diff --git a/azurerm/config.go b/azurerm/config.go index fb0e93c55e3d..819fdc6bf54f 100644 --- a/azurerm/config.go +++ b/azurerm/config.go @@ -8,6 +8,7 @@ import ( "net/http/httputil" "github.com/Azure/azure-sdk-for-go/arm/appinsights" + "github.com/Azure/azure-sdk-for-go/arm/authorization" "github.com/Azure/azure-sdk-for-go/arm/automation" "github.com/Azure/azure-sdk-for-go/arm/cdn" "github.com/Azure/azure-sdk-for-go/arm/compute" @@ -138,6 +139,8 @@ type ArmClient struct { appInsightsClient appinsights.ComponentsClient // Authentication + roleAssignmentsClient authorization.RoleAssignmentsClient + roleDefinitionsClient authorization.RoleDefinitionsClient servicePrincipalsClient graphrbac.ServicePrincipalsClient // Databases @@ -651,19 +654,31 @@ func (c *Config) getArmClient() (*ArmClient, error) { aschc.Sender = sender client.automationScheduleClient = aschc - client.registerAuthentication(graphEndpoint, c.TenantID, graphAuth, sender) + client.registerAuthentication(endpoint, graphEndpoint, c.SubscriptionID, c.TenantID, auth, graphAuth, sender) client.registerDatabases(endpoint, c.SubscriptionID, auth, sender) client.registerKeyVaultClients(endpoint, c.SubscriptionID, auth, keyVaultAuth, sender) return &client, nil } -func (c *ArmClient) registerAuthentication(graphEndpoint, tenantId string, graphAuth autorest.Authorizer, sender autorest.Sender) { +func (c *ArmClient) registerAuthentication(endpoint, graphEndpoint, subscriptionId, tenantId string, auth, graphAuth autorest.Authorizer, sender autorest.Sender) { spc := graphrbac.NewServicePrincipalsClientWithBaseURI(graphEndpoint, tenantId) setUserAgent(&spc.Client) spc.Authorizer = graphAuth spc.Sender = sender c.servicePrincipalsClient = spc + + rac := authorization.NewRoleAssignmentsClientWithBaseURI(endpoint, subscriptionId) + setUserAgent(&rac.Client) + rac.Authorizer = auth + rac.Sender = sender + c.roleAssignmentsClient = rac + + rdc := authorization.NewRoleDefinitionsClientWithBaseURI(endpoint, subscriptionId) + setUserAgent(&rdc.Client) + rdc.Authorizer = auth + rdc.Sender = sender + c.roleDefinitionsClient = rdc } func (c *ArmClient) registerDatabases(endpoint, subscriptionId string, auth autorest.Authorizer, sender autorest.Sender) { diff --git a/azurerm/data_source_arm_builtin_role_definition.go b/azurerm/data_source_arm_builtin_role_definition.go deleted file mode 100644 index 6c5010172fe3..000000000000 --- a/azurerm/data_source_arm_builtin_role_definition.go +++ /dev/null @@ -1,42 +0,0 @@ -package azurerm - -import ( - "github.com/hashicorp/terraform/helper/schema" - "github.com/hashicorp/terraform/helper/validation" -) - -func dataSourceArmBuiltInRoleDefinition() *schema.Resource { - return &schema.Resource{ - Read: dataSourceArmBuiltInRoleDefinitionRead, - Schema: map[string]*schema.Schema{ - "name": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validation.StringInSlice([]string{ - "Contributor", - "Reader", - "Owner", - "VirtualMachineContributor", - }, false), - }, - }, - } -} - -func dataSourceArmBuiltInRoleDefinitionRead(d *schema.ResourceData, meta interface{}) error { - name := d.Get("name").(string) - roleDefinitionIds := map[string]string{ - "Contributor": "b24988ac-6180-42a0-ab88-20f7382dd24c", - "Owner": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635", - "Reader": "acdd72a7-3385-48ef-bd42-f606fba81ae7", - "VirtualMachineContributor": "d73bb868-a0df-4d4d-bd69-98a00b01fccb", - } - roleDefinitionId := roleDefinitionIds[name] - - // TODO: when the API's fixed - pull out additional information from the API - // https://github.com/Azure/azure-rest-api-specs/issues/1785 - - d.SetId(roleDefinitionId) - - return nil -} diff --git a/azurerm/data_source_arm_builtin_role_definition_test.go b/azurerm/data_source_arm_builtin_role_definition_test.go deleted file mode 100644 index 3457a96d473e..000000000000 --- a/azurerm/data_source_arm_builtin_role_definition_test.go +++ /dev/null @@ -1,80 +0,0 @@ -package azurerm - -import ( - "fmt" - "testing" - - "github.com/hashicorp/terraform/helper/resource" -) - -func TestAccDataSourceAzureRMBuiltInRoleDefinition_contributor(t *testing.T) { - dataSourceName := "data.azurerm_builtin_role_definition.test" - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccDataSourceBuiltInRoleDefinition("Contributor"), - Check: resource.ComposeTestCheckFunc( - testAzureRMClientConfigAttr(dataSourceName, "id", "b24988ac-6180-42a0-ab88-20f7382dd24c"), - ), - }, - }, - }) -} - -func TestAccDataSourceAzureRMBuiltInRoleDefinition_owner(t *testing.T) { - dataSourceName := "data.azurerm_builtin_role_definition.test" - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccDataSourceBuiltInRoleDefinition("Owner"), - Check: resource.ComposeTestCheckFunc( - testAzureRMClientConfigAttr(dataSourceName, "id", "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"), - ), - }, - }, - }) -} - -func TestAccDataSourceAzureRMBuiltInRoleDefinition_reader(t *testing.T) { - dataSourceName := "data.azurerm_builtin_role_definition.test" - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccDataSourceBuiltInRoleDefinition("Reader"), - Check: resource.ComposeTestCheckFunc( - testAzureRMClientConfigAttr(dataSourceName, "id", "acdd72a7-3385-48ef-bd42-f606fba81ae7"), - ), - }, - }, - }) -} - -func TestAccDataSourceAzureRMBuiltInRoleDefinition_virtualMachineContributor(t *testing.T) { - dataSourceName := "data.azurerm_builtin_role_definition.test" - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccDataSourceBuiltInRoleDefinition("VirtualMachineContributor"), - Check: resource.ComposeTestCheckFunc( - testAzureRMClientConfigAttr(dataSourceName, "id", "d73bb868-a0df-4d4d-bd69-98a00b01fccb"), - ), - }, - }, - }) -} - -func testAccDataSourceBuiltInRoleDefinition(name string) string { - return fmt.Sprintf(` -data "azurerm_builtin_role_definition" "test" { - name = "%s" -} -`, name) -} diff --git a/azurerm/data_source_builtin_role_definition.go b/azurerm/data_source_builtin_role_definition.go new file mode 100644 index 000000000000..3d6e110b4bd7 --- /dev/null +++ b/azurerm/data_source_builtin_role_definition.go @@ -0,0 +1,102 @@ +package azurerm + +import ( + "fmt" + + "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/helper/validation" +) + +func dataSourceArmBuiltInRoleDefinition() *schema.Resource { + return &schema.Resource{ + Read: dataSourceArmBuiltInRoleDefinitionRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{ + "Contributor", + "Reader", + "Owner", + "VirtualMachineContributor", + }, false), + }, + + // Computed + "description": { + Type: schema.TypeString, + Computed: true, + }, + "type": { + Type: schema.TypeString, + Computed: true, + }, + "permissions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "actions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "not_actions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "assignable_scopes": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceArmBuiltInRoleDefinitionRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).roleDefinitionsClient + name := d.Get("name").(string) + roleDefinitionIds := map[string]string{ + "Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "Owner": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635", + "Reader": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", + "VirtualMachineContributor": "/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb", + } + roleDefinitionId := roleDefinitionIds[name] + + d.SetId(roleDefinitionId) + + role, err := client.GetByID(roleDefinitionId) + if err != nil { + return fmt.Errorf("Error loadng Role Definition: %+v", err) + } + + if props := role.Properties; props != nil { + d.Set("name", props.RoleName) + d.Set("description", props.Description) + d.Set("type", props.Type) + + permissions := flattenRoleDefinitionPermissions(props.Permissions) + if err := d.Set("permissions", permissions); err != nil { + return err + } + + assignableScopes := flattenRoleDefinitionAssignableScopes(props.AssignableScopes) + if err := d.Set("assignable_scopes", assignableScopes); err != nil { + return err + } + } + + return nil +} diff --git a/azurerm/data_source_builtin_role_definition_test.go b/azurerm/data_source_builtin_role_definition_test.go new file mode 100644 index 000000000000..48133089f8d1 --- /dev/null +++ b/azurerm/data_source_builtin_role_definition_test.go @@ -0,0 +1,108 @@ +package azurerm + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccDataSourceAzureRMBuiltInRoleDefinition_contributor(t *testing.T) { + dataSourceName := "data.azurerm_builtin_role_definition.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceBuiltInRoleDefinition("Contributor"), + Check: resource.ComposeTestCheckFunc( + testAzureRMClientConfigAttr(dataSourceName, "id", "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"), + resource.TestCheckResourceAttrSet(dataSourceName, "description"), + resource.TestCheckResourceAttrSet(dataSourceName, "type"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.#", "1"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.#", "1"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.0", "*"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.#", "3"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.0", "Microsoft.Authorization/*/Delete"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.1", "Microsoft.Authorization/*/Write"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.2", "Microsoft.Authorization/elevateAccess/Action"), + ), + }, + }, + }) +} + +func TestAccDataSourceAzureRMBuiltInRoleDefinition_owner(t *testing.T) { + dataSourceName := "data.azurerm_builtin_role_definition.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceBuiltInRoleDefinition("Owner"), + Check: resource.ComposeTestCheckFunc( + testAzureRMClientConfigAttr(dataSourceName, "id", "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"), + resource.TestCheckResourceAttrSet(dataSourceName, "description"), + resource.TestCheckResourceAttrSet(dataSourceName, "type"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.#", "1"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.#", "1"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.0", "*"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.#", "0"), + ), + }, + }, + }) +} + +func TestAccDataSourceAzureRMBuiltInRoleDefinition_reader(t *testing.T) { + dataSourceName := "data.azurerm_builtin_role_definition.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceBuiltInRoleDefinition("Reader"), + Check: resource.ComposeTestCheckFunc( + testAzureRMClientConfigAttr(dataSourceName, "id", "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7"), + resource.TestCheckResourceAttrSet(dataSourceName, "description"), + resource.TestCheckResourceAttrSet(dataSourceName, "type"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.#", "1"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.#", "1"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.0", "*/read"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.#", "0"), + ), + }, + }, + }) +} + +func TestAccDataSourceAzureRMBuiltInRoleDefinition_virtualMachineContributor(t *testing.T) { + dataSourceName := "data.azurerm_builtin_role_definition.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceBuiltInRoleDefinition("VirtualMachineContributor"), + Check: resource.ComposeTestCheckFunc( + testAzureRMClientConfigAttr(dataSourceName, "id", "/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb"), + resource.TestCheckResourceAttrSet(dataSourceName, "description"), + resource.TestCheckResourceAttrSet(dataSourceName, "type"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.#", "1"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.#", "17"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.0", "Microsoft.Authorization/*/read"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.15", "Microsoft.Resources/subscriptions/resourceGroups/read"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.#", "0"), + ), + }, + }, + }) +} + +func testAccDataSourceBuiltInRoleDefinition(name string) string { + return fmt.Sprintf(` +data "azurerm_builtin_role_definition" "test" { + name = "%s" +} +`, name) +} diff --git a/azurerm/data_source_arm_client_config.go b/azurerm/data_source_client_config.go similarity index 100% rename from azurerm/data_source_arm_client_config.go rename to azurerm/data_source_client_config.go diff --git a/azurerm/data_source_arm_client_config_test.go b/azurerm/data_source_client_config_test.go similarity index 100% rename from azurerm/data_source_arm_client_config_test.go rename to azurerm/data_source_client_config_test.go diff --git a/azurerm/data_source_arm_public_ip.go b/azurerm/data_source_public_ip.go similarity index 100% rename from azurerm/data_source_arm_public_ip.go rename to azurerm/data_source_public_ip.go diff --git a/azurerm/data_source_arm_public_ip_test.go b/azurerm/data_source_public_ip_test.go similarity index 100% rename from azurerm/data_source_arm_public_ip_test.go rename to azurerm/data_source_public_ip_test.go diff --git a/azurerm/data_source_arm_resource_group.go b/azurerm/data_source_resource_group.go similarity index 100% rename from azurerm/data_source_arm_resource_group.go rename to azurerm/data_source_resource_group.go diff --git a/azurerm/data_source_arm_resource_group_test.go b/azurerm/data_source_resource_group_test.go similarity index 100% rename from azurerm/data_source_arm_resource_group_test.go rename to azurerm/data_source_resource_group_test.go diff --git a/azurerm/data_source_role_definition.go b/azurerm/data_source_role_definition.go new file mode 100644 index 000000000000..e661e85ecfd4 --- /dev/null +++ b/azurerm/data_source_role_definition.go @@ -0,0 +1,98 @@ +package azurerm + +import ( + "fmt" + + "github.com/hashicorp/terraform/helper/schema" +) + +func dataSourceArmRoleDefinition() *schema.Resource { + return &schema.Resource{ + Read: dataSourceArmRoleDefinitionRead, + Schema: map[string]*schema.Schema{ + "role_definition_id": { + Type: schema.TypeString, + Required: true, + }, + "scope": { + Type: schema.TypeString, + Required: true, + }, + + // Computed + "name": { + Type: schema.TypeString, + Computed: true, + }, + "description": { + Type: schema.TypeString, + Computed: true, + }, + "type": { + Type: schema.TypeString, + Computed: true, + }, + "permissions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "actions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "not_actions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "assignable_scopes": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceArmRoleDefinitionRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).roleDefinitionsClient + + roleDefinitionId := d.Get("role_definition_id").(string) + scope := d.Get("scope").(string) + + role, err := client.Get(scope, roleDefinitionId) + if err != nil { + return fmt.Errorf("Error loadng Role Definition: %+v", err) + } + + d.SetId(*role.ID) + + if props := role.Properties; props != nil { + d.Set("name", props.RoleName) + d.Set("description", props.Description) + d.Set("type", props.Type) + + permissions := flattenRoleDefinitionPermissions(props.Permissions) + if err := d.Set("permissions", permissions); err != nil { + return err + } + + assignableScopes := flattenRoleDefinitionAssignableScopes(props.AssignableScopes) + if err := d.Set("assignable_scopes", assignableScopes); err != nil { + return err + } + } + + return nil +} diff --git a/azurerm/data_source_role_definition_test.go b/azurerm/data_source_role_definition_test.go new file mode 100644 index 000000000000..40f1d8cb9569 --- /dev/null +++ b/azurerm/data_source_role_definition_test.go @@ -0,0 +1,70 @@ +package azurerm + +import ( + "fmt" + "testing" + + "github.com/google/uuid" + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccDataSourceAzureRMRoleDefinition_basic(t *testing.T) { + dataSourceName := "data.azurerm_role_definition.test" + + id := uuid.New().String() + ri := acctest.RandInt() + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceRoleDefinition(id, ri), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "name"), + resource.TestCheckResourceAttrSet(dataSourceName, "description"), + resource.TestCheckResourceAttrSet(dataSourceName, "type"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.