Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/devwithkrishna/get-azure-role-assignments-using-python
This repository contains python code to get the role assignments from azure
https://github.com/devwithkrishna/get-azure-role-assignments-using-python
automation azure azurerbac dependabot github poetry python3 role-assignments
Last synced: 9 days ago
JSON representation
This repository contains python code to get the role assignments from azure
- Host: GitHub
- URL: https://github.com/devwithkrishna/get-azure-role-assignments-using-python
- Owner: devwithkrishna
- License: mit
- Created: 2024-05-01T18:00:39.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2024-06-22T10:47:43.000Z (7 months ago)
- Last Synced: 2024-11-15T13:09:50.924Z (2 months ago)
- Topics: automation, azure, azurerbac, dependabot, github, poetry, python3, role-assignments
- Language: Python
- Homepage: https://github.com/devwithkrishna/get-azure-role-assignments-using-python
- Size: 47.9 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# get-azure-role-assignments-using-python
This repository contains python code to get the role assignments from azure
# What this repository do
```markdown
This repo contains the source code which can be used to list the role assignments on a subscription level
for Azure using Python azure SDK's.
```
## parameters
| inputs | description | mandatory |
|--------|-------------|-----------|
|subscription_id| azure subscription id| :heavy_check_mark: |
## Authentication
Authentication to Azure is done using service principal credentials
have a `.env file`
```yaml
AZURE_CLIENT_ID="xxx"
AZURE_CLIENT_SECRET="xxx"
AZURE_TENANT_ID="xxx"
AZURE_SUBSCRIPTION_ID="xxx"
```
Where xxx refers to the actual values. These will vary for everyone
using python-dotenv module and fucntion load_dotenv() uses it for local testing.
# Final output
```json
{
"id": "/subscriptions//providers/Microsoft.Authorization/roleAssignments/",
"name": "",
"type": "Microsoft.Authorization/roleAssignments",
"principal_id": "",
"principal_type": "< group or user or service principal>",
"role_definition_id": "",
"assignment_creation_time": "",
"scope": "/subscriptions/",
"principal_name": "",
"rbac_role_name": ""
}
```
* for local testing the code creates this as a json file.
# How to run the code locally
```commandline
python3 role_assignments.py --subscription_id
```
### For package management poetry is used.
## Refernces
* [role-assignments-list](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest)
* [role-based-access-control built-in-roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles)
* [AuthorizationManagementClient](https://learn.microsoft.com/en-us/rest/api/authorization/role-definitions/get?view=rest-authorization-2022-04-01&tabs=Python)
* [azure graph rbac](https://learn.microsoft.com/en-us/python/api/azure-graphrbac/azure.graphrbac.operations.service_principals_operations.serviceprincipalsoperations?view=azure-python-previous#azure-graphrbac-operations-service-principals-operations-serviceprincipalsoperations-get)