def execute_deployment_test(
self,
args: dict,
configuration_path: str,
environment_type: str) -> bool:
from orchestration.common.factory import ObjectFactory
from orchestration.common.parameter_initializer import ParameterInitializer
factory = ObjectFactory(is_live_mode=self.is_live)
parameter_initializer = \
factory.get_parameter_initializer()
parameter_initializer.initialize(
args,
configuration_path,
is_live_mode=self.is_live)
from orchestration.resource_deployment import ResourceDeployment
resourceDeployment = ResourceDeployment(
parameter_initializer._data_store,
parameter_initializer._resource_management_integration_service,
parameter_initializer._policy_integration_service,
parameter_initializer._aad_cli_integration_service,
parameter_initializer._keyvault_cli_integration_service,
parameter_initializer._module_version_retrieval,
parameter_initializer._vdc_storage_account_name,
parameter_initializer._vdc_storage_account_subscription_id,
parameter_initializer._vdc_storage_account_resource_group,
parameter_initializer._validate_deployment,
parameter_initializer._deploy_all_modules,
parameter_initializer._deployment_configuration_path,
parameter_initializer._module_deployment_order,
parameter_initializer._resource_group,
parameter_initializer._single_module,
parameter_initializer._deploy_module_dependencies,
parameter_initializer._upload_scripts,
parameter_initializer._create_vdc_storage,
parameter_initializer._shared_services_deployment_name,
parameter_initializer._deployment_name,
parameter_initializer._location,
parameter_initializer._tenant_id,
parameter_initializer._subscription_id,
parameter_initializer._shared_services_subscription_id,
parameter_initializer._service_principals,
parameter_initializer._organization_name,
parameter_initializer._encryption_keys_for,
parameter_initializer._module_dependencies,
parameter_initializer._environment_type,
parameter_initializer._json_parameters,
parameter_initializer._import_module,
parameter_initializer._custom_scripts_path,
parameter_initializer._environment_keys,
from_integration_test=True)
# Invoke deployment
successful: list = resourceDeployment.create()
return len(successful) > 0
def _initialize_integration_objects(
self,
is_recording: bool):
"""Function that initializes integration objects used during a resource deployment
:param is_recording: Value set to True when running integration tests recording (using VCR.py)
all HTTP interactions
:type is_recording: bool
"""
object_factory = ObjectFactory(is_recording)
self._data_store = \
object_factory.storage_factory(
StorageType.BLOB_STORAGE,
client_id=self._client_id,
secret=self._secret,
tenant_id=self._tenant_id,
location=self._location,
subscription_id=self._vdc_storage_account_subscription_id,
storage_account_name=self._vdc_storage_account_name,
storage_account_resource_group=self._vdc_storage_account_resource_group)
self._resource_management_integration_service = \
object_factory.integration_factory(
IntegrationType.RESOURCE_MANAGEMENT_CLIENT_SDK,
client_id=self._client_id,
secret=self._secret,
tenant_id=self._tenant_id,
subscription_id=self._subscription_id)
self._policy_integration_service = \
object_factory.integration_factory(
IntegrationType.POLICY_CLIENT_SDK,
client_id=self._client_id,
secret=self._secret,
tenant_id=self._tenant_id,
subscription_id=self._subscription_id,
api_version='2018-05-01')
self._management_lock_integration_service = \
object_factory.integration_factory(
IntegrationType.MANAGEMENT_LOCK_CLIENT_SDK,
client_id=self._client_id,
secret=self._secret,
tenant_id=self._tenant_id,
subscription_id=self._subscription_id)
self._aad_cli_integration_service = \
object_factory.integration_factory(
IntegrationType.AAD_CLIENT_CLI)
self._keyvault_cli_integration_service = \
object_factory.integration_factory(
IntegrationType.KEYVAULT_CLIENT_CLI)
def create_management_group(args):
object_factory = ObjectFactory(is_live_mode=True)
management_group_integration_service = \
object_factory.integration_factory(
IntegrationType.MANAGEMENT_GROUP_CLIENT_SDK,
client_id=args.client_id,
secret=args.secret,
tenant_id=args.tenant_id)
subscription_integration_service = \
object_factory.integration_factory(
IntegrationType.SUBSCRIPTION_CLIENT_SDK,
client_id=args.client_id,
secret=args.secret,
tenant_id=args.tenant_id)
billing_integration_service = \
object_factory.integration_factory(
IntegrationType.BILLING_CLIENT_SDK,
client_id=args.client_id,
secret=args.secret,
tenant_id=args.tenant_id)
subscription_management = \
SubscriptionManagement(
management_group_integration_service,
subscription_integration_service,
billing_integration_service)
subscription_management.create_management_group(
management_group_id=args.id,
subscription_id=args.subscription_id,
subscription_name=args.subscription_name)
import sys
sys.stdout.write(args.id)
_logger.info("Management group successfully created")
def associate_mgmt_group(args):
object_factory = ObjectFactory(is_live_mode=True)
management_group_integration_service = \
object_factory.integration_factory(
