Merge branch 'refs/heads/endgame-202407' into develop
This commit is contained in:
wangmi
Коммит
2f2168c2ec
|
|
@ -35,6 +35,7 @@ import com.microsoft.azure.toolkit.lib.common.bundle.AzureString;
|
|||
import com.microsoft.azure.toolkit.lib.common.exception.AzureToolkitRuntimeException;
|
||||
import com.microsoft.azure.toolkit.lib.common.messager.AzureMessager;
|
||||
import com.microsoft.azure.toolkit.lib.common.model.AbstractAzResource;
|
||||
import com.microsoft.azure.toolkit.lib.common.model.AbstractAzServiceSubscription;
|
||||
import com.microsoft.azure.toolkit.lib.common.model.AzResource;
|
||||
import com.microsoft.azure.toolkit.lib.common.operation.AzureOperation;
|
||||
import com.microsoft.azure.toolkit.lib.common.operation.OperationContext;
|
||||
|
|
@ -65,6 +66,7 @@ import java.util.stream.Stream;
|
|||
|
||||
import static com.microsoft.azure.toolkit.intellij.common.AzureBundle.message;
|
||||
import static com.microsoft.azure.toolkit.intellij.connector.IManagedIdentitySupported.*;
|
||||
import static com.microsoft.azure.toolkit.intellij.connector.dotazure.Profile.IDENTITY_PERMISSION_MESSAGE;
|
||||
|
||||
public class WebAppRunState extends AzureRunProfileState<WebAppBase<?, ?, ?>> {
|
||||
private static final String LIBS_ROOT = "/home/site/wwwroot/libs/";
|
||||
|
|
@ -128,16 +130,21 @@ public class WebAppRunState extends AzureRunProfileState<WebAppBase<?, ?, ?>> {
|
|||
return;
|
||||
}
|
||||
final AbstractAzResource<?,?,?> data = (AbstractAzResource<?,?,?>) resource.getData();
|
||||
final String identity = con.getAuthenticationType() == AuthenticationType.SYSTEM_ASSIGNED_MANAGED_IDENTITY ?
|
||||
configuration.getPrincipalId() : Objects.requireNonNull(con.getUserAssignedManagedIdentity()).getData().getPrincipalId();
|
||||
final String identityName = con.getAuthenticationType() == AuthenticationType.SYSTEM_ASSIGNED_MANAGED_IDENTITY ?
|
||||
target instanceof AzResource ? ((AzResource)target).getName() : target.toString() :
|
||||
Objects.requireNonNull(con.getUserAssignedManagedIdentity()).getData().getName();
|
||||
if (resource instanceof AzureServiceResource<?> serviceResource && !checkPermission(serviceResource, identity)) {
|
||||
if (!IManagedIdentitySupported.grantPermission(serviceResource, identity)) {
|
||||
final String message = String.format("The managed identity %s (%s) doesn't have enough permission to access resource %s.", identity, identityName, resource.getName());
|
||||
final String identityPrincipal = con.getAuthenticationType() == AuthenticationType.SYSTEM_ASSIGNED_MANAGED_IDENTITY ?
|
||||
configuration.getPrincipalId() : Objects.requireNonNull(con.getUserAssignedManagedIdentity()).getData().getPrincipalId();
|
||||
final String identityUrl = con.getAuthenticationType() == AuthenticationType.SYSTEM_ASSIGNED_MANAGED_IDENTITY ?
