Roles
This commit is contained in:
Henrik Jess Nielsen
@@ -20,6 +20,75 @@ logger = logging.getLogger(__name__)
|
||||
# Known Azure enum values not always captured in the catalog schema
|
||||
_KNOWN_ENUMS: dict[str, list[str]] = {
|
||||
"principalType": ["User", "Group", "ServicePrincipal", "Device", "ForeignGroup"],
|
||||
"roles": [
|
||||
# Key Vault roles
|
||||
"KEY_VAULT_ADMINISTRATOR",
|
||||
"KEY_VAULT_CERTIFICATES_OFFICER",
|
||||
"KEY_VAULT_CRYPTO_OFFICER",
|
||||
"KEY_VAULT_CRYPTO_SERVICE_ENCRYPTION_USER",
|
||||
"KEY_VAULT_CRYPTO_USER",
|
||||
"KEY_VAULT_READER",
|
||||
"KEY_VAULT_SECRETS_OFFICER",
|
||||
"KEY_VAULT_SECRETS_USER",
|
||||
# Storage roles
|
||||
"STORAGE_BLOB_DATA_CONTRIBUTOR",
|
||||
"STORAGE_BLOB_DATA_OWNER",
|
||||
"STORAGE_BLOB_DATA_READER",
|
||||
"STORAGE_QUEUE_DATA_CONTRIBUTOR",
|
||||
"STORAGE_QUEUE_DATA_READER",
|
||||
"STORAGE_TABLE_DATA_CONTRIBUTOR",
|
||||
"STORAGE_TABLE_DATA_READER",
|
||||
# Common Azure roles
|
||||
"CONTRIBUTOR",
|
||||
"OWNER",
|
||||
"READER",
|
||||
"USER_ACCESS_ADMINISTRATOR",
|
||||
# App/Function roles
|
||||
"WEBSITE_CONTRIBUTOR",
|
||||
# Monitoring roles
|
||||
"MONITORING_CONTRIBUTOR",
|
||||
"MONITORING_METRICS_PUBLISHER",
|
||||
"MONITORING_READER",
|
||||
"LOG_ANALYTICS_CONTRIBUTOR",
|
||||
"LOG_ANALYTICS_READER",
|
||||
# SQL roles
|
||||
"SQL_DB_CONTRIBUTOR",
|
||||
"SQL_MANAGED_INSTANCE_CONTRIBUTOR",
|
||||
"SQL_SECURITY_MANAGER",
|
||||
"SQL_SERVER_CONTRIBUTOR",
|
||||
],
|
||||
"roleDefinitionIds": [
|
||||
# Same list for roleDefinitionIds parameter
|
||||
"KEY_VAULT_ADMINISTRATOR",
|
||||
"KEY_VAULT_CERTIFICATES_OFFICER",
|
||||
"KEY_VAULT_CRYPTO_OFFICER",
|
||||
"KEY_VAULT_CRYPTO_SERVICE_ENCRYPTION_USER",
|
||||
"KEY_VAULT_CRYPTO_USER",
|
||||
"KEY_VAULT_READER",
|
||||
"KEY_VAULT_SECRETS_OFFICER",
|
||||
"KEY_VAULT_SECRETS_USER",
|
||||
"STORAGE_BLOB_DATA_CONTRIBUTOR",
|
||||
"STORAGE_BLOB_DATA_OWNER",
|
||||
"STORAGE_BLOB_DATA_READER",
|
||||
"STORAGE_QUEUE_DATA_CONTRIBUTOR",
|
||||
"STORAGE_QUEUE_DATA_READER",
|
||||
"STORAGE_TABLE_DATA_CONTRIBUTOR",
|
||||
"STORAGE_TABLE_DATA_READER",
|
||||
"CONTRIBUTOR",
|
||||
"OWNER",
|
||||
"READER",
|
||||
"USER_ACCESS_ADMINISTRATOR",
|
||||
"WEBSITE_CONTRIBUTOR",
|
||||
"MONITORING_CONTRIBUTOR",
|
||||
"MONITORING_METRICS_PUBLISHER",
|
||||
"MONITORING_READER",
|
||||
"LOG_ANALYTICS_CONTRIBUTOR",
|
||||
"LOG_ANALYTICS_READER",
|
||||
"SQL_DB_CONTRIBUTOR",
|
||||
"SQL_MANAGED_INSTANCE_CONTRIBUTOR",
|
||||
"SQL_SECURITY_MANAGER",
|
||||
"SQL_SERVER_CONTRIBUTOR",
|
||||
],
|
||||
}
|
||||
|
||||
# Catalog is baked into the image root at /bicep_modules_catalog.json
|
||||
@@ -268,6 +337,56 @@ class BicepModuleCatalog:
