[Resource] Third party S2S Consent/Permission Enumeration (#18433)

* feature permission list

* fix

* fix

* fix

* fix

* fix

* Apply suggestions from code review

* fix test and help info

* fix

Co-authored-by: Yu Chen <[email protected]>

src/azure-cli/azure/cli/command_modules/resource/_client_factory.py

@@ -4,10 +4,10 @@
 # --------------------------------------------------------------------------------------------
 
 
-def _resource_client_factory(cli_ctx, **_):
+def _resource_client_factory(cli_ctx, api_version=None, **_):
     from azure.cli.core.commands.client_factory import get_mgmt_service_client
     from azure.cli.core.profiles import ResourceType
-    return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES)
+    return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES, api_version=api_version)
 
 
 def _resource_feature_client_factory(cli_ctx, **_):
@@ -72,8 +72,8 @@ def cf_resources(cli_ctx, _):
     return _resource_client_factory(cli_ctx).resources
 
 
-def cf_providers(cli_ctx, _):
-    return _resource_client_factory(cli_ctx).providers
+def cf_providers(cli_ctx, _, api_version=None):
+    return _resource_client_factory(cli_ctx, api_version=api_version).providers
 
 
 def cf_tags(cli_ctx, _):

src/azure-cli/azure/cli/command_modules/resource/_help.py

@@ -1893,6 +1893,16 @@
         az provider list --query [?namespace=='Microsoft.Network'].resourceTypes[].resourceType
 """
 
+helps['provider permission'] = """
+type: group
+short-summary: Manage permissions for a provider.
+"""
+
+helps['provider permission list'] = """
+type: command
+short-summary: List permissions from a provider.
+"""
+
 helps['provider operation'] = """
 type: group
 short-summary: Get provider operations metadatas.

src/azure-cli/azure/cli/command_modules/resource/_params.py

@@ -145,6 +145,7 @@ def load_arguments(self, _):
         c.argument('mg', help="The management group id to register.", options_list=['--management-group-id', '-m'])
         c.argument('accept_terms', action='store_true', is_preview=True, help="Accept market place terms and RP terms for RPaaS. Required when registering RPs from RPaaS, such as 'Microsoft.Confluent' and 'Microsoft.Datadog'.")
         c.argument('wait', action='store_true', help='wait for the registration to finish')
+        c.argument('consent_to_permissions', options_list=['--consent-to-permissions', '-c'], action='store_true', help='A value indicating whether authorization is consented or not.')
 
     with self.argument_context('provider unregister') as c:
         c.argument('wait', action='store_true', help='wait for unregistration to finish')

src/azure-cli/azure/cli/command_modules/resource/commands.py

@@ -221,6 +221,7 @@ def load_command_table(self, _):
         g.custom_command('register', 'register_provider')
         g.custom_command('unregister', 'unregister_provider')
         g.custom_command('operation list', 'list_provider_operations')
+        g.custom_command('permission list', 'list_provider_permissions')
         g.custom_show_command('operation show', 'show_provider_operations')
 
     # Resource feature commands

src/azure-cli/azure/cli/command_modules/resource/custom.py

@@ -33,7 +33,8 @@
 
 from azure.cli.command_modules.resource._client_factory import (
     _resource_client_factory, _resource_policy_client_factory, _resource_lock_client_factory,
-    _resource_links_client_factory, _resource_deploymentscripts_client_factory, _authorization_management_client, _resource_managedapps_client_factory, _resource_templatespecs_client_factory)
+    _resource_links_client_factory, _resource_deploymentscripts_client_factory, _authorization_management_client, _resource_managedapps_client_factory, _resource_templatespecs_client_factory,
+    cf_providers)
 from azure.cli.command_modules.resource._validators import _parse_lock_id
 
 from azure.core.pipeline.policies import SansIOHTTPPolicy
@@ -1019,31 +1020,31 @@ def _get_auth_provider_latest_api_version(cli_ctx):
     return api_version
 
 
-def _update_provider(cli_ctx, namespace, registering, wait, mg_id=None, accept_terms=None):
+def _update_provider(cli_ctx, namespace, registering, wait, properties=None, mg_id=None, accept_terms=None):
     import time
     target_state = 'Registered' if registering else 'Unregistered'
-    rcf = _resource_client_factory(cli_ctx)
+    client = cf_providers(cli_ctx, None, api_version='2021-04-01')
     is_rpaas = namespace.lower() in RPAAS_APIS
     if mg_id is None and registering:
         if is_rpaas:
             if not accept_terms:
                 raise RequiredArgumentMissingError("--accept-terms must be specified when registering the {} RP from RPaaS.".format(namespace))
             wait = True
-        r = rcf.providers.register(namespace)
+        r = client.register(namespace, properties=properties)
     elif mg_id and registering:
-        r = rcf.providers.register_at_management_group_scope(namespace, mg_id)
+        r = client.register_at_management_group_scope(namespace, mg_id)
         if r is None:
             return
     else:
-        r = rcf.providers.unregister(namespace)
+        r = client.unregister(namespace)
 