|
||||
target instanceof AzResource ? ((AzResource)target).getPortalUrl() : StringUtils.EMPTY :
|
||||
Objects.requireNonNull(con.getUserAssignedManagedIdentity()).getData().getPortalUrl();
|
||||
final String resourceUrl = Optional.ofNullable(resource.getData()).filter(r -> r instanceof AbstractAzServiceSubscription)
|
||||
.map(r -> ((AbstractAzResource<?, ?, ?>) r).getPortalUrl()).orElse(StringUtils.EMPTY);
|
||||
if (resource instanceof AzureServiceResource<?> serviceResource && !checkPermission(serviceResource, Objects.requireNonNull(identityPrincipal))) {
|
||||
if (!IManagedIdentitySupported.grantPermission(serviceResource, identityPrincipal)) {
|
||||
final String message = String.format(IDENTITY_PERMISSION_MESSAGE, identityUrl, identityName, identityPrincipal, resourceUrl, resource.getName());
|
||||
final Action<?> openIdentityConfigurationAction = getOpenIdentityConfigurationAction(serviceResource);
|
||||
final Action<?> grantPermissionAction = getGrantPermissionAction(serviceResource, identity);
|
||||
final Action<?> grantPermissionAction = getGrantPermissionAction(serviceResource, identityPrincipal);
|
||||
AzureMessager.getMessager().warning(message, openIdentityConfigurationAction, grantPermissionAction);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -267,8 +267,8 @@ public class AzureComboBox<T> extends ComboBox<T> implements AzureFormInputCompo
|
|||
protected void setLoading(final boolean loading) {
|
||||
this.loading = loading;
|
||||
SwingUtilities.invokeLater(() -> {
|
||||
this.myEditor.rerender();
|
||||
Optional.ofNullable(this.myEditor.getEditorComponent()).ifPresent(c -> c.setEnabled(AzureComboBox.this.isEnabled()));
|
||||
Optional.ofNullable(this.myEditor).ifPresent(AzureComboBoxEditor::rerender);
|
||||
Optional.ofNullable(this.myEditor).map(BasicComboBoxEditor::getEditorComponent).ifPresent(c -> c.setEnabled(AzureComboBox.this.isEnabled()));
|
||||
this.repaint();
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import com.microsoft.azure.toolkit.lib.Azure;
|
|||
import com.microsoft.azure.toolkit.lib.auth.AzureCloud;
|
||||
import com.microsoft.azure.toolkit.lib.identities.Identity;
|
||||
import com.microsoft.azure.toolkit.lib.storage.AzureStorageAccount;
|
||||
import com.microsoft.azure.toolkit.lib.storage.AzuriteStorageAccount;
|
||||
import com.microsoft.azure.toolkit.lib.storage.ConnectionStringStorageAccount;
|
||||
import com.microsoft.azure.toolkit.lib.storage.IStorageAccount;
|
||||
import lombok.AllArgsConstructor;
|
||||
|
|
@ -150,6 +151,14 @@ public class StorageAccountResourceDefinition extends BaseStorageAccountResource
|
|||
return properties;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<AuthenticationType> getSupportedAuthenticationTypes(Resource<?> resource) {
|
||||
final Object data = resource.getData();
|
||||
return data instanceof ConnectionStringStorageAccount || data instanceof AzuriteStorageAccount ?
