Changes in command

hiaga · Jul 15, 2021 · 6b3d9e7 · 6b3d9e7
1 parent 502c56d
commit 6b3d9e7
Show file tree

Hide file tree

Showing 7 changed files with 1,104 additions and 1,340 deletions.
diff --git a/src/azure-cli/azure/cli/command_modules/backup/_help.py b/src/azure-cli/azure/cli/command_modules/backup/_help.py
@@ -495,12 +495,32 @@
     text: az backup vault show --name MyRecoveryServicesVault --resource-group MyResourceGroup
     crafted: true
 """
-helps['backup vault update'] = """
+helps['backup vault identity'] = """
+type: group
+short-summary: Identity details of a Recovery Services Vault.
+"""
+helps['backup vault identity assign'] = """
+type: command
+short-summary: Assign Identities to Recovery Services vault.
+examples:
+  - name: Assign Identities to Recovery Services vault. (autogenerated)
+    text: az backup vault identity assign --system-assigned --user-assigned MyIdentityId1 --resource-group MyResourceGroup --vault-name MyVault
+    crafted: true
+"""
+helps['backup vault identity remove'] = """
+type: command
+short-summary: Remove Identities of Recovery Services vault.
+examples:
+  - name: Remove Identities of Recovery Services vault. (autogenerated)
+    text: az backup vault identity remove --system-assigned --user-assigned MyIdentityId1 --resource-group MyResourceGroup --vault-name MyVault
+    crafted: true
+"""
+helps['backup vault identity show'] = """
 type: command
-short-summary: Update an existing Recovery Services vault.
+short-summary: Show Identities of Recovery Services vault.
 examples:
-  - name: Update an existing Recovery services vault. (autogenerated)
-    text: az backup vault update --identity-type None --resource-group MyResourceGroup --vault-name MyVault
+  - name: Show Identities of Recovery Services vault. (autogenerated)
+    text: az backup vault identity show --resource-group MyResourceGroup --vault-name MyVault
     crafted: true
 """
 helps['backup vault encryption'] = """

diff --git a/src/azure-cli/azure/cli/command_modules/backup/_params.py b/src/azure-cli/azure/cli/command_modules/backup/_params.py
@@ -28,7 +28,6 @@
 allowed_target_tier_type_chk_archivable = ['VaultArchive']
 allowed_tier_type = ['VaultStandard', 'Snapshot', 'VaultArchive', 'VaultStandardRehydrated', 'SnapshotAndVaultStandard', 'SnapshotAndVaultArchive']
 allowed_rehyd_priority_type = ['Standard', 'High']
-allowed_identity_types = ['systemassigned', 'userassigned', 'none']
 
 backup_management_type_help = """Specifiy the backup management type. Define how Azure Backup manages the backup of entities within the ARM resource. For eg: AzureWorkloads refers to workloads installed within Azure VMs, AzureStorage refers to entities within Storage account. Required only if friendly name is used as Container name."""
 container_name_help = """Name of the backup container. Accepts 'Name' or 'FriendlyName' from the output of az backup container list command. If 'FriendlyName' is passed then BackupManagementType is required."""
@@ -73,11 +72,11 @@
 target_tier_type = CLIArgumentType(help=target_tier_help, arg_type=get_enum_type(allowed_target_tier_type_chk_archivable), options_list=['--target-tier'])
 tier_type = CLIArgumentType(help=tier_help, arg_type=get_enum_type(allowed_tier_type), options_list=['--tier'])
 rehyd_priority_type = CLIArgumentType(help=rehyd_priority_type_help, arg_type=get_enum_type(allowed_rehyd_priority_type), options_list=['--rehydration-priority'])
-identity_type = CLIArgumentType(options_list=['--identity-type'], arg_type=get_enum_type(allowed_identity_types), help="The identity type to be enabled for this vault, whether it is systemassigned, userassigned or none")
-identity_id_type = CLIArgumentType(nargs='+', options_list=['--identity-id'], help="Space-separated list of userassigned identities. This will be applicable only for userassigned identity type")
 user_assigned_identity_id_type = CLIArgumentType(options_list=['--identity-id'], help="UserAssigned Identity Id to be used for CMK encryption, this will be applicable for encryption using userassigned identity")
 encryption_key_id_type = CLIArgumentType(options_list=['--encryption-key-id'], help="The encryption key id you want to use for encryption")
 infrastructure_encryption_type = CLIArgumentType(options_list=['--infrastructure-encryption'], arg_type=get_enum_type(['Enabled', 'Disabled']), help=infrastructure_encryption_type_help)
+user_assigned_type = CLIArgumentType(nargs='+', options_list=['--user-assigned'], help="Space-separated list of userassigned identities.")
+user_assigned_remove_type = CLIArgumentType(nargs='*', options_list=['--user-assigned'], help="Space-separated list of userassigned identities.")
 
 
 # pylint: disable=too-many-statements
@@ -100,12 +99,18 @@ def load_arguments(self, _):
         c.argument('cross_region_restore_flag', arg_type=get_enum_type(['True', 'False']), help='Set cross-region-restore feature state for a Recovery Services Vault. Default: False.')
 
