devwithkrishna
diff --git a/‎.github/dependabot.yml‎
Lines changed: 32 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 1 deletion b/‎.gitignore‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Pipfile‎
Lines changed: 0 additions & 16 deletions b/‎Pipfile‎
Lines changed: 0 additions & 16 deletions
diff --git a/‎README.md‎
Lines changed: 65 additions & 0 deletions b/‎README.md‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎azcli.py‎
Lines changed: 0 additions & 30 deletions b/‎azcli.py‎
Lines changed: 0 additions & 30 deletions
@@ -0,0 +1,32 @@
+version: 2
+updates:
+- package-ecosystem: "pip"
+  directory: /
+  schedule:
+    interval: "weekly"
+    day: thursday
+    time: "11:05"
+    timezone: Asia/Kolkata
+  # Assignees to set on pull requests
+  assignees:
+  - "githubofkrishnadhas"
+  # prefix specifies a prefix for all commit messages. When you specify a prefix for commit messages,
+  # GitHub will automatically add a colon between the defined prefix and the commit message provided the
+  # defined prefix ends with a letter, number, closing parenthesis, or closing bracket.
+  commit-message:
+    prefix: "dependabot python package"
+  # Use reviewers to specify individual reviewers or teams of reviewers for all pull requests raised for a package manager.
+  reviewers:
+  - "devwithkrishna/admin"
+  # Raise pull requests for version updates to pip against the `main` branch
+  target-branch: "main"
+  # Labels on pull requests for version updates only
+  labels:
+  - "pip dependencies"
+  - "pip-package"
+  # Increase the version requirements for Composer only when required
+  versioning-strategy: increase-if-necessary
+  # Dependabot opens a maximum of five pull requests for version updates. Once there are five open pull requests from Dependabot,
+  # Dependabot will not open any new requests until some of those open requests are merged or closed.
+  # Use open-pull-requests-limit to change this limit.
+  open-pull-requests-limit: 10
@@ -99,7 +99,7 @@ ipython_config.py
 #   This is especially recommended for binary packages to ensure reproducibility, and is more
 #   commonly ignored for libraries.
 #   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
-#poetry.lock
+poetry.lock
 
 # pdm
 #   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
 
@@ -1,2 +1,67 @@
 # get-azure-role-assignments-using-python
 This repository contains python code to get the role assignments from azure
+
+
+# What this repository do
+
+```markdown
+This repo contains the source code which can be used to list the role assignments on a subscription level
+for Azure using Python azure SDK's.
+```
+
+## parameters 
+
+| inputs | description | mandatory |
+|--------|-------------|-----------|
+|subscription_id| azure subscription id| :heavy_check_mark: |
+
+## Authentication
+
+Authentication to Azure is done using service principal credentials
+
+have a `.env file`
+
+```yaml
+AZURE_CLIENT_ID="xxx"
+AZURE_CLIENT_SECRET="xxx"
+AZURE_TENANT_ID="xxx"
+AZURE_SUBSCRIPTION_ID="xxx"
+```
+Where xxx refers to the actual values. These will vary for everyone
+
+using python-dotenv module and fucntion load_dotenv() uses it for local testing.
+
+# Final output 
+
+```json
+{
+        "id": "/subscriptions/<subscription id>/providers/Microsoft.Authorization/roleAssignments/<assignment id>",
+        "name": "<name>",
+        "type": "Microsoft.Authorization/roleAssignments",
+        "principal_id": "<principal id>",
+        "principal_type": "< group or user or service principal>",
+        "role_definition_id": "<role definition id>",
+        "assignment_creation_time": "<when assignment was created>",
+        "scope": "/subscriptions/<subscription id>",
+        "principal_name": "<principal name>",
+        "rbac_role_name": "<Azure Rbac or custom role namess>"
+    }
+```
+
+* for local testing the code creates this as a json file.
+
+# How to run the code locally
+
+```commandline
+python3 role_assignments.py --subscription_id <subscription id> 
+```
+
+### For package management poetry is used.
+
+
+## Refernces
+
+[role-assignments-list](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest)
+[role-based-access-control built-in-roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles)
+[AuthorizationManagementClient](https://learn.microsoft.com/en-us/rest/api/authorization/role-definitions/get?view=rest-authorization-2022-04-01&tabs=Python)
+[azure graph rbac](https://learn.microsoft.com/en-us/python/api/azure-graphrbac/azure.graphrbac.operations.service_principals_operations.serviceprincipalsoperations?view=azure-python-previous#azure-graphrbac-operations-service-principals-operations-serviceprincipalsoperations-get)