aaz commands for managing user assigned identities#729
Merged
kairu-ms merged 2 commits intoAzure:mainfrom Apr 18, 2025
Merged
Conversation
kairu-ms
reviewed
Apr 11, 2025
…naged identity API
kimorris27
force-pushed
the
feature-kimorris27/user-assigned-identities-aaz-commands
branch
from
633fa33 to
35c9d18
Compare
kairu-ms
approved these changes
Apr 18, 2025
kimorris27
added a commit
to Azure/ARO-RP
that referenced
this pull request
Apr 23, 2025
kimorris27
added a commit
to Azure/ARO-RP
that referenced
this pull request
Apr 23, 2025
kimorris27
added a commit
to Azure/ARO-RP
that referenced
this pull request
Apr 28, 2025
* Introduce aaz commands for creating and deleting managed identities For reference: Azure/aaz#729 * Add `--delete-identities` parameter and static validation * Fix minor typo in preexisting code * Extend dynamic validation to include cluster deletion and add unit tests for newly-introduced managed identity deletion permission validation As I was working on extending the dynamic validation I felt like it could use some refactoring for a few different reasons: - It was awkward to extend it to deletion - The logic is split in what was (to me) an unintuitive way between custom.py's `validate` function, and `_dynamic_validators.py` Refactoring that is beyond the scope of this PR though, so I did my best to extend what we have in a way that hopefully makes it easier to work with whether we refactor all of this validation or not. * Add automated identity deletion, including validation of the CLI user's permission to do so before proceeding * Fix linter errors * Add `is_preview` to the `--delete-identities` argument * Add unit tests for `--delete-identities` static validator
kevinobriendotca
pushed a commit
to Azure/ARO-RP
that referenced
this pull request
Apr 30, 2025
* Introduce aaz commands for creating and deleting managed identities For reference: Azure/aaz#729 * Add `--delete-identities` parameter and static validation * Fix minor typo in preexisting code * Extend dynamic validation to include cluster deletion and add unit tests for newly-introduced managed identity deletion permission validation As I was working on extending the dynamic validation I felt like it could use some refactoring for a few different reasons: - It was awkward to extend it to deletion - The logic is split in what was (to me) an unintuitive way between custom.py's `validate` function, and `_dynamic_validators.py` Refactoring that is beyond the scope of this PR though, so I did my best to extend what we have in a way that hopefully makes it easier to work with whether we refactor all of this validation or not. * Add automated identity deletion, including validation of the CLI user's permission to do so before proceeding * Fix linter errors * Add `is_preview` to the `--delete-identities` argument * Add unit tests for `--delete-identities` static validator
kevinobriendotca
pushed a commit
to Azure/ARO-RP
that referenced
this pull request
May 1, 2025
* Introduce aaz commands for creating and deleting managed identities For reference: Azure/aaz#729 * Add `--delete-identities` parameter and static validation * Fix minor typo in preexisting code * Extend dynamic validation to include cluster deletion and add unit tests for newly-introduced managed identity deletion permission validation As I was working on extending the dynamic validation I felt like it could use some refactoring for a few different reasons: - It was awkward to extend it to deletion - The logic is split in what was (to me) an unintuitive way between custom.py's `validate` function, and `_dynamic_validators.py` Refactoring that is beyond the scope of this PR though, so I did my best to extend what we have in a way that hopefully makes it easier to work with whether we refactor all of this validation or not. * Add automated identity deletion, including validation of the CLI user's permission to do so before proceeding * Fix linter errors * Add `is_preview` to the `--delete-identities` argument * Add unit tests for `--delete-identities` static validator
kimorris27
deleted the
feature-kimorris27/user-assigned-identities-aaz-commands
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
AAZ commands for CRUD operations on user assigned identities generated from the 2024-11-30 stable MSI RP API spec
Why
I'm an ARO SRE from Red Hat. The
az aroCLI is soon going to include functionality that will create and delete user assigned identities on behalf of the user as they create and delete Azure Red Hat OpenShift managed identity clusters.My understanding is that we are supposed to use aaz commands rather than importing the azure-sdk-for-python, so I generated these and thought it made sense to get them merged here before incorporating them into our CLI.
You can see the beginning of my work here: https://github.com/Azure/ARO-RP/tree/kimorris27/ARO-6443-miwi-cli-phase-2
Testing
In my local development environment, I've already been able to successfully delete managed identities as part of an
az aro deleteusing the code in the branch I linked to above, which validates that the generated code works as expected on a basic level.Additional Context
The aaz-dev-tools code generator initially gave an error as I was trying to generate the aaz CLI code, and I found that I needed to tweak the MSI RP's API spec to get it to work: https://github.com/kimorris27/azure-rest-api-specs/tree/kimorris27/tweak-msi-spec-for-aaz-code-generation
Do those changes need to be merged?