd · 2023-08-18T07:06:33Z

Hi @njuCZ,
Please write the description of changes which can be perceived by customers into HISTORY.rst.
If you want to release a new extension version, please update the version in setup.py as well.

yonzhan · 2023-08-18T07:06:41Z

Thank you for your contribution! We will review the pull request and get back to you soon.

src/containerapp/azext_containerapp/containerapp_auth_decorator.py

src/containerapp/azext_containerapp/_params.py

src/containerapp/HISTORY.rst

Juliehzl · 2023-08-18T08:41:38Z

src/containerapp/azext_containerapp/containerapp_auth_decorator.py

+        if self.get_argument_sas_url_secret() is not None and self.get_argument_sas_url_secret_name() is not None:
+            raise ArgumentUsageError('Usage Error: --sas-url-secret and --sas-url-secret-name cannot both be set')
+        if self.get_argument_sas_url_secret() is not None and not self.get_argument_yes():
+            msg = 'Configuring --sas-url-secret will add a secret to the containerapp. Are you sure you want to continue?'


is it required to add prompt?

if yes parameter is not passed, there is prompt to let user confirm it.

It's the same behavior as others. For example: az containerapp microsoft update xxx

Juliehzl · 2023-08-18T08:43:32Z

src/containerapp/azext_containerapp/custom.py

@@ -5046,6 +5049,8 @@ def update_auth_config(cmd, resource_group_name, name, set_string=None, enabled=
    )

    containerapp_auth_decorator.construct_payload()
+    if containerapp_auth_decorator.get_argument_token_store() and containerapp_auth_decorator.get_argument_sas_url_secret() is not None:


why not add it in construct_payload()?

set_secrets func is defined in this file, to avoid dependency loop, so place the logic here

@Juliehzl
g.custom_command('set', 'set_secrets', exception_handler=ex_handler_factory())
1. set_secrets is a function support command
2. set_secrets will execute ContainerAppClient.create_or_update, I think if it add in construct_payload, maybe will execute twice in some scenario. It should be set in some place which not super() the GA function.

Juliehzl · 2023-08-21T05:01:36Z

src/containerapp/azext_containerapp/custom.py

@@ -5046,6 +5049,8 @@ def update_auth_config(cmd, resource_group_name, name, set_string=None, enabled=
    )

    containerapp_auth_decorator.construct_payload()
+    if containerapp_auth_decorator.get_argument_token_store() and containerapp_auth_decorator.get_argument_sas_url_secret() is not None:
+        set_secrets(cmd, name, resource_group_name, secrets=[f"{BLOB_STORAGE_TOKEN_STORE_SECRET_SETTING_NAME}={containerapp_auth_decorator.get_argument_sas_url_secret()}"], no_wait=True, disable_max_length=True)


combine the method to depcorator to avoid duplicate usage when moving to GA and refine the logic to be same with facbook/microsoft... commands

Will do it in next PR.

Greedygre · 2023-08-21T05:02:27Z

Hi @zhoxing-ms
Could you please help to review and merge this PR, thanks.

src/containerapp/azext_containerapp/_params.py

Co-authored-by: Xing Zhou <[email protected]>

support --token_store, --sas-url-secret, --sas-url-secret-name, --yes…

f37018c

… for az cotnainerapp auth

azure-client-tools-bot-prd bot added this to the August 2023 (2023-09-05) milestone Aug 18, 2023

microsoft-github-policy-service bot requested review from yonzhan, wangzelin007, yanzhudd and zhoxing-ms August 18, 2023 07:06

microsoft-github-policy-service bot requested review from jsntcy, ruslany, sanchitmehta, ebencarek, JennyLawrance, howang-ms, vinisoto, chinadragon0515, vturecek, torosent, pagariyaalok, Juliehzl, jijohn14 and Greedygre August 18, 2023 07:06

microsoft-github-policy-service bot added the Auto-Assign Auto assign by bot label Aug 18, 2023

microsoft-github-policy-service bot assigned zhoxing-ms Aug 18, 2023

microsoft-github-policy-service bot added the ContainerApp label Aug 18, 2023

njuCZ changed the title ~~Support --token_store, --sas-url-secret, --sas-url-secret-name, --yes for container app auth~~ Support --token-store, --sas-url-secret, --sas-url-secret-name, --yes for container app auth Aug 18, 2023

fmt

1c86327