#", "1"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.#", "1"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.0", "*"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.#", "3"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.0", "Microsoft.Authorization/*/Delete"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.1", "Microsoft.Authorization/*/Write"), + resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.2", "Microsoft.Authorization/elevateAccess/Action"), + ), + }, + }, + }) +} + +func testAccDataSourceRoleDefinition(id string, rInt int) string { + return fmt.Sprintf(` +data "azurerm_subscription" "primary" {} + +resource "azurerm_role_definition" "test" { + role_definition_id = "%s" + name = "acctestrd-%d" + scope = "${data.azurerm_subscription.primary.id}" + description = "Created by the Data Source Role Definition Acceptance Test" + + permissions { + actions = ["*"] + not_actions = [ + "Microsoft.Authorization/*/Delete", + "Microsoft.Authorization/*/Write", + "Microsoft.Authorization/elevateAccess/Action" + ] + } + + assignable_scopes = [ + "${data.azurerm_subscription.primary.id}", + ] +} + +data "azurerm_role_definition" "test" { + role_definition_id = "${azurerm_role_definition.test.role_definition_id}" + scope = "${data.azurerm_subscription.primary.id}" +} +`, id, rInt) +} diff --git a/azurerm/import_arm_role_assignment_test.go b/azurerm/import_arm_role_assignment_test.go new file mode 100644 index 000000000000..3dc1afeef682 --- /dev/null +++ b/azurerm/import_arm_role_assignment_test.go @@ -0,0 +1,59 @@ +package azurerm + +import ( + "testing" + + "github.com/google/uuid" + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccAzureRMRoleAssignment_importBasic(t *testing.T) { + resourceName := "azurerm_role_assignment.test" + + roleDefinitionId := uuid.New().String() + roleAssignmentId := uuid.New().String() + ri := acctest.RandInt() + config := testAccAzureRMRoleAssignment_custom(roleDefinitionId, roleAssignmentId, ri) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleAssignmentDestroy, + Steps: []resource.TestStep{ + { + Config: config, + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAzureRMRoleAssignment_importCustom(t *testing.T) { + resourceName := "azurerm_role_assignment.test" + + roleDefinitionId := uuid.New().String() + roleAssignmentId := uuid.New().String() + ri := acctest.RandInt() + config := testAccAzureRMRoleAssignment_custom(roleDefinitionId, roleAssignmentId, ri) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleAssignmentDestroy, + Steps: []resource.TestStep{ + { + Config: config, + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} diff --git a/azurerm/import_arm_role_definition_test.go b/azurerm/import_arm_role_definition_test.go new file mode 100644 index 000000000000..bfead9cc6c1c --- /dev/null +++ b/azurerm/import_arm_role_definition_test.go @@ -0,0 +1,59 @@ +package azurerm + +import ( + "testing" + + "github.com/google/uuid" + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccAzureRMRoleDefinition_importBasic(t *testing.T) { + resourceName := "azurerm_role_definition.test" + + id := uuid.New().String() + ri := acctest.RandInt() + config := testAccAzureRMRoleDefinition_basic(id, ri) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: config, + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"role_definition_id", "scope"}, + }, + }, + }) +} + +func TestAccAzureRMRoleDefinition_importComplete(t *testing.T) { + resourceName := "azurerm_role_definition.test" + + id := uuid.New().String() + ri := acctest.RandInt() + config := testAccAzureRMRoleDefinition_complete(id, ri) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: config, + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"role_definition_id", "scope"}, + }, + }, + }) +} diff --git a/azurerm/provider.go b/azurerm/provider.go index ec5776437fcf..1e3ea8f7d252 100644 --- a/azurerm/provider.go +++ b/azurerm/provider.go @@ -75,6 +75,7 @@ func Provider() terraform.ResourceProvider { "azurerm_platform_image": dataSourceArmPlatformImage(), "azurerm_public_ip": dataSourceArmPublicIP(), "azurerm_resource_group": dataSourceArmResourceGroup(), + "azurerm_role_definition": dataSourceArmRoleDefinition(), "azurerm_subnet": dataSourceArmSubnet(), "azurerm_subscription": dataSourceArmSubscription(), }, @@ -137,6 +138,8 @@ func Provider() terraform.ResourceProvider { "azurerm_public_ip": resourceArmPublicIp(), "azurerm_redis_cache": resourceArmRedisCache(), "azurerm_resource_group": resourceArmResourceGroup(), + "azurerm_role_assignment": resourceArmRoleAssignment(), + "azurerm_role_definition": resourceArmRoleDefinition(), "azurerm_route": resourceArmRoute(), "azurerm_route_table": resourceArmRouteTable(), "azurerm_search_service": resourceArmSearchService(), diff --git a/azurerm/resource_arm_role_assignment.go b/azurerm/resource_arm_role_assignment.go new file mode 100644 index 000000000000..90e835bbe285 --- /dev/null +++ b/azurerm/resource_arm_role_assignment.go @@ -0,0 +1,122 @@ +package azurerm + +import ( + "fmt" + + "log" + + "github.com/Azure/azure-sdk-for-go/arm/authorization" + "github.com/hashicorp/terraform/helper/schema" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func resourceArmRoleAssignment() *schema.Resource { + return &schema.Resource{ + Create: resourceArmRoleAssignmentCreate, + Read: resourceArmRoleAssignmentRead, + Delete: resourceArmRoleAssignmentDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "scope": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "role_definition_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + DiffSuppressFunc: ignoreCaseDiffSuppressFunc, + }, + + "principal_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func resourceArmRoleAssignmentCreate(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).roleAssignmentsClient + + name := d.Get("name").(string) + scope := d.Get("scope").(string) + roleDefinitionId := d.Get("role_definition_id").(string) + principalId := d.Get("principal_id").(string) + + properties := authorization.RoleAssignmentCreateParameters{ + Properties: &authorization.RoleAssignmentProperties{ + RoleDefinitionID: utils.String(roleDefinitionId), + PrincipalID: utils.String(principalId), + }, + } + + _, err := client.Create(scope, name, properties) + if err != nil { + return err + } + + read, err := client.Get(scope, name) + if err != nil { + return err + } + if read.ID == nil { + return fmt.Errorf("Cannot read Role Assignment ID for %q (Scope %q)", name, scope) + } + + d.SetId(*read.ID) + return resourceArmRoleAssignmentRead(d, meta) +} + +func resourceArmRoleAssignmentRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).roleAssignmentsClient + + resp, err := client.GetByID(d.Id()) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + log.Printf("[DEBUG] Role Assignment ID %q was not found - removing from state", d.Id()) + d.SetId("") + return nil + } + + return fmt.Errorf("Error loading Role Assignment %q: %+v", d.Id(), err) + } + + d.Set("name", resp.Name) + + if props := resp.Properties; props != nil { + d.Set("scope", props.Scope) + d.Set("role_definition_id", props.RoleDefinitionID) + d.Set("principal_id", props.PrincipalID) + } + + return nil +} + +func resourceArmRoleAssignmentDelete(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).roleAssignmentsClient + + scope := d.Get("scope").(string) + name := d.Get("name").(string) + + resp, err := client.Delete(scope, name) + if err != nil { + if !utils.ResponseWasNotFound(resp.Response) { + return err + } + } + + return nil +} diff --git a/azurerm/resource_arm_role_assignment_test.go b/azurerm/resource_arm_role_assignment_test.go new file mode 100644 index 000000000000..93c6f8772032 --- /dev/null +++ b/azurerm/resource_arm_role_assignment_test.go @@ -0,0 +1,152 @@ +package azurerm + +import ( + "fmt" + "testing" + + "github.com/google/uuid" + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func TestAccAzureRMRoleAssignment_builtin(t *testing.T) { + id := uuid.New().String() + config := testAccAzureRMRoleAssignment_builtin(id) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleAssignmentDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMRoleAssignmentExists("azurerm_role_assignment.test"), + ), + }, + }, + }) +} + +func TestAccAzureRMRoleAssignment_custom(t *testing.T) { + roleDefinitionId := uuid.New().String() + roleAssignmentId := uuid.New().String() + rInt := acctest.RandInt() + config := testAccAzureRMRoleAssignment_custom(roleDefinitionId, roleAssignmentId, rInt) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleAssignmentDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMRoleAssignmentExists("azurerm_role_assignment.test"), + ), + }, + }, + }) +} + +func testCheckAzureRMRoleAssignmentExists(name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[name] + if !ok { + return fmt.Errorf("Not found: %q", name) + } + + scope := rs.Primary.Attributes["scope"] + roleAssignmentName := rs.Primary.Attributes["name"] + + client := testAccProvider.Meta().(*ArmClient).roleAssignmentsClient + resp, err := client.Get(scope, roleAssignmentName) + + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return fmt.Errorf("Bad: Role Assignment %q (Scope: %q) does not exist", name, scope) + } + return fmt.Errorf("Bad: Get on roleDefinitionsClient: %+v", err) + } + + return nil + } +} + +func testCheckAzureRMRoleAssignmentDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "azurerm_role_assignment" { + continue + } + + scope := rs.Primary.Attributes["scope"] + roleAssignmentName := rs.Primary.Attributes["name"] + + client := testAccProvider.Meta().(*ArmClient).roleAssignmentsClient + resp, err := client.Get(scope, roleAssignmentName) + + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return nil + } + + return err + } + + return fmt.Errorf("Role Definition still exists:\n%#v", resp) + } + + return nil +} + +func testAccAzureRMRoleAssignment_builtin(id string) string { + return fmt.Sprintf(` +data "azurerm_subscription" "primary" {} + +data "azurerm_client_config" "test" {} + +data "azurerm_builtin_role_definition" "test" { + name = "Reader" +} + +resource "azurerm_role_assignment" "test" { + name = "%s" + scope = "${data.azurerm_subscription.primary.id}" + role_definition_id = "${data.azurerm_subscription.primary.id}${data.azurerm_builtin_role_definition.test.id}" + principal_id = "${data.azurerm_client_config.test.service_principal_object_id}" +} +`, id) +} + +func testAccAzureRMRoleAssignment_custom(roleDefinitionId string, roleAssignmentId string, rInt int) string { + return fmt.Sprintf(` +data "azurerm_subscription" "primary" {} + +data "azurerm_client_config" "test" {} + +resource "azurerm_role_definition" "test" { + role_definition_id = "%s" + name = "acctestrd-%d" + scope = "${data.azurerm_subscription.primary.id}" + description = "Created by the Role Assignment Acceptance Test" + + permissions { + actions = ["Microsoft.Resources/subscriptions/resourceGroups/read"] + not_actions = [] + } + + assignable_scopes = [ + "${data.azurerm_subscription.primary.id}", + ] +} + +resource "azurerm_role_assignment" "test" { + name = "%s" + scope = "${data.azurerm_subscription.primary.id}" + role_definition_id = "${azurerm_role_definition.test.id}" + principal_id = "${data.azurerm_client_config.test.service_principal_object_id}" +} +`, roleDefinitionId, rInt, roleAssignmentId) +} diff --git a/azurerm/resource_arm_role_definition.go b/azurerm/resource_arm_role_definition.go new file mode 100644 index 000000000000..c6cae45beddb --- /dev/null +++ b/azurerm/resource_arm_role_definition.go @@ -0,0 +1,243 @@ +package azurerm + +import ( + "fmt" + + "log" + + "github.com/Azure/azure-sdk-for-go/arm/authorization" + "github.com/hashicorp/terraform/helper/schema" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func resourceArmRoleDefinition() *schema.Resource { + return &schema.Resource{ + Create: resourceArmRoleDefinitionCreateUpdate, + Read: resourceArmRoleDefinitionRead, + Update: resourceArmRoleDefinitionCreateUpdate, + Delete: resourceArmRoleDefinitionDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "role_definition_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "name": { + Type: schema.TypeString, + Required: true, + }, + + "scope": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "description": { + Type: schema.TypeString, + Optional: true, + }, + + "permissions": { + Type: schema.TypeList, + Required: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "actions": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "not_actions": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + + "assignable_scopes": { + Type: schema.TypeList, + Required: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func resourceArmRoleDefinitionCreateUpdate(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).roleDefinitionsClient + + roleDefinitionId := d.Get("role_definition_id").(string) + name := d.Get("name").(string) + scope := d.Get("scope").(string) + description := d.Get("description").(string) + roleType := "CustomRole" + permissions := expandRoleDefinitionPermissions(d) + assignableScopes := expandRoleDefinitionAssignableScopes(d) + + properties := authorization.RoleDefinition{ + Properties: &authorization.RoleDefinitionProperties{ + RoleName: utils.String(name), + Description: utils.String(description), + Type: utils.String(roleType), + Permissions: &permissions, + AssignableScopes: &assignableScopes, + }, + } + + _, err := client.CreateOrUpdate(scope, roleDefinitionId, properties) + if err != nil { + return err + } + + read, err := client.Get(scope, roleDefinitionId) + if err != nil { + return err + } + if read.ID == nil { + return fmt.Errorf("Cannot read Role Definition ID for %q (Scope %q)", name, scope) + } + + d.SetId(*read.ID) + return resourceArmRoleDefinitionRead(d, meta) +} + +func resourceArmRoleDefinitionRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).roleDefinitionsClient + + resp, err := client.GetByID(d.Id()) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + log.Printf("[DEBUG] Role Definition %q was not found - removing from state", d.Id()) + d.SetId("") + return nil + } + + return fmt.Errorf("Error loading Role Definition %q: %+v", d.Id(), err) + } + + if props := resp.Properties; props != nil { + d.Set("name", props.RoleName) + d.Set("description", props.Description) + + permissions := flattenRoleDefinitionPermissions(props.Permissions) + if err := d.Set("permissions", permissions); err != nil { + return err + } + + assignableScopes := flattenRoleDefinitionAssignableScopes(props.AssignableScopes) + if err := d.Set("assignable_scopes", assignableScopes); err != nil { + return err + } + } + + return nil +} + +func resourceArmRoleDefinitionDelete(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).roleDefinitionsClient + + roleDefinitionId := d.Get("role_definition_id").(string) + scope := d.Get("scope").(string) + + resp, err := client.Delete(scope, roleDefinitionId) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return nil + } + + return fmt.Errorf("Error deleting Role Definition %q: %+v", roleDefinitionId, err) + } + + return nil +} + +func expandRoleDefinitionPermissions(d *schema.ResourceData) []authorization.Permission { + output := make([]authorization.Permission, 0) + + permissions := d.Get("permissions").([]interface{}) + for _, v := range permissions { + input := v.(map[string]interface{}) + permission := authorization.Permission{} + + actionsOutput := make([]string, 0) + actions := input["actions"].([]interface{}) + for _, a := range actions { + actionsOutput = append(actionsOutput, a.(string)) + } + permission.Actions = &actionsOutput + + notActionsOutput := make([]string, 0) + notActions := input["not_actions"].([]interface{}) + for _, a := range notActions { + notActionsOutput = append(notActionsOutput, a.