def confluent_organization_create(cmd,
client,
resource_group_name,
organization_name,
plan_id,
plan_name,
term_unit,
tags=None,
location=None,
publisher_id=None,
offer_id=None,
no_wait=False):
import jwt
from azure.cli.core._profile import Profile
from azure.cli.core.azclierror import UnauthorizedError
from azure.cli.command_modules.role.custom import list_role_assignments
token_info = Profile(cli_ctx=cmd.cli_ctx).get_raw_token()[0][2]
# PyJWT < 2.0.0 is using `verify` to verify token
# PyJWT >= 2.0.0 has moved this paramter in options
# For compatibility, keep two options for now.
decode = jwt.decode(token_info['accessToken'],
algorithms=['RS256'],
verify=False,
options={"verify_signature": False})
body = {}
body['user_detail'] = {}
try:
body['user_detail']['first_name'] = decode['given_name']
body['user_detail']['last_name'] = decode['family_name']
body['user_detail']['email_address'] = decode[
'email'] if 'email' in decode else decode['unique_name']
except KeyError as ex:
raise UnauthorizedError(
f'Cannot create the organization as CLI cannot get the right value for {str(ex)} from access '
'token.') from ex
# Check owner or contributor role of subscription
user_object_id = decode['oid']
role_assignments = list_role_assignments(cmd, assignee=user_object_id, role='Owner', include_inherited=True, include_groups=True) + \
list_role_assignments(cmd, assignee=user_object_id, role='Contributor', include_inherited=True, include_groups=True)
if not role_assignments:
raise UnauthorizedError(
'You must have Owner or Contributor role of the subscription to create an organization.'
)
body['tags'] = tags
body['location'] = location
body['offer_detail'] = {}
body['offer_detail']['publisher_id'] = publisher_id
body['offer_detail']['id'] = offer_id
body['offer_detail']['plan_id'] = plan_id
body['offer_detail']['plan_name'] = plan_name
body['offer_detail']['term_unit'] = term_unit
return sdk_no_wait(no_wait,
client.begin_create,
resource_group_name=resource_group_name,
organization_name=organization_name,
body=body)
def _assign_owner_role_in_target_scope(
cmd,
role_scope,
spn_object_id,
):
from azure.cli.command_modules.role.custom import list_role_assignments, create_role_assignment
role_assignments = list_role_assignments(cmd,
assignee=spn_object_id,
role='Owner',
scope=role_scope)
if not role_assignments:
create_role_assignment(cmd,
role='Owner',
assignee_object_id=spn_object_id,
scope=role_scope,
assignee_principal_type='ServicePrincipal')
def datadog_monitor_delete(cmd,
client,
resource_group_name,
monitor_name,
no_wait=False):
monitor = client.get(resource_group_name=resource_group_name,
monitor_name=monitor_name)
poller = sdk_no_wait(no_wait,
client.begin_delete,
resource_group_name=resource_group_name,
monitor_name=monitor_name)
result = poller.result()
if not result:
scrope = '/subscriptions/' + monitor.id.split('/')[2]
role_assignments = list_role_assignments(cmd, role='43d0d8ad-25c7-4714-9337-8ba259a9fe05', scope=scrope)
for i in role_assignments:
if i.get('principalId') == monitor.identity.principal_id:
delete_role_assignments(cmd, ids=[i.get('id')])
break
return poller