[KeyVault] az keyvault create: support --network-acls, --network-acls-ips and --network-acls-vnets for specifying network rules while creating vault

[bim-msft]

Support for AB#1150

Usage:

Use JSON string directly, for the vnet field, {vnet_name}/{subnet_name} and {subnet_id} are both supported:

az keyvault create --network-acls "{
     \"ip\":  [\"1.2.3.4\", \"2.3.4.0/24\"], 
     \"vnet\": [
           \"vnet_name_1/subnet_name1\", 
           \"/subscriptions/000000-0000-0000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/subnet2\"
     ]
}"

Use JSON file:

az keyvault create --network-acls network-acls-example.json

Use flattened parameters (IP rule):

az keyvault create --network-acls-ips 1.2.3.4 2.3.4.0/24

Virtual network rule:

az keyvault create --network-acls-vnets vnet_name_1/subnet_name1 /subscriptions/000000-0000-0000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/subnet2

Also, the three parameters --network-acls, --network-acls-ips and --network-acls-vnets are all optional and they can be used together:

az keyvault create --network-acls ... --network-acls-ips ... --network-acls-vnets ...

---

This checklist is used to make sure that common guidelines for a pull request are followed.

• The PR title and description has followed the guideline in Submitting Pull Requests.

• I adhere to the Command Guidelines.

[yungezz]

why load again?

[bim-msft]

why load again?

@yungezz Good point, actually I added this sentence in order to make sure the input is a valid JSON. But later I modified the code that makes this part useless... I will remove this part.

[yungezz]

can user input resource id directly?

[bim-msft]

can user input resource id directly?

@yungezz It should be supported, I will update the code.

[yonzhan]

keyvault

[yungezz]

LGTM, one comment left

[yungezz]

thanks @bim-msft for quick change. Should we fail validation when json and flatten params from user at same time?

[bim-msft]

thanks @bim-msft for quick change. Should we fail validation when json and flatten params from user at same time?

@yungezz I think it's safe to pass validation for this case which all three params are specified at the same time. As far as I can see, there is one scenario may benefits from this: user has one basic network rules json file, and this file is always applied to a new created vault, also there are different additional rules for each new vault.

[yungezz]

:) I would think user would like to put all configure rules in one place either one json file or params value. anyway, the validation could be added later after get some feedback

[fengzhou-msft]

No @ prefix for file?

[bim-msft]

No @ prefix for file?

@fengzhou-msft Is @ a convention? I think in this case users don't need to specify the marker explicitly, the program can detect whether it's a JSON string or a JSON filename.

[fengzhou-msft]

It seems json str or @file.json is a convention, and type=validate_file_or_dict can be used. @Juliehzl @myronfanqiu any guideline for this?

[fengzhou-msft]

Tested with validate_file_or_dict, it can support json string and file path with or without @ prefix.

[bim-msft]

@fengzhou-msft That's good, I will use type=validate_file_or_dict to refine the code.

[bim-msft]

@fengzhou-msft For the help messages and examples, I decided not to add @ as a prefix since this is not mandatory and may cause confusion.