Allow adding/removing attributes to entities without requiring specifying full set

[plorenz]

Currently must specify full role attribute set when updating. It would be nice to be able to specify role attributes to add or remove.

[ekoby]

good to add this

[qrkourier]

It would be nice, and this feels like an interactive case, not an API problem. Shouldn't this functionality should live in the ziti CLI?

ziti edge update service --append --role-attributes newrole myservice

inspired by:

usermod --append --groups newgrp alice

The CLI can use the existing API operations to compute the new set to PATCH the entity. An additive update operation like POST /edge/management/v1/identities/:id/roles might be convenient for some mgmt client implementations :shrug: but it doesn't seem too difficult to accomplish the same with existing operations for all non-interactive use cases.

[plorenz]

It would be nice, and this feels like an interactive case, not an API problem. Shouldn't this functionality should live in the ziti CLI?

ziti edge update service --append --role-attributes newrole myservice

inspired by:

usermod --append --groups newgrp alice

The CLI can use the existing API operations to compute the new set to PATCH the entity. An additive update operation like POST /edge/management/v1/identities/:id/roles might be convenient for some mgmt client implementations 🤷 but it doesn't seem too difficult to accomplish the same with existing operations for all non-interactive use cases.

Yes, this is something that should be done in the CLI. I'm thinking we could maybe do --append-role-attributes and --remove-role-attributes. Alternately we could do this as a sub-command, which might be less ambiguous.

ziti edge update identity add-role-attributes <id or name> <list> ziti edge update identity drop-role-attributes <id or name> <list>

[dovholuknf]

i'd rather see the dedicated subcommand. --tags is another one that should have the same sort of functionality and ideally this is a pattern for other subcommands to follow