Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azure: Add wizard steps to list/create UserAssignedIdentities and execute role definitions #1757

Merged
merged 9 commits into from
Jul 25, 2024
Merged

azure: Add wizard steps to list/create UserAssignedIdentities and execute role definitions #1757

merged 9 commits into from
Jul 25, 2024

Conversation

nturinski
Copy link
Member

@nturinski nturinski commented Jul 19, 2024
edited
Loading

See an example of this being used here: https://github.com/microsoft/vscode-azurefunctions/pull/4213/files

This adds managedIdentity to the ResourceWizardContext since managed identity will be included in a lot of our resources.

The UserAssignedIdentity steps are for listing and creating new identities. Right now, it will always default to creating it in the resource group. That reminds me, I need to test what happens if I pick an existing resource group that already has an MI in it. I'm not even sure what behavior should be-- create a new one with a suffix or use the existing one?

The RoleAssignmentStep should work for both system and user assigned identities. Because the scope will be created during the wizard, you need to pass a function that returns the property that you want since the context will be updated by the time the function is called. Execute priority is also 900 because in most cases, it should always be the last thing to execute.

@nturinski nturinski requested a review from a team as a code owner July 19, 2024 22:34
@nturinski
Copy link
Member Author

I should probably revisit exposing the scope since it contains the subscription id of the resource as well. Probably can just split by / and take the last two indices.
3:39:20 PM: Role assignment "StorageBlobDataContributor" created with resource "/subscriptions/9b5c7ccb-9857-4307-843b-8875e83f65e9/resourceGroups/naturinsmi22/providers/Microsoft.Storage/storageAccounts/naturinsmi22".

MicroFish91
MicroFish91 reviewed Jul 19, 2024
View reviewed changes
azure/src/clients.ts

export async function createAuthorizationManagementClient(context: InternalAzExtClientContext): Promise<AuthorizationManagementClient> {
if (parseClientContext(context).isCustomCloud) {
return <AuthorizationManagementClient><unknown>createAzureClient(context, (await import('@azure/arm-authorization-profile-2020-09-01-hybrid')).AuthorizationManagementClient);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh nice, so the hybrid profile version was made to support custom clouds?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a downside to just always using the one that supports custom clouds?

Copy link
Member Author

@nturinski nturinski Jul 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed offline, but the api-versions for custom clouds aren't kept up to date as quickly as standard Azure SDKs.

@alexweininger
Copy link
Member

TODO: Add more description on Monday 😅

Time is running out

@nturinski
Copy link
Member Author

I should probably revisit exposing the scope since it contains the subscription id of the resource as well. Probably can just split by / and take the last two indices. 3:39:20 PM: Role assignment "StorageBlobDataContributor" created with resource "/subscriptions/9b5c7ccb-9857-4307-843b-8875e83f65e9/resourceGroups/naturinsmi22/providers/Microsoft.Storage/storageAccounts/naturinsmi22".

New message looks like this:
image

alexweininger
alexweininger reviewed Jul 23, 2024
View reviewed changes
Copy link
Member

@alexweininger alexweininger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initial pass

azure/index.d.ts Outdated Show resolved Hide resolved
azure/index.d.ts Outdated Show resolved Hide resolved
azure/package.json Show resolved Hide resolved
azure/src/clients.ts

export async function createAuthorizationManagementClient(context: InternalAzExtClientContext): Promise<AuthorizationManagementClient> {
if (parseClientContext(context).isCustomCloud) {
return <AuthorizationManagementClient><unknown>createAzureClient(context, (await import('@azure/arm-authorization-profile-2020-09-01-hybrid')).AuthorizationManagementClient);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a downside to just always using the one that supports custom clouds?

azure/src/constants.ts Show resolved Hide resolved
@nturinski nturinski merged commit fad47ce into main Jul 25, 2024
4 checks passed
@nturinski nturinski deleted the azure/nat/managedIdentity branch July 25, 2024 20:20
This was referenced Sep 15, 2024
Open
Open
This was referenced Sep 23, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MicroFish91 MicroFish91 MicroFish91 left review comments

@alexweininger alexweininger alexweininger approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nturinski @alexweininger @MicroFish91