Azure roles, users, and assignments

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for lilatomic from gravatar.com lilatomic

Unverified details

These details have not been verified by PyPI
Meta
  • License: Round Robin 2.0.0
  • Author: Daniel Goldman
  • Requires: Python >=3.8
Classifiers

Project description

llamazure.rbac : Azure roles, users, and assignments

The llamazure.rbac package provides a helpful interface to Azure RBAC.

Benefits:

  • a coherent view of roles and assignments
  • automatically handles internals of the Azure RBAC model. For example, deleting a role will first delete all role assignments
  • automatic retries and waits for the cloud to work

rbac

Usage

For roles definitions and role assignments, create RoleOps with an AzRest created by its from_credential method:

from azure.identity import DefaultAzureCredential

from llamazure.azrest.azrest import AzRest
from llamazure.rbac.roles import RoleOps

role_ops = RoleOps(AzRest.from_credential(DefaultAzureCredential()))

For users and groups, create a Users or a Groups with a MSGraph created by their from_credentials method:

from azure.identity import DefaultAzureCredential

from llamazure.msgraph.msgraph import Graph
from llamazure.rbac.resources import Groups, Users

users = Users(Graph.from_credential(DefaultAzureCredential()))
groups = Groups(Graph.from_credential(DefaultAzureCredential()))

Create a role

from llamazure.rbac.roles import *

role = role_ops.rds.put(
    RoleDefinition.Properties(
        roleName="llamazure-rbac-asn",
        description="test finding assignments",
        permissions=[Permission(actions=["Microsoft.Authorization/*/read"])],
    ),
    scope="/subscriptions/00000000-0000-0000-0000-000000000000",
)

Assign a role

This will also automatically add the scope of assignment to the role's assignable scopes if necessary:

me = users.current()
role_ops.ras.assign(principalId=me["id"], principalType="User", role_name=role.properties.name,scope="/subscriptions/00000000-0000-0000-0000-000000000000")

Delete a role

This will also delete all role assignments before deleting a role:

role_ops.delete_role(role)

You can also delete a role by name:

role_ops.delete_by_name("llamazure-rbac-asn")

Get users with their groups

users.list_with_memberOf()

Get groups with their members

groups.list_with_memberships()

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for lilatomic from gravatar.com lilatomic

Unverified details

These details have not been verified by PyPI
Meta
  • License: Round Robin 2.0.0
  • Author: Daniel Goldman
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.2.0

0.1.0

This version

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

llamazure.rbac-0.0.2.tar.gz (6.8 kB view hashes)

Uploaded Source

Built Distribution

llamazure.rbac-0.0.2-py3-none-any.whl (6.7 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page