(string)) + } + permission.NotActions = ¬ActionsOutput + + output = append(output, permission) + } + + return output +} + +func expandRoleDefinitionAssignableScopes(d *schema.ResourceData) []string { + scopes := make([]string, 0) + + assignableScopes := d.Get("assignable_scopes").([]interface{}) + for _, scope := range assignableScopes { + scopes = append(scopes, scope.(string)) + } + + return scopes +} + +func flattenRoleDefinitionPermissions(input *[]authorization.Permission) []interface{} { + permissions := make([]interface{}, 0) + + for _, permission := range *input { + output := make(map[string]interface{}, 0) + + actions := make([]string, 0) + if permission.Actions != nil { + for _, action := range *permission.Actions { + actions = append(actions, action) + } + } + output["actions"] = actions + + notActions := make([]string, 0) + if permission.NotActions != nil { + for _, action := range *permission.NotActions { + notActions = append(notActions, action) + } + } + output["not_actions"] = notActions + + permissions = append(permissions, output) + } + + return permissions +} + +func flattenRoleDefinitionAssignableScopes(input *[]string) []interface{} { + scopes := make([]interface{}, 0) + + for _, scope := range *input { + scopes = append(scopes, scope) + } + + return scopes +} diff --git a/azurerm/resource_arm_role_definition_test.go b/azurerm/resource_arm_role_definition_test.go new file mode 100644 index 000000000000..c1eb91bf3806 --- /dev/null +++ b/azurerm/resource_arm_role_definition_test.go @@ -0,0 +1,203 @@ +package azurerm + +import ( + "fmt" + "testing" + + "github.com/google/uuid" + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func TestAccAzureRMRoleDefinition_basic(t *testing.T) { + ri := acctest.RandInt() + config := testAccAzureRMRoleDefinition_basic(uuid.New().String(), ri) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMRoleDefinitionExists("azurerm_role_definition.test"), + ), + }, + }, + }) +} + +func TestAccAzureRMRoleDefinition_complete(t *testing.T) { + ri := acctest.RandInt() + config := testAccAzureRMRoleDefinition_complete(uuid.New().String(), ri) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMRoleDefinitionExists("azurerm_role_definition.test"), + ), + }, + }, + }) +} + +func TestAccAzureRMRoleDefinition_update(t *testing.T) { + resourceName := "azurerm_role_definition.test" + id := uuid.New().String() + ri := acctest.RandInt() + + config := testAccAzureRMRoleDefinition_basic(id, ri) + updatedConfig := testAccAzureRMRoleDefinition_updated(id, ri) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMRoleDefinitionExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "permissions.#", "1"), + resource.TestCheckResourceAttr(resourceName, "permissions.0.actions.#", "1"), + resource.TestCheckResourceAttr(resourceName, "permissions.0.actions.0", "*"), + resource.TestCheckResourceAttr(resourceName, "permissions.0.not_actions.#", "0"), + ), + }, + { + Config: updatedConfig, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMRoleDefinitionExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "permissions.#", "1"), + resource.TestCheckResourceAttr(resourceName, "permissions.0.actions.#", "1"), + resource.TestCheckResourceAttr(resourceName, "permissions.0.actions.0", "*"), + resource.TestCheckResourceAttr(resourceName, "permissions.0.not_actions.#", "1"), + resource.TestCheckResourceAttr(resourceName, "permissions.0.not_actions.0", "Microsoft.Authorization/*/read"), + ), + }, + }, + }) +} + +func testCheckAzureRMRoleDefinitionExists(name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[name] + if !ok { + return fmt.Errorf("Not found: %q", name) + } + + scope := rs.Primary.Attributes["scope"] + roleDefinitionId := rs.Primary.Attributes["role_definition_id"] + + client := testAccProvider.Meta().(*ArmClient).roleDefinitionsClient + resp, err := client.Get(scope, roleDefinitionId) + + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return fmt.Errorf("Bad: Role Definition %q (Scope: %q) does not exist", name, scope) + } + return fmt.Errorf("Bad: Get on roleDefinitionsClient: %+v", err) + } + + return nil + } +} + +func testCheckAzureRMRoleDefinitionDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "azurerm_role_definition" { + continue + } + + scope := rs.Primary.Attributes["scope"] + roleDefinitionId := rs.Primary.Attributes["role_definition_id"] + + client := testAccProvider.Meta().(*ArmClient).roleDefinitionsClient + resp, err := client.Get(scope, roleDefinitionId) + + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return nil + } + + return err + } + + return fmt.Errorf("Role Definition still exists:\n%#v", resp) + } + + return nil +} + +func testAccAzureRMRoleDefinition_basic(id string, rInt int) string { + return fmt.Sprintf(` +data "azurerm_subscription" "primary" {} + +resource "azurerm_role_definition" "test" { + role_definition_id = "%s" + name = "acctestrd-%d" + scope = "${data.azurerm_subscription.primary.id}" + + permissions { + actions = ["*"] + not_actions = [] + } + + assignable_scopes = [ + "${data.azurerm_subscription.primary.id}", + ] +} +`, id, rInt) +} + +func testAccAzureRMRoleDefinition_complete(id string, rInt int) string { + return fmt.Sprintf(` +data "azurerm_subscription" "primary" {} + +resource "azurerm_role_definition" "test" { + role_definition_id = "%s" + name = "acctestrd-%d" + scope = "${data.azurerm_subscription.primary.id}" + description = "Acceptance Test Role Definition" + + permissions { + actions = ["*"] + not_actions = ["Microsoft.Authorization/*/read"] + } + + assignable_scopes = [ + "${data.azurerm_subscription.primary.id}", + ] +} +`, id, rInt) +} + +func testAccAzureRMRoleDefinition_updated(id string, rInt int) string { + return fmt.Sprintf(` +data "azurerm_subscription" "primary" {} + +resource "azurerm_role_definition" "test" { + role_definition_id = "%s" + name = "acctestrd-%d-updated" + scope = "${data.azurerm_subscription.primary.id}" + description = "Acceptance Test Role Definition" + + permissions { + actions = ["*"] + not_actions = ["Microsoft.Authorization/*/read"] + } + + assignable_scopes = [ + "${data.azurerm_subscription.primary.id}", + ] +} +`, id, rInt) +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/classicadministrators.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/classicadministrators.go new file mode 100755 index 000000000000..50824a38a3dc --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/classicadministrators.go @@ -0,0 +1,133 @@ +package authorization + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator 1.0.1.0 +// Changes may cause incorrect behavior and will be lost if the code is +// regenerated. + +import ( + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "net/http" +) + +// ClassicAdministratorsClient is the role based access control provides you a +// way to apply granular level policy administration down to individual +// resources or resource groups. These operations enable you to manage role +// definitions and role assignments. A role definition describes the set of +// actions that can be performed on resources. A role assignment grants access +// to Azure Active Directory users. +type ClassicAdministratorsClient struct { + ManagementClient +} + +// NewClassicAdministratorsClient creates an instance of the +// ClassicAdministratorsClient client. +func NewClassicAdministratorsClient(subscriptionID string) ClassicAdministratorsClient { + return NewClassicAdministratorsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewClassicAdministratorsClientWithBaseURI creates an instance of the +// ClassicAdministratorsClient client. +func NewClassicAdministratorsClientWithBaseURI(baseURI string, subscriptionID string) ClassicAdministratorsClient { + return ClassicAdministratorsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// List gets service administrator, account administrator, and +// co-administrators for the subscription. +func (client ClassicAdministratorsClient) List() (result ClassicAdministratorListResult, err error) { + req, err := client.ListPreparer() + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.ClassicAdministratorsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.ClassicAdministratorsClient", "List", resp, "Failure sending request") + return + } + + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.ClassicAdministratorsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client ClassicAdministratorsClient) ListPreparer() (*http.Request, error) { + pathParameters := map[string]interface{}{ + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/classicAdministrators", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client ClassicAdministratorsClient) ListSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client ClassicAdministratorsClient) ListResponder(resp *http.Response) (result ClassicAdministratorListResult, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListNextResults retrieves the next set of results, if any. +func (client ClassicAdministratorsClient) ListNextResults(lastResults ClassicAdministratorListResult) (result ClassicAdministratorListResult, err error) { + req, err := lastResults.ClassicAdministratorListResultPreparer() + if err != nil { + return result, autorest.NewErrorWithError(err, "authorization.ClassicAdministratorsClient", "List", nil, "Failure preparing next results request") + } + if req == nil { + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "authorization.ClassicAdministratorsClient", "List", resp, "Failure sending next results request") + } + + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.ClassicAdministratorsClient", "List", resp, "Failure responding to next results request") + } + + return +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/client.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/client.go new file mode 100755 index 000000000000..5330315d287c --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/client.go @@ -0,0 +1,57 @@ +// Package authorization implements the Azure ARM Authorization service API +// version 2015-07-01. +// +// Role based access control provides you a way to apply granular level policy +// administration down to individual resources or resource groups. These +// operations enable you to manage role definitions and role assignments. A +// role definition describes the set of actions that can be performed on +// resources. A role assignment grants access to Azure Active Directory users. +package authorization + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator 1.0.1.0 +// Changes may cause incorrect behavior and will be lost if the code is +// regenerated. + +import ( + "github.com/Azure/go-autorest/autorest" +) + +const ( + // DefaultBaseURI is the default URI used for the service Authorization + DefaultBaseURI = "https://management.azure.com" +) + +// ManagementClient is the base client for Authorization. +type ManagementClient struct { + autorest.Client + BaseURI string + SubscriptionID string +} + +// New creates an instance of the ManagementClient client. +func New(subscriptionID string) ManagementClient { + return NewWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewWithBaseURI creates an instance of the ManagementClient client. +func NewWithBaseURI(baseURI string, subscriptionID string) ManagementClient { + return ManagementClient{ + Client: autorest.NewClientWithUserAgent(UserAgent()), + BaseURI: baseURI, + SubscriptionID: subscriptionID, + } +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/models.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/models.go new file mode 100755 index 000000000000..b615a2c3ec2b --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/models.go @@ -0,0 +1,223 @@ +package authorization + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator 1.0.1.0 +// Changes may cause incorrect behavior and will be lost if the code is +// regenerated. + +import ( + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/to" + "net/http" +) + +// ClassicAdministrator is classic Administrators +type ClassicAdministrator struct { + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` + Type *string `json:"type,omitempty"` + Properties *ClassicAdministratorProperties `json:"properties,omitempty"` +} + +// ClassicAdministratorListResult is classicAdministrator list result +// information. +type ClassicAdministratorListResult struct { + autorest.Response `json:"-"` + Value *[]ClassicAdministrator `json:"value,omitempty"` + NextLink *string `json:"nextLink,omitempty"` +} + +// ClassicAdministratorListResultPreparer prepares a request to retrieve the next set of results. It returns +// nil if no more results exist. +func (client ClassicAdministratorListResult) ClassicAdministratorListResultPreparer() (*http.Request, error) { + if client.NextLink == nil || len(to.String(client.NextLink)) <= 0 { + return nil, nil + } + return autorest.Prepare(&http.Request{}, + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(client.NextLink))) +} + +// ClassicAdministratorProperties is classic Administrator properties. +type ClassicAdministratorProperties struct { + EmailAddress *string `json:"emailAddress,omitempty"` + Role *string `json:"role,omitempty"` +} + +// Permission is role definition permissions. +type Permission struct { + Actions *[]string `json:"actions,omitempty"` + NotActions *[]string `json:"notActions,omitempty"` +} + +// PermissionGetResult is permissions information. +type PermissionGetResult struct { + autorest.Response `json:"-"` + Value *[]Permission `json:"value,omitempty"` + NextLink *string `json:"nextLink,omitempty"` +} + +// PermissionGetResultPreparer prepares a request to retrieve the next set of results. It returns +// nil if no more results exist. +func (client PermissionGetResult) PermissionGetResultPreparer() (*http.Request, error) { + if client.NextLink == nil || len(to.String(client.NextLink)) <= 0 { + return nil, nil + } + return autorest.Prepare(&http.Request{}, + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(client.NextLink))) +} + +// ProviderOperation is operation +type ProviderOperation struct { + Name *string `json:"name,omitempty"` + DisplayName *string `json:"displayName,omitempty"` + Description *string `json:"description,omitempty"` + Origin *string `json:"origin,omitempty"` + Properties *map[string]interface{} `json:"properties,omitempty"` +} + +// ProviderOperationsMetadata is provider Operations metadata +type ProviderOperationsMetadata struct { + autorest.Response `json:"-"` + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` + Type *string `json:"type,omitempty"` + DisplayName *string `json:"displayName,omitempty"` + ResourceTypes *[]ResourceType `json:"resourceTypes,omitempty"` + Operations *[]ProviderOperation `json:"operations,omitempty"` +} + +// ProviderOperationsMetadataListResult is provider operations metadata list +type ProviderOperationsMetadataListResult struct { + autorest.Response `json:"-"` + Value *[]ProviderOperationsMetadata `json:"value,omitempty"` + NextLink *string `json:"nextLink,omitempty"` +} + +// ProviderOperationsMetadataListResultPreparer prepares a request to retrieve the next set of results. It returns +// nil if no more results exist. +func (client ProviderOperationsMetadataListResult) ProviderOperationsMetadataListResultPreparer() (*http.Request, error) { + if client.NextLink == nil || len(to.String(client.NextLink)) <= 0 { + return nil, nil + } + return autorest.Prepare(&http.Request{}, + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(client.NextLink))) +} + +// ResourceType is resource Type +type ResourceType struct { + Name *string `json:"name,omitempty"` + DisplayName *string `json:"displayName,omitempty"` + Operations *[]ProviderOperation `json:"operations,omitempty"` +} + +// RoleAssignment is role Assignments +type RoleAssignment struct { + autorest.Response `json:"-"` + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` + Type *string `json:"type,omitempty"` + Properties *RoleAssignmentPropertiesWithScope `json:"properties,omitempty"` +} + +// RoleAssignmentCreateParameters