Azure Managed Grafana: expose AZ and improve "delete grafana" command (…

…#4803)

* features: clean up role assignments on delete and support az

* command: enable AZ, and improve delete

* fix lint error

src/amg/HISTORY.rst

@@ -5,4 +5,8 @@ Release History
 
 0.1.0
 ++++++
-* Initial release.
+* Initial release.
+
+0.1.1
+++++++
+* update 'az grafana delete' to automatically remove the default role assignment created for the managed identity

src/amg/azext_amg/_params.py

@@ -8,10 +8,10 @@
 def load_arguments(self, _):
 
     from knack.arguments import CLIArgumentType
-    from azure.cli.core.commands.parameters import tags_type, get_three_state_flag
+    from azure.cli.core.commands.parameters import tags_type, get_three_state_flag, get_enum_type
     from azure.cli.core.commands.validators import get_default_location_from_resource_group
     from ._validators import process_missing_resource_group_parameter
-
+    from azext_amg.vendored_sdks.models import ZoneRedundancy
     grafana_name_type = CLIArgumentType(options_list="--grafana-name",
                                         help="Name of the Azure Managed Dashboard for Grafana.",
                                         id_part="name")
@@ -26,6 +26,7 @@ def load_arguments(self, _):
 
     with self.argument_context("grafana create") as c:
         c.argument("grafana_name", grafana_name_type, options_list=["--name", "-n"], validator=None)
+        c.argument("zone_redundancy", arg_type=get_enum_type(ZoneRedundancy), help="Indicates whether or not zone redundancy should be enabled. Default: Disabled")
         c.argument("skip_system_assigned_identity", options_list=["-s", "--skip-system-assigned-identity"], arg_type=get_three_state_flag(), help="Do not enable system assigned identity")
         c.argument("skip_role_assignments", arg_type=get_three_state_flag(), help="Do not create role assignments for managed identity and the current login user")
 

src/amg/azext_amg/custom.py

@@ -10,6 +10,7 @@
 
 from knack.log import get_logger
 
+from azure.cli.core.commands import LongRunningOperation
 from azure.cli.core.commands.client_factory import get_mgmt_service_client, get_subscription_id
 from azure.cli.core.profiles import ResourceType, get_sdk
 from azure.cli.core.util import should_disable_connection_verify
@@ -24,10 +25,11 @@
 
 
 def create_grafana(cmd, resource_group_name, grafana_name,
-                   location=None, skip_system_assigned_identity=False, skip_role_assignments=False, tags=None):
+                   location=None, skip_system_assigned_identity=False, skip_role_assignments=False,
+                   tags=None, zone_redundancy=None):
     from azure.cli.core.commands.arm import resolve_role_id
-    from azure.cli.core.commands import LongRunningOperation
-    client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES)
+
+    client = cf_amg(cmd.cli_ctx)
     resource = {
         "sku": {
             "name": "standard"
@@ -36,8 +38,12 @@ def create_grafana(cmd, resource_group_name, grafana_name,
         "identity": None if skip_system_assigned_identity else {"type": "SystemAssigned"},
         "tags": tags
     }
-    poller = client.resources.begin_create_or_update(resource_group_name, "Microsoft.Dashboard", "",
-                                                     "grafana", grafana_name, "2021-09-01-preview", resource)
+    resource["properties"] = {
+        "zoneRedundancy": zone_redundancy
+    }
+
+    poller = client.grafana.begin_create(resource_group_name, grafana_name, resource)
+    LongRunningOperation(cmd.cli_ctx)(poller)
 
     if skip_role_assignments:
         return poller
@@ -108,6 +114,14 @@ def _create_role_assignment(cli_ctx, principal_id, role_definition_id, scope):
             raise
 
 
+def _delete_role_assignment(cli_ctx, principal_id):
+    assignments_client = get_mgmt_service_client(cli_ctx, ResourceType.MGMT_AUTHORIZATION).role_assignments
+    f = f"principalId eq '{principal_id}'"
+    assignments = list(assignments_client.list(filter=f))
+    for a in assignments or []:
+        assignments_client.delete_by_id(a.id)
+
+
 def list_grafana(cmd, resource_group_name=None):
     client = cf_amg(cmd.cli_ctx)
     if resource_group_name:
@@ -121,9 +135,17 @@ def show_grafana(cmd, grafana_name, resource_group_name=None):
 
 
 def delete_grafana(cmd, grafana_name, resource_group_name=None):
-    client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES)
-    return client.resources.begin_delete(resource_group_name, "Microsoft.Dashboard",
-                                         "", "grafana", grafana_name, "2021-09-01-preview")
+    client = cf_amg(cmd.cli_ctx)
+    grafana = client.grafana.get(resource_group_name, grafana_name)
+
+    # delete first
+    poller = client.grafana.begin_delete(resource_group_name, grafana_name)
+    LongRunningOperation(cmd.cli_ctx)(poller)
+
+    # delete role assignment
+    logger.warning("Grafana instance of '%s' was delete. Now removing role assignments for associated with its "
+                   "managed identity", grafana_name)
+    _delete_role_assignment(cmd.cli_ctx, grafana.identity.principal_id)
 
 
 def show_dashboard(cmd, grafana_name, uid, resource_group_name=None):