slawek/azure-acme-provisioner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add missing dry-run option for assign-role command

Browse Source
This commit is contained in:
Sławek Koszewski
2026-05-22 12:14:52 +02:00
parent d433569bab
commit dea2775dc0
3 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package-lock.json
Generated
+2 -2
View File
@@ -1,12 +1,12 @@
{ {
"name": "azure-acme-provisioner", "name": "azure-acme-provisioner",
"version": "0.4.0", "version": "0.4.1",
"lockfileVersion": 3, "lockfileVersion": 3,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "azure-acme-provisioner", "name": "azure-acme-provisioner",
"version": "0.4.0", "version": "0.4.1",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@azure/arm-authorization": "^9.0.0", "@azure/arm-authorization": "^9.0.0",
package.json
+1 -1
View File
@@ -1,6 +1,6 @@
{ {
"name": "azure-acme-provisioner", "name": "azure-acme-provisioner",
"version": "0.4.0", "version": "0.4.1",
"author": { "author": {
"name": "Sławomir Koszewski", "name": "Sławomir Koszewski",
"url": "https://github.com/skoszewski" "url": "https://github.com/skoszewski"
src/cli.ts
+6
View File
@@ -134,6 +134,7 @@ sharedOptions(
.command('assign-role <domain>') .command('assign-role <domain>')
.description('Assign Key Vault Certificate User and Secrets User roles to a principal for a domain certificate') .description('Assign Key Vault Certificate User and Secrets User roles to a principal for a domain certificate')
.requiredOption('--principal-id <id>', 'Azure principal ID to assign roles to') .requiredOption('--principal-id <id>', 'Azure principal ID to assign roles to')
.option('--dry-run', 'Show what would be assigned without making changes')
).action(async (domain: string, options: Record<string, unknown>) => { ).action(async (domain: string, options: Record<string, unknown>) => {
applyOverrides(options); applyOverrides(options);
const config = loadConfig(); const config = loadConfig();
@@ -155,11 +156,16 @@ sharedOptions(
{ role: 'Key Vault Secrets User' as const, scope: `${vaultBase}/secrets/${certName}` }, { role: 'Key Vault Secrets User' as const, scope: `${vaultBase}/secrets/${certName}` },
]; ];
const dryRun = Boolean(options['dryRun']);
for (const { role, scope } of assignments) { for (const { role, scope } of assignments) {
if (dryRun) {
console.log(`[dry-run] Would assign '${role}' to ${principalId} on ${scope}`);
} else {
const roleDefinitionId = `/subscriptions/${sub}/providers/Microsoft.Authorization/roleDefinitions/${ROLE_IDS[role]}`; const roleDefinitionId = `/subscriptions/${sub}/providers/Microsoft.Authorization/roleDefinitions/${ROLE_IDS[role]}`;
await authClient.roleAssignments.create(scope, randomUUID(), { roleDefinitionId, principalId }); await authClient.roleAssignments.create(scope, randomUUID(), { roleDefinitionId, principalId });
console.log(`Assigned '${role}' to ${principalId} on ${scope}`); console.log(`Assigned '${role}' to ${principalId} on ${scope}`);
} }
}
}); });
sharedOptions( sharedOptions(