|
||||
Collections.singletonList(AuthenticationType.CONNECTION_STRING) :
|
||||
super.getSupportedAuthenticationTypes(resource);
|
||||
}
|
||||
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
public static class TempData {
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import com.microsoft.azure.toolkit.lib.common.form.AzureFormInput;
|
|||
import com.microsoft.azure.toolkit.lib.common.model.AzResource;
|
||||
import com.microsoft.azure.toolkit.lib.common.task.AzureTaskManager;
|
||||
import lombok.Getter;
|
||||
import org.apache.commons.collections.CollectionUtils;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
|
||||
import javax.annotation.Nonnull;
|
||||
|
|
@ -107,6 +108,10 @@ public class ConnectorDialog extends AzureDialog<Connection<?, ?>> implements Az
|
|||
this.consumerTypeSelector.addItemListener(this::onResourceOrConsumerTypeChanged);
|
||||
this.resourceTypeSelector.addItemListener(this::onResourceOrConsumerTypeChanged);
|
||||
this.cbAuthenticationType.addItemListener(this::onAuthenticationTypeChanged);
|
||||
this.cbAuthenticationType.addItemListener(ignore -> {
|
||||
this.cbIdentity.setRequired(cbAuthenticationType.getValue() == AuthenticationType.USER_ASSIGNED_MANAGED_IDENTITY);
|
||||
this.cbIdentity.validateValueAsync();
|
||||
});
|
||||
final Font font = UIManager.getFont("Label.font");
|
||||
final Color foregroundColor = UIManager.getColor("Label.foreground");
|
||||
final Color backgroundColor = UIManager.getColor("Label.backgroundColor");
|
||||
|
|
@ -129,11 +134,25 @@ public class ConnectorDialog extends AzureDialog<Connection<?, ?>> implements Az
|
|||
|
||||
private void onSelectResource(Object o) {
|
||||
final AzureServiceResource<?> value = o instanceof AzureServiceResource ? (AzureServiceResource<?>) this.resourcePanel.getValue() : null;
|
||||
if (Objects.nonNull(value)) {
|
||||
final List<AuthenticationType> types = Optional.ofNullable(value).map(resourceDefinition::getSupportedAuthenticationTypes).orElse(Collections.emptyList());
|
||||
final List<AuthenticationType> current = cbAuthenticationType.getItems();
|
||||
if (!CollectionUtils.isEqualCollection(types, current)) {
|
||||
updateAuthenticationTypes(types);
|
||||
}
|
||||
if (Objects.nonNull(value) && types.contains(AuthenticationType.USER_ASSIGNED_MANAGED_IDENTITY)) {
|
||||
cbIdentity.setResource(value);
|
||||
}
|
||||
}
|
||||
|
||||
private void updateAuthenticationTypes(@Nonnull final List<AuthenticationType> types) {
|
||||
final AuthenticationType current = cbAuthenticationType.getValue();
|
||||
if (!types.contains(current)) {
|
||||
this.cbAuthenticationType.clear();
|
||||
}
|
||||
this.cbAuthenticationType.setItemsLoader(() -> types);
|
||||
this.cbAuthenticationType.reloadItems();
|
||||
}
|
||||
|
||||
private void onAuthenticationTypeChanged(ItemEvent e) {
|
||||
if (e.getStateChange() == ItemEvent.SELECTED) {
|
||||
final AuthenticationType authenticationType = this.cbAuthenticationType.getValue();
|
||||
|
|
@ -228,6 +247,8 @@ public class ConnectorDialog extends AzureDialog<Connection<?, ?>> implements Az
|
|||
connection.setAuthenticationType(cbAuthenticationType.getValue());
|
||||
if (cbAuthenticationType.getValue() == AuthenticationType.USER_ASSIGNED_MANAGED_IDENTITY) {
|
||||
Optional.ofNullable(cbIdentity.getValue()).map(IdentityResource.Definition.INSTANCE::define).ifPresent(connection::setUserAssignedManagedIdentity);
|
||||
} else {
|
||||
connection.setUserAssignedManagedIdentity(null);
|
||||
}
|
||||
return connection;
|
||||
}
|
||||
|
|
@ -288,9 +309,7 @@ public class ConnectorDialog extends AzureDialog<Connection<?, ?>> implements Az
|
|||
|
||||
final List<AuthenticationType> supportedAuthenticationTypes = definition.getSupportedAuthenticationTypes();
|
||||
this.pnlAuthentication.setVisible(supportedAuthenticationTypes.size() > 1);
|
||||
this.cbAuthenticationType.clear();
|
||||
