def create_update_roledefinition(self):
        '''
        Creates or updates role definition.

        :return: deserialized role definition
        '''
        self.log("Creating / Updating role definition {0}".format(self.name))

        try:
            permissions = None
            if self.permissions:
                permissions = [AuthorizationManagementClient.models("2018-01-01-preview").Permission(
                    actions=p.get('actions', None),
                    not_actions=p.get('not_actions', None),
                    data_actions=p.get('data_actions', None),
                    not_data_actions=p.get('not_data_actions', None)
                ) for p in self.permissions]
            role_definition = AuthorizationManagementClient.models("2018-01-01-preview").RoleDefinition(
                role_name=self.name,
                description=self.description,
                permissions=permissions,
                assignable_scopes=self.assignable_scopes,
                role_type='CustomRole')
            if self.role:
                role_definition.name = self.role['name']
            response = self._client.role_definitions.create_or_update(role_definition_id=self.role['name'] if self.role else str(uuid.uuid4()),
                                                                      scope=self.scope,
                                                                      role_definition=role_definition)
            if isinstance(response, LROPoller) or isinstance(response, AzureOperationPoller):
                response = self.get_poller_result(response)

        except CloudError as exc:
            self.log('Error attempting to create role definition.')
            self.fail("Error creating role definition: {0}".format(str(exc)))
        return roledefinition_to_dict(response)
Пример #2
0
from azure.mgmt.resource import ResourceManagementClient

from azure.mgmt.authorization import AuthorizationManagementClient

subscription_id = ''
scope = ''
role_assignment_name = '199d4427-8709-4d93-a15b-61d377708ae6'
role_assignment_id = '' + '199d4427-8709-4d93-a15b-61d377708ae6'
role_definition_id = ''
principal_id = ''

if __name__ == "__main__":
    authorization_client = get_client_from_cli_profile(
        AuthorizationManagementClient)  # , subscription_id=subscription_id )
    authorization_models = AuthorizationManagementClient.models(
        '2018-09-01-preview')

    parameters = authorization_models.RoleAssignmentCreateParameters(
        role_definition_id=role_definition_id,
        principal_id=principal_id,
        principal_type='User',
        can_delegate=None)

    # role_list = authorization_client.role_assignments.list(filter=None, custom_headers=None, raw=False)

    print('########################################################')

    # for role_assignment in role_list:
    #     print('id: {}'.format(role_assignment.id))
    #     print('name: {}'.format(role_assignment.name))
    #     print('principal_id: {}'.format(role_assignment.principal_id))