azure-sdk-for-go
azure-sdk-for-go copied to clipboard
Azure
[armauthorization] switch to newer apiversion for RoleDefinitions (dataActions, notDataActions) and RoleAssignments (description support)
Currently apiversion "2015-07-01" is used which doesn't support following features (and maybe more):
RoleDefinitions
- dataActions
- notDataActions
RoleAssignments
- description
Can you clarify which package you are referring to. The latest armauthorization package is generated from Microsoft.Authorization/preview/2021-11-16-preview
@RickWinter In the latest version there is no RoleDefinition or RoleAssignment anymore 🤔 That's also mentioned in changelog:
[...]
Struct RoleAssignment has been removed
Struct RoleDefinition has been removed
[...]
Function *RoleDefinitionsClient.NewListPager has been removed
Function RoleDefinitionProperties.MarshalJSON has been removed
Function *RoleDefinitionsClient.Delete has been removed
[...]
@mblaschke-daimlertruck This preview version is generated from service default config and it seems not a complete preview version. I'll let service team to have a check and I think the stable version 1.0.0 is a more reasonable version to use.
Thank you for your feedback. This has been routed to the support team for assistance.
![msftbot[bot] avatar](https://avatars.githubusercontent.com/in/26612?v=4 "Published by a pub.dev verified publisher"){kind=small}
@tadelesh
But in stable version 1.0.0 RoleAssignments doesn't offer description (because of API version), same with RoleDefintions with dataActions and notDataActions.
@mblaschke-daimlertruck Apologies for the late reply. Thanks for reaching out to us and reporting this issue. Could you please elaborate your requirement ? Also share details about your use case and what are you trying to achieve ? Awaiting your reply.
As mentioned above, the current used apiversion doesn't support following features:
RoleAssignments: description
RoleDefinitions: dataActions, notDataActions
I want to create/maintain RoleAssignments with custom descriptions and RoleDefinitions with the full feature set (dataActions/notDataActions).
Also the list of roleAssignments includes RoleAssignments via managementgroups but falsely set the scope of these roleAssignments to the subscription in API version "2015-07-01".
This is fixed in newer API versions as managementgroups are not really supported in "2015-07-01".
@mblaschke-daimlertruck Could you please confirm if you have used the most recent version of Azure Authorization module and see if that serves your requirement?
go get github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization
Awaiting your reply.
@navba-MSFT You mean versiongithub.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/[email protected]?
This version is not working at all, there is RoleAssignments and RoleDefinitions support anymore. See changelog: https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/resourcemanager/authorization/armauthorization/CHANGELOG.md
I already mentioned it in https://github.com/Azure/azure-sdk-for-go/issues/18674#issuecomment-1193170610
@navba-MSFT There are issues with both Azure Authorization module v1.0.0 and v2.0.0-beta.1:
-
The latest version of Azure Authorization module (v2.0.0-beta.1) doesn't have RoleAssignmentClient, which used to be present in lower versions(< v63.2.0 tag). We need funcs from this client in order to do role assignments.
-
The RoleAssignmentClient in v1.0.0 uses api-version:2015-07-01 and it doesn't support dataActions and notDataActions fields in Permission field type. So, whenever we try to do role assignment with a built-in role (which have permissions in dataAction field) it fails with following error:
--------------------------------------------------------------------------------
RESPONSE 400: 400 Bad Request
ERROR CODE: UnsupportedApiVersionForRoleDefinitionHasDataActions
--------------------------------------------------------------------------------
{
"error": {
"code": "UnsupportedApiVersionForRoleDefinitionHasDataActions",
"message": "Assignments to roles with DataActions and NotDataActions are not supported on API version '2015-07-01'. The minimum required API version for this operations is '2018-01-01-preview'."
}
}
--------------------------------------------------------------------------------
Note: Azure Authorization module v0.3.1 has Permission field type with both dataActions and notDataAction fields and uses api-version:2020-xx-xx, but that too doesn't work because it need downgraded azcore module.
@mblaschke-daimlertruck @rht-b Thanks for your reply. I am looking into this and doing some more research. I will get back on this thread, once I have more details on this.
@mblaschke-daimlertruck @rht-b This PR https://github.com/Azure/azure-sdk-for-go/pull/18890 has been created to fix this issue. It is currently under Review.
Hi @mblaschke-daimlertruck. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “/unresolve” to remove the “issue-addressed” label and continue the conversation.
@mblaschke-daimlertruck @rht-b This issue has been added to this milestone https://github.com/Azure/azure-sdk-for-go/milestone/62. Track this PR https://github.com/Azure/azure-sdk-for-go/pull/18890 for the fix release . If any further assistance is required feel free to reopen this issue. We would be happy to help.
Please try new version: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/[email protected]