[Cosmos DB] Removing RoleDefinition and RoleAssignment APIs since the…

…y are GA (#3416) * [Cosmos DB] Removing RoleDefinition and RoleAssignment APIs since they are GA * Fixing CI * Adding service name * Update setup.py * Dummy commit
Azure · May 25, 2021 · e7293f8 · e7293f8
1 parent 32ff5dd
commit e7293f8
Show file tree

Hide file tree

Showing 20 changed files with 5,395 additions and 8,605 deletions.
diff --git a/src/cosmosdb-preview/HISTORY.rst b/src/cosmosdb-preview/HISTORY.rst
@@ -3,6 +3,10 @@
 Release History
 ===============
 
+0.7.0
+++++++
+* Removing APIs to create and manage Role Definitions and Role Assignments since they are now GA.
+
 0.6.0
 ++++++
 * Addressing CLI bugs for Managed Cassandra Service and updating to python sdk 4.0.

diff --git a/src/cosmosdb-preview/README.md b/src/cosmosdb-preview/README.md
@@ -7,7 +7,6 @@ This package provides commands to
 - List the different versions of databases and collections that were modified
 - Trigger a point in time restore on the Azure CosmosDB continuous mode backup accounts
 - Update the backup interval and backup retention of periodic mode backup accounts
-- Create and manage Role Definitions and Role Assignments for enforcing data plane RBAC on Cosmos DB SQL accounts
 
