authorization

package

v0.0.0-...-86c76a3 Latest Latest Go to latest Published: Feb 19, 2020 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/azure-samples/azure-sdk-for-go-samples

Documentation ¶

Index ¶

func AssignRole(ctx context.Context, principalID, roleDefID string) (role authorization.RoleAssignment, err error)
func AssignRoleWithSubscriptionScope(ctx context.Context, principalID, roleDefID string) (role authorization.RoleAssignment, err error)
func DeleteRoleAssignment(ctx context.Context, id string) (authorization.RoleAssignment, error)
func ListRoleDefinitions(ctx context.Context, filter string) (list authorization.RoleDefinitionListResultPage, err error)

Examples ¶

AssignRole

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AssignRole ¶

func AssignRole(ctx context.Context, principalID, roleDefID string) (role authorization.RoleAssignment, err error)

AssignRole assigns a role to the named principal at the scope of the current group.

Example ¶

var groupName = config.GenerateGroupName("Authorization")
config.SetGroupName(groupName)

ctx := context.Background()
defer resources.Cleanup(ctx)

_, err := resources.CreateGroup(ctx, groupName)
if err != nil {
	util.PrintAndLog(err.Error())
}

list, err := ListRoleDefinitions(ctx, "roleName eq 'Contributor'")
if err != nil {
	util.PrintAndLog(err.Error())
}
util.PrintAndLog("got role definitions list")

var userID string
user, err := graphrbac.GetCurrentUser(ctx)
if err != nil {
	log.Printf("could not get object for current user: %v\n", err)
	log.Printf("using service principal ID instead")
	userID = config.ClientID()
} else {
	userID = *user.ObjectID
}

groupRole, err := AssignRole(ctx, userID, *list.Values()[0].ID)
if err != nil {
	util.PrintAndLog(err.Error())
}
util.PrintAndLog("role assigned with resource group scope")

subscriptionRole, err := AssignRoleWithSubscriptionScope(
	ctx, userID, *list.Values()[0].ID)
if err != nil {
	util.PrintAndLog(err.Error())
}
util.PrintAndLog("role assigned with subscription scope")

if !config.KeepResources() {
	DeleteRoleAssignment(ctx, *groupRole.ID)
	if err != nil {
		util.PrintAndLog(err.Error())
	}

	DeleteRoleAssignment(ctx, *subscriptionRole.ID)
	if err != nil {
		util.PrintAndLog(err.Error())
	}
}

Output:

got role definitions list
role assigned with resource group scope
role assigned with subscription scope

func AssignRoleWithSubscriptionScope ¶

func AssignRoleWithSubscriptionScope(ctx context.Context, principalID, roleDefID string) (role authorization.RoleAssignment, err error)

AssignRoleWithSubscriptionScope assigns a role to the named principal at the subscription scope.

func DeleteRoleAssignment ¶

func DeleteRoleAssignment(ctx context.Context, id string) (authorization.RoleAssignment, error)

DeleteRoleAssignment deletes a roleassignment

func ListRoleDefinitions ¶

func ListRoleDefinitions(ctx context.Context, filter string) (list authorization.RoleDefinitionListResultPage, err error)

ListRoles gets the role definitions in the used resource group

Types ¶

This section is empty.

Source Files ¶

View all Source files

authorization.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL