add_azure_account_and_set_role_assignment_4.py 1.5 KB

1234567891011121314151617181920212223242526
  1. def set_azure_cloudcheckr_application_service_assignment(AzureApiBearerToken, AzureReaderRoleId,
  2. AzureCloudCheckrApplicationServicePrincipalId,
  3. AzureSubscriptionId):
  4. """
  5. Sets the previously created CloudCheckr application to have a reader role assignment.
  6. https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest
  7. """
  8. RoleAssignmentId = str(uuid.uuid1())
  9. api_url = "https://management.azure.com/subscriptions/" + AzureSubscriptionId + "/providers/Microsoft.Authorization/roleAssignments/" + RoleAssignmentId + "?api-version=2015-07-01"
  10. authorization_value = "Bearer " + AzureApiBearerToken
  11. role_assignment_data = json.dumps({"properties": {"principalId": AzureCloudCheckrApplicationServicePrincipalId,
  12. "roleDefinitionId": AzureReaderRoleId}})
  13. response = requests.put(api_url, headers={"Authorization": authorization_value, "Content-Type": "application/json"},
  14. data=role_assignment_data)
  15. print(response.json())
  16. if "properties" in response.json():
  17. properties = response.json()["properties"]
  18. if "roleDefinitionId" in properties:
  19. return properties["roleDefinitionId"]
  20. print("Failed to set role assignment for the CloudCheckr Application to the specified subscription")
  21. return None