     # Identity
-    with self.argument_context('backup vault update') as c:
+    with self.argument_context('backup vault identity assign') as c:
+        c.argument('vault_name', vault_name_type)
+        c.argument('system_assigned', action='store_true', options_list=['--system-assigned'], help="Provide this flag to enable system assigned identity for Recovery Services Vault.")
+        c.argument('user_assigned', user_assigned_type)
+
+    with self.argument_context('backup vault identity remove') as c:
+        c.argument('vault_name', vault_name_type)
+        c.argument('system_assigned', action='store_true', options_list=['--system-assigned'], help="Provide this flag to enable system assigned identity for Recovery Services Vault.")
+        c.argument('user_assigned', user_assigned_remove_type)
+
+    with self.argument_context('backup vault identity show') as c:
         c.argument('vault_name', vault_name_type)
-        c.argument('identity_type', identity_type)
-        c.argument('identity_id', identity_id_type)
-        c.argument('remove_user_assigned', action='store_true', help="Use this flag to remove user assigned identity")
-        c.argument('remove_system_assigned', action='store_true', help="Use this flag to remove system assigned identity")
 
     # Encryption
     with self.argument_context('backup vault encryption') as c:

diff --git a/src/azure-cli/azure/cli/command_modules/backup/commands.py b/src/azure-cli/azure/cli/command_modules/backup/commands.py
@@ -34,7 +34,9 @@ def load_command_table(self, _):
         g.custom_command('backup-properties show', 'get_backup_properties', client_factory=backup_storage_configs_cf)
         g.custom_command('backup-properties set', 'set_backup_properties', client_factory=backup_storage_configs_cf)
         g.custom_command('delete', 'delete_vault', confirmation=True)
-        g.custom_command('update', 'update_vault')
+        g.custom_command('identity assign', 'assign_identity')
+        g.custom_command('identity remove', 'remove_identity')
+        g.custom_command('identity show', 'show_identity')
         g.custom_command('encryption update', 'update_encryption')
         g.custom_command('encryption show', 'show_encryption', client_factory=backup_resource_encryption_config_cf)
 

diff --git a/src/azure-cli/azure/cli/command_modules/backup/custom.py b/src/azure-cli/azure/cli/command_modules/backup/custom.py
@@ -189,46 +189,31 @@ def list_vaults(client, resource_group_name=None):
     return client.list_by_subscription_id()
 
 
-def update_vault(client, resource_group_name, vault_name, identity_type=None, identity_id=None,
-                 remove_user_assigned=None, remove_system_assigned=None):
-
+def assign_identity(client, resource_group_name, vault_name, system_assigned=None, user_assigned=None):
     vault_details = client.get(resource_group_name, vault_name)
 
     curr_identity_details = vault_details.identity
     curr_identity_type = 'none'
+    identity_type = 'none'
+    user_assigned_identity = None
 
     if curr_identity_details is not None:
         curr_identity_type = curr_identity_details.type.lower()
-    user_assigned_identity = None
 
-    if identity_type is not None:
-        if remove_user_assigned or remove_system_assigned:
-            raise MutuallyExclusiveArgumentError("Addition and Deletion of identities are not possible at same time.")
-
-        identity_type = identity_type.replace(" ", "").lower()
-
-        if identity_type in ["none", "systemassigned"]:
-            if identity_id is not None:
-                raise ArgumentUsageError("--identiy-id paramter is only supported for UserAssigned identities.")
-
-            if curr_identity_type in ["systemassigned, userassigned", "userassigned"]:
-                if identity_type == "systemassigned":
-                    identity_type = 'systemassigned,userassigned'
-        elif identity_type == 'userassigned':
-            if identity_id is None:
-                raise RequiredArgumentMissingError("Please provide identity id using --identity-id parameter.")
-
-            userid = UserIdentity()
-            user_assigned_identity = dict()
-            for element in identity_id:
-                user_assigned_identity[element] = userid
-            if curr_identity_type in ["systemassigned", "systemassigned, userassigned"]:
-                identity_type = 'systemassigned,userassigned'
-
-    elif remove_system_assigned or remove_user_assigned:
-        return _remove_identities(client, resource_group_name, vault_name, curr_identity_details,
-                                  curr_identity_type, identity_id, remove_user_assigned,
-                                  remove_system_assigned)
+    if user_assigned is not None:
+        userid = UserIdentity()
+        user_assigned_identity = dict()
+        for userMSI in user_assigned:
+            user_assigned_identity[userMSI] = userid
+        if system_assigned is not None or curr_identity_type in ["systemassigned", "systemassigned, userassigned"]:
+            identity_type = "systemassigned,userassigned"
+        else:
+            identity_type = "userassigned"
+    elif system_assigned is not None:
+        if curr_identity_type in ["systemassigned, userassigned", "userassigned"]:
+            identity_type = "systemassigned,userassigned"
+        else:
+            identity_type = "systemassigned"
     else:
         raise RequiredArgumentMissingError(
             """
@@ -240,73 +225,94 @@ def update_vault(client, resource_group_name, vault_name, identity_type=None, id
     return client.begin_update(resource_group_name, vault_name, vault)
 
