class MU::Cloud::Azure::Role

A user as configured in {MU::Config::BasketofKittens::roles}

Public Class Methods

assignTo(principal, role_name: nil, role_id: nil, credentials: nil) click to toggle source

Assign a role to a particular principal (create a RoleAssignment). We support multiple ways of referring to a role @param principal [MU::Cloud::Azure::Id]

# File modules/mu/providers/azure/role.rb, line 76
        def self.assignTo(principal, role_name: nil, role_id: nil, credentials: nil)
# XXX subscription might need extraction
          if !role_name and !role_id
            raise MuError, "Role.assignTo requries one of role_name, role_id, or permissions in order to look up roles for association"

          end

          existing = MU::Cloud::Azure.authorization(credentials: credentials).role_assignments.list()

          roles = MU::Cloud::Azure::Role.find(cloud_id: role_id, role_name: role_name, credentials: credentials)
          role = roles.values.first # XXX handle failures and multiples

          assign_obj = MU::Cloud::Azure.authorization(:RoleAssignmentCreateParameters, model_version: "V2018_09_01_preview").new
          assign_obj.principal_id = principal
          assign_obj.principal_type = "ServicePrincipal"
          assign_obj.role_definition_id = role.id

          # TODO this should defintiely be configurable, and for most Mu
          # deploy resources will be scoped to the resource group level
          scope = "/subscriptions/"+MU::Cloud::Azure.default_subscription(credentials)

          role_name = begin
            role.role_name
          rescue NoMethodError
            role.properties.role_name
          end
          
          used_ids = []
          existing.each { |ext_assignment|
            used_ids << ext_assignment.name
            if ext_assignment.role_definition_id == role.id and
               ext_assignment.scope == scope and
               ext_assignment.principal_id == principal
              return
            end
          }

          guid = nil
          begin
            guid = MU::Cloud::Azure.genGUID
          end while used_ids.include?(guid)

          MU.log "Assigning role '#{role_name}' to principal #{principal}", details: assign_obj
          MU::Cloud::Azure.authorization(credentials: credentials).role_assignments.create(
            scope,
            guid,
            assign_obj
          )
        end
cleanup(**args) click to toggle source

Stub method. Azure resources are cleaned up by removing the parent resource group. @return [void]

# File modules/mu/providers/azure/role.rb, line 182
def self.cleanup(**args)
end
find(**args) click to toggle source

Locate and return cloud provider descriptors of this resource type which match the provided parameters, or all visible resources if no filters are specified. At minimum, implementations of find must honor credentials and cloud_id arguments. We may optionally support other search methods, such as tag_key and tag_value, or cloud-specific arguments like project. See also {MU::MommaCat.findStray}. @param args [Hash]: Hash of named arguments passed via Ruby's double-splat @return [Hash<String,OpenStruct>]: The cloud provider's complete descriptions of matching resources

# File modules/mu/providers/azure/role.rb, line 137
def self.find(**args)
  found = {}

  sub_id = MU::Cloud::Azure.default_subscription(args[:credentials])
  scope = "/subscriptions/"+sub_id

  if args[:cloud_id]
    id_str = args[:cloud_id].is_a?(MU::Cloud::Azure::Id) ? args[:cloud_id].name : args[:cloud_id]
    begin
      resp = MU::Cloud::Azure.authorization(credentials: args[:credentials]).role_definitions.get(scope, id_str)
      found[Id.new(resp.id)] = resp
    rescue MsRestAzure::AzureOperationError
      # this is fine, we're doing a blind search after all
    end
  else
    @@role_list_semaphore.synchronize {
      if !@@role_list_cache[scope]
        @@role_list_cache[scope] = Hash[MU::Cloud::Azure.authorization(credentials: args[:credentials]).role_definitions.list(scope).map { |r| [Id.new(r.id), r] }]
      end
    }
    if args[:role_name]
      @@role_list_cache[scope].values.each { |role|
        begin
          if role.role_name == args[:role_name]
            found[Id.new(role.id)] = role
            break
          end
        rescue NoMethodError
          if role.properties.role_name == args[:role_name]
            found[Id.new(role.id)] = role
            break
          end
        end
      }
    else
      found = @@role_list_cache[scope].dup
    end
  end

  found
end
isGlobal?() click to toggle source

Does this resource type exist as a global (cloud-wide) artifact, or is it localized to a region/zone? @return [Boolean]

# File modules/mu/providers/azure/role.rb, line 57
def self.isGlobal?
  false
end
new(**args) click to toggle source

Initialize this cloud resource object. Calling super will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like @vpc, for us. @param args [Hash]: Hash of named arguments passed via Ruby's double-splat

Calls superclass method
# File modules/mu/providers/azure/role.rb, line 23
def initialize(**args)
  super
  if !mu_name.nil?
    @mu_name = mu_name
    @cloud_id = Id.new(cloud_desc.id) if @cloud_id
  else
    @mu_name ||= @deploy.getResourceName(@config["name"], max_length: 31)
  end

end
quality() click to toggle source

Denote whether this resource implementation is experiment, ready for testing, or ready for production use.

# File modules/mu/providers/azure/role.rb, line 63
def self.quality
  MU::Cloud::ALPHA
end
schema(_config) click to toggle source

Cloud-specific configuration properties. @param _config [MU::Config]: The calling MU::Config object @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource

# File modules/mu/providers/azure/role.rb, line 188
def self.schema(_config)
  toplevel_required = []
  schema = {
  }
  [toplevel_required, schema]
end
validateConfig(role, _configurator) click to toggle source

Cloud-specific pre-processing of {MU::Config::BasketofKittens::roles}, bare and unvalidated. @param role [Hash]: The resource to process and validate @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member @return [Boolean]: True if validation succeeded, False otherwise

# File modules/mu/providers/azure/role.rb, line 199
def self.validateConfig(role, _configurator)
  ok = true
  role['region'] ||= MU::Cloud::Azure.myRegion(role['credentials'])

  ok
end

Public Instance Methods

assignTo(principal_id) click to toggle source

Assign this role object to a given principal (create a RoleAssignment) @param principal_id [MU::Cloud::Azure::Id]

# File modules/mu/providers/azure/role.rb, line 69
def assignTo(principal_id)
  MU::Cloud::Azure::Role.assignTo(principal_id, role_id: @cloud_id)
end
create() click to toggle source

Called automatically by {MU::Deploy#createResources}

# File modules/mu/providers/azure/role.rb, line 35
def create
end
groom() click to toggle source

Called automatically by {MU::Deploy#createResources}

# File modules/mu/providers/azure/role.rb, line 39
def groom
end
notify() click to toggle source

Return the metadata for this user configuration @return [Hash]

# File modules/mu/providers/azure/role.rb, line 44
def notify
  description = MU.structToHash(cloud_desc)
  if description
    description.delete(:etag)
    return description
  end
  {
  }
end