[Spring-cloud] Add support for AppMSI #4598
Conversation
… and re-generate the recording-test yaml files
Add helps for params in identity remove Add validators for params in identity remove Add unit test for params validator
spring-cloud app identity remove
spring-cloud app identity remove
spring-cloud app identity remove
1) Refine help info for command 2) Add parameters 3) Add validator 4) Add UT for validator
1. Add param 2. Add help info 3. Add validator 4. Add UT for validator
refactor validator
refine validator
implement and add partial recording test
add recording test for create app with user assigned managed identities
add recording test for create app with both assigned managed identities
1. add parameters 2. add validator 3. add method in help 4. add command 5. add stub implementation 6. add UT for validator
add recording test for force-set
…nformation. Will add not support and obsolete warning for specific cases.
ghost
added
Spring Cloud
ghost
requested review from
|
Spring-cloud |
| helps['spring-cloud app identity force-set'] = """ | ||
| type: command | ||
| short-summary: Force set managed identities on an app. | ||
| examples: | ||
| - name: Force remove all managed identities on an app. | ||
| text: az spring-cloud app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned disable --user-assigned disable | ||
| - name: Force remove all user-assigned managed identities on an app, and enable or keep system-assigned managed identity. | ||
| text: az spring-cloud app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned enable --user-assigned disable | ||
| - name: Force remove system-assigned managed identity on an app, and assign or keep user-assigned managed identities. | ||
| text: az spring-cloud app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned disable --user-assigned IdentityResourceId1 IdentityResourceId2 | ||
| """ |
There was a problem hiding this comment.
Why do we need this command? Can its function be replaced by the spring-cloud app identity remove command?
There was a problem hiding this comment.
Normally we don't need these commands. It's related to a data consistency problem among managed identity RP and my RP. There can be case when user identity is assigned to an app in my side, but deleted in managed identity RP due to data in-consistency. These commands leverage put method to reset data back with one command.
app identity remove/assign is done with patch http method, there can be case, there is no identity assigned to an app in my RP, but managed identity RP still has some identity assigned to the app.
| if _app_not_updatable(app): | ||
| raise CLIError("Failed to remove managed identities since app is in {} state.".format(app.properties.provisioning_state)) |
There was a problem hiding this comment.
Could we use the specific error type instead of CLIError?
There was a problem hiding this comment.
updated all 9 occurrences.
This checklist is used to make sure that common guidelines for a pull request are followed.
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally?For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your PR is merged into master branch, a new PR will be created to update
src/index.jsonautomatically.The precondition is to put your code inside this repo and upgrade the version in the PR but do not modify
src/index.json.