-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Key Vault Admin] Convenience layer - KeyVaultAccessControlClient #10815
[Key Vault Admin] Convenience layer - KeyVaultAccessControlClient #10815
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The convenience client looks great!
I left some minor API feedback and a few code nits.
} | ||
|
||
// @public | ||
export type RoleAssignmentScope = "/" | "/keys" | string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this feels like a weird type, though I'm not sure what would be better
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The string part is because it accepts UUIDs. I wonder if we could have some UUID validator as a type? That would be generally helpful in our clients.
Co-authored-by: Jeff Fisher <xirzec@xirzec.com>
Co-authored-by: Jeff Fisher <xirzec@xirzec.com>
…-convenience-layer
The generated code already has this now!
…-convenience-layer
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mainly left comments on where python differs, not saying what we're doing is correct htough
// @public | ||
export class KeyVaultAccessControlClient { | ||
constructor(vaultUrl: string, credential: TokenCredential, pipelineOptions?: AccessControlClientOptions); | ||
createRoleAssignment(roleScope: RoleAssignmentScope, name: string, roleDefinitionId: string, principalId: string, options?: CreateRoleAssignmentOptions): Promise<KeyVaultRoleAssignment>; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in python we have it as role_assignment_name
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same for every name parameter for role assignments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.Net is using name
. I don't mind, but I'd rather reach to an agreement with @heaths , @christothes
} | ||
|
||
// @public | ||
export interface KeyVaultRoleAssignment { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
python has KeyVaultRoleAssignment
|
||
// @public | ||
export interface KeyVaultRoleAssignment { | ||
readonly id: string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for python we have assignment_id
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.Net has Id: https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/keyvault/Azure.Security.KeyVault.Administration/api/Azure.Security.KeyVault.Administration.netstandard2.0.cs#L121 cc: @christothes what should we use? who should we ask?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO - id
is contextually a property of the KeyVaultRoleAssignment
and shouldn't need a prefix.
} | ||
|
||
// @public | ||
export interface KeyVaultRoleDefinition { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
python has KeyVaultRoleDefinition
Convenience layer for the AccessControlClient.
After this PR, I'll make another one for the BackupClient.
You can see the rendered version of the latest API review file by going to this link: https://github.com/sadasant/azure-sdk-for-js/blob/keyvault-admin/10799-convenience-layer/sdk/keyvault/keyvault-admin/review/keyvault-admin.api.md
This API is based on the .Net's API: https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/keyvault/Azure.Security.KeyVault.Administration/api/Azure.Security.KeyVault.Administration.netstandard2.0.cs (with some language-specific considerations).
IMPORTANT:
For .Net, this client is called KeyVaultAccessControlClient. Since none of the other clients in KeyVault start withAgreed on naming it KeyVaultAccessControlClient.KeyVault
(as in,KeyClient
), it seemed appropriate to name oursAccessControlClient
.Many things are still missing from the keyvault-admin folder, so keep in mind that this is an incremental effort.
Part of #10799
Closes #7279