IntegrationType.MANAGEMENT_GROUP_CLIENT_SDK,
client_id=args.client_id,
secret=args.secret,
tenant_id=args.tenant_id)
subscription_integration_service = \
object_factory.integration_factory(
IntegrationType.SUBSCRIPTION_CLIENT_SDK,
client_id=args.client_id,
secret=args.secret,
tenant_id=args.tenant_id)
billing_integration_service = \
object_factory.integration_factory(
IntegrationType.BILLING_CLIENT_SDK,
client_id=args.client_id,
secret=args.secret,
tenant_id=args.tenant_id)
subscription_management = \
SubscriptionManagement(
management_group_integration_service,
subscription_integration_service,
billing_integration_service)
subscription_management\
.associate_subscription_to_management_group(
management_group_id=args.management_group_id,
subscription_id=args.subscription_id)
_logger.info("Subscription successfully associated to Management group")
def setUp(self):
super(SubscriptionManagementTests, self).setUp()
object_factory = \
ObjectFactory(is_live_mode=self.is_live)
client_id = None
secret = None
tenant_id = None
management_group_integration_service = \
object_factory.integration_factory(
IntegrationType.MANAGEMENT_GROUP_CLIENT_SDK,
client_id=client_id,
secret=secret,
tenant_id=tenant_id)
subscription_integration_service = \
object_factory.integration_factory(
IntegrationType.SUBSCRIPTION_CLIENT_SDK,
client_id=client_id,
secret=secret,
tenant_id=tenant_id)
# Setting a dummy subscription Id, this is to prevent
# billing client sdk instance from failing.
# If you are running in live mode, make sure to update
# subscription_id with a valid value
billing_integration_service = \
object_factory.integration_factory(
IntegrationType.BILLING_CLIENT_SDK,
client_id=client_id,
secret=secret,
tenant_id=tenant_id,
subscription_id='00000000-0000-0000-0000-000000000000')
self._subscription_management = SubscriptionManagement(
management_group_integration_service,
subscription_integration_service, billing_integration_service)
def create_deployment(parsed_args):
# Gather the provided argument within an array.
args = vars(parsed_args)
# Capture the parameters provided for debugging.
_logger.debug('The parameters extracted were: {}'.format(args))
configuration_path = args['configuration-path']
# Setting deployment-type -> shared-services | workload | on-premises
environment = args['environment-type']
_logger.info('Provisioning the following environment: {}'.format(environment))
_logger.info('Deployment path is: {}'.format(configuration_path))
#-----------------------------------------------------------------------------
# Call the function indicated by the invocation command.
#-----------------------------------------------------------------------------
try:
all_configuration_paths = list()
all_configuration_paths = \
configuration_path.split(',')
_logger\
.info('Configuration path(s): {}'\
.format(all_configuration_paths))
is_live_mode = True
from orchestration.common.factory import ObjectFactory
from orchestration.common.parameter_initializer import ParameterInitializer
factory = ObjectFactory(is_live_mode=is_live_mode)
for path in all_configuration_paths:
parameter_initializer = \
factory.get_parameter_initializer()
parameter_initializer.initialize(
args,
path,
is_live_mode=is_live_mode)
from orchestration.resource_deployment import ResourceDeployment
resourceDeployment = ResourceDeployment(
parameter_initializer._data_store,
parameter_initializer._resource_management_integration_service,
parameter_initializer._policy_integration_service,
parameter_initializer._aad_cli_integration_service,
parameter_initializer._keyvault_cli_integration_service,
parameter_initializer._module_version_retrieval,
parameter_initializer._vdc_storage_account_name,
parameter_initializer._vdc_storage_account_subscription_id,
parameter_initializer._vdc_storage_account_resource_group,
parameter_initializer._validate_deployment,
parameter_initializer._deploy_all_modules,
parameter_initializer._deployment_configuration_path,
parameter_initializer._module_deployment_order,
parameter_initializer._resource_group,
parameter_initializer._single_module,
parameter_initializer._deploy_module_dependencies,
parameter_initializer._upload_scripts,
parameter_initializer._create_vdc_storage,
parameter_initializer._shared_services_deployment_name,
parameter_initializer._deployment_name,
parameter_initializer._location,
parameter_initializer._tenant_id,
parameter_initializer._subscription_id,
parameter_initializer._shared_services_subscription_id,
parameter_initializer._service_principals,
parameter_initializer._organization_name,
parameter_initializer._encryption_keys_for,
parameter_initializer._module_dependencies,
parameter_initializer._environment_type,
parameter_initializer._json_parameters,
parameter_initializer._import_module,
parameter_initializer._custom_scripts_path,
parameter_initializer._environment_keys)
# Invoke deployment
resourceDeployment.create()
except Exception as ex:
_logger.error('There was an unhandled error while provisioning the resources.')