     if r.registration_state == target_state:
         return
 
     if wait:
         while True:
             time.sleep(10)
-            rp_info = rcf.providers.get(namespace)
+            rp_info = client.get(namespace)
             if rp_info.registration_state == target_state:
                 break
         if is_rpaas and registering and mg_id is None:
@@ -2036,8 +2037,12 @@ def list_resources(cmd, resource_group_name=None,
     return list(resources)
 
 
-def register_provider(cmd, resource_provider_namespace, mg=None, wait=False, accept_terms=None):
-    _update_provider(cmd.cli_ctx, resource_provider_namespace, registering=True, wait=wait, mg_id=mg, accept_terms=accept_terms)
+def register_provider(cmd, resource_provider_namespace, consent_to_permissions=False, mg=None, wait=False, accept_terms=None):
+    properties = None
+    if consent_to_permissions:
+        from azure.mgmt.resource.resources.v2021_04_01.models import ProviderRegistrationRequest, ProviderConsentDefinition
+        properties = ProviderRegistrationRequest(third_party_provider_consent=ProviderConsentDefinition(consent_to_authorization=consent_to_permissions))
+    _update_provider(cmd.cli_ctx, resource_provider_namespace, registering=True, wait=wait, properties=properties, mg_id=mg, accept_terms=accept_terms)
 
 
 def unregister_provider(cmd, resource_provider_namespace, wait=False):
@@ -2049,6 +2054,11 @@ def list_provider_operations(cmd):
     return auth_client.provider_operations_metadata.list()
 
 
+def list_provider_permissions(cmd, resource_provider_namespace):
+    client = cf_providers(cmd.cli_ctx, None, api_version='2021-04-01')
+    return client.provider_permissions(resource_provider_namespace)
+
+
 def show_provider_operations(cmd, resource_provider_namespace):
     version = getattr(get_api_version(cmd.cli_ctx, ResourceType.MGMT_AUTHORIZATION), 'provider_operations_metadata')
     auth_client = _authorization_management_client(cmd.cli_ctx)

src/azure-cli/azure/cli/command_modules/resource/tests/hybrid_2018_03_01/recordings/test_provider_registration.yaml

@@ -68,7 +68,7 @@ interactions:
       User-Agent:
       - AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
     method: POST
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2018-02-01
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2021-04-01
   response:
     body:
       string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East
@@ -176,7 +176,7 @@ interactions:
       User-Agent:
       - AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
     method: POST
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2018-02-01
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2021-04-01
   response:
     body:
       string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East

src/azure-cli/azure/cli/command_modules/resource/tests/hybrid_2019_03_01/recordings/test_provider_registration.yaml

@@ -68,7 +68,7 @@ interactions:
       User-Agent:
       - AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
     method: POST
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2018-05-01
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2021-04-01
   response:
     body:
       string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East
@@ -176,7 +176,7 @@ interactions:
       User-Agent:
       - AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
     method: POST
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2018-05-01
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2021-04-01
   response:
     body:
       string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East

src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_provider_registration.yaml

@@ -68,7 +68,7 @@ interactions:
       User-Agent:
       - AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
     method: POST
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2020-10-01
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2021-04-01
   response:
     body:
       string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East
@@ -176,7 +176,7 @@ interactions:
       User-Agent:
       - AZURECLI/2.21.0 azsdk-python-azure-mgmt-resource/16.0.0 Python/3.8.0 (Windows-10-10.0.19041-SP0)
     method: POST
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2020-10-01
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate/unregister?api-version=2021-04-01
   response:
     body:
       string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ClassicInfrastructureMigrate","namespace":"Microsoft.ClassicInfrastructureMigrate","authorization":{"applicationId":"5e5abe2b-83cd-4786-826a-a05653ebb103","roleDefinitionId":"766c4d9b-ef83-4f73-8352-1450a506a69b"},"resourceTypes":[{"resourceType":"classicInfrastructureResources","locations":["East

src/azure-cli/azure/cli/command_modules/resource/tests/latest/recordings/test_provider_registration_mg.yaml

@@ -20,7 +20,7 @@ interactions:
       accept-language:
       - en-US
     method: POST
-    uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/testmg/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2020-10-01
+    uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/testmg/providers/Microsoft.ClassicInfrastructureMigrate/register?api-version=2021-04-01
   response:
     body:
       string: ''