Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RBAC: role assignment creation #553

Merged
merged 1 commit into from
Jul 28, 2016
Merged

RBAC: role assignment creation #553

merged 1 commit into from
Jul 28, 2016

Conversation

yugangw-msft
Copy link
Contributor

@yugangw-msft yugangw-msft commented Jul 26, 2016
edited
Loading

Notes:

  1. The main focus is on the role assignment creation. The PR also contains graph object query command and user create so that i can test end to end
  2. The new command greatly simplifies the interface, with no function loss, this PR shrinks parameters number from 10 down to 4
    xplat's
 role assignment create [objectId] [signInName] [spn] [roleName] [roleId] [scope] [resource-group] [resource-type] [resource-name]

cli's

  role assignment create <assignee> <role> [resource_group] [resource_id]
  Arguments
    --assignee [Required]: Represent a user, group, or service principal. supported format: object
                           id, user sign-in name, or service principal name.
    --role     [Required]: Role name or id.
    --resource-group -g  : Name of resource group.
    --resource-id        : Resource id.

@yugangw-msft
Copy link
Contributor Author

/CC:@BurtBiel @derekbekoe @JasonRShaver

BurtBiel
BurtBiel reviewed Jul 27, 2016
View reviewed changes
src/command_modules/azure-cli-role/azure/cli/command_modules/role/custom.py

return client.users.list(filter=(' and ').join(sub_filters))

def create_user(user_principal_name, display_name, password, mail_nick_name=None, #pylint: disable=too-many-arguments
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mail_nick_name [](start = 61, length = 14)

minor naming: should be mail_nickname

@BurtBiel
Copy link
Contributor

:shipit:

derekbekoe
derekbekoe reviewed Jul 27, 2016
View reviewed changes
src/command_modules/azure-cli-role/azure/cli/command_modules/role/custom.py
elif len(role_defs) > 1:
raise CLIError('More than one roles match the given name {}'.format(role))
ids = [r.id for r in role_defs]
err = "More than one roles match the given name '{}'. Please pick a value from '{}'"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More than one roles match the given name [](start = 19, length = 40)

Think this should be "More than one role matches the given name" for grammar

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"More than one roles match the given name '{}'. Please pick a value from '{}'" [](start = 18, length = 78)

If I fall into this case, how would I resolve it with the error message that's provided?
Do I have to provide resource-id, set a different role, etc.?

If it would be clear for the context of the user of this command the action they need to take, it's fine. I was asking for clarification as I'm not sure the error message is the clearest.

Copy link
Contributor Author

@yugangw-msft yugangw-msft Jul 28, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Role name conflicts should be very rare. If it happens, you use az role list to see the role details, pick the one, and still use --role parameter but use the role id for value, which should be a unique guid

@derekbekoe
Copy link
Member

🕐

johanste
johanste reviewed Jul 28, 2016
View reviewed changes
src/command_modules/azure-cli-role/azure/cli/command_modules/role/custom.py
uuid.UUID(role)
role_id = role
except ValueError:
pass
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The preferred place to put argument validation is either in a validator (for validation that needs all parsed argument values) or in a type parameter (for individual argument values). This way, you get a consistent error message and usage statement instead of a single line of error text.

Copy link
Contributor Author

@yugangw-msft yugangw-msft Jul 28, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the only place we need to sniff the role-id at this moment, once i have more than 1, i will maintain the consistency by sharing the code, and i will consider validators.

@yugangw-msft yugangw-msft force-pushed the graph branch 2 times, most recently from 423e738 to b86bef9 Compare July 28, 2016 17:45
@derekbekoe
Copy link
Member

:shipit:

@yugangw-msft yugangw-msft merged commit 385df00 into Azure:master Jul 28, 2016
@yugangw-msft yugangw-msft deleted the graph branch September 18, 2016 21:25
@jiasli jiasli mentioned this pull request Nov 16, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yugangw-msft @BurtBiel @derekbekoe @johanste