diff --git a/azure-graphrbac/azure/graphrbac/graph_rbac_management_client.py b/azure-graphrbac/azure/graphrbac/graph_rbac_management_client.py index 02faf9b63169..fdc4d8adabb4 100644 --- a/azure-graphrbac/azure/graphrbac/graph_rbac_management_client.py +++ b/azure-graphrbac/azure/graphrbac/graph_rbac_management_client.py @@ -19,6 +19,7 @@ from .operations.service_principals_operations import ServicePrincipalsOperations from .operations.users_operations import UsersOperations from .operations.domains_operations import DomainsOperations +from .operations.oauth2_operations import OAuth2Operations from . import models @@ -72,6 +73,8 @@ class GraphRbacManagementClient(object): :vartype users: azure.graphrbac.operations.UsersOperations :ivar domains: Domains operations :vartype domains: azure.graphrbac.operations.DomainsOperations + :ivar oauth2: OAuth2 operations + :vartype oauth2: azure.graphrbac.operations.OAuth2Operations :param credentials: Credentials needed for the client to connect to Azure. :type credentials: :mod:`A msrestazure Credentials @@ -104,3 +107,5 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.domains = DomainsOperations( self._client, self.config, self._serialize, self._deserialize) + self.oauth2 = OAuth2Operations( + self._client, self.config, self._serialize, self._deserialize) diff --git a/azure-graphrbac/azure/graphrbac/models/__init__.py b/azure-graphrbac/azure/graphrbac/models/__init__.py index caea550daabe..4e94d926f47c 100644 --- a/azure-graphrbac/azure/graphrbac/models/__init__.py +++ b/azure-graphrbac/azure/graphrbac/models/__init__.py @@ -39,6 +39,7 @@ from .user_get_member_groups_parameters import UserGetMemberGroupsParameters from .get_objects_parameters import GetObjectsParameters from .domain import Domain +from .permissions import Permissions from .aad_object_paged import AADObjectPaged from .application_paged import ApplicationPaged from .directory_object_paged import DirectoryObjectPaged @@ -84,6 +85,7 @@ 'UserGetMemberGroupsParameters', 'GetObjectsParameters', 'Domain', + 'Permissions', 'AADObjectPaged', 'ApplicationPaged', 'DirectoryObjectPaged', diff --git a/azure-graphrbac/azure/graphrbac/models/permissions.py b/azure-graphrbac/azure/graphrbac/models/permissions.py new file mode 100644 index 000000000000..040966e7de6d --- /dev/null +++ b/azure-graphrbac/azure/graphrbac/models/permissions.py @@ -0,0 +1,57 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class Permissions(Model): + """Permissions. + + :param odatatype: Microsoft.DirectoryServices.OAuth2PermissionGrant + :type odatatype: str + :param client_id: The objectId of the Service Principal associated with + the app + :type client_id: str + :param consent_type: Typically set to AllPrincipals + :type consent_type: str + :param principal_id: Set to null if AllPrincipals is set + :type principal_id: object + :param resource_id: Service Principal Id of the resource you want to grant + :type resource_id: str + :param scope: Typically set to user_impersonation + :type scope: str + :param start_time: Start time for TTL + :type start_time: str + :param expiry_time: Expiry time for TTL + :type expiry_time: str + """ + + _attribute_map = { + 'odatatype': {'key': 'odata\\.type', 'type': 'str'}, + 'client_id': {'key': 'clientId', 'type': 'str'}, + 'consent_type': {'key': 'consentType', 'type': 'str'}, + 'principal_id': {'key': 'principalId', 'type': 'object'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'scope': {'key': 'scope', 'type': 'str'}, + 'start_time': {'key': 'startTime', 'type': 'str'}, + 'expiry_time': {'key': 'expiryTime', 'type': 'str'}, + } + + def __init__(self, odatatype=None, client_id=None, consent_type=None, principal_id=None, resource_id=None, scope=None, start_time=None, expiry_time=None): + super(Permissions, self).__init__() + self.odatatype = odatatype + self.client_id = client_id + self.consent_type = consent_type + self.principal_id = principal_id + self.resource_id = resource_id + self.scope = scope + self.start_time = start_time + self.expiry_time = expiry_time diff --git a/azure-graphrbac/azure/graphrbac/operations/__init__.py b/azure-graphrbac/azure/graphrbac/operations/__init__.py index ad229d630696..409d3c3c8680 100644 --- a/azure-graphrbac/azure/graphrbac/operations/__init__.py +++ b/azure-graphrbac/azure/graphrbac/operations/__init__.py @@ -15,6 +15,7 @@ from .service_principals_operations import ServicePrincipalsOperations from .users_operations import UsersOperations from .domains_operations import DomainsOperations +from .oauth2_operations import OAuth2Operations __all__ = [ 'ObjectsOperations', @@ -23,4 +24,5 @@ 'ServicePrincipalsOperations', 'UsersOperations', 'DomainsOperations', + 'OAuth2Operations', ] diff --git a/azure-graphrbac/azure/graphrbac/operations/oauth2_operations.py b/azure-graphrbac/azure/graphrbac/operations/oauth2_operations.py new file mode 100644 index 000000000000..859f49ae167f --- /dev/null +++ b/azure-graphrbac/azure/graphrbac/operations/oauth2_operations.py @@ -0,0 +1,165 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class OAuth2Operations(object): + """OAuth2Operations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: Client API version. Constant value: "1.6". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "1.6" + + self.config = config + + def get( + self, filter=None, custom_headers=None, raw=False, **operation_config): + """Queries OAuth2 permissions for the relevant SP ObjectId of an app. + + :param filter: This is the Service Principal ObjectId associated with + the app + :type filter: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: Permissions or ClientRawResponse if raw=true + :rtype: ~azure.graphrbac.models.Permissions or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'tenantID': self._serialize.url("self.config.tenant_id", self.config.tenant_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters) + response = self._client.send(request, header_parameters, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('Permissions', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/{tenantID}/oauth2PermissionGrants'} + + def post( + self, body=None, custom_headers=None, raw=False, **operation_config): + """Grants OAuth2 permissions for the relevant resource Ids of an app. + + :param body: The relevant app Service Principal Object Id and the + Service Principal Objecit Id you want to grant. + :type body: ~azure.graphrbac.models.Permissions + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: Permissions or ClientRawResponse if raw=true + :rtype: ~azure.graphrbac.models.Permissions or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.post.metadata['url'] + path_format_arguments = { + 'tenantID': self._serialize.url("self.config.tenant_id", self.config.tenant_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + if body is not None: + body_content = self._serialize.body(body, 'Permissions') + else: + body_content = None + + # Construct and send request + request = self._client.post(url, query_parameters) + response = self._client.send( + request, header_parameters, body_content, stream=False, **operation_config) + + if response.status_code not in [201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 201: + deserialized = self._deserialize('Permissions', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + post.metadata = {'url': '/{tenantID}/oauth2PermissionGrants'} diff --git a/azure-graphrbac/azure/graphrbac/operations/service_principals_operations.py b/azure-graphrbac/azure/graphrbac/operations/service_principals_operations.py index 5fca4ca9882c..55bb2ddbc6b0 100644 --- a/azure-graphrbac/azure/graphrbac/operations/service_principals_operations.py +++ b/azure-graphrbac/azure/graphrbac/operations/service_principals_operations.py @@ -224,7 +224,8 @@ def delete( def get( self, object_id, custom_headers=None, raw=False, **operation_config): - """Gets service principal information from the directory. + """Gets service principal information from the directory. Query by + objectId or pass a filter to query by appId. :param object_id: The object ID of the service principal to get. :type object_id: str