fix: add missing principal-type option for assign-role command to specify user/group/service principal
This commit is contained in:
Generated
+2
-2
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "azure-acme-provisioner",
|
||||
"version": "0.4.2",
|
||||
"version": "0.4.3",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "azure-acme-provisioner",
|
||||
"version": "0.4.2",
|
||||
"version": "0.4.3",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@azure/arm-authorization": "^9.0.0",
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "azure-acme-provisioner",
|
||||
"version": "0.4.2",
|
||||
"version": "0.4.3",
|
||||
"author": {
|
||||
"name": "Sławomir Koszewski",
|
||||
"url": "https://github.com/skoszewski"
|
||||
|
||||
+3
-1
@@ -137,6 +137,7 @@ sharedOptions(
|
||||
.command('assign-role <domain>')
|
||||
.description('Assign Key Vault Certificate User and Secrets User roles to a principal for a domain certificate')
|
||||
.requiredOption('--principal-id <id>', 'Azure principal ID to assign roles to')
|
||||
.requiredOption('--principal-type <type>', 'Principal type: User | Group | ServicePrincipal (use ServicePrincipal for managed identities)')
|
||||
.option('--dry-run', 'Show what would be assigned without making changes')
|
||||
).action(async (domain: string, options: Record<string, unknown>) => {
|
||||
applyOverrides(options);
|
||||
@@ -148,6 +149,7 @@ sharedOptions(
|
||||
|
||||
const sub = config.subscriptionId;
|
||||
const principalId = String(options['principalId']);
|
||||
const principalType = String(options['principalType']) as 'User' | 'Group' | 'ServicePrincipal';
|
||||
const vaultName = new URL(config.keyVaultUrl).hostname.split('.')[0];
|
||||
const certName = domainToCertName(domain);
|
||||
const vaultBase = `/subscriptions/${sub}/resourceGroups/${kvRg}/providers/Microsoft.KeyVault/vaults/${vaultName}`;
|
||||
@@ -165,7 +167,7 @@ sharedOptions(
|
||||
console.log(`[dry-run] Would assign '${role}' to ${principalId} on ${scope}`);
|
||||
} else {
|
||||
const roleDefinitionId = `/subscriptions/${sub}/providers/Microsoft.Authorization/roleDefinitions/${ROLE_IDS[role]}`;
|
||||
await authClient.roleAssignments.create(scope, randomUUID(), { roleDefinitionId, principalId });
|
||||
await authClient.roleAssignments.create(scope, randomUUID(), { roleDefinitionId, principalId, principalType });
|
||||
console.log(`Assigned '${role}' to ${principalId} on ${scope}`);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user