Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial AccessControlClient for Azure.Security.KeyVault.Administration #12480

Merged
merged 21 commits into from
Jun 11, 2020
Merged

Initial AccessControlClient for Azure.Security.KeyVault.Administration #12480

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
69d36df
poc of generated client
christothes Jun 3, 2020
5126cff
cleanup
christothes Jun 3, 2020
9ba2844
implement the rest
christothes Jun 3, 2020
6cac612
export api
christothes Jun 3, 2020
1bc5150
tests
christothes Jun 8, 2020
fe08263
recorded tests
christothes Jun 8, 2020
e64d134
Merge remote-tracking branch 'upstream/master' into users/chriss/rbac
christothes Jun 8, 2020
d4c10d1
regen client
christothes Jun 8, 2020
dcab74f
fix version
christothes Jun 8, 2020
80ef6a6
xml comments
christothes Jun 8, 2020
28554ed
pr comments
christothes Jun 8, 2020
6a47d73
pr comments
christothes Jun 8, 2020
4a29e4a
diagnostic scopes
christothes Jun 8, 2020
e94d7d2
model factory
christothes Jun 8, 2020
6e728fa
adjust diagnostic scopes
christothes Jun 9, 2020
1afc104
change assignment name to Guid
christothes Jun 10, 2020
f228550
make RoleAssignmentListResult internal
christothes Jun 10, 2020
036c3c6
rename file
christothes Jun 10, 2020
31c4551
pr comments
christothes Jun 10, 2020
01ae609
remove commented shared import
christothes Jun 11, 2020
914473e
add xml docs for ArgumentNullExceptions
christothes Jun 11, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions sdk/keyvault/Azure.Security.KeyVault.Administration/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Release History

## 4.1.0-preview.1 (Unreleased)
christothes marked this conversation as resolved.
Show resolved Hide resolved
98 changes: 98 additions & 0 deletions ...rity.KeyVault.Administration/api/Azure.Security.KeyVault.Administration.netstandard2.0.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
namespace Azure.Security.KeyVault.Administration
{
public partial class AccessControlClient
christothes marked this conversation as resolved.
Show resolved Hide resolved
{
protected AccessControlClient() { }
public AccessControlClient(System.Uri vaultUri, Azure.Core.TokenCredential credential) { }
public AccessControlClient(System.Uri vaultUri, Azure.Core.TokenCredential credential, Azure.Security.KeyVault.Administration.AccessControlClientOptions options) { }
public virtual System.Uri VaultUri { get { throw null; } }
public virtual Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment> CreateRoleAssignment(string scope, Azure.Security.KeyVault.Administration.Models.RoleAssignmentProperties properties, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment> CreateRoleAssignment(string Name, string scope, Azure.Security.KeyVault.Administration.Models.RoleAssignmentProperties properties, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
christothes marked this conversation as resolved.
Show resolved Hide resolved
public virtual Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment> CreateRoleAssignment(System.Uri scope, Azure.Security.KeyVault.Administration.Models.RoleAssignmentProperties properties, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment>> CreateRoleAssignmentAsync(string scope, Azure.Security.KeyVault.Administration.Models.RoleAssignmentProperties properties, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment>> CreateRoleAssignmentAsync(string Name, string scope, Azure.Security.KeyVault.Administration.Models.RoleAssignmentProperties properties, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment>> CreateRoleAssignmentAsync(System.Uri scope, Azure.Security.KeyVault.Administration.Models.RoleAssignmentProperties properties, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment> DeleteRoleAssignment(string scope, string roleAssignmentName, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment> DeleteRoleAssignment(System.Uri scope, string roleAssignmentName, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
christothes marked this conversation as resolved.
Show resolved Hide resolved
public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment>> DeleteRoleAssignmentAsync(string scope, string roleAssignmentName, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment>> DeleteRoleAssignmentAsync(System.Uri scope, string roleAssignmentName, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment> GetRoleAssignment(string scope, string roleAssignmentName, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Administration.Models.RoleAssignment>> GetRoleAssignmentAsync(string scope, string roleAssignmentName, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.Pageable<Azure.Security.KeyVault.Administration.Models.RoleAssignment> GetRoleAssignments(string scope, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
christothes marked this conversation as resolved.
Show resolved Hide resolved
public virtual Azure.Pageable<Azure.Security.KeyVault.Administration.Models.RoleAssignment> GetRoleAssignments(System.Uri scope, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.AsyncPageable<Azure.Security.KeyVault.Administration.Models.RoleAssignment> GetRoleAssignmentsAsync(string scope, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.AsyncPageable<Azure.Security.KeyVault.Administration.Models.RoleAssignment> GetRoleAssignmentsAsync(System.Uri scope, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.Pageable<Azure.Security.KeyVault.Administration.Models.RoleDefinition> GetRoleDefinitions(string scope, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.Pageable<Azure.Security.KeyVault.Administration.Models.RoleDefinition> GetRoleDefinitions(System.Uri scope, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.AsyncPageable<Azure.Security.KeyVault.Administration.Models.RoleDefinition> GetRoleDefinitionsAsync(string scope, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
public virtual Azure.AsyncPageable<Azure.Security.KeyVault.Administration.Models.RoleDefinition> GetRoleDefinitionsAsync(System.Uri scope, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
}
public partial class AccessControlClientOptions : Azure.Core.ClientOptions
{
public AccessControlClientOptions(Azure.Security.KeyVault.Administration.AccessControlClientOptions.ServiceVersion version = Azure.Security.KeyVault.Administration.AccessControlClientOptions.ServiceVersion.V7_2_Preview) { }
public Azure.Security.KeyVault.Administration.AccessControlClientOptions.ServiceVersion Version { get { throw null; } }
public enum ServiceVersion
{
V7_2_Preview = 1,
}
}
public static partial class KeyVaultAdministrationConstants
christothes marked this conversation as resolved.
Show resolved Hide resolved
{
}
}
namespace Azure.Security.KeyVault.Administration.Models
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think there's enough models here to warrant putting them in a sub-namespace of "Models", but you should ask @KrzysztofCwalina or @tg-msft.

