lmazuel
commented
5 years ago Hi @spacekitty76
The main documentation to create a GraphRbacManagementClient is here:
https://docs.microsoft.com/python/api/overview/azure/activedirectory
Once you have it, the service_principals attribute contains the operation you need.
Roughly, this should look like this:
from azure.graphrbac import GraphRbacManagementClient
from azure.common.credentials import UserPassCredentials
credentials = UserPassCredentials(
'user@domain.com', # Your user
'my_password', # Your password
resource="https://graph.windows.net"
)
tenant_id = "myad.onmicrosoft.com"
graphrbac_client = GraphRbacManagementClient(
credentials,
tenant_id
)
app = graphrbac_client.applications.create({
'available_to_other_tenants': False,
'display_name': 'pytest_app',
'identifier_uris': ['http://pytest_app.org'],
'app_roles': [{
"allowed_member_types": ["User"],
"description": "Creators can create Surveys",
"display_name": "SurveyCreator",
"id": "1b4f816e-5eaf-48b9-8613-7923830595ad", # Random, but fixed for tests
"is_enabled": True,
"value": "SurveyCreator"
}]
})
sp = graphrbac_client.service_principals.create({
'app_id': app.app_id, # Do NOT use app.object_id
'account_enabled': False
})
spacekitty76
Do you have any examples of using this class you could point me to. The documentation (https://docs.microsoft.com/en-us/python/api/azure-graphrbac/azure.graphrbac.operations.service_principals_operations.serviceprincipalsoperations?view=azure-python) isn't very helpful. I cannot find information on what any of the parameters are. How do I create the client (I'm assuming GraphRbacManagementClient for this one)? I can find no info on the config, serializer, or deserializer parameters at all.
Thanks for your time, any help would be much appreciated.