 ## How to use ##
 
@@ -109,112 +108,3 @@ az cosmosdb mongodb restorable-resource list \
     --restore-location "westus" \
     --restore-timestamp "2020-07-20T16:09:53+0000"
 ```
-
-#### Create a new Role Definition for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role definition create \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account" \
-    --body "@role-definition-body.json"
-```
-
-#### List all Role Definitions for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role definition list \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account"
-```
-
-#### Show a specific Role Definition for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role definition list \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account" \
-    --id "my-role-def-id"
-```
-
-#### Delete a specific Role Definition for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role definition delete \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account" \
-    --id "my-role-def-id"
-```
-
-#### Update an existing Role Definition for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role definition update \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account" \
-    --body "@role-definition-body.json"
-```
-
-#### Check whether a specific Role Definition exists for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role definition exists \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account" \
-    --id "my-role-def-id"
-```
-
-#### Create a new Role Assignment for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role assignment create \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account" \
-    --role-definition-id "my-role-def-id" \
-    --scope "/" \
-    --principal-id "my-aad-principal-id" \
-```
-
-#### List all Role Assignments for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role assignment list \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account"
-```
-
-#### Show a specific Role Assignment for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role assignment list \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account" \
-    --role-assignment-id "my-role-assignment-id"
-```
-
-#### Delete a specific Role Assignment for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role assignment delete \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account" \
-    --role-assignment-id "my-role-assignment-id"
-```
-
-#### Update an existing Role Assignment for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role assignment update \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account" \
-    --role-assignment-id "my-role-assignment-id" \
-    --role-definition-id "my-role-def-id"
-```
-
-#### Check whether a specific Role Assignment exists for a given Cosmos DB SQL account
-
-```sh
-az cosmosdb sql role assignment exists \
-    --resource-group "my-rg" \
-    --account-name "my-sql-account" \
-    --role-assignment-id "my-role-def-id"
-```
diff --git a/src/cosmosdb-preview/azext_cosmosdb_preview/__init__.py b/src/cosmosdb-preview/azext_cosmosdb_preview/__init__.py
@@ -16,8 +16,7 @@ def __init__(self, cli_ctx=None):
         cosmosdb_preview_custom = CliCommandType(
             operations_tmpl='azext_cosmosdb_preview.custom#{}',
             client_factory=cf_cosmosdb_preview)
-        super(Cosmosdb_previewCommandsLoader, self).__init__(cli_ctx=cli_ctx,
-                                                             custom_command_type=cosmosdb_preview_custom)
+        super().__init__(cli_ctx=cli_ctx, custom_command_type=cosmosdb_preview_custom)
 
     def load_command_table(self, args):
         from azext_cosmosdb_preview.commands import load_command_table

diff --git a/src/cosmosdb-preview/azext_cosmosdb_preview/_help.py b/src/cosmosdb-preview/azext_cosmosdb_preview/_help.py
@@ -146,148 +146,6 @@
 short-summary: List all the databases and its collections that can be restored in the given account at the given timesamp and region.
 """
 
-helps['cosmosdb sql role'] = """
-type: group
-short-summary: Manage Azure Cosmos DB SQL role resources.
-"""
-
-helps['cosmosdb sql role definition'] = """
-type: group
-short-summary: Manage Azure Cosmos DB SQL role definitions.
-"""
-
-helps['cosmosdb sql role definition create'] = """
-type: command
-short-summary: Create a SQL role definition under an Azure Cosmos DB account.
-examples:
-  - name: Create a SQL role definition under an Azure Cosmos DB account using a JSON string.
-    text: |
-      az cosmosdb sql role definition create --account-name MyAccount --resource-group MyResourceGroup --body '{
-        "Id": "be79875a-2cc4-40d5-8958-566017875b39",
-        "RoleName": "My Read Only Role",
-        "Type": "CustomRole",
-        "AssignableScopes": ["/dbs/mydb/colls/mycontainer"],
-        "Permissions": [{
-          "DataActions": [
-            "Microsoft.DocumentDB/databaseAccounts/readMetadata",
-            "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read",
-            "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery",
-            "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed"
-          ]
-        }]
-      }'
-  - name: Create a SQL role definition under an Azure Cosmos DB account using a JSON file.
-    text: az cosmosdb sql role definition create --account-name MyAccount --resource-group MyResourceGroup --body @role-definition.json
-"""
-
-helps['cosmosdb sql role definition delete'] = """
-type: command
-short-summary: Delete a SQL role definition under an Azure Cosmos DB account.
-examples:
-  - name: Create a SQL role definition under an Azure Cosmos DB account.
-    text: az cosmosdb sql role definition delete --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39
-"""
-
-helps['cosmosdb sql role definition exists'] = """
-type: command
-short-summary: Check if an Azure Cosmos DB role definition exists.
-examples:
-  - name: Check if an Azure Cosmos DB role definition exists.
-    text: az cosmosdb sql role definition exists --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39
-"""
-
-helps['cosmosdb sql role definition list'] = """
-type: command
-short-summary: List all SQL role definitions under an Azure Cosmos DB account.
-examples:
-  - name: List all SQL role definitions under an Azure Cosmos DB account.
-    text: az cosmosdb sql role definition list --account-name MyAccount --resource-group MyResourceGroup
-"""
-
-helps['cosmosdb sql role definition show'] = """
-type: command
-short-summary: Show the properties of a SQL role definition under an Azure Cosmos DB account.
-examples:
-  - name: Show the properties of a SQL role definition under an Azure Cosmos DB account.
-    text: az cosmosdb sql role definition show --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39
-"""
-
-helps['cosmosdb sql role definition update'] = """
-type: command
-short-summary: Update a SQL role definition under an Azure Cosmos DB account.
-examples:
-  - name: Update a SQL role definition under an Azure Cosmos DB account.
-    text: az cosmosdb sql role definition update --account-name MyAccount --resource-group MyResourceGroup --body @role-definition.json
-"""
-
-helps['cosmosdb sql role assignment'] = """
-type: group
-short-summary: Manage Azure Cosmos DB SQL role assignments.
-"""
-
-helps['cosmosdb sql role assignment create'] = """
-type: command
-short-summary: Create a SQL role assignment under an Azure Cosmos DB account.
-examples:
-  - name: Create a SQL role assignment under an Azure Cosmos DB account using Role Definition Name.
-    text: |
-      az cosmosdb sql role assignment create --account-name MyAccount --resource-group MyResourceGroup \\
-        --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8 \\
-        --role-definition-name "My Read Only Role" \\
-        --scope "/dbs/mydb/colls/mycontainer" \\
-        --principal-id 6328f5f7-dbf7-4244-bba8-fbb9d8066506
-  - name: Create a SQL role assignment under an Azure Cosmos DB account using Role Definition ID.
-    text: |
-      az cosmosdb sql role assignment create --account-name MyAccount --resource-group MyResourceGroup \\
-        --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8 \\
-        --role-definition-id be79875a-2cc4-40d5-8958-566017875b39 \\
-        --scope "/dbs/mydb/colls/mycontainer" \\
-        --principal-id 6328f5f7-dbf7-4244-bba8-fbb9d8066506
-"""
-
-helps['cosmosdb sql role assignment delete'] = """
-type: command
-short-summary: Delete a SQL role assignment under an Azure Cosmos DB account.
-examples:
-  - name: Delete a SQL role assignment under an Azure Cosmos DB account.
-    text: az cosmosdb sql role assignment delete --account-name MyAccount --resource-group MyResourceGroup --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8
-"""
-
-helps['cosmosdb sql role assignment exists'] = """
-type: command
-short-summary: Check if an Azure Cosmos DB role assignment exists.
-examples:
-  - name: Check if an Azure Cosmos DB role assignment exists.
-    text: az cosmosdb sql role assignment exists --account-name MyAccount --resource-group MyResourceGroup --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8
-"""
-
-helps['cosmosdb sql role assignment list'] = """
-type: command
-short-summary: List all SQL role assignments under an Azure Cosmos DB account.
-examples:
-  - name: List all SQL role assignments under an Azure Cosmos DB account.
-    text: az cosmosdb sql role assignment list --account-name MyAccount --resource-group MyResourceGroup
-"""
-
-helps['cosmosdb sql role assignment show'] = """
-type: command
-short-summary: Show the properties of a SQL role assignment under an Azure Cosmos DB account.
-examples:
-  - name: Show the properties of a SQL role assignment under an Azure Cosmos DB account.
-    text: az cosmosdb sql role assignment show --account-name MyAccount --resource-group MyResourceGroup --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8
-"""
-
-helps['cosmosdb sql role assignment update'] = """
-type: command
-short-summary: Update a SQL role assignment under an Azure Cosmos DB account.
-examples:
-  - name: Update a SQL role assignment under an Azure Cosmos DB account.
-    text: |
-      az cosmosdb sql role assignment update --account-name MyAccount --resource-group MyResourceGroup \\
-        --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8 \\
-        --role-definition-id updated-role-definition-id
-"""
-
 helps['managed-cassandra cluster'] = """
 type: group
 short-summary: Azure Managed Cassandra Cluster.

diff --git a/src/cosmosdb-preview/azext_cosmosdb_preview/_params.py b/src/cosmosdb-preview/azext_cosmosdb_preview/_params.py
@@ -6,18 +6,11 @@
 
 from enum import Enum
 
-from argcomplete.completers import FilesCompleter
-
 from azure.cli.core.commands.parameters import (
     get_resource_name_completion_list, name_type, get_enum_type, get_three_state_flag, get_location_type)
 
 from azext_cosmosdb_preview._validators import (
     validate_capabilities, validate_virtual_network_rules, validate_ip_range_filter,
-    validate_role_definition_body,
-    validate_role_definition_id,
-    validate_fully_qualified_role_definition_id,
-    validate_role_assignment_id,
-    validate_scope,
     validate_gossip_certificates,
     validate_client_certificates,
     validate_seednodes,
@@ -34,12 +27,7 @@ class BackupPolicyTypes(str, Enum):
     continuous = "Continuous"
 
 
-SQL_ROLE_DEFINITION_EXAMPLE = """--body "{ \\"Id\\": \\"be79875a-2cc4-40d5-8958-566017875b39\\", \\"RoleName\\": \\"My Read Write Role\\", \\"Type\\": \\"CustomRole\\", \\"AssignableScopes\\": [ \\"/\\" ], \\"DataActions\\": [ \\"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create\\", \\"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read\\" ]}"
-"""
-
-
 def load_arguments(self, _):
-    from knack.arguments import CLIArgumentType
     from azure.cli.core.commands.parameters import tags_type
 
     with self.argument_context('cosmosdb') as c:
@@ -130,23 +118,6 @@ def load_arguments(self, _):
         c.argument('restore_location', options_list=['--restore-location', '-r'], help="The region of the restore.", required=True)
         c.argument('restore_timestamp_in_utc', options_list=['--restore-timestamp', '-t'], help="The timestamp of the restore", required=True)
 
-    account_name_type = CLIArgumentType(options_list=['--account-name', '-a'], help="Cosmosdb account name.")
-
-    # SQL role definition
-    with self.argument_context('cosmosdb sql role definition') as c:
-        c.argument('account_name', account_name_type, id_part=None)
-        c.argument('role_definition_id', options_list=['--id', '-i'], validator=validate_role_definition_id, help="Unique ID for the Role Definition.")
-        c.argument('role_definition_body', options_list=['--body', '-b'], validator=validate_role_definition_body, completer=FilesCompleter(), help="Role Definition body with Id (Optional for create), DataActions or Permissions, Type (Default is CustomRole), and AssignableScopes.  You can enter it as a string or as a file, e.g., --body @rdbody-file.json or " + SQL_ROLE_DEFINITION_EXAMPLE)
-
-    # SQL role assignment
-    with self.argument_context('cosmosdb sql role assignment') as c:
-        c.argument('account_name', account_name_type, id_part=None)
-        c.argument('role_assignment_id', options_list=['--role-assignment-id', '-i'], validator=validate_role_assignment_id, help="Optional for Create. Unique ID for the Role Assignment. If not provided, a new GUID will be used.")
-        c.argument('role_definition_id', options_list=['--role-definition-id', '-d'], validator=validate_fully_qualified_role_definition_id, help="Unique ID of the Role Definition that this Role Assignment refers to.")
-        c.argument('role_definition_name', options_list=['--role-definition-name', '-n'], help="Unique Name of the Role Definition that this Role Assignment refers to. Eg. 'Contoso Reader Role'.")
-        c.argument('scope', validator=validate_scope, options_list=['--scope', '-s'], help="Data plane resource path at which this Role Assignment is being granted.")
-        c.argument('principal_id', options_list=['--principal-id', '-p'], help="AAD Object ID of the principal to which this Role Assignment is being granted.")
-
     # Managed Cassandra Cluster
     for scope in [
             'managed-cassandra cluster create',