is role assignment create parameters. +type RoleAssignmentCreateParameters struct { + Properties *RoleAssignmentProperties `json:"properties,omitempty"` +} + +// RoleAssignmentFilter is role Assignments filter +type RoleAssignmentFilter struct { + PrincipalID *string `json:"principalId,omitempty"` +} + +// RoleAssignmentListResult is role assignment list operation result. +type RoleAssignmentListResult struct { + autorest.Response `json:"-"` + Value *[]RoleAssignment `json:"value,omitempty"` + NextLink *string `json:"nextLink,omitempty"` +} + +// RoleAssignmentListResultPreparer prepares a request to retrieve the next set of results. It returns +// nil if no more results exist. +func (client RoleAssignmentListResult) RoleAssignmentListResultPreparer() (*http.Request, error) { + if client.NextLink == nil || len(to.String(client.NextLink)) <= 0 { + return nil, nil + } + return autorest.Prepare(&http.Request{}, + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(client.NextLink))) +} + +// RoleAssignmentProperties is role assignment properties. +type RoleAssignmentProperties struct { + RoleDefinitionID *string `json:"roleDefinitionId,omitempty"` + PrincipalID *string `json:"principalId,omitempty"` +} + +// RoleAssignmentPropertiesWithScope is role assignment properties with scope. +type RoleAssignmentPropertiesWithScope struct { + Scope *string `json:"scope,omitempty"` + RoleDefinitionID *string `json:"roleDefinitionId,omitempty"` + PrincipalID *string `json:"principalId,omitempty"` +} + +// RoleDefinition is role definition. +type RoleDefinition struct { + autorest.Response `json:"-"` + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` + Type *string `json:"type,omitempty"` + Properties *RoleDefinitionProperties `json:"properties,omitempty"` +} + +// RoleDefinitionFilter is role Definitions filter +type RoleDefinitionFilter struct { + RoleName *string `json:"roleName,omitempty"` +} + +// RoleDefinitionListResult is role definition list operation result. +type RoleDefinitionListResult struct { + autorest.Response `json:"-"` + Value *[]RoleDefinition `json:"value,omitempty"` + NextLink *string `json:"nextLink,omitempty"` +} + +// RoleDefinitionListResultPreparer prepares a request to retrieve the next set of results. It returns +// nil if no more results exist. +func (client RoleDefinitionListResult) RoleDefinitionListResultPreparer() (*http.Request, error) { + if client.NextLink == nil || len(to.String(client.NextLink)) <= 0 { + return nil, nil + } + return autorest.Prepare(&http.Request{}, + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(client.NextLink))) +} + +// RoleDefinitionProperties is role definition properties. +type RoleDefinitionProperties struct { + RoleName *string `json:"roleName,omitempty"` + Description *string `json:"description,omitempty"` + Type *string `json:"type,omitempty"` + Permissions *[]Permission `json:"permissions,omitempty"` + AssignableScopes *[]string `json:"assignableScopes,omitempty"` +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/permissions.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/permissions.go new file mode 100755 index 000000000000..36abbb9c2c94 --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/permissions.go @@ -0,0 +1,232 @@ +package authorization + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator 1.0.1.0 +// Changes may cause incorrect behavior and will be lost if the code is +// regenerated. + +import ( + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "net/http" +) + +// PermissionsClient is the role based access control provides you a way to +// apply granular level policy administration down to individual resources or +// resource groups. These operations enable you to manage role definitions and +// role assignments. A role definition describes the set of actions that can be +// performed on resources. A role assignment grants access to Azure Active +// Directory users. +type PermissionsClient struct { + ManagementClient +} + +// NewPermissionsClient creates an instance of the PermissionsClient client. +func NewPermissionsClient(subscriptionID string) PermissionsClient { + return NewPermissionsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewPermissionsClientWithBaseURI creates an instance of the PermissionsClient +// client. +func NewPermissionsClientWithBaseURI(baseURI string, subscriptionID string) PermissionsClient { + return PermissionsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// ListForResource gets all permissions the caller has for a resource. +// +// resourceGroupName is the name of the resource group containing the resource. +// The name is case insensitive. resourceProviderNamespace is the namespace of +// the resource provider. parentResourcePath is the parent resource identity. +// resourceType is the resource type of the resource. resourceName is the name +// of the resource to get the permissions for. +func (client PermissionsClient) ListForResource(resourceGroupName string, resourceProviderNamespace string, parentResourcePath string, resourceType string, resourceName string) (result PermissionGetResult, err error) { + req, err := client.ListForResourcePreparer(resourceGroupName, resourceProviderNamespace, parentResourcePath, resourceType, resourceName) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResource", nil, "Failure preparing request") + return + } + + resp, err := client.ListForResourceSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResource", resp, "Failure sending request") + return + } + + result, err = client.ListForResourceResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResource", resp, "Failure responding to request") + } + + return +} + +// ListForResourcePreparer prepares the ListForResource request. +func (client PermissionsClient) ListForResourcePreparer(resourceGroupName string, resourceProviderNamespace string, parentResourcePath string, resourceType string, resourceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "parentResourcePath": parentResourcePath, + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "resourceName": autorest.Encode("path", resourceName), + "resourceProviderNamespace": autorest.Encode("path", resourceProviderNamespace), + "resourceType": resourceType, + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/permissions", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// ListForResourceSender sends the ListForResource request. The method will close the +// http.Response Body if it receives an error. +func (client PermissionsClient) ListForResourceSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// ListForResourceResponder handles the response to the ListForResource request. The method always +// closes the http.Response Body. +func (client PermissionsClient) ListForResourceResponder(resp *http.Response) (result PermissionGetResult, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListForResourceNextResults retrieves the next set of results, if any. +func (client PermissionsClient) ListForResourceNextResults(lastResults PermissionGetResult) (result PermissionGetResult, err error) { + req, err := lastResults.PermissionGetResultPreparer() + if err != nil { + return result, autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResource", nil, "Failure preparing next results request") + } + if req == nil { + return + } + + resp, err := client.ListForResourceSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResource", resp, "Failure sending next results request") + } + + result, err = client.ListForResourceResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResource", resp, "Failure responding to next results request") + } + + return +} + +// ListForResourceGroup gets all permissions the caller has for a resource +// group. +// +// resourceGroupName is the name of the resource group to get the permissions +// for. The name is case insensitive. +func (client PermissionsClient) ListForResourceGroup(resourceGroupName string) (result PermissionGetResult, err error) { + req, err := client.ListForResourceGroupPreparer(resourceGroupName) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResourceGroup", nil, "Failure preparing request") + return + } + + resp, err := client.ListForResourceGroupSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResourceGroup", resp, "Failure sending request") + return + } + + result, err = client.ListForResourceGroupResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResourceGroup", resp, "Failure responding to request") + } + + return +} + +// ListForResourceGroupPreparer prepares the ListForResourceGroup request. +func (client PermissionsClient) ListForResourceGroupPreparer(resourceGroupName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/permissions", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// ListForResourceGroupSender sends the ListForResourceGroup request. The method will close the +// http.Response Body if it receives an error. +func (client PermissionsClient) ListForResourceGroupSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// ListForResourceGroupResponder handles the response to the ListForResourceGroup request. The method always +// closes the http.Response Body. +func (client PermissionsClient) ListForResourceGroupResponder(resp *http.Response) (result PermissionGetResult, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListForResourceGroupNextResults retrieves the next set of results, if any. +func (client PermissionsClient) ListForResourceGroupNextResults(lastResults PermissionGetResult) (result PermissionGetResult, err error) { + req, err := lastResults.PermissionGetResultPreparer() + if err != nil { + return result, autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResourceGroup", nil, "Failure preparing next results request") + } + if req == nil { + return + } + + resp, err := client.ListForResourceGroupSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResourceGroup", resp, "Failure sending next results request") + } + + result, err = client.ListForResourceGroupResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.PermissionsClient", "ListForResourceGroup", resp, "Failure responding to next results request") + } + + return +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/provideroperationsmetadata.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/provideroperationsmetadata.go new file mode 100755 index 000000000000..5208637b55fe --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/provideroperationsmetadata.go @@ -0,0 +1,200 @@ +package authorization + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator 1.0.1.0 +// Changes may cause incorrect behavior and will be lost if the code is +// regenerated. + +import ( + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "net/http" +) + +// ProviderOperationsMetadataClient is the role based access control provides +// you a way to apply granular level policy administration down to individual +// resources or resource groups. These operations enable you to manage role +// definitions and role assignments. A role definition describes the set of +// actions that can be performed on resources. A role assignment grants access +// to Azure Active Directory users. +type ProviderOperationsMetadataClient struct { + ManagementClient +} + +// NewProviderOperationsMetadataClient creates an instance of the +// ProviderOperationsMetadataClient client. +func NewProviderOperationsMetadataClient(subscriptionID string) ProviderOperationsMetadataClient { + return NewProviderOperationsMetadataClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewProviderOperationsMetadataClientWithBaseURI creates an instance of the +// ProviderOperationsMetadataClient client. +func NewProviderOperationsMetadataClientWithBaseURI(baseURI string, subscriptionID string) ProviderOperationsMetadataClient { + return ProviderOperationsMetadataClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Get gets provider operations metadata for the specified resource provider. +// +// resourceProviderNamespace is the namespace of the resource provider. expand +// is specifies whether to expand the values. +func (client ProviderOperationsMetadataClient) Get(resourceProviderNamespace string, expand string) (result ProviderOperationsMetadata, err error) { + req, err := client.GetPreparer(resourceProviderNamespace, expand) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.ProviderOperationsMetadataClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.ProviderOperationsMetadataClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.ProviderOperationsMetadataClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client ProviderOperationsMetadataClient) GetPreparer(resourceProviderNamespace string, expand string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceProviderNamespace": autorest.Encode("path", resourceProviderNamespace), + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(expand) > 0 { + queryParameters["$expand"] = autorest.Encode("query", expand) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/providers/Microsoft.Authorization/providerOperations/{resourceProviderNamespace}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client ProviderOperationsMetadataClient) GetSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client ProviderOperationsMetadataClient) GetResponder(resp *http.Response) (result ProviderOperationsMetadata, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets provider operations metadata for all resource providers. +// +// expand is specifies whether to expand the values. +func (client ProviderOperationsMetadataClient) List(expand string) (result ProviderOperationsMetadataListResult, err error) { + req, err := client.ListPreparer(expand) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.ProviderOperationsMetadataClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.ProviderOperationsMetadataClient", "List", resp, "Failure sending request") + return + } + + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.ProviderOperationsMetadataClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client ProviderOperationsMetadataClient) ListPreparer(expand string) (*http.Request, error) { + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(expand) > 0 { + queryParameters["$expand"] = autorest.Encode("query", expand) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPath("/providers/Microsoft.Authorization/providerOperations"), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client ProviderOperationsMetadataClient) ListSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client ProviderOperationsMetadataClient) ListResponder(resp *http.Response) (result ProviderOperationsMetadataListResult, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListNextResults retrieves the next set of results, if any. +func (client ProviderOperationsMetadataClient) ListNextResults(lastResults ProviderOperationsMetadataListResult) (result ProviderOperationsMetadataListResult, err error) { + req, err := lastResults.ProviderOperationsMetadataListResultPreparer() + if err != nil { + return result, autorest.NewErrorWithError(err, "authorization.ProviderOperationsMetadataClient", "List", nil, "Failure preparing next results request") + } + if req == nil { + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "authorization.ProviderOperationsMetadataClient", "List", resp, "Failure sending next results request") + } + + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.ProviderOperationsMetadataClient", "List", resp, "Failure responding to next results request") + } + + return +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/roleassignments.