aaz commands for managing role assignments

Commands/readme.md

@@ -311,6 +311,9 @@
 - [restore-point](/Commands/restore-point/readme.md)
 : Manage restore point with res.
 
+- [role](/Commands/role/readme.md)
+: Manage Azure role-based access control (Azure RBAC)
+
 - [security](/Commands/security/readme.md)
 : Manage your security posture with Microsoft Defender for Cloud.
 

Commands/role/assignment/_create.md

@@ -0,0 +1,9 @@
+# [Command] _role assignment create_
+
+Create a role assignment by scope and name.
+
+## Versions
+
+### [2022-04-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3JvbGVhc3NpZ25tZW50cy97fQ==/2022-04-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/roleassignments/{} 2022-04-01 -->

Commands/role/assignment/_delete.md

@@ -0,0 +1,9 @@
+# [Command] _role assignment delete_
+
+Delete a role assignment by scope and name.
+
+## Versions
+
+### [2022-04-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3JvbGVhc3NpZ25tZW50cy97fQ==/2022-04-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/roleassignments/{} 2022-04-01 -->

Commands/role/assignment/_list.md

@@ -0,0 +1,9 @@
+# [Command] _role assignment list_
+
+List all role assignments that apply to a scope.
+
+## Versions
+
+### [2022-04-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3JvbGVhc3NpZ25tZW50cw==/2022-04-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/roleassignments 2022-04-01 -->

Commands/role/assignment/_show.md

@@ -0,0 +1,9 @@
+# [Command] _role assignment show_
+
+Get a role assignment by scope and name.
+
+## Versions
+
+### [2022-04-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3JvbGVhc3NpZ25tZW50cy97fQ==/2022-04-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/roleassignments/{} 2022-04-01 -->

Commands/role/assignment/_update.md

@@ -0,0 +1,9 @@
+# [Command] _role assignment update_
+
+Update a role assignment by scope and name.
+
+## Versions
+
+### [2022-04-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3JvbGVhc3NpZ25tZW50cy97fQ==/2022-04-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/roleassignments/{} 2022-04-01 -->

Commands/role/assignment/readme.md

@@ -0,0 +1,20 @@
+# [Group] _role assignment_
+
+Manage Role Assignment
+
+## Commands
+
+- [create](/Commands/role/assignment/_create.md)
+: Create a role assignment by scope and name.
+
+- [delete](/Commands/role/assignment/_delete.md)
+: Delete a role assignment by scope and name.
+
+- [list](/Commands/role/assignment/_list.md)
+: List all role assignments that apply to a scope.
+
+- [show](/Commands/role/assignment/_show.md)
+: Get a role assignment by scope and name.
+
+- [update](/Commands/role/assignment/_update.md)
+: Update a role assignment by scope and name.

Commands/role/readme.md

@@ -0,0 +1,8 @@
+# [Group] _role_
+
+Manage Azure role-based access control (Azure RBAC)
+
+## Subgroups
+
+- [assignment](/Commands/role/assignment/readme.md)
+: Manage Role Assignment

Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3JvbGVhc3NpZ25tZW50cw==/2022-04-01.json

