class MU::Cloud::Azure::Role
A user as configured in {MU::Config::BasketofKittens::roles}
Public Class Methods
Assign a role to a particular principal (create a RoleAssignment). We support multiple ways of referring to a role @param principal [MU::Cloud::Azure::Id]
# File modules/mu/providers/azure/role.rb, line 76 def self.assignTo(principal, role_name: nil, role_id: nil, credentials: nil) # XXX subscription might need extraction if !role_name and !role_id raise MuError, "Role.assignTo requries one of role_name, role_id, or permissions in order to look up roles for association" end existing = MU::Cloud::Azure.authorization(credentials: credentials).role_assignments.list() roles = MU::Cloud::Azure::Role.find(cloud_id: role_id, role_name: role_name, credentials: credentials) role = roles.values.first # XXX handle failures and multiples assign_obj = MU::Cloud::Azure.authorization(:RoleAssignmentCreateParameters, model_version: "V2018_09_01_preview").new assign_obj.principal_id = principal assign_obj.principal_type = "ServicePrincipal" assign_obj.role_definition_id = role.id # TODO this should defintiely be configurable, and for most Mu # deploy resources will be scoped to the resource group level scope = "/subscriptions/"+MU::Cloud::Azure.default_subscription(credentials) role_name = begin role.role_name rescue NoMethodError role.properties.role_name end used_ids = [] existing.each { |ext_assignment| used_ids << ext_assignment.name if ext_assignment.role_definition_id == role.id and ext_assignment.scope == scope and ext_assignment.principal_id == principal return end } guid = nil begin guid = MU::Cloud::Azure.genGUID end while used_ids.include?(guid) MU.log "Assigning role '#{role_name}' to principal #{principal}", details: assign_obj MU::Cloud::Azure.authorization(credentials: credentials).role_assignments.create( scope, guid, assign_obj ) end
Stub method. Azure
resources are cleaned up by removing the parent resource group. @return [void]
# File modules/mu/providers/azure/role.rb, line 182 def self.cleanup(**args) end
Locate and return cloud provider descriptors of this resource type which match the provided parameters, or all visible resources if no filters are specified. At minimum, implementations of find
must honor credentials
and cloud_id
arguments. We may optionally support other search methods, such as tag_key
and tag_value
, or cloud-specific arguments like project
. See also {MU::MommaCat.findStray}. @param args [Hash]: Hash
of named arguments passed via Ruby's double-splat @return [Hash<String,OpenStruct>]: The cloud provider's complete descriptions of matching resources
# File modules/mu/providers/azure/role.rb, line 137 def self.find(**args) found = {} sub_id = MU::Cloud::Azure.default_subscription(args[:credentials]) scope = "/subscriptions/"+sub_id if args[:cloud_id] id_str = args[:cloud_id].is_a?(MU::Cloud::Azure::Id) ? args[:cloud_id].name : args[:cloud_id] begin resp = MU::Cloud::Azure.authorization(credentials: args[:credentials]).role_definitions.get(scope, id_str) found[Id.new(resp.id)] = resp rescue MsRestAzure::AzureOperationError # this is fine, we're doing a blind search after all end else @@role_list_semaphore.synchronize { if !@@role_list_cache[scope] @@role_list_cache[scope] = Hash[MU::Cloud::Azure.authorization(credentials: args[:credentials]).role_definitions.list(scope).map { |r| [Id.new(r.id), r] }] end } if args[:role_name] @@role_list_cache[scope].values.each { |role| begin if role.role_name == args[:role_name] found[Id.new(role.id)] = role break end rescue NoMethodError if role.properties.role_name == args[:role_name] found[Id.new(role.id)] = role break end end } else found = @@role_list_cache[scope].dup end end found end
Does this resource type exist as a global (cloud-wide) artifact, or is it localized to a region/zone? @return [Boolean]
# File modules/mu/providers/azure/role.rb, line 57 def self.isGlobal? false end
Initialize this cloud resource object. Calling super
will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like @vpc
, for us. @param args [Hash]: Hash
of named arguments passed via Ruby's double-splat
# File modules/mu/providers/azure/role.rb, line 23 def initialize(**args) super if !mu_name.nil? @mu_name = mu_name @cloud_id = Id.new(cloud_desc.id) if @cloud_id else @mu_name ||= @deploy.getResourceName(@config["name"], max_length: 31) end end
Denote whether this resource implementation is experiment, ready for testing, or ready for production use.
# File modules/mu/providers/azure/role.rb, line 63 def self.quality MU::Cloud::ALPHA end
Cloud-specific configuration properties. @param _config [MU::Config]: The calling MU::Config
object @return [Array<Array,Hash>]: List of required fields, and json-schema Hash
of cloud-specific configuration parameters for this resource
# File modules/mu/providers/azure/role.rb, line 188 def self.schema(_config) toplevel_required = [] schema = { } [toplevel_required, schema] end
Cloud-specific pre-processing of {MU::Config::BasketofKittens::roles}, bare and unvalidated. @param role [Hash]: The resource to process and validate @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member @return [Boolean]: True if validation succeeded, False otherwise
# File modules/mu/providers/azure/role.rb, line 199 def self.validateConfig(role, _configurator) ok = true role['region'] ||= MU::Cloud::Azure.myRegion(role['credentials']) ok end
Public Instance Methods
Assign this role object to a given principal (create a RoleAssignment) @param principal_id [MU::Cloud::Azure::Id]
# File modules/mu/providers/azure/role.rb, line 69 def assignTo(principal_id) MU::Cloud::Azure::Role.assignTo(principal_id, role_id: @cloud_id) end
Called automatically by {MU::Deploy#createResources}
# File modules/mu/providers/azure/role.rb, line 35 def create end
Called automatically by {MU::Deploy#createResources}
# File modules/mu/providers/azure/role.rb, line 39 def groom end
Return the metadata for this user configuration @return [Hash]
# File modules/mu/providers/azure/role.rb, line 44 def notify description = MU.structToHash(cloud_desc) if description description.delete(:etag) return description end { } end