[AAD] az ad ds create/update/list/show/delete: Support DomainService

[evelyn-ys]

New command module: az ad ds support management for AAD.DomainService
Commands:

• az ad ds create
• az ad ds update
• az ad ds list
• az ad ds show
• az ad ds delete

reference: AAD RP Speclet

---

This checklist is used to make sure that common guidelines for a pull request are followed.

General Guidelines

• Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
• Have you run python scripts/ci/test_index.py -q locally?

For new extensions:

• My extension description/summary conforms to the Extension Summary Guidelines.

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your PR is merged into master branch, a new PR will be created to update src/index.json automatically.
The precondition is to put your code inside this repo and upgrade the version in the PR but do not modify src/index.json.

[yonzhan]

AAD

[jiasli]

Same as #2817 (comment)

Backward slash \ is only supported by Linux Bash, we usually don't include \ in examples.

However, you can break lines without \ and add a comment to tell the user line breaks are added for legibility only, like

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code

// Line breaks for legibility only

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&state=12345
&code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
&code_challenge_method=S256

So this command can be written as

az ad ds create --domain "TestDomainService.com" --ntlm-v1 "Enabled" --sync-ntlm-passwords "Enabled"
                --tls-v1 "Disabled" --filtered-sync "Enabled" --external-access "Enabled" --ldaps "Enabled"
                ...

[evelyn-ys]

Auto-generated by CodeGen

[jiasli]

We can explain what ds is.

[evelyn-ys]

Auto-generated by CodeGen

[jiasli]

These are redundant indents, against CLI convention, like

https://github.com/Azure/azure-cli/blob/84e0e45de5f99936ca5b933493fd6234dbf648ae/src/azure-cli/azure/cli/command_modules/vm/_help.py#L65-L73

helps['disk delete'] = """
type: command
short-summary: Delete a managed disk.
examples:
  - name: Delete a managed disk. (autogenerated)
    text: |
        az disk delete --name MyManagedDisk --resource-group MyResourceGroup
    crafted: true
"""

Suggested change

	helps['ad ds'] = """
	type: group
	short-summary: Manage domain service with ad
	"""
	helps['ad ds'] = """
	type: group
	short-summary: Manage domain service with ad
	"""

[evelyn-ys]

Auto-generated by CodeGen

[evelyn-ys]

Refined in manual/_help.py

[jiasli]

The short-summary should usually ends with a period (.), like

https://github.com/Azure/azure-cli/blob/84e0e45de5f99936ca5b933493fd6234dbf648ae/src/azure-cli/azure/cli/command_modules/vm/_help.py#L67

short-summary: Delete a managed disk.

[evelyn-ys]

Auto-generated by CodeGen

[Juliehzl]

the description is not easy to understand with ad.

[evelyn-ys]

Refined in manual/_help.py

[jiasli]

The meaning of this try_manual is unclear to me as someone who is not familiar with the code. Also, shouldn't it be a general method that appears in the centralized test framework, instead of individual modules/extensions?

[evelyn-ys]

Auto-generated by CodeGen aimed to use manual code overwrite generated code

[jiasli]

Not used? I can't seem to find any usage of VirtualNetworkPreparer.

[evelyn-ys]

Auto-generated by CodeGen. I didn't use it but keep it because it will always be generated. No need to delete every time.

[Juliehzl]

@changlong-liu could we remove these preparer and import from azure cli core module?

[changlong-liu]

yes @Juliehzl , we are refactoring the test preparers codegen.

Hi @evelyn-ys , In latest autorest.az the preparers.py is supposed to be generated only when has some reference for it. Please help to send me the swagger branch to have further check if it generated even have no usage.

[evelyn-ys]

@changlong-liu Hope this stable swagger can help

[Juliehzl]

Current az ad command group has description Manage Azure Active Directory Graph entities needed for Role Based Access Control. It seems that your command group is not for az ad from the description.

[Juliehzl]

not in preview or experimental?

[evelyn-ys]

az ad is stable. az ad ds is marked as preview in command.py

[Juliehzl]

both of them are required?

[evelyn-ys]

Yes

[Juliehzl]

I see. You could consider add [required] in the description for them. But should the location be the location for subnet?

[evelyn-ys]

Current az ad command group has description Manage Azure Active Directory Graph entities needed for Role Based Access Control. It seems that your command group is not for az ad from the description.

Refined in manual/_help.py

[evelyn-ys]

@Juliehzl I have modified according to your comments, could you pls review again? Thanks a lot!

[jiasli]

Current az ad command group has description Manage Azure Active Directory Graph entities needed for Role Based Access Control. It seems that your command group is not for az ad from the description.

Refined in manual/_help.py

Even though the help message has been updated:

azure-cli-extensions/src/ad/azext_ad/manual/_help.py

Lines 14 to 17 in 2415c3b

	helps['ad'] = """
	type: group
	short-summary: Manage Azure Active Directory related entities and resources.
	"""

this design of putting az ad ds under az ds is still against the purpose of az ad which is designed to be a pure data-plane command group for calling AD Graph/Microsoft Graph. Because of this, in main Azure CLI, the global argument _subscription is ignored for az ad:

https://github.com/Azure/azure-cli/blob/e8efb791ea2f0ba5e4f172b26f75725fd8aa8079/src/azure-cli/azure/cli/command_modules/role/_params.py#L25-L26

    with self.argument_context('ad') as c:
        c.ignore('_subscription')  # hide global subscription param

However, apparently, az ad ds is a mgmt-plane command group calling Microsoft.AAD Resource Provider:

azure-cli-extensions/src/ad/azext_ad/vendored_sdks/domainservices/operations/_domain_services_operations.py

Line 118 in 2415c3b

list.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.AAD/domainServices'} # type: ignore

This means the global argument _subscription shouldn't be ignored for az ad ds.

If a specific command such as az ad ds -h is run, the core is smart enough to filter the command loader based on the command name and only load what is needed:

https://github.com/Azure/azure-cli/blob/7a4d03f077151be8fc312c9ce82febd1dda118cb/src/azure-cli-core/azure/cli/core/__init__.py#L499

            command_loaders = self.cmd_to_loader_map.get(command, None)

In such case, only azext_ad.DomainServicesResourceProviderCommandsLoader is loaded and azure.cli.command_modules.role.RoleCommandsLoader will be skipped. _subscription won't be ignored and will still appear in the in-tool help.

However, in the reference doc generation pipeline, both command loaders will be loaded. If azure.cli.command_modules.role.RoleCommandsLoader is load first, when azext_ad.DomainServicesResourceProviderCommandsLoader is loaded, _subscription will be ignored for az ad ds.

See Azure/azure-cli#27296 (comment) for details.