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/roleassignments.go new file mode 100755 index 000000000000..6f02c9550dac --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/roleassignments.go @@ -0,0 +1,825 @@ +package authorization + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator 1.0.1.0 +// Changes may cause incorrect behavior and will be lost if the code is +// regenerated. + +import ( + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "net/http" +) + +// RoleAssignmentsClient is the role based access control provides you a way to +// apply granular level policy administration down to individual resources or +// resource groups. These operations enable you to manage role definitions and +// role assignments. A role definition describes the set of actions that can be +// performed on resources. A role assignment grants access to Azure Active +// Directory users. +type RoleAssignmentsClient struct { + ManagementClient +} + +// NewRoleAssignmentsClient creates an instance of the RoleAssignmentsClient +// client. +func NewRoleAssignmentsClient(subscriptionID string) RoleAssignmentsClient { + return NewRoleAssignmentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewRoleAssignmentsClientWithBaseURI creates an instance of the +// RoleAssignmentsClient client. +func NewRoleAssignmentsClientWithBaseURI(baseURI string, subscriptionID string) RoleAssignmentsClient { + return RoleAssignmentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Create creates a role assignment. +// +// scope is the scope of the role assignment to create. The scope can be any +// REST resource instance. For example, use '/subscriptions/{subscription-id}/' +// for a subscription, +// '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for +// a resource group, and +// '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' +// for a resource. roleAssignmentName is the name of the role assignment to +// create. It can be any valid GUID. parameters is parameters for the role +// assignment. +func (client RoleAssignmentsClient) Create(scope string, roleAssignmentName string, parameters RoleAssignmentCreateParameters) (result RoleAssignment, err error) { + req, err := client.CreatePreparer(scope, roleAssignmentName, parameters) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "Create", nil, "Failure preparing request") + return + } + + resp, err := client.CreateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "Create", resp, "Failure sending request") + return + } + + result, err = client.CreateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "Create", resp, "Failure responding to request") + } + + return +} + +// CreatePreparer prepares the Create request. +func (client RoleAssignmentsClient) CreatePreparer(scope string, roleAssignmentName string, parameters RoleAssignmentCreateParameters) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "roleAssignmentName": autorest.Encode("path", roleAssignmentName), + "scope": scope, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsJSON(), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}", pathParameters), + autorest.WithJSON(parameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// CreateSender sends the Create request. The method will close the +// http.Response Body if it receives an error. +func (client RoleAssignmentsClient) CreateSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// CreateResponder handles the response to the Create request. The method always +// closes the http.Response Body. +func (client RoleAssignmentsClient) CreateResponder(resp *http.Response) (result RoleAssignment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// CreateByID creates a role assignment by ID. +// +// roleAssignmentID is the ID of the role assignment to create. parameters is +// parameters for the role assignment. +func (client RoleAssignmentsClient) CreateByID(roleAssignmentID string, parameters RoleAssignmentCreateParameters) (result RoleAssignment, err error) { + req, err := client.CreateByIDPreparer(roleAssignmentID, parameters) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "CreateByID", nil, "Failure preparing request") + return + } + + resp, err := client.CreateByIDSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "CreateByID", resp, "Failure sending request") + return + } + + result, err = client.CreateByIDResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "CreateByID", resp, "Failure responding to request") + } + + return +} + +// CreateByIDPreparer prepares the CreateByID request. +func (client RoleAssignmentsClient) CreateByIDPreparer(roleAssignmentID string, parameters RoleAssignmentCreateParameters) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "roleAssignmentId": roleAssignmentID, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsJSON(), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{roleAssignmentId}", pathParameters), + autorest.WithJSON(parameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// CreateByIDSender sends the CreateByID request. The method will close the +// http.Response Body if it receives an error. +func (client RoleAssignmentsClient) CreateByIDSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// CreateByIDResponder handles the response to the CreateByID request. The method always +// closes the http.Response Body. +func (client RoleAssignmentsClient) CreateByIDResponder(resp *http.Response) (result RoleAssignment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete deletes a role assignment. +// +// scope is the scope of the role assignment to delete. roleAssignmentName is +// the name of the role assignment to delete. +func (client RoleAssignmentsClient) Delete(scope string, roleAssignmentName string) (result RoleAssignment, err error) { + req, err := client.DeletePreparer(scope, roleAssignmentName) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client RoleAssignmentsClient) DeletePreparer(scope string, roleAssignmentName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "roleAssignmentName": autorest.Encode("path", roleAssignmentName), + "scope": scope, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client RoleAssignmentsClient) DeleteSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client RoleAssignmentsClient) DeleteResponder(resp *http.Response) (result RoleAssignment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// DeleteByID deletes a role assignment. +// +// roleAssignmentID is the ID of the role assignment to delete. +func (client RoleAssignmentsClient) DeleteByID(roleAssignmentID string) (result RoleAssignment, err error) { + req, err := client.DeleteByIDPreparer(roleAssignmentID) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "DeleteByID", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteByIDSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "DeleteByID", resp, "Failure sending request") + return + } + + result, err = client.DeleteByIDResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "DeleteByID", resp, "Failure responding to request") + } + + return +} + +// DeleteByIDPreparer prepares the DeleteByID request. +func (client RoleAssignmentsClient) DeleteByIDPreparer(roleAssignmentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "roleAssignmentId": roleAssignmentID, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{roleAssignmentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// DeleteByIDSender sends the DeleteByID request. The method will close the +// http.Response Body if it receives an error. +func (client RoleAssignmentsClient) DeleteByIDSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// DeleteByIDResponder handles the response to the DeleteByID request. The method always +// closes the http.Response Body. +func (client RoleAssignmentsClient) DeleteByIDResponder(resp *http.Response) (result RoleAssignment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Get get the specified role assignment. +// +// scope is the scope of the role assignment. roleAssignmentName is the name of +// the role assignment to get. +func (client RoleAssignmentsClient) Get(scope string, roleAssignmentName string) (result RoleAssignment, err error) { + req, err := client.GetPreparer(scope, roleAssignmentName) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client RoleAssignmentsClient) GetPreparer(scope string, roleAssignmentName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "roleAssignmentName": autorest.Encode("path", roleAssignmentName), + "scope": scope, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client RoleAssignmentsClient) GetSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client RoleAssignmentsClient) GetResponder(resp *http.Response) (result RoleAssignment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// GetByID gets a role assignment by ID. +// +// roleAssignmentID is the ID of the role assignment to get. +func (client RoleAssignmentsClient) GetByID(roleAssignmentID string) (result RoleAssignment, err error) { + req, err := client.GetByIDPreparer(roleAssignmentID) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "GetByID", nil, "Failure preparing request") + return + } + + resp, err := client.GetByIDSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "GetByID", resp, "Failure sending request") + return + } + + result, err = client.GetByIDResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "GetByID", resp, "Failure responding to request") + } + + return +} + +// GetByIDPreparer prepares the GetByID request. +func (client RoleAssignmentsClient) GetByIDPreparer(roleAssignmentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "roleAssignmentId": roleAssignmentID, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{roleAssignmentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// GetByIDSender sends the GetByID request. The method will close the +// http.Response Body if it receives an error. +func (client RoleAssignmentsClient) GetByIDSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// GetByIDResponder handles the response to the GetByID request. The method always +// closes the http.Response Body. +func (client RoleAssignmentsClient) GetByIDResponder(resp *http.Response) (result RoleAssignment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all role assignments for the subscription. +// +// filter is the filter to apply on the operation. Use $filter=atScope() to +// return all role assignments at or above the scope. Use $filter=principalId +// eq {id} to return all role assignments at, above or below the scope for the +// specified principal. +func (client RoleAssignmentsClient) List(filter string) (result RoleAssignmentListResult, err error) { + req, err := client.ListPreparer(filter) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "List", resp, "Failure sending request") + return + } + + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client RoleAssignmentsClient) ListPreparer(filter string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleAssignments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client RoleAssignmentsClient) ListSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client RoleAssignmentsClient) ListResponder(resp *http.Response) (result RoleAssignmentListResult, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListNextResults retrieves the next set of results, if any. +func (client RoleAssignmentsClient) ListNextResults(lastResults RoleAssignmentListResult) (result RoleAssignmentListResult, err error) { + req, err := lastResults.RoleAssignmentListResultPreparer() + if err != nil { + return result, autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "List", nil, "Failure preparing next results request") + } + if req == nil { + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "List", resp, "Failure sending next results request") + } + + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "List", resp, "Failure responding to next results request") + } + + return +} + +// ListForResource gets role assignments for a resource. +// +// resourceGroupName is the name of the resource group. +// resourceProviderNamespace is the namespace of the resource provider. +// parentResourcePath is the parent resource identity. resourceType is the +// resource type of the resource. resourceName is the name of the resource to +// get role assignments for. filter is the filter to apply on the operation. +// Use $filter=atScope() to return all role assignments at or above the scope. +// Use $filter=principalId eq {id} to return all role assignments at, above or +// below the scope for the specified principal. +func (client RoleAssignmentsClient) ListForResource(resourceGroupName string, resourceProviderNamespace string, parentResourcePath string, resourceType string, resourceName string, filter string) (result RoleAssignmentListResult, err error) { + req, err := client.ListForResourcePreparer(resourceGroupName, resourceProviderNamespace, parentResourcePath, resourceType, resourceName, filter) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResource", nil, "Failure preparing request") + return + } + + resp, err := client.ListForResourceSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResource", resp, "Failure sending request") + return + } + + result, err = client.ListForResourceResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResource", resp, "Failure responding to request") + } + + return +} + +// ListForResourcePreparer prepares the ListForResource request. +func (client RoleAssignmentsClient) ListForResourcePreparer(resourceGroupName string, resourceProviderNamespace string, parentResourcePath string, resourceType string, resourceName string, filter string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "parentResourcePath": parentResourcePath, + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "resourceName": autorest.Encode("path", resourceName), + "resourceProviderNamespace": autorest.Encode("path", resourceProviderNamespace), + "resourceType": resourceType, + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/roleAssignments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// ListForResourceSender sends the ListForResource request. The method will close the +// http.Response Body if it receives an error. +func (client RoleAssignmentsClient) ListForResourceSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// ListForResourceResponder handles the response to the ListForResource request. The method always +// closes the http.Response Body. +func (client RoleAssignmentsClient) ListForResourceResponder(resp *http.Response) (result RoleAssignmentListResult, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListForResourceNextResults retrieves the next set of results, if any. +func (client RoleAssignmentsClient) ListForResourceNextResults(lastResults RoleAssignmentListResult) (result RoleAssignmentListResult, err error) { + req, err := lastResults.RoleAssignmentListResultPreparer() + if err != nil { + return result, autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResource", nil, "Failure preparing next results request") + } + if req == nil { + return + } + + resp, err := client.ListForResourceSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResource", resp, "Failure sending next results request") + } + + result, err = client.ListForResourceResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResource", resp, "Failure responding to next results request") + } + + return +} + +// ListForResourceGroup gets role assignments for a resource group. +// +// resourceGroupName is the name of the resource group. filter is the filter to +// apply on the operation. Use $filter=atScope() to return all role assignments +// at or above the scope. Use $filter=principalId eq {id} to return all role +// assignments at, above or below the scope for the specified principal. +func (client RoleAssignmentsClient) ListForResourceGroup(resourceGroupName string, filter string) (result RoleAssignmentListResult, err error) { + req, err := client.ListForResourceGroupPreparer(resourceGroupName, filter) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResourceGroup", nil, "Failure preparing request") + return + } + + resp, err := client.ListForResourceGroupSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResourceGroup", resp, "Failure sending request") + return + } + + result, err = client.ListForResourceGroupResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResourceGroup", resp, "Failure responding to request") + } + + return +} + +// ListForResourceGroupPreparer prepares the ListForResourceGroup request. +func (client RoleAssignmentsClient) ListForResourceGroupPreparer(resourceGroupName string, filter string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/roleAssignments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// ListForResourceGroupSender sends the ListForResourceGroup request. The method will close the +// http.Response Body if it receives an error. +func (client RoleAssignmentsClient) ListForResourceGroupSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// ListForResourceGroupResponder handles the response to the ListForResourceGroup request. The method always +// closes the http.Response Body. +func (client RoleAssignmentsClient) ListForResourceGroupResponder(resp *http.Response) (result RoleAssignmentListResult, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListForResourceGroupNextResults retrieves the next set of results, if any. +func (client RoleAssignmentsClient) ListForResourceGroupNextResults(lastResults RoleAssignmentListResult) (result RoleAssignmentListResult, err error) { + req, err := lastResults.RoleAssignmentListResultPreparer() + if err != nil { + return result, autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResourceGroup", nil, "Failure preparing next results request") + } + if req == nil { + return + } + + resp, err := client.ListForResourceGroupSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResourceGroup", resp, "Failure sending next results request") + } + + result, err = client.ListForResourceGroupResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForResourceGroup", resp, "Failure responding to next results request") + } + + return +} + +// ListForScope gets role assignments for a scope. +// +// scope is the scope of the role assignments. filter is the filter to apply on +// the operation. Use $filter=atScope() to return all role assignments at or +// above the scope. Use $filter=principalId eq {id} to return all role +// assignments at, above or below the scope for the specified principal. +func (client RoleAssignmentsClient) ListForScope(scope string, filter string) (result RoleAssignmentListResult, err error) { + req, err := client.ListForScopePreparer(scope, filter) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForScope", nil, "Failure preparing request") + return + } + + resp, err := client.ListForScopeSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForScope", resp, "Failure sending request") + return + } + + result, err = client.ListForScopeResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForScope", resp, "Failure responding to request") + } + + return +} + +// ListForScopePreparer prepares the ListForScope request. +func (client RoleAssignmentsClient) ListForScopePreparer(scope string, filter string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "scope": scope, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Authorization/roleAssignments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// ListForScopeSender sends the ListForScope request. The method will close the +// http.Response Body if it receives an error. +func (client RoleAssignmentsClient) ListForScopeSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// ListForScopeResponder handles the response to the ListForScope request. The method always +// closes the http.Response Body. +func (client RoleAssignmentsClient) ListForScopeResponder(resp *http.Response) (result RoleAssignmentListResult, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListForScopeNextResults retrieves the next set of results, if any. +func (client RoleAssignmentsClient) ListForScopeNextResults(lastResults RoleAssignmentListResult) (result RoleAssignmentListResult, err error) { + req, err := lastResults.RoleAssignmentListResultPreparer() + if err != nil { + return result, autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForScope", nil, "Failure preparing next results request") + } + if req == nil { + return + } + + resp, err := client.ListForScopeSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForScope", resp, "Failure sending next results request") + } + + result, err = client.ListForScopeResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleAssignmentsClient", "ListForScope", resp, "Failure responding to next results request") + } + + return +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/roledefinitions.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/roledefinitions.go new file mode 100755 index 000000000000..cdd9efc22a1d --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/roledefinitions.go @@ -0,0 +1,399 @@ +package authorization + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator 1.0.1.0 +// Changes may cause incorrect behavior and will be lost if the code is +// regenerated. + +import ( + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "net/http" +) + +// RoleDefinitionsClient is the role based access control provides you a way to +// apply granular level policy administration down to individual resources or +// resource groups. These operations enable you to manage role definitions and +// role assignments. A role definition describes the set of actions that can be +// performed on resources. A role assignment grants access to Azure Active +// Directory users. +type RoleDefinitionsClient struct { + ManagementClient +} + +// NewRoleDefinitionsClient creates an instance of the RoleDefinitionsClient +// client. +func NewRoleDefinitionsClient(subscriptionID string) RoleDefinitionsClient { + return NewRoleDefinitionsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewRoleDefinitionsClientWithBaseURI creates an instance of the +// RoleDefinitionsClient client. +func NewRoleDefinitionsClientWithBaseURI(baseURI string, subscriptionID string) RoleDefinitionsClient { + return RoleDefinitionsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdate creates or updates a role definition. +// +// scope is the scope of the role definition. roleDefinitionID is the ID of the +// role definition. roleDefinition is the values for the role definition. +func (client RoleDefinitionsClient) CreateOrUpdate(scope string, roleDefinitionID string, roleDefinition RoleDefinition) (result RoleDefinition, err error) { + req, err := client.CreateOrUpdatePreparer(scope, roleDefinitionID, roleDefinition) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "CreateOrUpdate", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "CreateOrUpdate", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "CreateOrUpdate", resp, "Failure responding to request") + } + + return +} + +// CreateOrUpdatePreparer prepares the CreateOrUpdate request. +func (client RoleDefinitionsClient) CreateOrUpdatePreparer(scope string, roleDefinitionID string, roleDefinition RoleDefinition) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "roleDefinitionId": autorest.Encode("path", roleDefinitionID), + "scope": scope, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsJSON(), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}", pathParameters), + autorest.WithJSON(roleDefinition), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the +// http.Response Body if it receives an error. +func (client RoleDefinitionsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always +// closes the http.Response Body. +func (client RoleDefinitionsClient) CreateOrUpdateResponder(resp *http.Response) (result RoleDefinition, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete deletes a role definition. +// +// scope is the scope of the role definition. roleDefinitionID is the ID of the +// role definition to delete. +func (client RoleDefinitionsClient) Delete(scope string, roleDefinitionID string) (result RoleDefinition, err error) { + req, err := client.DeletePreparer(scope, roleDefinitionID) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client RoleDefinitionsClient) DeletePreparer(scope string, roleDefinitionID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "roleDefinitionId": autorest.Encode("path", roleDefinitionID), + "scope": scope, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client RoleDefinitionsClient) DeleteSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client RoleDefinitionsClient) DeleteResponder(resp *http.Response) (result RoleDefinition, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Get get role definition by name (GUID). +// +// scope is the scope of the role definition. roleDefinitionID is the ID of the +// role definition. +func (client RoleDefinitionsClient) Get(scope string, roleDefinitionID string) (result RoleDefinition, err error) { + req, err := client.GetPreparer(scope, roleDefinitionID) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client RoleDefinitionsClient) GetPreparer(scope string, roleDefinitionID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "roleDefinitionId": autorest.Encode("path", roleDefinitionID), + "scope": scope, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client RoleDefinitionsClient) GetSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client RoleDefinitionsClient) GetResponder(resp *http.Response) (result RoleDefinition, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// GetByID gets a role definition by ID. +// +// roleDefinitionID is the fully qualified role definition ID to get. +func (client RoleDefinitionsClient) GetByID(roleDefinitionID string) (result RoleDefinition, err error) { + req, err := client.GetByIDPreparer(roleDefinitionID) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "GetByID", nil, "Failure preparing request") + return + } + + resp, err := client.GetByIDSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "GetByID", resp, "Failure sending request") + return + } + + result, err = client.GetByIDResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "GetByID", resp, "Failure responding to request") + } + + return +} + +// GetByIDPreparer prepares the GetByID request. +func (client RoleDefinitionsClient) GetByIDPreparer(roleDefinitionID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "roleDefinitionId": roleDefinitionID, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{roleDefinitionId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// GetByIDSender sends the GetByID request. The method will close the +// http.Response Body if it receives an error. +func (client RoleDefinitionsClient) GetByIDSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// GetByIDResponder handles the response to the GetByID request. The method always +// closes the http.Response Body. +func (client RoleDefinitionsClient) GetByIDResponder(resp *http.Response) (result RoleDefinition, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List get all role definitions that are applicable at scope and above. +// +// scope is the scope of the role definition. filter is the filter to apply on +// the operation. Use atScopeAndBelow filter to search below the given scope as +// well. +func (client RoleDefinitionsClient) List(scope string, filter string) (result RoleDefinitionListResult, err error) { + req, err := client.ListPreparer(scope, filter) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "List", resp, "Failure sending request") + return + } + + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client RoleDefinitionsClient) ListPreparer(scope string, filter string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "scope": scope, + } + + const APIVersion = "2015-07-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Authorization/roleDefinitions", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client RoleDefinitionsClient) ListSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client RoleDefinitionsClient) ListResponder(resp *http.Response) (result RoleDefinitionListResult, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListNextResults retrieves the next set of results, if any. +func (client RoleDefinitionsClient) ListNextResults(lastResults RoleDefinitionListResult) (result RoleDefinitionListResult, err error) { + req, err := lastResults.RoleDefinitionListResultPreparer() + if err != nil { + return result, autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "List", nil, "Failure preparing next results request") + } + if req == nil { + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "List", resp, "Failure sending next results request") + } + + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "List", resp, "Failure responding to next results request") + } + + return +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/version.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/version.go new file mode 100755 index 000000000000..47e2c0aab12e --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/authorization/version.go @@ -0,0 +1,28 @@ +package authorization + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator 1.2.2.0 +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +// UserAgent returns the UserAgent string to use when sending http.Requests. +func UserAgent() string { + return "Azure-SDK-For-Go/v10.3.0-beta arm-authorization/2015-07-01" +} + +// Version returns the semantic version (see http://semver.org) of the client. +func Version() string { + return "v10.3.0-beta" +} diff --git a/vendor/github.com/google/uuid/CONTRIBUTING.md b/vendor/github.com/google/uuid/CONTRIBUTING.md new file mode 100644 index 000000000000..04fdf09f136b --- /dev/null +++ b/vendor/github.com/google/uuid/CONTRIBUTING.md @@ -0,0 +1,10 @@ +# How to contribute + +We definitely welcome patches and contribution to this project! + +### Legal requirements + +In order to protect both you and ourselves, you will need to sign the +[Contributor License Agreement](https://cla.developers.google.com/clas). + +You may have already signed it for other Google projects. diff --git a/vendor/github.com/google/uuid/CONTRIBUTORS b/vendor/github.com/google/uuid/CONTRIBUTORS new file mode 100644 index 000000000000..b4bb97f6bcd0 --- /dev/null +++ b/vendor/github.com/google/uuid/CONTRIBUTORS @@ -0,0 +1,9 @@ +Paul Borman +bmatsuo +shawnps +theory +jboverfelt +dsymonds +cd1 +wallclockbuilder +dansouza diff --git a/vendor/github.com/google/uuid/LICENSE b/vendor/github.com/google/uuid/LICENSE new file mode 100644 index 000000000000..5dc68268d900 --- /dev/null +++ b/vendor/github.com/google/uuid/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2009,2014 Google Inc. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/google/uuid/README.md b/vendor/github.com/google/uuid/README.md new file mode 100644 index 000000000000..21205eaeb59d --- /dev/null +++ b/vendor/github.com/google/uuid/README.md @@ -0,0 +1,23 @@ +**This package is currently in development and the API may not be stable.