role_definitions#

State module for managing Authorization Role Definitions.

async idem_azure.states.azure.authorization.role_definitions.present(hub, ctx, name: str, scope: str, role_definition_id: str, role_definition_name: str, permissions: List[ActionsSet], description: str = None, assignable_scopes: List[str] = None, resource_id: str = None) Dict[source]#

Create or update Role Definitions.

Parameters:

  • name (str) – The identifier for this state.

  • scope (str) – The scope of the role definition.

  • role_definition_id (str) – The ID of the role definition.

  • role_definition_name (str) – The name of the role definition.

  • permissions (list) –

    The permissions of the role definitions.

    • actions(list, Optional):

      Allowed actions

    • notActions(list, Optional):

      Denied actions

    • dataActions(list, Optional):

      Allowed Data actions

    • notDataActions(list, Optional):

      Denied Data actions

  • description (str) – The description of the role definitions.

  • assignable_scopes (list, Optional) – The assignable scopes of the role definitions. Defaults to scope.

  • resource_id (str, Optional) – Role definition resource id on Azure.

Returns:

dict

Examples

my-role-definition:
  azure.authorization.role_definitions.present:
    - name: my-role-definition
    - scope: /subscriptions/subscription-id
    - role_definition_id: aa246b4f-3ba8-4d39-8e43-687eb2e1661c
    - role_definition_name: my-role-name
    - permissions:
      - actions:
        - Microsoft.Resources/subscriptions/resourceGroups/read
      - notActions:
        - Microsoft.Resources/subscriptions/resourceGroups/write
      - dataActions:
        - Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
      - notDataActions:
        - Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write
    - description: my-role-description
    - assignable_scopes:
      - /subscriptions/subscription-id
async idem_azure.states.azure.authorization.role_definitions.absent(hub, ctx, name: str, scope: str, role_definition_id: str) Dict[source]#

Delete Role Definitions.

Parameters:

  • name (str) – The identifier for this state.

  • scope (str) – The scope of the role definition.

  • role_definition_id (str) – The ID of the role definition to delete.

Returns:

dict

Examples

my-role-definition:
  azure.authorization.role_definitions.absent:
    - name: my-role-definition
    - scope: /subscriptions/subscription-id
    - role_definition_id: aa246b4f-3ba8-4d39-8e43-687eb2e1661c
async idem_azure.states.azure.authorization.role_definitions.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function.

Lists all Role Definitions under the same subscription.

Returns:

Dict[str, Any]

Examples

$ idem describe azure.authorization.role_definitions