Add commontypes/resource-management/v3/managedidentity #15968
Conversation
…anaged identity for services supporting both SystemAssignedIdentity and UserAssignedIdentity.
|
Hi, @TimLovellSmith Thanks for your PR. I am workflow bot for review process. Here are some small tips. Any feedback about review process or workflow bot, pls contact swagger and tools team. vsswagger@microsoft.com |
|
[Call for Action] To better understand Azure service dev/test scenario, and support Azure service developer better on Swagger and REST API related tests in early phase, please help to fill in with this survey https://aka.ms/SurveyForEarlyPhase. It will take 5 to 10 minutes. If you already complete survey, please neglect this comment. Thanks. |
Swagger Validation Report
|
Swagger Generation Artifacts
|
pilor
added
the
ARMSignedOff
|
@akning-ms Look OK to merge? |
|
Thanks @TimLovellSmith, for contribute this PR. few questions:
|
|
@akning-ms We can't really add Services that only support SystemAssigned could use the common type that understands both identity types. But, if they choose to do this then the RP MUST explicitly reject all PUT and PATCH requests with userAssignedIdentity while it is unsupported. The main reason RPs might prefer doing it this way would be to design for compatibility with future api-versions, where they plan to support both systemAssigned or userAssigned identity. (Same deal for services which only support UserAssigned today but might support SystemAssinged in the future.) Of course, I hope that all services that support SystemAssigned or UserAssigned could use the new common type definitions in their future api-versions. The best alternatives to using the new common type are
By the way does everyone like the definition names here? I have started to worry that I might not have put enough thought into these ones: /cc @pilor |
|
Updated answer: given the authoring rule 'An OpenAPI(Swagger) spec MUST NOT define operations or properties or parameters for functionalities that are not currently supported by the service in the given api-version. The primary goal of the spec is that it MUST correctly and completely represent the underlying REST API. For example, NetworkInterface.ipConfigurations is described as a collection. However, it does not support adding more than one IP configuration' then any service not actually supporting both should NOT use the type which appears to support both - until it actually does. |
|
Further updated answer: looks like the latest requirements are that all MSI-enabled RPs must support identity type "None". This seems like a good reason to create an updated |
|
One more self-review feedback 'type' should be a required property, right? |
…ch supports 'None', since that is required going forward. Also make the 'type' property required, since omitting it from the request would not be clear in intent.
|
@pilor Could I get a sanity check on the new changes too? |
Yes. saw you already added SystemAssignedServiceIdentityType, so the PR LGTM. if Chris confirmed your question. I can merge it. |
|
Yes, looks good |
|
@akning-ms Looks like we are ready to merge. Yes v3 is pretty new. I imagine that we can get to a more consistent user-friendly SDK fast enough by encouraging as many RPs as possible to use the latest (now v3) common types in their current and future PRs for new api-versions... I'd say its initially OK to accept exception requests for concerns about churn or compatibility - but then to gradually be less permissive, as we become are more confident that the definitions are good, and enough time has been allowed to address other issues or consolidate changes to minimize perception of churn. |
|
@akning-ms Thanks for the feedback and merge! |
|
@pilor Thanks for the review! |
* Add commontypes/resource-management/v3/managedidentity which models managed identity for services supporting both SystemAssignedIdentity and UserAssignedIdentity. * Add a canonical SystemAssignedServiceIdentityType type definition which supports 'None', since that is required going forward. Also make the 'type' property required, since omitting it from the request would not be clear in intent. * Add principalId and tenantId.
This has models for managed identity as it should be in the PUT request / GET responses for services supporting both SystemAssignedIdentity and UserAssignedIdentity.
Reviewers! You can check validation tools run OK on a PR that actually references these definitions, here:
#15828
MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.
Changelog
Add a changelog entry for this PR by answering the following questions:
Contribution checklist:
If any further question about AME onboarding or validation tools, please view the FAQ.
ARM API Review Checklist
Otherwise your PR may be subject to ARM review requirements. Complete the following:
Check this box if any of the following apply to the PR so that label “WaitForARMFeedback” will be added automatically to begin ARM API Review. Failure to comply may result in delays to the manifest.
-[ ] To review changes efficiently, ensure you copy the existing version into the new directory structure for first commit and then push new changes, including version updates, in separate commits.
Ensure you've reviewed following guidelines including ARM resource provider contract and REST guidelines. Estimated time (4 hours). This is required before you can request review from ARM API Review board.
If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.
Breaking Change Review Checklist
If any of the following scenarios apply to the PR, request approval from the Breaking Change Review Board as defined in the Breaking Change Policy.
Action: to initiate an evaluation of the breaking change, create a new intake using the template for breaking changes. Addition details on the process and office hours are on the Breaking change Wiki.
Please follow the link to find more details on PR review process.