From 0295378c39129504529d42d0c9d0c39a53d3852c Mon Sep 17 00:00:00 2001 From: Jiashuo Li Date: Wed, 22 Jul 2020 16:55:23 +0800 Subject: [PATCH 1/5] Fix: `az role assignment list-changelogs` fails with KeyError --- .../azure/cli/command_modules/role/custom.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/role/custom.py b/src/azure-cli/azure/cli/command_modules/role/custom.py index 069c111bcf9..f6c671bc5c6 100644 --- a/src/azure-cli/azure/cli/command_modules/role/custom.py +++ b/src/azure-cli/azure/cli/command_modules/role/custom.py @@ -280,8 +280,12 @@ def list_role_assignment_change_logs(cmd, start_time=None, end_time=None): # py result = [] worker = MultiAPIAdaptor(cmd.cli_ctx) start_events, end_events, offline_events, client = _get_assignment_events(cmd.cli_ctx, start_time, end_time) - role_defs = {d.id: [worker.get_role_property(d, 'role_name'), - d.id.split('/')[-1]] for d in list_role_definitions(cmd)} + + # Use the resource `name` of roleDefinitions as keys, instead of `id`, because `id` can be inherited. + # name: b24988ac-6180-42a0-ab88-20f7382dd24c + # id: /subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c # pylint: disable=line-too-long + role_defs = {d.name: [worker.get_role_property(d, 'role_name'), d.id.split('/')[-1]] + for d in list_role_definitions(cmd)} for op_id in start_events: e = end_events.get(op_id, None) @@ -331,8 +335,10 @@ def list_role_assignment_change_logs(cmd, start_time=None, end_time=None): # py else: entry['scopeType'] = 'Resource' - entry['roleDefinitionId'] = role_defs[payload['roleDefinitionId']][1] - entry['roleName'] = role_defs[payload['roleDefinitionId']][0] + # Look up the resource `name`, like b24988ac-6180-42a0-ab88-20f7382dd24c + role_resource_name = payload['roleDefinitionId'].split('/')[-1] + entry['roleDefinitionId'] = role_defs[role_resource_name][1] + entry['roleName'] = role_defs[role_resource_name][0] result.append(entry) # Fill in logical user/sp names as guid principal-id not readable From fe66514aa550eb94364fc4b3a350260a5e5bfa2e Mon Sep 17 00:00:00 2001 From: Jiashuo Li Date: Thu, 20 Aug 2020 13:44:34 +0800 Subject: [PATCH 2/5] non-existing --- src/azure-cli/azure/cli/command_modules/role/custom.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/role/custom.py b/src/azure-cli/azure/cli/command_modules/role/custom.py index f6c671bc5c6..508c7e5afe1 100644 --- a/src/azure-cli/azure/cli/command_modules/role/custom.py +++ b/src/azure-cli/azure/cli/command_modules/role/custom.py @@ -337,8 +337,14 @@ def list_role_assignment_change_logs(cmd, start_time=None, end_time=None): # py # Look up the resource `name`, like b24988ac-6180-42a0-ab88-20f7382dd24c role_resource_name = payload['roleDefinitionId'].split('/')[-1] - entry['roleDefinitionId'] = role_defs[role_resource_name][1] - entry['roleName'] = role_defs[role_resource_name][0] + entry['roleDefinitionId'] = role_resource_name + role_def = role_defs.get("roleDefinitionId") + if role_def: + entry['roleName'] = role_def[0] + else: + # In case the role definition has been deleted. + entry['roleName'] = "N/A" + result.append(entry) # Fill in logical user/sp names as guid principal-id not readable From ff12d19ce76c4573f7095940527821fe118ea8a7 Mon Sep 17 00:00:00 2001 From: Jiashuo Li Date: Fri, 21 Aug 2020 12:59:23 +0800 Subject: [PATCH 3/5] role_defs.get(role_resource_name) --- src/azure-cli/azure/cli/command_modules/role/custom.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/azure-cli/azure/cli/command_modules/role/custom.py b/src/azure-cli/azure/cli/command_modules/role/custom.py index df85be67df1..2bb79a8aab9 100644 --- a/src/azure-cli/azure/cli/command_modules/role/custom.py +++ b/src/azure-cli/azure/cli/command_modules/role/custom.py @@ -338,7 +338,7 @@ def list_role_assignment_change_logs(cmd, start_time=None, end_time=None): # py # Look up the resource `name`, like b24988ac-6180-42a0-ab88-20f7382dd24c role_resource_name = payload['roleDefinitionId'].split('/')[-1] entry['roleDefinitionId'] = role_resource_name - role_def = role_defs.get("roleDefinitionId") + role_def = role_defs.get(role_resource_name) if role_def: entry['roleName'] = role_def[0] else: From 6622db825fd4ad68e38a3330c99f172a6c1b979f Mon Sep 17 00:00:00 2001 From: Jiashuo Li Date: Wed, 9 Sep 2020 15:56:26 +0800 Subject: [PATCH 4/5] Refine --- src/azure-cli/azure/cli/command_modules/role/custom.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/role/custom.py b/src/azure-cli/azure/cli/command_modules/role/custom.py index 2bb79a8aab9..3d702955dd0 100644 --- a/src/azure-cli/azure/cli/command_modules/role/custom.py +++ b/src/azure-cli/azure/cli/command_modules/role/custom.py @@ -284,8 +284,7 @@ def list_role_assignment_change_logs(cmd, start_time=None, end_time=None): # py # Use the resource `name` of roleDefinitions as keys, instead of `id`, because `id` can be inherited. # name: b24988ac-6180-42a0-ab88-20f7382dd24c # id: /subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c # pylint: disable=line-too-long - role_defs = {d.name: [worker.get_role_property(d, 'role_name'), d.id.split('/')[-1]] - for d in list_role_definitions(cmd)} + role_defs = {d.name: worker.get_role_property(d, 'role_name') for d in list_role_definitions(cmd)} for op_id in start_events: e = end_events.get(op_id, None) @@ -340,7 +339,7 @@ def list_role_assignment_change_logs(cmd, start_time=None, end_time=None): # py entry['roleDefinitionId'] = role_resource_name role_def = role_defs.get(role_resource_name) if role_def: - entry['roleName'] = role_def[0] + entry['roleName'] = role_def else: # In case the role definition has been deleted. entry['roleName'] = "N/A" From ab5bbf2a715d56dc4f90f041e3787b81f5600d43 Mon Sep 17 00:00:00 2001 From: Jiashuo Li Date: Wed, 9 Sep 2020 16:01:11 +0800 Subject: [PATCH 5/5] Simplify code --- src/azure-cli/azure/cli/command_modules/role/custom.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/role/custom.py b/src/azure-cli/azure/cli/command_modules/role/custom.py index 3d702955dd0..1ad3de564f4 100644 --- a/src/azure-cli/azure/cli/command_modules/role/custom.py +++ b/src/azure-cli/azure/cli/command_modules/role/custom.py @@ -337,12 +337,8 @@ def list_role_assignment_change_logs(cmd, start_time=None, end_time=None): # py # Look up the resource `name`, like b24988ac-6180-42a0-ab88-20f7382dd24c role_resource_name = payload['roleDefinitionId'].split('/')[-1] entry['roleDefinitionId'] = role_resource_name - role_def = role_defs.get(role_resource_name) - if role_def: - entry['roleName'] = role_def - else: - # In case the role definition has been deleted. - entry['roleName'] = "N/A" + # In case the role definition has been deleted. + entry['roleName'] = role_defs.get(role_resource_name, "N/A") result.append(entry)