Documentation
¶
Overview ¶
Package iam implements the Azure Microsoft.Authorization ARM REST API as a server.Handler. Real azure-sdk-for-go armauthorization clients pointed at this server can CRUD RoleDefinitions and RoleAssignments end-to-end.
Coverage (api-version 2022-04-01):
PUT /{scope}/providers/Microsoft.Authorization/roleDefinitions/{id} — CreateOrUpdate
GET /{scope}/providers/Microsoft.Authorization/roleDefinitions/{id} — Get
DELETE /{scope}/providers/Microsoft.Authorization/roleDefinitions/{id} — Delete
GET /{scope}/providers/Microsoft.Authorization/roleDefinitions — List
PUT /{scope}/providers/Microsoft.Authorization/roleAssignments/{id} — Create
GET /{scope}/providers/Microsoft.Authorization/roleAssignments/{id} — Get
DELETE /{scope}/providers/Microsoft.Authorization/roleAssignments/{id} — Delete
GET /{scope}/providers/Microsoft.Authorization/roleAssignments — List at scope
Scope can be subscription, resource-group, resource, or management-group — anything that appears before /providers/Microsoft.Authorization in the URL. The handler treats it as an opaque string.
RoleDefinitions back through the shared iamdriver.IAM (each Azure role definition is stored as a driver Role with AssumeRolePolicyDoc holding the ARM properties JSON). RoleAssignments live in an in-handler store — Azure's RoleAssignment shape (principal + role + scope) does not map onto the AWS-shaped driver interface.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler serves Microsoft.Authorization ARM RBAC requests.
func New ¶
New returns a handler backed by drv for role definitions, with an empty in-memory store for role assignments.
Source Files