** + +The API will become stable with v1. + +# uuid ![build status](https://travis-ci.org/google/uuid.svg?branch=master) +The uuid package generates and inspects UUIDs based on +[RFC 4122](http://tools.ietf.org/html/rfc4122) +and DCE 1.1: Authentication and Security Services. + +This package is based on the github.com/pborman/uuid package (previously named +code.google.com/p/go-uuid). It differs from these earlier packages in that +a UUID is a 16 byte array rather than a byte slice. One loss due to this +change is the ability to represent an invalid UUID (vs a NIL UUID). + +###### Install +`go get github.com/google/uuid` + +###### Documentation +[![GoDoc](https://godoc.org/github.com/google/uuid?status.svg)](http://godoc.org/github.com/google/uuid) + +Full `go doc` style documentation for the package can be viewed online without +installing this package by using the GoDoc site here: +http://godoc.org/github.com/google/uuid diff --git a/vendor/github.com/google/uuid/dce.go b/vendor/github.com/google/uuid/dce.go new file mode 100644 index 000000000000..fa820b9d3092 --- /dev/null +++ b/vendor/github.com/google/uuid/dce.go @@ -0,0 +1,80 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import ( + "encoding/binary" + "fmt" + "os" +) + +// A Domain represents a Version 2 domain +type Domain byte + +// Domain constants for DCE Security (Version 2) UUIDs. +const ( + Person = Domain(0) + Group = Domain(1) + Org = Domain(2) +) + +// NewDCESecurity returns a DCE Security (Version 2) UUID. +// +// The domain should be one of Person, Group or Org. +// On a POSIX system the id should be the users UID for the Person +// domain and the users GID for the Group. The meaning of id for +// the domain Org or on non-POSIX systems is site defined. +// +// For a given domain/id pair the same token may be returned for up to +// 7 minutes and 10 seconds. +func NewDCESecurity(domain Domain, id uint32) (UUID, error) { + uuid, err := NewUUID() + if err == nil { + uuid[6] = (uuid[6] & 0x0f) | 0x20 // Version 2 + uuid[9] = byte(domain) + binary.BigEndian.PutUint32(uuid[0:], id) + } + return uuid, err +} + +// NewDCEPerson returns a DCE Security (Version 2) UUID in the person +// domain with the id returned by os.Getuid. +// +// NewDCESecurity(Person, uint32(os.Getuid())) +func NewDCEPerson() (UUID, error) { + return NewDCESecurity(Person, uint32(os.Getuid())) +} + +// NewDCEGroup returns a DCE Security (Version 2) UUID in the group +// domain with the id returned by os.Getgid. +// +// NewDCESecurity(Group, uint32(os.Getgid())) +func NewDCEGroup() (UUID, error) { + return NewDCESecurity(Group, uint32(os.Getgid())) +} + +// Domain returns the domain for a Version 2 UUID. Domains are only defined +// for Version 2 UUIDs. +func (uuid UUID) Domain() Domain { + return Domain(uuid[9]) +} + +// ID returns the id for a Version 2 UUID. IDs are only defined for Version 2 +// UUIDs. +func (uuid UUID) ID() uint32 { + return binary.BigEndian.Uint32(uuid[0:4]) +} + +func (d Domain) String() string { + switch d { + case Person: + return "Person" + case Group: + return "Group" + case Org: + return "Org" + } + return fmt.Sprintf("Domain%d", int(d)) +} diff --git a/vendor/github.com/google/uuid/doc.go b/vendor/github.com/google/uuid/doc.go new file mode 100644 index 000000000000..5b8a4b9af8ce --- /dev/null +++ b/vendor/github.com/google/uuid/doc.go @@ -0,0 +1,12 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package uuid generates and inspects UUIDs. +// +// UUIDs are based on RFC 4122 and DCE 1.1: Authentication and Security +// Services. +// +// A UUID is a 16 byte (128 bit) array. UUIDs may be used as keys to +// maps or compared directly. +package uuid diff --git a/vendor/github.com/google/uuid/hash.go b/vendor/github.com/google/uuid/hash.go new file mode 100644 index 000000000000..4fc5a77df58c --- /dev/null +++ b/vendor/github.com/google/uuid/hash.go @@ -0,0 +1,53 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import ( + "crypto/md5" + "crypto/sha1" + "hash" +) + +// Well known namespace IDs and UUIDs +var ( + NameSpaceDNS = Must(Parse("6ba7b810-9dad-11d1-80b4-00c04fd430c8")) + NameSpaceURL = Must(Parse("6ba7b811-9dad-11d1-80b4-00c04fd430c8")) + NameSpaceOID = Must(Parse("6ba7b812-9dad-11d1-80b4-00c04fd430c8")) + NameSpaceX500 = Must(Parse("6ba7b814-9dad-11d1-80b4-00c04fd430c8")) + Nil UUID // empty UUID, all zeros +) + +// NewHash returns a new UUID derived from the hash of space concatenated with +// data generated by h. The hash should be at least 16 byte in length. The +// first 16 bytes of the hash are used to form the UUID. The version of the +// UUID will be the lower 4 bits of version. NewHash is used to implement +// NewMD5 and NewSHA1. +func NewHash(h hash.Hash, space UUID, data []byte, version int) UUID { + h.Reset() + h.Write(space[:]) + h.Write([]byte(data)) + s := h.Sum(nil) + var uuid UUID + copy(uuid[:], s) + uuid[6] = (uuid[6] & 0x0f) | uint8((version&0xf)<<4) + uuid[8] = (uuid[8] & 0x3f) | 0x80 // RFC 4122 variant + return uuid +} + +// NewMD5 returns a new MD5 (Version 3) UUID based on the +// supplied name space and data. It is the same as calling: +// +// NewHash(md5.New(), space, data, 3) +func NewMD5(space UUID, data []byte) UUID { + return NewHash(md5.New(), space, data, 3) +} + +// NewSHA1 returns a new SHA1 (Version 5) UUID based on the +// supplied name space and data. It is the same as calling: +// +// NewHash(sha1.New(), space, data, 5) +func NewSHA1(space UUID, data []byte) UUID { + return NewHash(sha1.New(), space, data, 5) +} diff --git a/vendor/github.com/google/uuid/marshal.go b/vendor/github.com/google/uuid/marshal.go new file mode 100644 index 000000000000..84bbc5880bbb --- /dev/null +++ b/vendor/github.com/google/uuid/marshal.go @@ -0,0 +1,39 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import "fmt" + +// MarshalText implements encoding.TextMarshaler. +func (uuid UUID) MarshalText() ([]byte, error) { + var js [36]byte + encodeHex(js[:], uuid) + return js[:], nil +} + +// UnmarshalText implements encoding.TextUnmarshaler. +func (uuid *UUID) UnmarshalText(data []byte) error { + // See comment in ParseBytes why we do this. + // id, err := ParseBytes(data) + id, err := ParseBytes(data) + if err == nil { + *uuid = id + } + return err +} + +// MarshalBinary implements encoding.BinaryMarshaler. +func (uuid UUID) MarshalBinary() ([]byte, error) { + return uuid[:], nil +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler. +func (uuid *UUID) UnmarshalBinary(data []byte) error { + if len(data) != 16 { + return fmt.Errorf("invalid UUID (got %d bytes)", len(data)) + } + copy(uuid[:], data) + return nil +} diff --git a/vendor/github.com/google/uuid/node.go b/vendor/github.com/google/uuid/node.go new file mode 100644 index 000000000000..5f0156a2e662 --- /dev/null +++ b/vendor/github.com/google/uuid/node.go @@ -0,0 +1,103 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import ( + "net" + "sync" +) + +var ( + nodeMu sync.Mutex + interfaces []net.Interface // cached list of interfaces + ifname string // name of interface being used + nodeID [6]byte // hardware for version 1 UUIDs + zeroID [6]byte // nodeID with only 0's +) + +// NodeInterface returns the name of the interface from which the NodeID was +// derived. The interface "user" is returned if the NodeID was set by +// SetNodeID. +func NodeInterface() string { + defer nodeMu.Unlock() + nodeMu.Lock() + return ifname +} + +// SetNodeInterface selects the hardware address to be used for Version 1 UUIDs. +// If name is "" then the first usable interface found will be used or a random +// Node ID will be generated. If a named interface cannot be found then false +// is returned. +// +// SetNodeInterface never fails when name is "". +func SetNodeInterface(name string) bool { + defer nodeMu.Unlock() + nodeMu.Lock() + return setNodeInterface(name) +} + +func setNodeInterface(name string) bool { + if interfaces == nil { + var err error + interfaces, err = net.Interfaces() + if err != nil && name != "" { + return false + } + } + + for _, ifs := range interfaces { + if len(ifs.HardwareAddr) >= 6 && (name == "" || name == ifs.Name) { + copy(nodeID[:], ifs.HardwareAddr) + ifname = ifs.Name + return true + } + } + + // We found no interfaces with a valid hardware address. If name + // does not specify a specific interface generate a random Node ID + // (section 4.1.6) + if name == "" { + randomBits(nodeID[:]) + return true + } + return false +} + +// NodeID returns a slice of a copy of the current Node ID, setting the Node ID +// if not already set. +func NodeID() []byte { + defer nodeMu.Unlock() + nodeMu.Lock() + if nodeID == zeroID { + setNodeInterface("") + } + nid := nodeID + return nid[:] +} + +// SetNodeID sets the Node ID to be used for Version 1 UUIDs. The first 6 bytes +// of id are used. If id is less than 6 bytes then false is returned and the +// Node ID is not set. +func SetNodeID(id []byte) bool { + if len(id) < 6 { + return false + } + defer nodeMu.Unlock() + nodeMu.Lock() + copy(nodeID[:], id) + ifname = "user" + return true +} + +// NodeID returns the 6 byte node id encoded in uuid. It returns nil if uuid is +// not valid. The NodeID is only well defined for version 1 and 2 UUIDs. +func (uuid UUID) NodeID() []byte { + if len(uuid) != 16 { + return nil + } + var node [6]byte + copy(node[:], uuid[10:]) + return node[:] +} diff --git a/vendor/github.com/google/uuid/sql.go b/vendor/github.com/google/uuid/sql.go new file mode 100644 index 000000000000..f326b54db37a --- /dev/null +++ b/vendor/github.com/google/uuid/sql.go @@ -0,0 +1,59 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import ( + "database/sql/driver" + "fmt" +) + +// Scan implements sql.Scanner so UUIDs can be read from databases transparently +// Currently, database types that map to string and []byte are supported. Please +// consult database-specific driver documentation for matching types. +func (uuid *UUID) Scan(src interface{}) error { + switch src := src.(type) { + case nil: + return nil + + case string: + // if an empty UUID comes from a table, we return a null UUID + if src == "" { + return nil + } + + // see Parse for required string format + u, err := Parse(src) + if err != nil { + return fmt.Errorf("Scan: %v", err) + } + + *uuid = u + + case []byte: + // if an empty UUID comes from a table, we return a null UUID + if len(src) == 0 { + return nil + } + + // assumes a simple slice of bytes if 16 bytes + // otherwise attempts to parse + if len(src) != 16 { + return uuid.Scan(string(src)) + } + copy((*uuid)[:], src) + + default: + return fmt.Errorf("Scan: unable to scan type %T into UUID", src) + } + + return nil +} + +// Value implements sql.Valuer so that UUIDs can be written to databases +// transparently. Currently, UUIDs map to strings. Please consult +// database-specific driver documentation for matching types. +func (uuid UUID) Value() (driver.Value, error) { + return uuid.String(), nil +} diff --git a/vendor/github.com/google/uuid/time.go b/vendor/github.com/google/uuid/time.go new file mode 100644 index 000000000000..fd7fe0ac46a1 --- /dev/null +++ b/vendor/github.com/google/uuid/time.go @@ -0,0 +1,123 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import ( + "encoding/binary" + "sync" + "time" +) + +// A Time represents a time as the number of 100's of nanoseconds since 15 Oct +// 1582. +type Time int64 + +const ( + lillian = 2299160 // Julian day of 15 Oct 1582 + unix = 2440587 // Julian day of 1 Jan 1970 + epoch = unix - lillian // Days between epochs + g1582 = epoch * 86400 // seconds between epochs + g1582ns100 = g1582 * 10000000 // 100s of a nanoseconds between epochs +) + +var ( + timeMu sync.Mutex + lasttime uint64 // last time we returned + clockSeq uint16 // clock sequence for this run + + timeNow = time.Now // for testing +) + +// UnixTime converts t the number of seconds and nanoseconds using the Unix +// epoch of 1 Jan 1970. +func (t Time) UnixTime() (sec, nsec int64) { + sec = int64(t - g1582ns100) + nsec = (sec % 10000000) * 100 + sec /= 10000000 + return sec, nsec +} + +// GetTime returns the current Time (100s of nanoseconds since 15 Oct 1582) and +// clock sequence as well as adjusting the clock sequence as needed. An error +// is returned if the current time cannot be determined. +func GetTime() (Time, uint16, error) { + defer timeMu.Unlock() + timeMu.Lock() + return getTime() +} + +func getTime() (Time, uint16, error) { + t := timeNow() + + // If we don't have a clock sequence already, set one. + if clockSeq == 0 { + setClockSequence(-1) + } + now := uint64(t.UnixNano()/100) + g1582ns100 + + // If time has gone backwards with this clock sequence then we + // increment the clock sequence + if now <= lasttime { + clockSeq = ((clockSeq + 1) & 0x3fff) | 0x8000 + } + lasttime = now + return Time(now), clockSeq, nil +} + +// ClockSequence returns the current clock sequence, generating one if not +// already set. The clock sequence is only used for Version 1 UUIDs. +// +// The uuid package does not use global static storage for the clock sequence or +// the last time a UUID was generated. Unless SetClockSequence is used, a new +// random clock sequence is generated the first time a clock sequence is +// requested by ClockSequence, GetTime, or NewUUID. (section 4.2.1.1) +func ClockSequence() int { + defer timeMu.Unlock() + timeMu.Lock() + return clockSequence() +} + +func clockSequence() int { + if clockSeq == 0 { + setClockSequence(-1) + } + return int(clockSeq & 0x3fff) +} + +// SetClockSeq sets the clock sequence to the lower 14 bits of seq. Setting to +// -1 causes a new sequence to be generated. +func SetClockSequence(seq int) { + defer timeMu.Unlock() + timeMu.Lock() + setClockSequence(seq) +} + +func setClockSequence(seq int) { + if seq == -1 { + var b [2]byte + randomBits(b[:]) // clock sequence + seq = int(b[0])<<8 | int(b[1]) + } + old_seq := clockSeq + clockSeq = uint16(seq&0x3fff) | 0x8000 // Set our variant + if old_seq != clockSeq { + lasttime = 0 + } +} + +// Time returns the time in 100s of nanoseconds since 15 Oct 1582 encoded in +// uuid. The time is only defined for version 1 and 2 UUIDs. +func (uuid UUID) Time() Time { + time := int64(binary.BigEndian.Uint32(uuid[0:4])) + time |= int64(binary.BigEndian.Uint16(uuid[4:6])) << 32 + time |= int64(binary.BigEndian.Uint16(uuid[6:8])&0xfff) << 48 + return Time(time) +} + +// ClockSequence returns the clock sequence encoded in uuid. +// The clock sequence is only well defined for version 1 and 2 UUIDs. +func (uuid UUID) ClockSequence() int { + return int(binary.BigEndian.Uint16(uuid[8:10])) & 0x3fff +} diff --git a/vendor/github.com/google/uuid/util.go b/vendor/github.com/google/uuid/util.go new file mode 100644 index 000000000000..5ea6c737806e --- /dev/null +++ b/vendor/github.com/google/uuid/util.go @@ -0,0 +1,43 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import ( + "io" +) + +// randomBits completely fills slice b with random data. +func randomBits(b []byte) { + if _, err := io.ReadFull(rander, b); err != nil { + panic(err.Error()) // rand should never fail + } +} + +// xvalues returns the value of a byte as a hexadecimal digit or 255. +var xvalues = [256]byte{ + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 255, 255, 255, 255, 255, 255, + 255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, +} + +// xtob converts hex characters x1 and x2 into a byte. +func xtob(x1, x2 byte) (byte, bool) { + b1 := xvalues[x1] + b2 := xvalues[x2] + return (b1 << 4) | b2, b1 != 255 && b2 != 255 +} diff --git a/vendor/github.com/google/uuid/uuid.go b/vendor/github.com/google/uuid/uuid.go new file mode 100644 index 000000000000..23161a86c086 --- /dev/null +++ b/vendor/github.com/google/uuid/uuid.go @@ -0,0 +1,191 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import ( + "bytes" + "crypto/rand" + "encoding/hex" + "errors" + "fmt" + "io" + "strings" +) + +// A UUID is a 128 bit (16 byte) Universal Unique IDentifier as defined in RFC +// 4122. +type UUID [16]byte + +// A Version represents a UUID's version. +type Version byte + +// A Variant represents a UUID's variant. +type Variant byte + +// Constants returned by Variant. +const ( + Invalid = Variant(iota) // Invalid UUID + RFC4122 // The variant specified in RFC4122 + Reserved // Reserved, NCS backward compatibility. + Microsoft // Reserved, Microsoft Corporation backward compatibility. + Future // Reserved for future definition. +) + +var rander = rand.Reader // random function + +// Parse decodes s into a UUID or returns an error. Both the UUID form of +// xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and +// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are decoded. +func Parse(s string) (UUID, error) { + var uuid UUID + if len(s) != 36 { + if len(s) != 36+9 { + return uuid, fmt.Errorf("invalid UUID length: %d", len(s)) + } + if strings.ToLower(s[:9]) != "urn:uuid:" { + return uuid, fmt.Errorf("invalid urn prefix: %q", s[:9]) + } + s = s[9:] + } + if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' { + return uuid, errors.New("invalid UUID format") + } + for i, x := range [16]int{ + 0, 2, 4, 6, + 9, 11, + 14, 16, + 19, 21, + 24, 26, 28, 30, 32, 34} { + if v, ok := xtob(s[x], s[x+1]); !ok { + return