_logger.error(ex)
exit()
def main():
'''Main module used to assign policies provided within a json file.
This module takes in a policy file containing a list of json arm policy definitions.
In addition, this module takes in a subscription id and optional resource group name,
which are used to produce an assignment scope for the application of policies.
Examples:
$ python policyassignment.py -p parameters/shared-services|workload/azureDeploy.parameters.json -pf ../policies/policies/sub.arm.policies.json -s <subscription_id>
$ python policyassignment.py -p parameters/shared-services|workload/azureDeploy.parameters.json -pf ../policies/policies/kv.arm.policies.json -s <subscription_id> -r <resource_group_name>
Args:
policies: A json file containing a lisy of arm policies.
subscription: The subscription id used for the assignment of policies.
group: The optional resource group name used for the assignment of policies.
'''
# Logging configuration.
#-----------------------------------------------------------------------------
# Define some basic log configuration for if the script was called manually.
logging.basicConfig(level=logging.INFO)
# Parameter input.
#-----------------------------------------------------------------------------
# Define a parser to process the expected arguements.
parser = ArgumentParser(
description='Applies a set of ARM policies provided as a json file, at a given scope.')
parser.add_argument('--configuration-file-path',
type=FileType('r'),
action='store',
dest='configuration-path',
required=True,
help='Path to json file containing environment configuration information, environment where the policies will be applied')
parser.add_argument('-file', '--policy-file',
type=FileType('r'),
action='store',
dest='policies',
required=True,
help='Path to json file containing the policies to be applied.')
parser.add_argument('--client-id',
dest='client-id',
action="store",
type=str,
required=False,
help='Specifies the ClientId. This value can be a SPN or AAD Object ID')
parser.add_argument('--secret',
dest='secret',
action="store",
type=str,
required=False,
help="Specifies the ClientId's secret")
parser.add_argument('--tenant-id',
dest='tenant-id',
action="store",
type=str,
required=False,
help='Specifies the TenantId')
parser.add_argument('-sid', '--subscription-id',
dest='subscription-id',
required=False,
help='Specifies the subscription identifier where the resources will be provisioned')
parser.add_argument('-rg', '--resource-group',
type=str,
action='store',
dest='resource-group',
required=False,
help='Resource group name used for policy assignment scope.')
parser.add_argument('--management-group-id',
type=str,
action='store',
dest='management-group-id',
required=False,
help='Management Group Id used for policy assignment scope.')
# Gather the provided arguments as an array.
args = parser.parse_args()
# Script kickoff.
#-----------------------------------------------------------------------------
_logger.debug('The policy assignment script was invoked with the following parameters: {}'
.format(args))
_logger.info('Policy assignment script will define and assign the provided policies.')
# Variable assignment.
#-----------------------------------------------------------------------------
# Let's convert args into a dictionary
args = vars(args)
# Assign these arguments to variables.
json_policies = json.load(args['policies'])
# Close the policy file.
args['policies'].close()
# Assign these arguments to variables.
json_configuration = json.load(args['configuration-path'])
