def update_configstore(cmd, client, name, resource_group_name=None, tags=None, sku=None, encryption_key_name=None, encryption_key_vault=None, encryption_key_version=None, identity_client_id=None): __validate_cmk(encryption_key_name, encryption_key_vault, encryption_key_version, identity_client_id) if resource_group_name is None: resource_group_name, _ = resolve_resource_group(cmd, name) update_params = ConfigurationStoreUpdateParameters( tags=tags if tags else None, sku=Sku(name=sku) if sku else None) if encryption_key_name is not None: key_vault_properties = KeyVaultProperties() if encryption_key_name: # key identifier schema https://keyvaultname.vault-int.azure-int.net/keys/keyname/keyversion key_identifier = "{}/keys/{}/{}".format( encryption_key_vault.strip('/'), encryption_key_name, encryption_key_version if encryption_key_version else "") key_vault_properties = KeyVaultProperties( key_identifier=key_identifier, identity_client_id=identity_client_id) update_params.encryption = EncryptionProperties( key_vault_properties=key_vault_properties) return client.update(resource_group_name=resource_group_name, config_store_name=name, config_store_update_parameters=update_params)
def assign_managed_identity(cmd, client, name, resource_group_name=None, identities=None): if resource_group_name is None: resource_group_name, _ = resolve_resource_group(cmd, name) if not identities: identities = [SYSTEM_ASSIGNED_IDENTITY] current_identities = show_managed_identity(cmd, client, name, resource_group_name) user_assigned_identities = {} identity_types = set() if current_identities: identity_types = identity_types if current_identities.type == 'None' else {identity_type.strip() for identity_type in current_identities.type.split(',')} user_assigned_identities = current_identities.user_assigned_identities if current_identities.user_assigned_identities else {} if SYSTEM_ASSIGNED_IDENTITY in identities: identities.remove(SYSTEM_ASSIGNED_IDENTITY) identity_types.add(SYSTEM_ASSIGNED) user_assigned_identities.update({identity: UserIdentity() for identity in identities}) if user_assigned_identities: identity_types.add(USER_ASSIGNED) managed_identities = ResourceIdentity(type=','.join(identity_types) if identity_types else 'None', user_assigned_identities=user_assigned_identities if user_assigned_identities else None) client.update(resource_group_name=resource_group_name, config_store_name=name, config_store_update_parameters=ConfigurationStoreUpdateParameters(identity=managed_identities)) # Due to a bug in RP https://msazure.visualstudio.com/Azure%20AppConfig/_workitems/edit/6017040 # It client.update does not return the updated identities. return show_managed_identity(cmd, client, name, resource_group_name)
def remove_managed_identity(cmd, client, name, resource_group_name=None, identities=None): if resource_group_name is None: resource_group_name, _ = resolve_resource_group(cmd, name) current_identities = show_managed_identity(cmd, client, name, resource_group_name) if not current_identities or current_identities.type == 'None': logger.warning("No identity associated with this App Configuration.") return if not identities: identities = [SYSTEM_ASSIGNED_IDENTITY] user_assigned_identities = {} if '[all]' in identities: identity_types = None else: identity_types = {identity_type.strip() for identity_type in current_identities.type.split(',')} if current_identities.user_assigned_identities: for identity in current_identities.user_assigned_identities: if identity not in identities: user_assigned_identities[identity] = current_identities.user_assigned_identities[identity] if SYSTEM_ASSIGNED_IDENTITY in identities: identity_types.discard(SYSTEM_ASSIGNED) if not user_assigned_identities: identity_types.discard(USER_ASSIGNED) managed_identities = ResourceIdentity(type=','.join(identity_types) if identity_types else 'None', user_assigned_identities=user_assigned_identities if user_assigned_identities else None) client.update(resource_group_name=resource_group_name, config_store_name=name, config_store_update_parameters=ConfigurationStoreUpdateParameters(identity=managed_identities))
def update_configstore(cmd, client, name, resource_group_name=None, tags=None, sku=None, encryption_key_name=None, encryption_key_vault=None, encryption_key_version=None, identity_client_id=None, enable_public_network=None, disable_local_auth=None, enable_purge_protection=None): __validate_cmk(encryption_key_name, encryption_key_vault, encryption_key_version, identity_client_id) if resource_group_name is None: resource_group_name, _ = resolve_store_metadata(cmd, name) public_network_access = None if enable_public_network is not None: public_network_access = 'Enabled' if enable_public_network else 'Disabled' update_params = ConfigurationStoreUpdateParameters( tags=tags, sku=Sku(name=sku) if sku else None, public_network_access=public_network_access, disable_local_auth=disable_local_auth, enable_purge_protection=enable_purge_protection) if encryption_key_name is not None: key_vault_properties = KeyVaultProperties() if encryption_key_name: # key identifier schema https://keyvaultname.vault-int.azure-int.net/keys/keyname/keyversion key_identifier = "{}/keys/{}/{}".format( encryption_key_vault.strip('/'), encryption_key_name, encryption_key_version if encryption_key_version else "") key_vault_properties = KeyVaultProperties( key_identifier=key_identifier, identity_client_id=identity_client_id) update_params.encryption = EncryptionProperties( key_vault_properties=key_vault_properties) return client.begin_update(resource_group_name=resource_group_name, config_store_name=name, config_store_update_parameters=update_params)
def configstore_update_set(cmd, client, parameters, name, resource_group_name=None): if resource_group_name is None: resource_group_name, _ = resolve_resource_group(cmd, name) update_params = ConfigurationStoreUpdateParameters(tags=parameters.tags) return client.update(resource_group_name=resource_group_name, config_store_name=name, config_store_update_parameters=update_params)
def update_configstore(cmd, client, name, resource_group_name=None, tags=None, sku=None): if resource_group_name is None: resource_group_name, _ = resolve_resource_group(cmd, name) update_params = ConfigurationStoreUpdateParameters(tags=tags, sku=sku) return client.update(resource_group_name=resource_group_name, config_store_name=name, config_store_update_parameters=update_params)
def configstore_update_get(): return ConfigurationStoreUpdateParameters()