fix: add missing principal-type option for assign-role command to specify user/group/service principal
This commit is contained in:
Generated
+2
-2
@@ -1,12 +1,12 @@
|
|||||||
{
|
{
|
||||||
"name": "azure-acme-provisioner",
|
"name": "azure-acme-provisioner",
|
||||||
"version": "0.4.2",
|
"version": "0.4.3",
|
||||||
"lockfileVersion": 3,
|
"lockfileVersion": 3,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"packages": {
|
"packages": {
|
||||||
"": {
|
"": {
|
||||||
"name": "azure-acme-provisioner",
|
"name": "azure-acme-provisioner",
|
||||||
"version": "0.4.2",
|
"version": "0.4.3",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@azure/arm-authorization": "^9.0.0",
|
"@azure/arm-authorization": "^9.0.0",
|
||||||
|
|||||||
+1
-1
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "azure-acme-provisioner",
|
"name": "azure-acme-provisioner",
|
||||||
"version": "0.4.2",
|
"version": "0.4.3",
|
||||||
"author": {
|
"author": {
|
||||||
"name": "Sławomir Koszewski",
|
"name": "Sławomir Koszewski",
|
||||||
"url": "https://github.com/skoszewski"
|
"url": "https://github.com/skoszewski"
|
||||||
|
|||||||
+3
-1
@@ -137,6 +137,7 @@ sharedOptions(
|
|||||||
.command('assign-role <domain>')
|
.command('assign-role <domain>')
|
||||||
.description('Assign Key Vault Certificate User and Secrets User roles to a principal for a domain certificate')
|
.description('Assign Key Vault Certificate User and Secrets User roles to a principal for a domain certificate')
|
||||||
.requiredOption('--principal-id <id>', 'Azure principal ID to assign roles to')
|
.requiredOption('--principal-id <id>', 'Azure principal ID to assign roles to')
|
||||||
|
.requiredOption('--principal-type <type>', 'Principal type: User | Group | ServicePrincipal (use ServicePrincipal for managed identities)')
|
||||||
.option('--dry-run', 'Show what would be assigned without making changes')
|
.option('--dry-run', 'Show what would be assigned without making changes')
|
||||||
).action(async (domain: string, options: Record<string, unknown>) => {
|
).action(async (domain: string, options: Record<string, unknown>) => {
|
||||||
applyOverrides(options);
|
applyOverrides(options);
|
||||||
@@ -148,6 +149,7 @@ sharedOptions(
|
|||||||
|
|
||||||
const sub = config.subscriptionId;
|
const sub = config.subscriptionId;
|
||||||
const principalId = String(options['principalId']);
|
const principalId = String(options['principalId']);
|
||||||
|
const principalType = String(options['principalType']) as 'User' | 'Group' | 'ServicePrincipal';
|
||||||
const vaultName = new URL(config.keyVaultUrl).hostname.split('.')[0];
|
const vaultName = new URL(config.keyVaultUrl).hostname.split('.')[0];
|
||||||
const certName = domainToCertName(domain);
|
const certName = domainToCertName(domain);
|
||||||
const vaultBase = `/subscriptions/${sub}/resourceGroups/${kvRg}/providers/Microsoft.KeyVault/vaults/${vaultName}`;
|
const vaultBase = `/subscriptions/${sub}/resourceGroups/${kvRg}/providers/Microsoft.KeyVault/vaults/${vaultName}`;
|
||||||
@@ -165,7 +167,7 @@ sharedOptions(
|
|||||||
console.log(`[dry-run] Would assign '${role}' to ${principalId} on ${scope}`);
|
console.log(`[dry-run] Would assign '${role}' to ${principalId} on ${scope}`);
|
||||||
} else {
|
} else {
|
||||||
const roleDefinitionId = `/subscriptions/${sub}/providers/Microsoft.Authorization/roleDefinitions/${ROLE_IDS[role]}`;
|
const roleDefinitionId = `/subscriptions/${sub}/providers/Microsoft.Authorization/roleDefinitions/${ROLE_IDS[role]}`;
|
||||||
await authClient.roleAssignments.create(scope, randomUUID(), { roleDefinitionId, principalId });
|
await authClient.roleAssignments.create(scope, randomUUID(), { roleDefinitionId, principalId, principalType });
|
||||||
console.log(`Assigned '${role}' to ${principalId} on ${scope}`);
|
console.log(`Assigned '${role}' to ${principalId} on ${scope}`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user