-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DevTestLabs] Exposing commands to manage secrets in the lab #2691
Conversation
Codecov Report
@@ Coverage Diff @@
## master #2691 +/- ##
==========================================
+ Coverage 62.82% 62.85% +0.02%
==========================================
Files 480 480
Lines 25784 25802 +18
Branches 3905 3905
==========================================
+ Hits 16199 16217 +18
Misses 8572 8572
Partials 1013 1013
Continue to review full report at Codecov.
|
@@ -80,6 +80,10 @@ def validate_lab_vm_list(namespace): | |||
namespace.filters = "Properties/ownerObjectId eq '{}'".format(object_id) | |||
|
|||
|
|||
def validate_user_name(namespace): | |||
namespace.user_name = "@me" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's this for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
REST endpoint exposes user_name
parameter but from the cli context we are hiding them to enable scenario that it's the user's context. so that default value for that parameter will be @me
.
For that reason I've created validator to default. Let me know if that is not the way we should be defaulting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this command is reflecting on the SDK, then this is perfectly acceptable. If it calls into a custom command, then you can just omit that parameter in the signature and plug in "@me" where appropriate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup all the secret commands are now just reflecting on SDK
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to rethink have identical create/update commands and there should be a tests to cover these new commands. Also, please show the -h output for the create and update commands.
lab_name=lab_name, | ||
user_name=user_name, | ||
name=name, | ||
secret=Secret(value=value)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we have a custom command that literally just calls the API when we could just reflect on it? Why do we have two commands that call the exact same method? They should have a functional difference. Our "create" commands are typically "create or update" commands (though we don't advertise them as such. "Update" commands have patch or pseudo-patch behavior. If that doesn't apply, then "set" is a candidate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right, we can definitely reflect and get the create / update of secrets. If we do that then based on the current model for the Secret
class, I have to ignore bunch of parameters that doesn't make sense to user like provisioning_state
, unique_identifier
, id
, type
, location
, tags
because they are not required from the portal experience. I'd agree with you that that's the swagger modeling issue.
Let me update the command based on direct reflection and ignore unnecessary param :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You don't need to expand the Secret class. You can just use a validator to transform the "secret string" into a Secret(value=value)
object. This is one of the use cases for validators.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As per your suggestion, I've updated to use type
instead of expand
. Thanks for helping me understand type
and its usage :)
Some helps on commands usage. [Removed
|
|
||
with ParametersContext(command='lab secret update') as c: | ||
from .sdk.devtestlabs.models.secret import Secret | ||
c.expand('secret', Secret) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, you shouldn't use expand here. Use a validator to convert the parameter string to a Secret object (exactly like your custom command does)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I didn't quite get the comment. Can you please clarify or I'll stop by
@@ -170,6 +170,6 @@ | |||
short-summary: Name of the Lab | |||
- name: --name -n | |||
short-summary: Name of the secret | |||
- name: --value | |||
- name: --secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The alias of the dest parameter 'secret' to --value is a logical (and I'd argue good) one.
c.command('show', 'get_resource') | ||
c.command('list', 'list') | ||
c.command('delete', 'delete_resource') | ||
c.generic_update_command('update', 'get_resource', 'create_or_update_resource') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This breaks the contract of generic update. Generic update commands are supposed to guarantee that in the event of a conflict between a convenience argument and a generic argument, the generic argument wins. Using the custom command as the setter inverts this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tjprescott Seems like there is a confusion. I am not using any custom commands here. It seems like I missed to remove create_or_update_secret
which i was using it before. Let me know if that is the thing you are referring.
@tjprescott Thanks for the review but CI seems filing on tests from webapp @ https://travis-ci.org/Azure/azure-cli/jobs/218650474#L2620. Do we know whether it is a known issues? If so i'll wait for the CI to be fixed. |
Yes, #2757. I have a PR which will unblock this. It's crawling its sad way through the CI right now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blah one more thing--please add this to the HISTORY for the DTL module.
@tjprescott Just curios, do we want to keep updating history every time we make changes or is it like only when we release because I see version associated with each entry (at least in vm that i am looking at). Let me know what you think. |
@vishrutshah you add the relevant entry for each PR so that when a release happens, in theory the change history is already there. |
@tjprescott Updated the history. Let me know how it looks. Thanks! |
@@ -3,6 +3,10 @@ | |||
Release History | |||
=============== | |||
|
|||
+++++++++++++++++++++ | |||
|
|||
* Adding commands to manage secrets in the Azure DevTest Lab. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since these are the release notes FOR DevTestLab (instead of the CLI in general), I would recommend something like:
- Add commands to manage secrets within a lab.