{
public partial class KeyVaultPermission
{
internal KeyVaultPermission() { }
public System.Collections.Generic.IReadOnlyList<string> Actions { get { throw null; } }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How are devs supposed to set permissions if they can't change these collections?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these are the collections returned from RoleDefintions, which are immutable,, as I understand it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed with the service team, there is not yet a set permissions capability in the API.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW, once there is an update operation in the swagger that takes one of these models, it should be generated as mutable.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Making them mutable later would be a breaking change. If we're doing to generalize this, I think this should be IList<string> now to avoid a problem later. If people change it, they can't really do anything with it anyway, so that should be safe to do.

public System.Collections.Generic.IReadOnlyList<string> DataActions { get { throw null; } }
public System.Collections.Generic.IReadOnlyList<string> NotActions { get { throw null; } }
public System.Collections.Generic.IReadOnlyList<string> NotDataActions { get { throw null; } }
}
public partial class RoleAssignment
christothes marked this conversation as resolved.
Show resolved Hide resolved
{
internal RoleAssignment() { }
public string Id { get { throw null; } }
public string Name { get { throw null; } }
public Azure.Security.KeyVault.Administration.Models.RoleAssignmentPropertiesWithScope Properties { get { throw null; } }
public string Type { get { throw null; } }
}
public partial class RoleAssignmentListResult
christothes marked this conversation as resolved.
Show resolved Hide resolved
{
internal RoleAssignmentListResult() { }
public string NextLink { get { throw null; } }
public System.Collections.Generic.IReadOnlyList<Azure.Security.KeyVault.Administration.Models.RoleAssignment> Value { get { throw null; } }
}
public partial class RoleAssignmentProperties
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we combine these and make them easier to construct? If Scope is null, then there's no scope. For construction, can they pass in a RoleDefinition instead? How do they get the principalId? As a first attempt this is fine, but these are things about which we should have a broader discussion that could impact management-plane.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tracking this in #12613

{
public RoleAssignmentProperties(string roleDefinitionId, string principalId) { }
public string PrincipalId { get { throw null; } }
public string RoleDefinitionId { get { throw null; } }
}
public partial class RoleAssignmentPropertiesWithScope
{
internal RoleAssignmentPropertiesWithScope() { }
public string PrincipalId { get { throw null; } }
public string RoleDefinitionId { get { throw null; } }
public string Scope { get { throw null; } }
}
public partial class RoleDefinition
{
internal RoleDefinition() { }
public System.Collections.Generic.IReadOnlyList<string> AssignableScopes { get { throw null; } }
christothes marked this conversation as resolved.
Show resolved Hide resolved
public string Description { get { throw null; } }
public string Id { get { throw null; } }
public string Name { get { throw null; } }
public System.Collections.Generic.IReadOnlyList<Azure.Security.KeyVault.Administration.Models.KeyVaultPermission> Permissions { get { throw null; } }
public string RoleName { get { throw null; } }
public string RoleType { get { throw null; } }
public string Type { get { throw null; } }
}
public partial class RoleDefinitionListResult
christothes marked this conversation as resolved.
Show resolved Hide resolved
{
internal RoleDefinitionListResult() { }
public string NextLink { get { throw null; } }
public System.Collections.Generic.IReadOnlyList<Azure.Security.KeyVault.Administration.Models.RoleDefinition> Value { get { throw null; } }
}
}
51 changes: 51 additions & 0 deletions sdk/keyvault/Azure.Security.KeyVault.Administration/readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Azure KeyVault Administration client library for .NET

Content forthcoming

## Getting started

Content forthcoming

### Prerequisites

Content forthcoming

### Install the package

Content forthcoming

### Authenticate the client

Content forthcoming

## Key concepts

Content forthcoming

## Examples

Content forthcoming

## Troubleshooting

Content forthcoming
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just as an FYI: this section and "Next Steps" are pretty boilerplate by design. See the existing Key Vault sections for examples.


## Next steps

Content forthcoming

## Contributing

This project welcomes contributions and suggestions. Most contributions require
you to agree to a Contributor License Agreement (CLA) declaring that you have
the right to, and actually do, grant us the rights to use your contribution. For
details, visit [cla.microsoft.com][cla].

This project has adopted the [Microsoft Open Source Code of Conduct][coc].
For more information see the [Code of Conduct FAQ][coc_faq]
or contact [opencode@microsoft.com][coc_contact] with any
additional questions or comments.

<!-- LINKS -->

![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-net%2Fsdk%2Ftables%2FAzure.Data.Tables%2FREADME.png)
Loading