def assign_managed_identity(cmd, client, name, resource_group_name=None, identities=None):
if resource_group_name is None:
resource_group_name, _ = resolve_resource_group(cmd, name)
if not identities:
identities = [SYSTEM_ASSIGNED_IDENTITY]
current_identities = show_managed_identity(cmd, client, name, resource_group_name)
user_assigned_identities = {}
identity_types = set()
if current_identities:
identity_types = identity_types if current_identities.type == 'None' else {identity_type.strip() for identity_type in current_identities.type.split(',')}
user_assigned_identities = current_identities.user_assigned_identities if current_identities.user_assigned_identities else {}
if SYSTEM_ASSIGNED_IDENTITY in identities:
identities.remove(SYSTEM_ASSIGNED_IDENTITY)
identity_types.add(SYSTEM_ASSIGNED)
user_assigned_identities.update({identity: UserIdentity() for identity in identities})
if user_assigned_identities:
identity_types.add(USER_ASSIGNED)
managed_identities = ResourceIdentity(type=','.join(identity_types) if identity_types else 'None',
user_assigned_identities=user_assigned_identities if user_assigned_identities else None)
client.update(resource_group_name=resource_group_name,
config_store_name=name,
config_store_update_parameters=ConfigurationStoreUpdateParameters(identity=managed_identities))
# Due to a bug in RP https://msazure.visualstudio.com/Azure%20AppConfig/_workitems/edit/6017040
# It client.update does not return the updated identities.
return show_managed_identity(cmd, client, name, resource_group_name)
def update_configstore(cmd,
client,
name,
resource_group_name=None,
tags=None,
sku=None,
encryption_key_name=None,
encryption_key_vault=None,
encryption_key_version=None,
identity_client_id=None):
__validate_cmk(encryption_key_name, encryption_key_vault,
encryption_key_version, identity_client_id)
if resource_group_name is None:
resource_group_name, _ = resolve_resource_group(cmd, name)
update_params = ConfigurationStoreUpdateParameters(
tags=tags if tags else None, sku=Sku(name=sku) if sku else None)
if encryption_key_name is not None:
key_vault_properties = KeyVaultProperties()
if encryption_key_name:
# key identifier schema https://keyvaultname.vault-int.azure-int.net/keys/keyname/keyversion
key_identifier = "{}/keys/{}/{}".format(
encryption_key_vault.strip('/'), encryption_key_name,
encryption_key_version if encryption_key_version else "")
key_vault_properties = KeyVaultProperties(
key_identifier=key_identifier,
identity_client_id=identity_client_id)
update_params.encryption = EncryptionProperties(
key_vault_properties=key_vault_properties)
return client.update(resource_group_name=resource_group_name,
config_store_name=name,
config_store_update_parameters=update_params)
def remove_managed_identity(cmd, client, name, resource_group_name=None, identities=None):
if resource_group_name is None:
resource_group_name, _ = resolve_resource_group(cmd, name)
current_identities = show_managed_identity(cmd, client, name, resource_group_name)
if not current_identities or current_identities.type == 'None':
logger.warning("No identity associated with this App Configuration.")
return
if not identities:
identities = [SYSTEM_ASSIGNED_IDENTITY]
user_assigned_identities = {}
if '[all]' in identities:
identity_types = None
else:
identity_types = {identity_type.strip() for identity_type in current_identities.type.split(',')}
if current_identities.user_assigned_identities:
for identity in current_identities.user_assigned_identities:
if identity not in identities:
user_assigned_identities[identity] = current_identities.user_assigned_identities[identity]
if SYSTEM_ASSIGNED_IDENTITY in identities:
identity_types.discard(SYSTEM_ASSIGNED)
if not user_assigned_identities:
identity_types.discard(USER_ASSIGNED)
managed_identities = ResourceIdentity(type=','.join(identity_types) if identity_types else 'None',
user_assigned_identities=user_assigned_identities if user_assigned_identities else None)
client.update(resource_group_name=resource_group_name,
config_store_name=name,
config_store_update_parameters=ConfigurationStoreUpdateParameters(identity=managed_identities))
def configstore_update_set(cmd,
client,
parameters,
name,
resource_group_name=None):
if resource_group_name is None:
resource_group_name, _ = resolve_resource_group(cmd, name)
update_params = ConfigurationStoreUpdateParameters(tags=parameters.tags)
return client.update(resource_group_name=resource_group_name,
config_store_name=name,
config_store_update_parameters=update_params)
def update_configstore(cmd,
client,
name,
resource_group_name=None,
tags=None,
sku=None):
if resource_group_name is None:
resource_group_name, _ = resolve_resource_group(cmd, name)
update_params = ConfigurationStoreUpdateParameters(tags=tags, sku=sku)
return client.update(resource_group_name=resource_group_name,
config_store_name=name,
config_store_update_parameters=update_params)
def update_configstore(cmd,
client,
name,
resource_group_name=None,
tags=None,
sku=None,
encryption_key_name=None,
encryption_key_vault=None,
encryption_key_version=None,
identity_client_id=None,
enable_public_network=None,
disable_local_auth=None,
enable_purge_protection=None):
__validate_cmk(encryption_key_name, encryption_key_vault,
encryption_key_version, identity_client_id)
if resource_group_name is None:
resource_group_name, _ = resolve_store_metadata(cmd, name)
public_network_access = None
if enable_public_network is not None:
public_network_access = 'Enabled' if enable_public_network else 'Disabled'
update_params = ConfigurationStoreUpdateParameters(
tags=tags,
sku=Sku(name=sku) if sku else None,
public_network_access=public_network_access,
disable_local_auth=disable_local_auth,
enable_purge_protection=enable_purge_protection)
if encryption_key_name is not None:
key_vault_properties = KeyVaultProperties()
if encryption_key_name:
# key identifier schema https://keyvaultname.vault-int.azure-int.net/keys/keyname/keyversion
key_identifier = "{}/keys/{}/{}".format(
encryption_key_vault.strip('/'), encryption_key_name,
encryption_key_version if encryption_key_version else "")
key_vault_properties = KeyVaultProperties(
key_identifier=key_identifier,
identity_client_id=identity_client_id)
update_params.encryption = EncryptionProperties(
key_vault_properties=key_vault_properties)
return client.begin_update(resource_group_name=resource_group_name,
config_store_name=name,
config_store_update_parameters=update_params)
def configstore_update_get():
return ConfigurationStoreUpdateParameters()