|
||||
iac_params = cls._iac_param_map(module_name)
|
||||
|
||||
items = []
|
||||
|
||||
# Build snippet for full params block (shown first)
|
||||
snippet_params = []
|
||||
tabstop = 1
|
||||
for param_name, param_info in ver_params.items():
|
||||
iac = iac_params.get(param_name, {})
|
||||
required = iac.get("required", False)
|
||||
ptype = param_info.get("type", "any")
|
||||
allowed = param_info.get("allowed", [])
|
||||
|
||||
# Include required params + first few optional params in snippet
|
||||
if required or len(snippet_params) < 5:
|
||||
if allowed:
|
||||
# Enum: use placeholder with first allowed value
|
||||
placeholder = f"'{allowed[0]}'"
|
||||
elif ptype == "bool":
|
||||
placeholder = "true"
|
||||
elif ptype == "int":
|
||||
placeholder = "0"
|
||||
elif ptype == "array":
|
||||
placeholder = "[]"
|
||||
elif ptype == "object":
|
||||
placeholder = "{{}}"
|
||||
else:
|
||||
placeholder = "''"
|
||||
snippet_params.append(f" {param_name}: ${{{tabstop}:{placeholder}}}")
|
||||
tabstop += 1
|
||||
|
||||
if snippet_params:
|
||||
snippet_text = "\n" + "\n".join(snippet_params) + "\n"
|
||||
required_count = sum(1 for p, i in ver_params.items()
|
||||
if iac_params.get(p, {}).get("required", False))
|
||||
items.append({
|
||||
"label": "⚡ Fill params block",
|
||||
"kind": 15, # Snippet
|
||||
"detail": f"{len(snippet_params)} params ({required_count} required)",
|
||||
"insertText": snippet_text,
|
||||
"insertTextFormat": 2, # Snippet
|
||||
"sortText": "0_lru_snippet_000",
|
||||
"documentation": {
|
||||
"kind": "markdown",
|
||||
"value": (
|
||||
f"**Fill params block**\n\n"
|
||||
f"Inserts {len(snippet_params)} params for `{module_name}`.\n"
|
||||
f"Use Tab to navigate between fields."
|
||||
),
|
||||
},
|
||||
})
|
||||
|
||||
# Individual param completions
|
||||
for param_name, param_info in ver_params.items():
|
||||
ptype = param_info.get("type", "any")
|
||||
allowed = param_info.get("allowed", [])
|
||||
|
||||
@@ -142,6 +142,18 @@ class _ProxySession:
|
||||
"has_open_quote": bool(value_m.group(2)),
|
||||
}
|
||||
|
||||
# Check if cursor is inside an array value for a param
|
||||
# e.g. "roles: ['KEY_VAULT_" or "roles: [ '"
|
||||
array_m = re.search(r"^\s*(\w+):\s*\[[^\]]*?('?)([^',\]]*)$", current)
|
||||
if array_m and array_m.group(1) not in {"params", "name", "module", "resource"}:
|
||||
return {
|
||||
"type": "param_value",
|
||||
"module": mod_name,
|
||||
"version": mod_ver,
|
||||
"param": array_m.group(1),
|
||||
"has_open_quote": bool(array_m.group(2)),
|
||||
}
|
||||
|
||||
return {
|
||||
"type": "param",
|
||||
"module": mod_name,
|
||||
|
||||
Reference in New Issue
Block a user