# Close the policy file.
args['configuration-path'].close()
if 'shared-services' not in json_configuration or 'subscription-id' not in json_configuration['shared-services'] or json_configuration['shared-services']['subscription-id'] == None:
_logger.error('Missing or empty shared-services.subscription-id value. This value is used to indicate the subscription identifier of VDC storage account')
exit()
vdc_storage_account_subscription_id = json_configuration['shared-services']['subscription-id']
vdc_storage_account_name = "vdcstrgaccount"
vdc_storage_account_resource_group = "vdc-storage-rg"
if 'vdc-storage-account-name' in json_configuration['general'] and json_configuration['general']['vdc-storage-account-name'] != None:
vdc_storage_account_name = json_configuration['general']['vdc-storage-account-name']
if 'vdc-storage-account-rg' in json_configuration['general'] and json_configuration['general']['vdc-storage-account-rg'] != None:
vdc_storage_account_resource_group = json_configuration['general']['vdc-storage-account-rg']
# Get the organization name
if 'organization-name' not in json_configuration['general']:
_logger.error('Organization name has not been provided in the parameters file')
exit()
organization_name = \
json_configuration['general']['organization-name']
if 'deployment-name' not in json_configuration['shared-services']:
_logger.error('Deployment name has not been provided in the parameters file')
exit()
shared_services_deployment_name = \
json_configuration['shared-services']['deployment-name']
# Set the initial value
deployment_name = \
json_configuration['shared-services']['deployment-name']
# Set a default value
location = "West US"
# Let's get the shared-services region (if set).
# If we are deploying a workload, the next condition will grab the correct value
if 'shared-services' in json_configuration and\
'region' in json_configuration['shared-services']:
location = json_configuration['shared-services']['region']
# If shared-services and workload parameters are present, it means we are deploying a workload,
# otherwise shared-services parameter will only be present.
if 'shared-services' in json_configuration and\
'workload' in json_configuration:
deployment_name = json_configuration['workload']['deployment-name']
# Since we are in the workload, let's verify if region has been specified
if 'region' in json_configuration['workload']:
location = json_configuration['workload']['region']
# Record the policies that were provided.
_logger.debug('The following policies were provided: {}'
.format(json_policies))
if args['subscription-id'] is None and\
args['resource-group'] is None and\
args['management-group-id'] is None:
_logger.error('Subscription Id or Management Group Id must contain a value')
exit()
if args['resource-group'] is not None and\
args['subscription-id'] is None:
_logger.error('Subscription Id must be specified when assigning a policy at the resource group level')
exit()
assignment_scope = \
'/subscriptions/{}'.format(args['subscription-id'])
# Alter the policy scope if a resource group was provided.
if args['management-group-id'] is not None:
assignment_scope = \
'/providers/Microsoft.Management/managementGroups/{}'\
.format(args['management-group-id'])
elif args['resource-group'] is not None:
assignment_scope += \
'/resourceGroups/{}'\
.format(args['resource-group'])
_logger.debug('The scope of policy assignments has been set to the {} resource group.'
.format(args['resource-group']))
else:
_logger.debug('The scope of policy assignments has been set to the {} subscription.'
.format(args['subscription-id']))
# Policy invocation.
#-----------------------------------------------------------------------------
# Invoke the apply_policies function with the provided policies and scope.
object_factory = ObjectFactory(is_live_mode=True)
from orchestration.models.storage_type import StorageType
data_store = object_factory.storage_factory(
StorageType.BLOB_STORAGE,
client_id=args['client-id'],
secret=args['secret'],
tenant_id=args['tenant-id'],
location=location,
subscription_id=vdc_storage_account_subscription_id,
storage_account_name=vdc_storage_account_name,
storage_account_resource_group=vdc_storage_account_resource_group)
if args['subscription-id'] is None:
sdk_integration_service = \
object_factory\
.integration_factory(
IntegrationType.POLICY_CLIENT_SDK,
client_id=args['client-id'],
secret=args['secret'],
tenant_id=args['tenant-id'])
else:
sdk_integration_service = \
object_factory\
.integration_factory(
IntegrationType.POLICY_CLIENT_SDK,
client_id=args['client-id'],
secret=args['secret'],
tenant_id=args['tenant-id'],
subscription_id=args['subscription-id'])
# Replace tokens, if any
replaced_policies = helper.replace_string_tokens(
json.dumps(json_policies['policies']),
json_configuration,
organization_name,
shared_services_deployment_name,
deployment_name,
'output',
data_store)
sdk_integration_service.create_and_assign_policy(
scope=assignment_scope,
policies=json.loads(replaced_policies),
deployment_parameters=json_configuration)
# Results.
#-----------------------------------------------------------------------------
# The main module has finished executing, so reflect this.
_logger.info('-------------------------------------------------------------------------')
_logger.info('Policy assignment script has finished executing.')
_logger.info('-------------------------------------------------------------------------')
def initialize(
self,
args: dict,
deployment_configuration_path: str,
is_live_mode: bool):
"""Function initializes all required parameters used during resource
deployment, resource validation and policy creation & assignment.
