role_assignments#

State module for managing Authorization Role Assignment.

async idem_azure.states.azure.authorization.role_assignments.present(hub, ctx, name: str, scope: str, role_definition_id: str, principal_id: str, resource_id: str = None, role_assignment_name: str = None) Dict[str, Any][source]#

Create or update Role Assignments.

Parameters:

  • name (str) – The identifier for this state.

  • scope (str) – The scope of the role assignment to create. The scope can be any REST resource instance. For example, use ‘/subscriptions/{subscription-id}/’ for a subscription, ‘/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}’ for a resource group, and ‘/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}’ for a resource.

  • role_definition_id (str) – The role definition ID used in the role assignment.

  • principal_id (str) – The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.

  • resource_id (str, Optional) – Role Assignment resource id on Azure.

  • role_assignment_name (str, Optional) – A GUID for the role assignment to create. The name must be unique and different for each role assignment. This will be automatically generated if not specified.

Returns:

Dict

Examples

resource_is_present:
  azure.authorization.role_assignments.present:
    - name: value
    - scope: value
    - role_assignment_name: value
async idem_azure.states.azure.authorization.role_assignments.absent(hub, ctx, name: str, scope: str, role_assignment_name: str, resource_id: str = None) Dict[str, Any][source]#

Delete Role Assignments.

Parameters:

  • name (str) – The identifier for this state.

  • scope (str, Optional) – The scope of the role assignment to delete.

  • role_assignment_name (str, Optional) – The name of the role assignment to delete.

  • resource_id (str, Optional) – Role assignment resource id on Azure. Either resource_id or a combination of scope and role_assignment_name need to be specified. Idem will automatically consider a resource as absent if both options are not specified.

Returns:

Dict

Examples

resource_is_absent:
  azure.authorization.role_assignments.absent:
    - name: value
    - scope: value
    - role_assignment_name: value
async idem_azure.states.azure.authorization.role_assignments.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function.

Lists all Role Assignments under the same subscription.

Returns:

Dict[str, Any]

Examples

$ idem describe azure.authorization.role_assignments