[Key Vault Admin] Convenience layer - KeyVaultAccessControlClient #10815
Conversation
ghost
added
the
sadasant
changed the title
| } | ||
|
|
||
| // @public | ||
| export type RoleAssignmentScope = "/" | "/keys" | string; |
There was a problem hiding this comment.
this feels like a weird type, though I'm not sure what would be better
There was a problem hiding this comment.
The string part is because it accepts UUIDs. I wonder if we could have some UUID validator as a type? That would be generally helpful in our clients.
Co-authored-by: Jeff Fisher <xirzec@xirzec.com>
Co-authored-by: Jeff Fisher <xirzec@xirzec.com>
…-convenience-layer
The generated code already has this now!
…-convenience-layer
| // @public | ||
| export class KeyVaultAccessControlClient { | ||
| constructor(vaultUrl: string, credential: TokenCredential, pipelineOptions?: AccessControlClientOptions); | ||
| createRoleAssignment(roleScope: RoleAssignmentScope, name: string, roleDefinitionId: string, principalId: string, options?: CreateRoleAssignmentOptions): Promise<KeyVaultRoleAssignment>; |
There was a problem hiding this comment.
in python we have it as role_assignment_name
There was a problem hiding this comment.
same for every name parameter for role assignments
There was a problem hiding this comment.
.Net is using name. I don't mind, but I'd rather reach to an agreement with @heaths , @christothes
| } | ||
|
|
||
| // @public | ||
| export interface KeyVaultRoleAssignment { |
|
|
||
| // @public | ||
| export interface KeyVaultRoleAssignment { | ||
| readonly id: string; |
There was a problem hiding this comment.
.Net has Id: https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/keyvault/Azure.Security.KeyVault.Administration/api/Azure.Security.KeyVault.Administration.netstandard2.0.cs#L121 cc: @christothes what should we use? who should we ask?
There was a problem hiding this comment.
IMO - id is contextually a property of the KeyVaultRoleAssignment and shouldn't need a prefix.
| } | ||
|
|
||
| // @public | ||
| export interface KeyVaultRoleDefinition { |
Convenience layer for the AccessControlClient.
After this PR, I'll make another one for the BackupClient.
You can see the rendered version of the latest API review file by going to this link: https://github.com/sadasant/azure-sdk-for-js/blob/keyvault-admin/10799-convenience-layer/sdk/keyvault/keyvault-admin/review/keyvault-admin.api.md
This API is based on the .Net's API: https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/keyvault/Azure.Security.KeyVault.Administration/api/Azure.Security.KeyVault.Administration.netstandard2.0.cs (with some language-specific considerations).
IMPORTANT:
For .Net, this client is called KeyVaultAccessControlClient. Since none of the other clients in KeyVault start withAgreed on naming it KeyVaultAccessControlClient.KeyVault(as in,KeyClient), it seemed appropriate to name oursAccessControlClient.Many things are still missing from the keyvault-admin folder, so keep in mind that this is an incremental effort.
Part of #10799
Closes #7279