[Identity] az identity federated-credential create/update: Add support for claims matching expressions (#31436)

Co-authored-by: Srujan Bandarkar <[email protected]>

Author: Sruuujaaan

src/azure-cli/azure/cli/command_modules/identity/__init__.py

@@ -19,6 +19,17 @@ def __init__(self, cli_ctx=None):
 
     def load_command_table(self, args):
         from azure.cli.command_modules.identity.commands import load_command_table
+        from azure.cli.core.aaz import load_aaz_command_table
+        try:
+            from . import aaz
+        except ImportError:
+            aaz = None
+        if aaz:
+            load_aaz_command_table(
+                loader=self,
+                aaz_pkg_name=aaz.__name__,
+                args=args
+            )
         load_command_table(self, args)
         return self.command_table
 

src/azure-cli/azure/cli/command_modules/identity/_client_factory.py

@@ -24,7 +24,3 @@ def _msi_user_identities_operations(cli_ctx, _):
 
 def _msi_operations_operations(cli_ctx, _):
     return _msi_client_factory(cli_ctx).operations
-
-
-def _msi_federated_identity_credentials_operations(cli_ctx, _):
-    return _msi_client_factory(cli_ctx).federated_identity_credentials

src/azure-cli/azure/cli/command_modules/identity/_help.py

@@ -35,53 +35,3 @@
 type: command
 short-summary: List the associated resources for the identity.
 """
-
-helps['identity federated-credential'] = """
-type: group
-short-summary: Manage federated identity credentials under user assigned identities.
-"""
-
-helps['identity federated-credential create'] = """
-type: command
-short-summary: Create a federated identity credential under an existing user assigned identity.
-examples:
-  - name: Create a federated identity credential under a specific user assigned identity.
-    text: |
-        az identity federated-credential create --name myFicName --identity-name myIdentityName --resource-group myResourceGroup --issuer myIssuer --subject mySubject --audiences myAudiences
-"""
-
-helps['identity federated-credential update'] = """
-type: command
-short-summary: Update a federated identity credential under an existing user assigned identity.
-examples:
-  - name: Update a federated identity credential under a specific user assigned identity.
-    text: |
-        az identity federated-credential update --name myFicName --identity-name myIdentityName --resource-group myResourceGroup --issuer myIssuer --subject mySubject --audiences myAudiences
-"""
-
-helps['identity federated-credential delete'] = """
-type: command
-short-summary: Delete a federated identity credential under an existing user assigned identity.
-examples:
-  - name: Delete a federated identity credential under a specific user assigned identity.
-    text: |
-        az identity federated-credential delete --name myFicName --identity-name myIdentityName --resource-group myResourceGroup
-"""
-
-helps['identity federated-credential show'] = """
-type: command
-short-summary: Show a federated identity credential under an existing user assigned identity.
-examples:
-  - name: Show a federated identity credential under a specific user assigned identity.
-    text: |
-        az identity federated-credential show --name myFicName --identity-name myIdentityName --resource-group myResourceGroup
-"""
-
-helps['identity federated-credential list'] = """
-type: command
-short-summary: List all federated identity credentials under an existing user assigned identity.
-examples:
-  - name: List all federated identity credentials under an existing user assigned identity.
-    text: |
-        az identity federated-credential list --identity-name myIdentityName --resource-group myResourceGroup
-"""

src/azure-cli/azure/cli/command_modules/identity/_params.py

@@ -8,7 +8,6 @@
 
 from azure.cli.core.commands.parameters import get_location_type, tags_type
 
-
 name_arg_type = CLIArgumentType(options_list=('--name', '-n'), metavar='NAME',
                                 help='The name of the identity resource.')
 
@@ -21,13 +20,3 @@ def load_arguments(self, _):
     with self.argument_context('identity create') as c:
         c.argument('location', get_location_type(self.cli_ctx), required=False)
         c.argument('tags', tags_type)
-
-    with self.argument_context('identity federated-credential', min_api='2022-01-31-preview') as c:
-        c.argument('federated_credential_name', options_list=('--name', '-n'), help='The name of the federated identity credential resource.')
-        c.argument('identity_name', help='The name of the identity resource.')
-
-    for scope in ['identity federated-credential create', 'identity federated-credential update']:
-        with self.argument_context(scope) as c:
-            c.argument('issuer', help='The openId connect metadata URL of the issuer of the identity provider that Azure AD would use in the token exchange protocol for validating tokens before issuing a token as the user-assigned managed identity.')
-            c.argument('subject', help='The sub value in the token sent to Azure AD for getting the user-assigned managed identity token. The value configured in the federated credential and the one in the incoming token must exactly match for Azure AD to issue the access token.')
-            c.argument('audiences', nargs='+', help='The aud value in the token sent to Azure for getting the user-assigned managed identity token. The value configured in the federated credential and the one in the incoming token must exactly match for Azure to issue the access token.')

src/azure-cli/azure/cli/command_modules/identity/aaz/__init__.py

@@ -0,0 +1,6 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------

src/azure-cli/azure/cli/command_modules/identity/aaz/latest/__init__.py

@@ -0,0 +1,10 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+

src/azure-cli/azure/cli/command_modules/identity/aaz/latest/identity/__cmd_group.py

@@ -0,0 +1,23 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+@register_command_group(
+    "identity",
+)
+class __CMDGroup(AAZCommandGroup):
+    """Manage Managed Identity
+    """
+    pass
+
+
+__all__ = ["__CMDGroup"]

src/azure-cli/azure/cli/command_modules/identity/aaz/latest/identity/__init__.py

@@ -0,0 +1,11 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from .__cmd_group import *

src/azure-cli/azure/cli/command_modules/identity/aaz/latest/identity/federated_credential/__cmd_group.py

@@ -0,0 +1,23 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+@register_command_group(
+    "identity federated-credential",
+)
+class __CMDGroup(AAZCommandGroup):
+    """Manage federated identity credentials under user assigned identities.
+    """
+    pass
+
+
+__all__ = ["__CMDGroup"]

src/azure-cli/azure/cli/command_modules/identity/aaz/latest/identity/federated_credential/__init__.py

@@ -0,0 +1,16 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from .__cmd_group import *
+from ._create import *
+from ._delete import *
+from ._list import *
+from ._show import *
+from ._update import *