Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

appservice: support assign managed service identity to webapp/functionapp #4837

Merged
merged 6 commits into from
Nov 8, 2017
Merged

appservice: support assign managed service identity to webapp/functionapp #4837

merged 6 commits into from
Nov 8, 2017

Conversation

yugangw-msft
Copy link
Contributor

@yugangw-msft yugangw-msft commented Nov 6, 2017
edited
Loading

For less code redundancy, I extracted some common role assignments logic and moved to azure-cli-core.

General Guidelines

  • The PR has modified HISTORY.rst describing any customer-facing, functional changes. Note that this does not include changes only to help content. (see Modifying change log).

Command Guidelines

  • Each command and parameter has a meaningful description.
  • Each new command has a test.

(see Authoring Command Modules)

@azuresdkci
Copy link
Contributor

View a preview at https://prompt.ws/r/Azure/azure-cli/4837
This is an experimental preview for @microsoft.com users.
(It may take a minute or two for your instance to be ready)
Email feedback to 'azfeedback' with subject 'Prompt Feedback'.

@yugangw-msft
Copy link
Contributor Author

Note, the service is still in preview. The command layout might change, particularly when we on-board the explicit identity support.

az webapp assign-identity -g myrg -n myweb --role reader --scope /subscriptions/0b1f6471-1bf0-4dda-aec3-xxxxxxxxxxxx/resourceGroups/myrg

troydai
troydai approved these changes Nov 8, 2017
View reviewed changes
Copy link
Contributor

@troydai troydai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor issue otherwise looks fine. Merge at your own risk :P

src/azure-cli-core/azure/cli/core/commands/arm.py
properties = RoleAssignmentProperties(identity_role_id, principal_id)

logger.info("Creating an assignment with a role '%s' on the scope of '%s'", identity_role_id, identity_scope)
retry_times = 36
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Retry 36 times! 1) Magic number? Any guidelines coming from identity team? 2) 36 times !?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So it's 3 minutes ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, recommended by the PAS team to workaround a known server replication delay :)

src/azure-cli-core/azure/cli/core/commands/arm.py Outdated
client = get_mgmt_service_client(AuthorizationManagementClient).role_definitions

role_id = None
if re.match(r'/subscriptions/.+/providers/Microsoft.Authorization/roleDefinitions/',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The regex here can be improved because the wildcard is a GUID which is more restricted than .+ matching.

src/command_modules/azure-cli-appservice/azure/cli/command_modules/appservice/_help.py Outdated
@@ -44,6 +44,20 @@
--facebook-oauth-scopes public_profile email
"""

helps['webapp assign-identity'] = """
type: command
short-summary: (PREVIEW)assign managed service identity to the webapp
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add space between (PREVIEW) and assign

@yugangw-msft yugangw-msft merged commit 950f300 into Azure:dev Nov 8, 2017
@yugangw-msft yugangw-msft deleted the msi-reload branch November 8, 2017 20:30
LukaszStem pushed a commit to LukaszStem/azure-cli that referenced this pull request Nov 9, 2017
@williexu
'clone root' for consistency (Azure#4845)
a2e09e6 
vmss: support basic tier of vms (Azure#4847)

Azure IoT CA functionality (Azure#4804)

* Adds support for X.509 Certificates in IoT Hub.

* Modifies release notes and changes help link.

* Cleans up .gitignore, and HISTORY.rst. Passes a single factory in commands.py. Moves test utilities. Adds a file completer.

* Updates style after rebase based on additional linter restrictions.

Reserved Instance cli public PR (Azure#4838)

Handle dashes in extension names better (Azure#4839)

Fix `az aks get-credentials` on Windows (Azure#4762)

* Fix `az aks get-credentials` on Windows

* Move k8s file merge logic to helper function

appservice: support assign managed service identity to webapp/functionapp (Azure#4837)

Extension examples small improvement (Azure#4852)

Fixing appservice list-locations (Azure#4846)

Add extension name to telemetry and UA header (Azure#4854)

Fix Azure#4825. (Azure#4853)

Extensions `az extension add` --yes param as flag (Azure#4858)

Fix issue Azure#2752. (Azure#4859)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@troydai troydai troydai approved these changes

Assignees

@troydai troydai

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yugangw-msft @azuresdkci @troydai