Azure roles, users, and assignments
Project description
llamazure.rbac : Azure roles, users, and assignments
The llamazure.rbac
package provides a helpful interface to Azure RBAC.
Benefits:
- a coherent view of roles and assignments
- automatically handles internals of the Azure RBAC model. For example, deleting a role will first delete all role assignments
- automatic retries and waits for the cloud to work
rbac
Usage
For roles definitions and role assignments, create RoleOps
with an AzRest
created by its from_credential
method:
from azure.identity import DefaultAzureCredential
from llamazure.azrest.azrest import AzRest
from llamazure.rbac.roles import RoleOps
role_ops = RoleOps(AzRest.from_credential(DefaultAzureCredential()))
For users and groups, create a Users
or a Groups
with a MSGraph created by their from_credentials
method:
from azure.identity import DefaultAzureCredential
from llamazure.msgraph.msgraph import Graph
from llamazure.rbac.resources import Groups, Users
users = Users(Graph.from_credential(DefaultAzureCredential()))
groups = Groups(Graph.from_credential(DefaultAzureCredential()))
Create a role
from llamazure.rbac.roles import *
role = role_ops.rds.put(
RoleDefinition.Properties(
roleName="llamazure-rbac-asn",
description="test finding assignments",
permissions=[Permission(actions=["Microsoft.Authorization/*/read"])],
),
scope="/subscriptions/00000000-0000-0000-0000-000000000000",
)
Assign a role
This will also automatically add the scope of assignment to the role's assignable scopes if necessary:
me = users.current()
role_ops.ras.assign(principalId=me["id"], principalType="User", role_name=role.properties.name,scope="/subscriptions/00000000-0000-0000-0000-000000000000")
Delete a role
This will also delete all role assignments before deleting a role:
role_ops.delete_role(role)
You can also delete a role by name:
role_ops.delete_by_name("llamazure-rbac-asn")
Get users with their groups
users.list_with_memberOf()
Get groups with their members
groups.list_with_memberships()
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
llamazure.rbac-0.2.0.tar.gz
(11.7 kB
view hashes)
Built Distribution
Close
Hashes for llamazure.rbac-0.2.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c4a2f6dbf2527dc12a203d29229188632c51e9871111ecea70ed3b138e886fb5 |
|
MD5 | ea073a68c4bf536b0f9a8c345401a381 |
|
BLAKE2b-256 | a3b1499751140a517ee385d30ccdfa7192c46f6931347a1aa84602d76ab2ddab |