def create_update_roledefinition(self): ''' Creates or updates role definition. :return: deserialized role definition ''' self.log("Creating / Updating role definition {0}".format(self.name)) try: permissions = None if self.permissions: permissions = [AuthorizationManagementClient.models("2018-01-01-preview").Permission( actions=p.get('actions', None), not_actions=p.get('not_actions', None), data_actions=p.get('data_actions', None), not_data_actions=p.get('not_data_actions', None) ) for p in self.permissions] role_definition = AuthorizationManagementClient.models("2018-01-01-preview").RoleDefinition( role_name=self.name, description=self.description, permissions=permissions, assignable_scopes=self.assignable_scopes, role_type='CustomRole') if self.role: role_definition.name = self.role['name'] response = self._client.role_definitions.create_or_update(role_definition_id=self.role['name'] if self.role else str(uuid.uuid4()), scope=self.scope, role_definition=role_definition) if isinstance(response, LROPoller) or isinstance(response, AzureOperationPoller): response = self.get_poller_result(response) except CloudError as exc: self.log('Error attempting to create role definition.') self.fail("Error creating role definition: {0}".format(str(exc))) return roledefinition_to_dict(response)
from azure.mgmt.resource import ResourceManagementClient from azure.mgmt.authorization import AuthorizationManagementClient subscription_id = '' scope = '' role_assignment_name = '199d4427-8709-4d93-a15b-61d377708ae6' role_assignment_id = '' + '199d4427-8709-4d93-a15b-61d377708ae6' role_definition_id = '' principal_id = '' if __name__ == "__main__": authorization_client = get_client_from_cli_profile( AuthorizationManagementClient) # , subscription_id=subscription_id ) authorization_models = AuthorizationManagementClient.models( '2018-09-01-preview') parameters = authorization_models.RoleAssignmentCreateParameters( role_definition_id=role_definition_id, principal_id=principal_id, principal_type='User', can_delegate=None) # role_list = authorization_client.role_assignments.list(filter=None, custom_headers=None, raw=False) print('########################################################') # for role_assignment in role_list: # print('id: {}'.format(role_assignment.id)) # print('name: {}'.format(role_assignment.name)) # print('principal_id: {}'.format(role_assignment.principal_id))