:param args: Arguments received from command line
:type args: dict
:param deployment_configuration_path: Local path to the main parameters file (deployment configuration file)
:type deployment_configuration_path: str
:param is_live_mode: Boolean that is set to False when running integration tests in playback mode.
Playback mode uses VCR.py to simulate HTTP interactions
:type is_live_mode: bool
"""
self._logger.info('initializing parameters')
# Setting defaults in case values are not passed
self._vdc_storage_account_name = "vdcstrgaccount"
self._vdc_storage_account_resource_group = "vdc-storage-rg"
self._parameters_file_name = 'azureDeploy.parameters.json'
self._deployment_file_name = 'azureDeploy.json'
self._service_principals = list()
self._deploy_all_modules = True
self._deploy_module_dependencies = False
self._deployment_configuration_path = deployment_configuration_path
self._upload_scripts = False
self._service_principals = None
self._module_dependencies = None
self._encryption_keys_for = None
self._shared_services_subscription_id = ''
self._vdc_storage_account_subscription_id = ''
self._validate_deployment = False
self._delete_validation_modules = False
self._import_module = ''
self._custom_scripts_path = ''
# Let's set validate deployment boolean
if 'validate-deployment' in args:
self._validate_deployment = args['validate-deployment']
# Let's analyze if a single module will be deployed
if args['module'] != None:
self._deploy_all_modules = False
# Let's get deployment parameters
self._resource_group = args['resource-group']
self._environment_type = args['environment-type']
self._single_module = args['module']
self._client_id = None
self._secret = None
self._tenant_id = None
self._create_vdc_storage = True
if 'client-id' in args:
self._client_id = args['client-id']
if 'secret' in args:
self._secret = args['secret']
if 'tenant-id' in args:
self._tenant_id = args['tenant-id']
self._subscription_id = ''
if 'subscription-id' in args:
self._subscription_id = args['subscription-id']
self._deploy_module_dependencies = args['deploy-module-dependencies']
self._upload_scripts = args['upload-scripts']
self._create_vdc_storage = args['create-vdc-storage']
self._delete_validation_modules = False
if 'delete-validation-modules' in args:
self._delete_validation_modules = \
args['delete-validation-modules']
# If is_live_mode is False, it means we are in playback mode, therefore use
# test parameters file
if not is_live_mode:
self._parameters_file_name = 'archetype.test.json'
# Let's analyze the parameters file
# Parameters file overrides any argument passed
if self._json_parameters is None:
self._json_parameters = \
self._get_json_configuration_file(deployment_configuration_path)
if self._subscription_id == '' and\
self._environment_type in self._json_parameters['general'] and\
'subscription-id' in self._json_parameters['general'][self._environment_type]:
self._subscription_id = \
self._json_parameters['general'][self._environment_type]['subscription-id']
self.validate_required_parameters(
self._environment_type,
deployment_configuration_path)
self._location = \
self._json_parameters['general'][self._environment_type]['region']
if self._tenant_id == None:
self._tenant_id = self._json_parameters['general']['tenant-id']
self._organization_name = \
self._json_parameters['general']['organization-name']
self._deployment_name = \
self._json_parameters['general'][self._environment_type]['deployment-name']
self._module_deployment_order = \
self._json_parameters['orchestration']['modules-to-deploy']
self._shared_services_deployment_name = \
self._json_parameters['shared-services']['deployment-name']
if 'shared-services' in self._json_parameters['general'] and \
'subscription-id' in self._json_parameters['general']['shared-services']:
self._shared_services_subscription_id = \
self._json_parameters['general']['shared-services']['subscription-id']
# Use the shared_services subscription id, this is where VDC storage gets created
if 'shared-services' in self._json_parameters['general'] and \
'subscription-id' in self._json_parameters['general']['shared-services']:
self._vdc_storage_account_subscription_id = \
self._json_parameters['general']['shared-services']['subscription-id']
if 'vdc-storage-account-name' in self._json_parameters['general'] \
and self._json_parameters['general']['vdc-storage-account-name'] is not None:
self._vdc_storage_account_name = \
self._json_parameters['general']['vdc-storage-account-name']
if 'vdc-storage-account-rg' in self._json_parameters['general'] \
and self._json_parameters['general']['vdc-storage-account-rg'] is not None:
self._vdc_storage_account_resource_group = \
self._json_parameters['general']['vdc-storage-account-rg']
# Now that all the necessary parameters are initialized, let's initialize integration objects
self._initialize_integration_objects(is_live_mode)
self._environment_keys = dict({
'ENV:ENVIRONMENT-TYPE': self._environment_type,
