exec.azurerm.authorization.role

Azure Resource Manager (ARM) Authorization Roles Execution Module

New in version 1.0.0.

Changed in version 4.0.0.

maintainer:

<devops@eitr.tech>

configuration:

This module requires Azure Resource Manager credentials to be passed as keyword arguments to every function or via acct in order to work properly.

Required provider parameters:

if using username and password:
  • subscription_id
  • username
  • password
if using a service principal:
  • subscription_id
  • tenant
  • client_id
  • secret

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:

  • AZURE_PUBLIC_CLOUD (default)
  • AZURE_CHINA_CLOUD
  • AZURE_US_GOV_CLOUD
  • AZURE_GERMAN_CLOUD
idem_azurerm.exec.azurerm.authorization.role.assignments_get(hub, ctx, name, scope, **kwargs)

New in version 1.0.0.

Get the specified role assignment.

Parameters:
  • name – The name of the role assignment to get.
  • scope – The scope of the role assignment.

CLI Example:

azurerm.authorization.role.assignments_get testname testscope
idem_azurerm.exec.azurerm.authorization.role.assignments_get_by_id(hub, ctx, assignment_id, **kwargs)

New in version 1.0.0.

Gets a role assignment by ID.

Parameters:assignment_id – The fully qualified ID of the role assignment, including the scope, resource name and resource type. Use the format, /{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}. Example: /subscriptions/{subId}/resourcegroups/{rgname}//providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}.

CLI Example:

azurerm.authorization.role.assignments_get_by_id testid
idem_azurerm.exec.azurerm.authorization.role.assignments_list(hub, ctx, resource_group=None, **kwargs)

New in version 1.0.0.

Changed in version 4.0.0.

Gets all role assignments for the subscription.

Parameters:resource_group – The name of the resource group to limit the results.

CLI Example:

azurerm.authorization.role.assignments_list
idem_azurerm.exec.azurerm.authorization.role.assignments_list_for_resource(hub, ctx, name, resource_group, resource_provider_namespace, resource_type, parent_resource_path=None, **kwargs)

New in version 1.0.0.

Gets all role assignments for a resource.

Parameters:
  • name – The name of the resource to get role assignments for.
  • resource_group – The name of the resource group.
  • resource_provider_namespace – The namespace of the resource provider.
  • resource_type – The resource type of the resource.
  • parent_resource_path – The parent resource identity.

CLI Example:

azurerm.authorization.role.assignments_list_for_resource testname testgroup testnamespace testtype testpath
idem_azurerm.exec.azurerm.authorization.role.assignments_list_for_scope(hub, ctx, scope, **kwargs)

New in version 1.0.0.

Gets role assignments for a scope.

Parameters:scope – The scope of the role assignments.

CLI Example:

azurerm.authorization.role.assignments_list_for_scope testscope
idem_azurerm.exec.azurerm.authorization.role.definitions_get(hub, ctx, role_id, scope, **kwargs)

New in version 1.0.0.

Get role definition by name (GUID).

Parameters:
  • role_id – The ID of the role definition.
  • scope – The scope of the role definition.

CLI Example:

azurerm.authorization.role.definitions_get testid testscope
idem_azurerm.exec.azurerm.authorization.role.definitions_get_by_id(hub, ctx, role_id, **kwargs)

New in version 1.0.0.

Gets a role definition by ID.

Parameters:role_id – The fully qualified role definition ID. Use the format, /subscriptions/{guid}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId} for subscription level role definitions, or /providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId} for tenant level role definitions.

CLI Example:

azurerm.authorization.role.definitions_get_by_id testid
idem_azurerm.exec.azurerm.authorization.role.definitions_list(hub, ctx, scope, **kwargs)

New in version 1.0.0.

Get all role definitions that are applicable at scope and above.

Parameters:scope – The scope of the role definition.

CLI Example:

azurerm.authorization.role.definitions_list testscope