 
-def _remove_identities(client, resource_group_name, vault_name, curr_identity_details, curr_identity_type,
-                       identity_id, remove_user_assigned, remove_system_assigned):
-    identity_type = None
+def remove_identity(client, resource_group_name, vault_name, system_assigned=None, user_assigned=None):
+    vault_details = client.get(resource_group_name, vault_name)
+
+    curr_identity_details = vault_details.identity
+    curr_identity_type = 'none'
     user_assigned_identity = None
-    if remove_user_assigned and remove_system_assigned:
-        raise MutuallyExclusiveArgumentError(
-            """
-            Both system and user assigned identities can't be removed at same time.
-            """)
+    identity_type = 'none'
 
-    if remove_system_assigned:
-        if identity_id is not None:
-            raise MutuallyExclusiveArgumentError(
-                """
-                --identiy-id paramter is only supported for UserAssigned identities
-                """)
-        if curr_identity_type not in ["systemassigned", "systemassigned, userassigned"]:
-            raise ArgumentUsageError(
-                """
-                System assigned identity is not enabled for Recovery Services Vault.
-                """)
-        if curr_identity_type == 'systemassigned':
-            identity_type = 'none'
-        else:
-            identity_type = 'userassigned'
-    else:
+    if curr_identity_details is not None:
+        curr_identity_type = curr_identity_details.type.lower()
+
+    if user_assigned is not None:
         if curr_identity_type not in ["userassigned", "systemassigned, userassigned"]:
             raise ArgumentUsageError(
                 """
                 There are no user assigned identities to be removed.
                 """)
-        if identity_id is None:
-            raise RequiredArgumentMissingError(
-                """
-                Please provide identity ids to be removed using --identity-id parameter.
-                """)
-
         userid = None
         remove_count_of_userMSI = 0
         totaluserMSI = 0
         user_assigned_identity = dict()
         for element in curr_identity_details.user_assigned_identities.keys():
-            if element in identity_id:
+            if element in user_assigned:
                 remove_count_of_userMSI += 1
             totaluserMSI += 1
-
-        for userMSI in identity_id:
+        if len(user_assigned) == 0:
+            remove_count_of_userMSI = totaluserMSI
+        for userMSI in user_assigned:
             user_assigned_identity[userMSI] = userid
-
-        if curr_identity_type == 'systemassigned, userassigned':
+        if system_assigned is not None:
+            if curr_identity_type != "systemassigned, userassigned":
+                raise ArgumentUsageError(
+                    """
+                    System assigned identity is not enabled for Recovery Services Vault.
+                    """)
             if remove_count_of_userMSI == totaluserMSI:
-                identity_type = 'systemassigned'
+                identity_type = 'none'
                 user_assigned_identity = None
             else:
-                identity_type = 'systemassigned,userassigned'
+                identity_type = "userassigned"
         else:
-            if remove_count_of_userMSI == totaluserMSI:
-                identity_type = 'none'
-                user_assigned_identity = None
+            if curr_identity_type == 'systemassigned, userassigned':
+                if remove_count_of_userMSI == totaluserMSI:
+                    identity_type = 'systemassigned'
+                    user_assigned_identity = None
+                else:
+                    identity_type = 'systemassigned,userassigned'
             else:
-                identity_type = 'userassigned'
+                if remove_count_of_userMSI == totaluserMSI:
+                    identity_type = 'none'
+                    user_assigned_identity = None
+                else:
+                    identity_type = 'userassigned'
+    elif system_assigned is not None:
+        return _remove_system_identity(client, resource_group_name, vault_name, curr_identity_type)
+    else:
+        raise RequiredArgumentMissingError(
+            """
+            Invalid parameters, no operation specified.
+            """)
 
     identity_data = IdentityData(type=identity_type, user_assigned_identities=user_assigned_identity)
     vault = PatchVault(identity=identity_data)
     return client.begin_update(resource_group_name, vault_name, vault)
 
 
+def _remove_system_identity(client, resource_group_name, vault_name, curr_identity_type):
+    user_assigned_identity = None
+    identity_type = 'none'
+    if curr_identity_type not in ["systemassigned", "systemassigned, userassigned"]:
+        raise ArgumentUsageError(
+            """
+            System assigned identity is not enabled for Recovery Services Vault.
+            """)
+    if curr_identity_type == 'systemassigned':
+        identity_type = 'none'
+    else:
+        identity_type = 'userassigned'
+
+    identity_data = IdentityData(type=identity_type, user_assigned_identities=user_assigned_identity)
+    vault = PatchVault(identity=identity_data)
+    return client.begin_update(resource_group_name, vault_name, vault)
+
+
+def show_identity(client, resource_group_name, vault_name):
+    return client.get(resource_group_name, vault_name).identity
+
+
 def update_encryption(cmd, client, resource_group_name, vault_name, encryption_key_id, infrastructure_encryption=None,
                       identity_id=None, use_systemassigned_identity=None):
     keyVaultproperties = CmkKeyVaultProperties(key_uri=encryption_key_id)