'ENV:RESOURCE-GROUP-NAME': self._resource_group,
'ENV:RESOURCE': self._single_module
})
self._json_parameters = \
self._replace_parameters_tokens(
dict_with_tokens=self._json_parameters,
parameters=self._json_parameters,
environment_keys=self._environment_keys)
if 'service-principals' in self._json_parameters[self._environment_type] \
and self._json_parameters[self._environment_type]['service-principals'] is not None:
self._service_principals = self._json_parameters[self._environment_type]['service-principals'].split(',')
else:
self._service_principals = args['service-principals']
if 'orchestration' in self._json_parameters and\
'module-configuration' in self._json_parameters['orchestration'] and\
'modules' in self._json_parameters['orchestration']['module-configuration']:
self._module_dependencies = self._json_parameters['orchestration']['module-configuration']['modules']
if 'orchestration' in self._json_parameters and\
'module-configuration' in self._json_parameters['orchestration'] and\
'import-modules' in self._json_parameters['orchestration']['module-configuration']:
self._import_module = self._json_parameters['orchestration']['module-configuration']['import-modules']
if 'orchestration' in self._json_parameters and\
'module-configuration' in self._json_parameters['orchestration'] and\
'custom-scripts' in self._json_parameters['orchestration']['module-configuration']:
self._custom_scripts_path = self._json_parameters['orchestration']['module-configuration']['custom-scripts']
if 'vm-configuration' in self._json_parameters[self._environment_type] and\
'encryption-keys-for' in self._json_parameters[self._environment_type]['vm-configuration']:
self._encryption_keys_for = self._json_parameters[self._environment_type]['vm-configuration']['encryption-keys-for']
object_factory = ObjectFactory(is_live_mode)
self._module_version_retrieval = \
object_factory.get_module_version_retrieval(self._import_module)
self._logger.info("Parameter initialization, complete")
def main():
'''Main module used to create add roles provided within a json file.
This module takes in a role file containing a list of json aad role definitions.
Examples:
$ python rolecreation.py -sid "00000000-0000-0000-0000-000000000000" -r ../parameters/roles/shared-services/aad.roles.json
Args:
roles: A json file containing a list of aad roles.
'''
#Logging configuration.
#-----------------------------------------------------------------------------
# Define some basic log configuration for if the script was called manually.
logging.basicConfig(level=logging.DEBUG)
# Parameter input.
#-----------------------------------------------------------------------------
# Define a parser to process the expected arguments.
parser = ArgumentParser(
description=
'Creates AAD role definitions which are provided within a json file.')
parser.add_argument(
'-sid',
'--subscription-id',
dest='subscription-id',
required=True,
help=
'Specifies the subscription identifier where the resources will be provisioned'
)
parser.add_argument(
'-r',
metavar='--roles-file',
type=FileType('r'),
action='store',
dest='roles',
required=True,
help='Path to json file containing role definitions to be established.'
)
# Gather the provided arguments as an array.
args = parser.parse_args()
# Script kickoff.
#-----------------------------------------------------------------------------
logger.debug(
'The aad role creation script was invoked with the following parameters: {}'
.format(args))
logger.info(
'Thus script will establish the provided AAD role definitions.')
# Variable assignment.
#-----------------------------------------------------------------------------
# Assign these arguments to variables.
json_roles = json.load(args.roles)
# Close the policy file.
args.roles.close()
values = dict()
values['subscription-id'] = vars(args)['subscription-id']
# Let's replace the values passed as arguments
replaced_parameters = helper.replace_string_tokens(json.dumps(json_roles),
values, None, None,
None, None, None)
# Role definition creation.
#-----------------------------------------------------------------------------
# Invoke the create_role function with the provided role definition file.
object_factory = ObjectFactory(is_live_mode=False)
cli_integration_service = object_factory.integration_factory(
IntegrationType.RBAC_CLIENT_CLI)
# TODO: For now, passing None as Client & Secret Id, Subs Id and Tenant Id
cli_integration_service.create_RBAC(client_id=None,
secret=None,
tenant_id=None,
subscription_id=None,
roles=json.loads(replaced_parameters))
# Results
#-----------------------------------------------------------------------------
# The main script has finished executing, so reflect this.
logger.info(
'-------------------------------------------------------------------------'
)
logger.info('AAD role creation script has finished executing.')
logger.info(
'-------------------------------------------------------------------------'
)