@@ -0,0 +1 @@
+{"plane": "mgmt-plane", "resources": [{"id": "/{scope}/providers/microsoft.authorization/roleassignments", "version": "2022-04-01", "swagger": "mgmt-plane/authorization/ResourceProviders/Microsoft.Authorization/Paths/L3tzY29wZX0vcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3JvbGVBc3NpZ25tZW50cw==/V/MjAyMi0wNC0wMQ=="}], "commandGroups": [{"name": "role assignment", "commands": [{"name": "list", "version": "2022-04-01", "resources": [{"id": "/{scope}/providers/microsoft.authorization/roleassignments", "version": "2022-04-01", "swagger": "mgmt-plane/authorization/ResourceProviders/Microsoft.Authorization/Paths/L3tzY29wZX0vcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3JvbGVBc3NpZ25tZW50cw==/V/MjAyMi0wNC0wMQ=="}], "argGroups": [{"name": "", "args": [{"type": "string", "var": "$Path.scope", "options": ["scope"], "required": true, "help": {"short": "The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'"}}, {"type": "string", "var": "$Query.filter", "options": ["filter"], "help": {"short": "The filter to apply on the operation. Use $filter=atScope() to return all role assignments at or above the scope. Use $filter=principalId eq {id} to return all role assignments at, above or below the scope for the specified principal."}}, {"type": "string", "var": "$Query.skipToken", "options": ["skip-token"], "help": {"short": "The skipToken to apply on the operation. Use $skipToken={skiptoken} to return paged role assignments following the skipToken passed. Only supported on provider level calls."}}, {"type": "string", "var": "$Query.tenantId", "options": ["tenant-id"], "help": {"short": "Tenant ID for cross-tenant request"}}]}], "operations": [{"operationId": "RoleAssignments_ListForScope", "http": {"path": "/{scope}/providers/Microsoft.Authorization/roleAssignments", "request": {"method": "get", "path": {"params": [{"type": "string", "name": "scope", "arg": "$Path.scope", "required": true, "skipUrlEncoding": true}]}, "query": {"params": [{"type": "string", "name": "$filter", "arg": "$Query.filter"}, {"type": "string", "name": "$skipToken", "arg": "$Query.skipToken"}, {"type": "string", "name": "tenantId", "arg": "$Query.tenantId"}], "consts": [{"readOnly": true, "const": true, "default": {"value": "2022-04-01"}, "type": "string", "name": "api-version", "required": true, "format": {"minLength": 1}}]}}, "responses": [{"statusCode": [200], "body": {"json": {"var": "$Instance", "schema": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "nextLink"}, {"type": "array<object>", "name": "value", "item": {"type": "object", "props": [{"readOnly": true, "type": "ResourceId", "name": "id"}, {"readOnly": true, "type": "string", "name": "name"}, {"type": "object", "name": "properties", "props": [{"type": "string", "name": "condition"}, {"type": "string", "name": "conditionVersion"}, {"readOnly": true, "type": "string", "name": "createdBy"}, {"readOnly": true, "type": "dateTime", "name": "createdOn"}, {"type": "string", "name": "delegatedManagedIdentityResourceId"}, {"type": "string", "name": "description"}, {"type": "string", "name": "principalId", "required": true}, {"default": {"value": "User"}, "type": "string", "name": "principalType", "enum": {"items": [{"value": "Device"}, {"value": "ForeignGroup"}, {"value": "Group"}, {"value": "ServicePrincipal"}, {"value": "User"}]}}, {"type": "string", "name": "roleDefinitionId", "required": true}, {"readOnly": true, "type": "string", "name": "scope"}, {"readOnly": true, "type": "string", "name": "updatedBy"}, {"readOnly": true, "type": "dateTime", "name": "updatedOn"}], "clientFlatten": true}, {"readOnly": true, "type": "string", "name": "type"}]}}]}}}}, {"isError": true, "body": {"json": {"schema": {"type": "@MgmtErrorFormat"}}}}]}}], "outputs": [{"type": "array", "ref": "$Instance.value", "clientFlatten": true, "nextLink": "$Instance.nextLink"}]}]}]}

Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3JvbGVhc3NpZ25tZW50cw==/2022-04-01.xml