@vishrutshah I suggested a wording change for your release notes entry, but LGTM. I'll leave merging up to you in case you want to go-ahead from other reviewers. |
Thanks for the review!! |
* Enable delay-load of descriptions for commands (speed up az) * Update find indexing commands to accept callables for description. * Command load time in progress * - Moved previously dead command filter from parser to application configuration. - Removed unused configuration object/argv on application create. * Remove unused argument (pylint) * Remove dummy parameter * Fix for python 2.7 * Fix yet incorrect passage of parameters * Fix up additional pylint complaints * Update tests * Update tests * Fix up more tests * Fix up more core tests * Enable delay-load of descriptions for commands (speed up az) * Update find indexing commands to accept callables for description. * [Network] Remove nulls from VPN connection show/list output (#2748) * Fix #1615. * Code review feedback. * Update test docs for running individual test and all tests in mod (#2763) * Update test docs for running individual test and all tests in mod * Made feedback changes * Make argument parameters match up. (#2717) Make lock command parameter aliases match up with resource commands. * [DevTestLabs] Adding scenario test to create simple Linux + Windows VM in lab (#2767) * WIP create linux + Windows vm in lab * Adding recording * Add some more error checking/handling. (#2768) Add more validation to resolve "lock level" for lock commands. * Fix doc references to azure.cli.commands (#2740) * Fix doc references to azure.cli.commands This module has moved to azure.cli.core.commands * Fix PyLint * Add clearer guidelines on modifying changelog (#2739) * Add clearer guidelines on modifying changelog * A few smaller changes * another small format change * Code review changes * [DevTestLabs] Exposing commands to manage secrets in the lab (#2691) * ACS Update: nulling out the windows profile so that there isn't a validation fail… (#2764) * nulling out the windows profile so that there isn't a valdiation failure for missing password ACS doesn't return a password on GET. az acs scale command does a GET then PUT, but since ACS doesn't return the password the verification is failing before the PUT is sent to ACS. There is a bug in ACS this exposes. So this shouldn't be merged until after the ACS rollout finishes. Should be about start of next week. * updating history * updating version in history * removing white space added by editor * [Compute] Fix issues with VMSS and VM availability set update. (#2773) * Fix issues with VMSS and VM availability set update. * Update help. Fix #2762. * Error out if you try to list resources for a group that doesn't exist. (#2769) * Minor text fixes (#2776) * Add docs for az lock update. (#2702) * [DevTestLab] Explicitly enable usage of saved secrets while lab vm creation (#2686) * Explicitly enable usage of saved secrets for vm creation * Better error message with not overriding competing paramters * Adding export-artifacts commands on formula (#2707) * core: apply configured defaults on optional arg (#2770) * Core:apply configured defaults on optional argument * add a test * add tests * update history doc * address review feedback * [Network] Support active-active VNet gateways (#2751) * Start active-active test scenario. * Add active-active parameter. * Active-active scenario test 1 (cross premise) * Add second active-active scenario (vnet-to-vnet) * Refine active-active gateway configuration. * Pylint... * Code review feedback * Packaged release notes and changes for 0.2.4 (#2735) * Modify HISTORY.md * Update Dockerfile * Update debian also * Add pip dependencies also * Command load time in progress * - Moved previously dead command filter from parser to application configuration. - Removed unused configuration object/argv on application create. * Remove unused argument (pylint) * Remove dummy parameter * Fix for python 2.7 * Fix yet incorrect passage of parameters * Fix up additional pylint complaints * Update tests * Update tests * Fix up more tests * Fix up more core tests * Improve load time of custom.py for profile, find and configure (speeds up raw az command) * Pylint + flake8 fixes * Fix new vm tests that failed due to perf refactoring * Update redis tests that was broken due to perf refactoring * Delay-load msrest for command executions that don't need it * Fix flake8 issues * Fixing/improving detection of pageable class * flake8 fixes * Fix broken merge from upstream/master * Fix broken merge (again) * flake8 fixes * Fix up even more merge errors from last upstream merge * Flake8 fixes (wrong number of newlines) * Fix delay load of storage assembly for az * Update history to reference improved performance
Fixes #2690
Reference: https://azure.microsoft.com/en-us/updates/azure-devtest-labs-keep-your-secrets-safe-and-easy-to-use-with-the-new-personal-secret-store/
NOTE: I'll be sending new PRs on DTL work but it's not necessary for us to ship them with this release so feel free to label it as team prefers