this.cbAuthenticationType.setItemsLoader(() -> supportedAuthenticationTypes);
|
||||
this.cbAuthenticationType.reloadItems();
|
||||
this.updateAuthenticationTypes(supportedAuthenticationTypes);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -89,4 +89,9 @@ public interface ResourceDefinition<T> {
|
|||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
// as for some resource (storage account), supported authentication types may be different for different resource instance
|
||||
default List<AuthenticationType> getSupportedAuthenticationTypes(@Nonnull Resource<?> resource) {
|
||||
return getSupportedAuthenticationTypes();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import com.microsoft.azure.toolkit.lib.common.bundle.AzureString;
|
|||
import com.microsoft.azure.toolkit.lib.common.exception.AzureToolkitRuntimeException;
|
||||
import com.microsoft.azure.toolkit.lib.common.messager.AzureMessager;
|
||||
import com.microsoft.azure.toolkit.lib.common.model.AbstractAzResource;
|
||||
import com.microsoft.azure.toolkit.lib.common.model.AbstractAzServiceSubscription;
|
||||
import com.microsoft.azure.toolkit.lib.common.operation.AzureOperation;
|
||||
import com.microsoft.azure.toolkit.lib.common.operation.OperationBundle;
|
||||
import com.microsoft.azure.toolkit.lib.common.task.AzureTaskManager;
|
||||
|
|
@ -44,7 +45,7 @@ import static com.microsoft.azure.toolkit.intellij.connector.dotazure.AzureModul
|
|||
|
||||
@Getter
|
||||
public class Profile {
|
||||
public static final String NO_PERMISSION_MESSAGE = "The managed identity <a href=\"%s\">%s</a> (%s) doesn't have enough permission to access resource %s.";
|
||||
public static final String IDENTITY_PERMISSION_MESSAGE = "The managed identity <a href=\"%s\">%s</a> (%s) doesn't have enough permission to access resource <a href=\"%s\">%s</a>.";
|
||||
@Nonnull
|
||||
private final String name;
|
||||
@Nonnull
|
||||
|
|
@ -101,12 +102,16 @@ public class Profile {
|
|||
this.connectionManager.addConnection(connection);
|
||||
// handle user assigned managed identity
|
||||
final Resource<Identity> identityResource = connection.getUserAssignedManagedIdentity();
|
||||
if (Objects.nonNull(identityResource)) {
|
||||
if (connection.getAuthenticationType() == AuthenticationType.USER_ASSIGNED_MANAGED_IDENTITY && Objects.nonNull(identityResource)) {
|
||||
this.resourceManager.addResource(identityResource);
|
||||
AzureTaskManager.getInstance().runInBackground("Validating connection", () -> {
|
||||
final String identity = identityResource.getData().getPrincipalId();
|
||||
if (resource instanceof AzureServiceResource<?> serviceResource && !checkPermission(serviceResource, identity)) {
|
||||
final String message = String.format(NO_PERMISSION_MESSAGE, identityResource.getData().getPortalUrl(), identityResource.getName(),identityResource.getData().getPrincipalId(), resource.getName());
|
||||
final String identityUrl = identityResource.getData().getPortalUrl();
|
||||
final String identityPrincipal = identityResource.getData().getPrincipalId();
|
||||
final String resourceUrl = Optional.ofNullable(resource.getData()).filter(r -> r instanceof AbstractAzServiceSubscription)
|
||||
.map(r -> ((AbstractAzResource<?, ?, ?>) r).getPortalUrl()).orElse(StringUtils.EMPTY);
|
||||
if (resource instanceof AzureServiceResource<?> serviceResource && !checkPermission(serviceResource, Objects.requireNonNull(identity))) {
|
||||
final String message = String.format(IDENTITY_PERMISSION_MESSAGE, identityUrl, identityResource.getName(), identityPrincipal, resourceUrl, resource.getName());
|
||||
final Action<?> openIdentityConfigurationAction = getOpenIdentityConfigurationAction(serviceResource);
|
||||
final Action<?> grantPermissionAction = getGrantPermissionAction(serviceResource, identity);
|
||||
AzureMessager.getMessager().warning(message, grantPermissionAction, openIdentityConfigurationAction);
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче