def assign_managed_identity(cmd, client, name, resource_group_name=None, identities=None):
if resource_group_name is None:
resource_group_name, _ = resolve_resource_group(cmd, name)
if not identities:
identities = [SYSTEM_ASSIGNED_IDENTITY]
current_identities = show_managed_identity(cmd, client, name, resource_group_name)
user_assigned_identities = {}
identity_types = set()
if current_identities:
identity_types = identity_types if current_identities.type == 'None' else {identity_type.strip() for identity_type in current_identities.type.split(',')}
user_assigned_identities = current_identities.user_assigned_identities if current_identities.user_assigned_identities else {}
if SYSTEM_ASSIGNED_IDENTITY in identities:
identities.remove(SYSTEM_ASSIGNED_IDENTITY)
identity_types.add(SYSTEM_ASSIGNED)
user_assigned_identities.update({identity: UserIdentity() for identity in identities})
if user_assigned_identities:
identity_types.add(USER_ASSIGNED)
managed_identities = ResourceIdentity(type=','.join(identity_types) if identity_types else 'None',
user_assigned_identities=user_assigned_identities if user_assigned_identities else None)
client.update(resource_group_name=resource_group_name,
config_store_name=name,
config_store_update_parameters=ConfigurationStoreUpdateParameters(identity=managed_identities))
# Due to a bug in RP https://msazure.visualstudio.com/Azure%20AppConfig/_workitems/edit/6017040
# It client.update does not return the updated identities.
return show_managed_identity(cmd, client, name, resource_group_name)
def remove_managed_identity(cmd, client, name, resource_group_name=None, identities=None):
if resource_group_name is None:
resource_group_name, _ = resolve_resource_group(cmd, name)
current_identities = show_managed_identity(cmd, client, name, resource_group_name)
if not current_identities or current_identities.type == 'None':
logger.warning("No identity associated with this App Configuration.")
return
if not identities:
identities = [SYSTEM_ASSIGNED_IDENTITY]
user_assigned_identities = {}
if '[all]' in identities:
identity_types = None
else:
identity_types = {identity_type.strip() for identity_type in current_identities.type.split(',')}
if current_identities.user_assigned_identities:
for identity in current_identities.user_assigned_identities:
if identity not in identities:
user_assigned_identities[identity] = current_identities.user_assigned_identities[identity]
if SYSTEM_ASSIGNED_IDENTITY in identities:
identity_types.discard(SYSTEM_ASSIGNED)
if not user_assigned_identities:
identity_types.discard(USER_ASSIGNED)
managed_identities = ResourceIdentity(type=','.join(identity_types) if identity_types else 'None',
user_assigned_identities=user_assigned_identities if user_assigned_identities else None)
client.update(resource_group_name=resource_group_name,
config_store_name=name,
config_store_update_parameters=ConfigurationStoreUpdateParameters(identity=managed_identities))
def __get_resource_identity(assign_identity):
system_assigned = False
user_assigned = {}
for identity in assign_identity:
if identity == SYSTEM_ASSIGNED_IDENTITY:
system_assigned = True
else:
user_assigned[identity] = UserIdentity()
if system_assigned and user_assigned:
identity_type = SYSTEM_USER_ASSIGNED
elif system_assigned:
identity_type = SYSTEM_ASSIGNED
elif user_assigned:
identity_type = USER_ASSIGNED
else:
identity_type = "None"
return ResourceIdentity(type=identity_type,
user_assigned_identities=user_assigned if user_assigned else None)