uuid, errors.New("invalid UUID format") + } else { + uuid[i] = v + } + } + return uuid, nil +} + +// ParseBytes is like Parse, except it parses a byte slice instead of a string. +func ParseBytes(b []byte) (UUID, error) { + var uuid UUID + if len(b) != 36 { + if len(b) != 36+9 { + return uuid, fmt.Errorf("invalid UUID length: %d", len(b)) + } + if !bytes.Equal(bytes.ToLower(b[:9]), []byte("urn:uuid:")) { + return uuid, fmt.Errorf("invalid urn prefix: %q", b[:9]) + } + b = b[9:] + } + if b[8] != '-' || b[13] != '-' || b[18] != '-' || b[23] != '-' { + return uuid, errors.New("invalid UUID format") + } + for i, x := range [16]int{ + 0, 2, 4, 6, + 9, 11, + 14, 16, + 19, 21, + 24, 26, 28, 30, 32, 34} { + if v, ok := xtob(b[x], b[x+1]); !ok { + return uuid, errors.New("invalid UUID format") + } else { + uuid[i] = v + } + } + return uuid, nil +} + +// Must returns uuid if err is nil and panics otherwise. +func Must(uuid UUID, err error) UUID { + if err != nil { + panic(err) + } + return uuid +} + +// String returns the string form of uuid, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx +// , or "" if uuid is invalid. +func (uuid UUID) String() string { + var buf [36]byte + encodeHex(buf[:], uuid) + return string(buf[:]) +} + +// URN returns the RFC 2141 URN form of uuid, +// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, or "" if uuid is invalid. +func (uuid UUID) URN() string { + var buf [36 + 9]byte + copy(buf[:], "urn:uuid:") + encodeHex(buf[9:], uuid) + return string(buf[:]) +} + +func encodeHex(dst []byte, uuid UUID) { + hex.Encode(dst[:], uuid[:4]) + dst[8] = '-' + hex.Encode(dst[9:13], uuid[4:6]) + dst[13] = '-' + hex.Encode(dst[14:18], uuid[6:8]) + dst[18] = '-' + hex.Encode(dst[19:23], uuid[8:10]) + dst[23] = '-' + hex.Encode(dst[24:], uuid[10:]) +} + +// Variant returns the variant encoded in uuid. +func (uuid UUID) Variant() Variant { + switch { + case (uuid[8] & 0xc0) == 0x80: + return RFC4122 + case (uuid[8] & 0xe0) == 0xc0: + return Microsoft + case (uuid[8] & 0xe0) == 0xe0: + return Future + default: + return Reserved + } +} + +// Version returns the version of uuid. +func (uuid UUID) Version() Version { + return Version(uuid[6] >> 4) +} + +func (v Version) String() string { + if v > 15 { + return fmt.Sprintf("BAD_VERSION_%d", v) + } + return fmt.Sprintf("VERSION_%d", v) +} + +func (v Variant) String() string { + switch v { + case RFC4122: + return "RFC4122" + case Reserved: + return "Reserved" + case Microsoft: + return "Microsoft" + case Future: + return "Future" + case Invalid: + return "Invalid" + } + return fmt.Sprintf("BadVariant%d", int(v)) +} + +// SetRand sets the random number generator to r, which implements io.Reader. +// If r.Read returns an error when the package requests random data then +// a panic will be issued. +// +// Calling SetRand with nil sets the random number generator to the default +// generator. +func SetRand(r io.Reader) { + if r == nil { + rander = rand.Reader + return + } + rander = r +} diff --git a/vendor/github.com/google/uuid/version1.go b/vendor/github.com/google/uuid/version1.go new file mode 100644 index 000000000000..199a1ac65403 --- /dev/null +++ b/vendor/github.com/google/uuid/version1.go @@ -0,0 +1,44 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import ( + "encoding/binary" +) + +// NewUUID returns a Version 1 UUID based on the current NodeID and clock +// sequence, and the current time. If the NodeID has not been set by SetNodeID +// or SetNodeInterface then it will be set automatically. If the NodeID cannot +// be set NewUUID returns nil. If clock sequence has not been set by +// SetClockSequence then it will be set automatically. If GetTime fails to +// return the current NewUUID returns nil and an error. +// +// In most cases, New should be used. +func NewUUID() (UUID, error) { + nodeMu.Lock() + if nodeID == zeroID { + setNodeInterface("") + } + nodeMu.Unlock() + + var uuid UUID + now, seq, err := GetTime() + if err != nil { + return uuid, err + } + + timeLow := uint32(now & 0xffffffff) + timeMid := uint16((now >> 32) & 0xffff) + timeHi := uint16((now >> 48) & 0x0fff) + timeHi |= 0x1000 // Version 1 + + binary.BigEndian.PutUint32(uuid[0:], timeLow) + binary.BigEndian.PutUint16(uuid[4:], timeMid) + binary.BigEndian.PutUint16(uuid[6:], timeHi) + binary.BigEndian.PutUint16(uuid[8:], seq) + copy(uuid[10:], nodeID[:]) + + return uuid, nil +} diff --git a/vendor/github.com/google/uuid/version4.go b/vendor/github.com/google/uuid/version4.go new file mode 100644 index 000000000000..74c4e6c9f5a0 --- /dev/null +++ b/vendor/github.com/google/uuid/version4.go @@ -0,0 +1,38 @@ +// Copyright 2016 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import "io" + +// New creates a new random UUID or panics. New is equivalent to +// the expression +// +// uuid.Must(uuid.NewRandom()) +func New() UUID { + return Must(NewRandom()) +} + +// NewRandom returns a Random (Version 4) UUID or panics. +// +// The strength of the UUIDs is based on the strength of the crypto/rand +// package. +// +// A note about uniqueness derived from the UUID Wikipedia entry: +// +// Randomly generated UUIDs have 122 random bits. One's annual risk of being +// hit by a meteorite is estimated to be one chance in 17 billion, that +// means the probability is about 0.00000000006 (6 × 10−11), +// equivalent to the odds of creating a few tens of trillions of UUIDs in a +// year and having one duplicate. +func NewRandom() (UUID, error) { + var uuid UUID + _, err := io.ReadFull(rander, uuid[:]) + if err != nil { + return Nil, err + } + uuid[6] = (uuid[6] & 0x0f) | 0x40 // Version 4 + uuid[8] = (uuid[8] & 0x3f) | 0x80 // Variant is 10 + return uuid, nil +} diff --git a/vendor/vendor.json b/vendor/vendor.json index 7ab5c6496ce6..ad4a5a5f3295 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -10,6 +10,14 @@ "version": "=v10.3.0-beta", "versionExact": "v10.3.0-beta" }, + { + "checksumSHA1": "PpYX1v4K2Zbr0dvqTY4rEKTUdeQ=", + "path": "github.com/Azure/azure-sdk-for-go/arm/authorization", + "revision": "57db66900881e9fd21fd041a9d013514700ecab3", + "revisionTime": "2017-08-18T20:19:01Z", + "version": "=v10.3.0-beta", + "versionExact": "v10.3.0-beta" + }, { "checksumSHA1": "kDu+bApbVn1n9OGBoBJT8p6YZGc=", "path": "github.com/Azure/azure-sdk-for-go/arm/automation", @@ -602,6 +610,12 @@ "revision": "130e6b02ab059e7b717a096f397c5b60111cae74", "revisionTime": "2017-09-20T22:06:47Z" }, + { + "checksumSHA1": "Y80EASFjCaCxHdfPxmN4Wc2n1BM=", + "path": "github.com/google/uuid", + "revision": "7e072fc3a7be179aee6d3359e46015aa8c995314", + "revisionTime": "2017-08-14T14:36:39Z" + }, { "checksumSHA1": "cdOCt0Yb+hdErz8NAQqayxPmRsY=", "path": "github.com/hashicorp/errwrap", diff --git a/website/azurerm.erb b/website/azurerm.erb index f0f06e3f973b..a14fb2693d4a 100644 --- a/website/azurerm.erb +++ b/website/azurerm.erb @@ -26,6 +26,7 @@ > azurerm_builtin_role_definition + > azurerm_client_config @@ -50,6 +51,10 @@ azurerm_resource_group + > + azurerm_role_definition + + > azurerm_subscription @@ -81,6 +86,21 @@ + > + Authorization Resources + + + > Automation Resources
    diff --git a/website/docs/d/builtin_role_definition.markdown b/website/docs/d/builtin_role_definition.markdown index 9adeeea330a4..64b1313f89db 100644 --- a/website/docs/d/builtin_role_definition.markdown +++ b/website/docs/d/builtin_role_definition.markdown @@ -6,9 +6,9 @@ description: |- Get information about a built-in Role Definition. --- -# azurerm_built_in_role_definition +# azurerm_builtin_role_definition -Use this data source to access the properties of a built-in Role Definition. +Use this data source to access the properties of a built-in Role Definition. To access information about a custom Role Definition, [please see the `azurerm_role_definition` data source](role_definition.html) instead. ## Example Usage @@ -18,7 +18,7 @@ data "azurerm_builtin_role_definition" "contributor" { } output "contributor_role_definition_id" { - value = "${data.azurerm_built_in_role.contributor.id}" + value = "${data.azurerm_builtin_role.contributor.id}" } ``` @@ -30,3 +30,12 @@ output "contributor_role_definition_id" { ## Attributes Reference * `id` - the ID of the built-in Role Definition. +* `description` - the Description of the built-in Role. +* `type` - the Type of the Role. +* `permissions` - a `permissions` block as documented below. +* `assignable_scopes` - One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. + +A `permissions` block contains: + +* `actions` - a list of actions supported by this role +* `not_actions` - a list of actions which are denied by this role diff --git a/website/docs/d/role_definition.markdown b/website/docs/d/role_definition.markdown new file mode 100644 index 000000000000..6247ef3ff381 --- /dev/null +++ b/website/docs/d/role_definition.markdown @@ -0,0 +1,45 @@ +--- +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_role_definition" +sidebar_current: "docs-azurerm-datasource-role-definition" +description: |- + Get information about a custom Role Definition. +--- + +# azurerm_role_definition + +Use this data source to access the properties of a custom Role Definition. To access information about a built-in Role Definition, [please see the `azurerm_builtin_role_definition` data source](builtin_role_definition.html) instead. + +## Example Usage + +```hcl +data "azurerm_subscription" "primary" {} + +data "azurerm_role_definition" "custom" { + role_definition_id = "00000000-0000-0000-0000-000000000000" + scope = "${data.azurerm_subscription.primary.id}" # /subscriptions/00000000-0000-0000-0000-000000000000 +} + +output "custom_role_definition_id" { + value = "${data.azurerm_role_definition.custom.id}" +} +``` + +## Argument Reference + +* `role_definition_id` - (Required) Specifies the ID of the Role Definition as a UUID/GUID. + +* `scope` - (Required) Specifies the Scope at which the Custom Role Definition exists. + +## Attributes Reference + +* `id` - the ID of the built-in Role Definition. +* `description` - the Description of the built-in Role. +* `type` - the Type of the Role. +* `permissions` - a `permissions` block as documented below. +* `assignable_scopes` - One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. + +A `permissions` block contains: + +* `actions` - a list of actions supported by this role +* `not_actions` - a list of actions which are denied by this role diff --git a/website/docs/r/role_assignment.html.markdown b/website/docs/r/role_assignment.html.markdown new file mode 100644 index 000000000000..2be4fbfd5567 --- /dev/null +++ b/website/docs/r/role_assignment.html.markdown @@ -0,0 +1,88 @@ +--- +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_role_assignment" +sidebar_current: "docs-azurerm-resource-authorization-role-assignment" +description: |- + Assigns a given Principal (User or Application) to a given Role. + +--- + +# azurerm_role_assignment + +Assigns a given Principal (User or Application) to a given Role. + +## Example Usage (using a built-in Role) + +```hcl +data "azurerm_subscription" "primary" {} + +data "azurerm_client_config" "test" {} + +data "azurerm_builtin_role_definition" "test" { + name = "Reader" +} + +resource "azurerm_role_assignment" "test" { + name = "00000000-0000-0000-0000-000000000000" + scope = "${data.azurerm_subscription.primary.id}" + role_definition_id = "${data.azurerm_subscription.primary.id}${data.azurerm_builtin_role_definition.test.id}" + principal_id = "${data.azurerm_client_config.test.service_principal_object_id}" +} +``` + +## Example Usage (Custom Role) + +``` +data "azurerm_subscription" "primary" {} + +data "azurerm_client_config" "test" {} + +resource "azurerm_role_definition" "test" { + role_definition_id = "00000000-0000-0000-0000-000000000000" + name = "my-custom-role-definition" + scope = "${data.azurerm_subscription.primary.id}" + + permissions { + actions = ["Microsoft.Resources/subscriptions/resourceGroups/read"] + not_actions = [] + } + + assignable_scopes = [ + "${data.azurerm_subscription.primary.id}", + ] +} + +resource "azurerm_role_assignment" "test" { + name = "00000000-0000-0000-0000-000000000000" + scope = "${data.azurerm_subscription.primary.id}" + role_definition_id = "${azurerm_role_definition.test.id}" + principal_id = "${data.azurerm_client_config.test.service_principal_object_id}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) A unique UUID/GUID for this Role Assignment. Changing this forces a new resource to be created. + +* `scope` - (Required) The scope at which the Role Assignment applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. Changing this forces a new resource to be created. + +* `role_definition_id` - (Required) The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. + +* `principal_id` - (Required) The ID of the Principal (User or Application) to assign the Role Definition to. Changing this forces a new resource to be created. + + +## Attributes Reference + +The following attributes are exported: + +* `id` - The Role Assignment ID. + +## Import + +Role Assignments can be imported using the `resource id`, e.g. + +``` +terraform import azurerm_role_assignment.test /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000 +``` diff --git a/website/docs/r/role_definition.html.markdown b/website/docs/r/role_definition.html.markdown new file mode 100644 index 000000000000..adbea78af01b --- /dev/null +++ b/website/docs/r/role_definition.html.markdown @@ -0,0 +1,70 @@ +--- +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_role_definition" +sidebar_current: "docs-azurerm-resource-authorization-role-definition" +description: |- + Manages a custom Role Definition. + +--- + +# azurerm_role_definition + +Manages a custom Role Definition, used to assign Roles to Users/Principals. + +## Example Usage + +```hcl +data "azurerm_subscription" "primary" {} + +resource "azurerm_role_definition" "test" { + role_definition_id = "12345678-1234-5678-1234-123456780123" + name = "my-custom-role" + scope = "${data.azurerm_subscription.primary.id}" + description = "This is a custom role created via Terraform" + + permissions { + actions = ["*"] + not_actions = [] + } + + assignable_scopes = [ + "${data.azurerm_subscription.primary.id}", # /subscriptions/00000000-0000-0000-0000-000000000000 + ] +} +``` + +## Argument Reference + +The following arguments are supported: + +* `role_definition_id` - (Required) A unique UUID/GUID which identifies this role. Changing this forces a new resource to be created. + +* `name` - (Required) The name of the Role Definition. Changing this forces a new resource to be created. + +* `scope` - (Required) The scope at which the Role Definition applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. Changing this forces a new resource to be created. + +* `description` - (Optional) A description of the Role Definition. + +* `permissions` - (Required) A `permissions` block as defined below. + +* `assignable_scopes` - (Required) One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. + +A `permissions` block as the following properties: + +* `action` - (Optional) One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. + +* `not_action` - (Optional) One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. + +## Attributes Reference + +The following attributes are exported: + +* `id` - The Role Definition ID. + +## Import + +Role Definitions can be imported using the `resource id`, e.g. + +``` +terraform import azurerm_role_definition.test /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000 +``` diff --git a/website/docs/r/route.html.markdown b/website/docs/r/route.html.markdown index c50d395e1ae1..b83d7c2cf901 100644 --- a/website/docs/r/route.html.markdown +++ b/website/docs/r/route.html.markdown @@ -1,7 +1,7 @@ --- layout: "azurerm" -page_title: "Azure Resource Manager: azurerm_route-x" -sidebar_current: "docs-azurerm-resource-network-route" +page_title: "Azure Resource Manager: azurerm_route" +sidebar_current: "docs-azurerm-resource-network-route-x" description: |- Manages a Route within a Route Table. ---