@@ -0,0 +1,88 @@
+<?xml version='1.0' encoding='utf-8'?>
+<CodeGen plane="mgmt-plane">
+  <resource id="/{scope}/providers/microsoft.authorization/roleassignments" version="2022-04-01" swagger="mgmt-plane/authorization/ResourceProviders/Microsoft.Authorization/Paths/L3tzY29wZX0vcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3JvbGVBc3NpZ25tZW50cw==/V/MjAyMi0wNC0wMQ=="/>
+  <commandGroup name="role assignment">
+    <command name="list" version="2022-04-01">
+      <resource id="/{scope}/providers/microsoft.authorization/roleassignments" version="2022-04-01" swagger="mgmt-plane/authorization/ResourceProviders/Microsoft.Authorization/Paths/L3tzY29wZX0vcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3JvbGVBc3NpZ25tZW50cw==/V/MjAyMi0wNC0wMQ=="/>
+      <argGroup name="">
+        <arg type="string" var="$Path.scope" options="scope" required="True">
+          <help short="The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'"/>
+        </arg>
+        <arg type="string" var="$Query.filter" options="filter">
+          <help short="The filter to apply on the operation. Use $filter=atScope() to return all role assignments at or above the scope. Use $filter=principalId eq {id} to return all role assignments at, above or below the scope for the specified principal."/>
+        </arg>
+        <arg type="string" var="$Query.skipToken" options="skip-token">
+          <help short="The skipToken to apply on the operation. Use $skipToken={skiptoken} to return paged role assignments following the skipToken passed. Only supported on provider level calls."/>
+        </arg>
+        <arg type="string" var="$Query.tenantId" options="tenant-id">
+          <help short="Tenant ID for cross-tenant request"/>
+        </arg>
+      </argGroup>
+      <operation operationId="RoleAssignments_ListForScope">
+        <http path="/{scope}/providers/Microsoft.Authorization/roleAssignments">
+          <request method="get">
+            <path>
+              <param type="string" name="scope" arg="$Path.scope" required="True" skipUrlEncoding="True"/>
+            </path>
+            <query>
+              <param type="string" name="$filter" arg="$Query.filter"/>
+              <param type="string" name="$skipToken" arg="$Query.skipToken"/>
+              <param type="string" name="tenantId" arg="$Query.tenantId"/>
+              <const readOnly="True" const="True" type="string" name="api-version" required="True">
+                <default value="&quot;2022-04-01&quot;"/>
+                <format minLength="1"/>
+              </const>
+            </query>
+          </request>
+          <response statusCode="200">
+            <body>
+              <json var="$Instance">
+                <schema type="object">
+                  <prop readOnly="True" type="string" name="nextLink"/>
+                  <prop type="array<object>" name="value">
+                    <item type="object">
+                      <prop readOnly="True" type="ResourceId" name="id"/>
+                      <prop readOnly="True" type="string" name="name"/>
+                      <prop type="object" name="properties" clientFlatten="True">
+                        <prop type="string" name="condition"/>
+                        <prop type="string" name="conditionVersion"/>
+                        <prop readOnly="True" type="string" name="createdBy"/>
+                        <prop readOnly="True" type="dateTime" name="createdOn"/>
+                        <prop type="string" name="delegatedManagedIdentityResourceId"/>
+                        <prop type="string" name="description"/>
+                        <prop type="string" name="principalId" required="True"/>
+                        <prop type="string" name="principalType">
+                          <default value="&quot;User&quot;"/>
+                          <enum>
+                            <item value="&quot;Device&quot;"/>
+                            <item value="&quot;ForeignGroup&quot;"/>
+                            <item value="&quot;Group&quot;"/>
+                            <item value="&quot;ServicePrincipal&quot;"/>
+                            <item value="&quot;User&quot;"/>
+                          </enum>
+                        </prop>
+                        <prop type="string" name="roleDefinitionId" required="True"/>
+                        <prop readOnly="True" type="string" name="scope"/>
+                        <prop readOnly="True" type="string" name="updatedBy"/>
+                        <prop readOnly="True" type="dateTime" name="updatedOn"/>
+                      </prop>
+                      <prop readOnly="True" type="string" name="type"/>
+                    </item>
+                  </prop>
+                </schema>
+              </json>
+            </body>
+          </response>
+          <response isError="True">
+            <body>
+              <json>
+                <schema type="@MgmtErrorFormat"/>
+              </json>
+            </body>
+          </response>
+        </http>
+      </operation>
+      <output type="array" ref="$Instance.value" clientFlatten="True" nextLink="$Instance.nextLink"/>
+    </command>
+  </commandGroup>
+</CodeGen>