slawek/azure-acme-provisioner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add missing dry-run option for assign-role command

Browse Source
This commit is contained in:
Sławek Koszewski
2026-05-22 12:14:52 +02:00
parent d433569bab
commit dea2775dc0
3 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/cli.ts
+9 -3
View File
@@ -134,6 +134,7 @@ sharedOptions(
.command('assign-role <domain>')
.description('Assign Key Vault Certificate User and Secrets User roles to a principal for a domain certificate')
.requiredOption('--principal-id <id>', 'Azure principal ID to assign roles to')
.option('--dry-run', 'Show what would be assigned without making changes')
).action(async (domain: string, options: Record<string, unknown>) => {
applyOverrides(options);
const config = loadConfig();
@@ -155,10 +156,15 @@ sharedOptions(
{ role: 'Key Vault Secrets User' as const, scope: `${vaultBase}/secrets/${certName}` },
];
const dryRun = Boolean(options['dryRun']);
for (const { role, scope } of assignments) {
const roleDefinitionId = `/subscriptions/${sub}/providers/Microsoft.Authorization/roleDefinitions/${ROLE_IDS[role]}`;
await authClient.roleAssignments.create(scope, randomUUID(), { roleDefinitionId, principalId });
console.log(`Assigned '${role}' to ${principalId} on ${scope}`);
if (dryRun) {
console.log(`[dry-run] Would assign '${role}' to ${principalId} on ${scope}`);
} else {
const roleDefinitionId = `/subscriptions/${sub}/providers/Microsoft.Authorization/roleDefinitions/${ROLE_IDS[role]}`;
await authClient.roleAssignments.create(scope, randomUUID(), { roleDefinitionId, principalId });
console.log(`Assigned '${role}' to ${principalId} on ${scope}`);
}
}
});