0

Using the Azure Python SDK, I have been able to instantiate a resource group and a digital twin within using the following code:

from azure.identity import AzureCliCredential, DefaultAzureCredential
from azure.mgmt.resource import ResourceManagementClient

from azure.mgmt.digitaltwins import AzureDigitalTwinsManagementClient

credential = DefaultAzureCredential()
subscription_id="some UUID" # not sure if safe to reveal, so removed it

resource_client = ResourceManagementClient(
    credential, subscription_id=subscription_id)

resource_group_name = "Tutorial-RG"
rg_result = resource_client.resource_groups.create_or_update(
    resource_group_name, {"location": "westeurope"}
)


client = AzureDigitalTwinsManagementClient(
    credential=DefaultAzureCredential(),
    subscription_id=subscription_id,
)

dt_resource_name = "myDigitalTwinsService"
response = client.digital_twins.begin_create_or_update(
    resource_group_name=rg_result.name,
    resource_name = dt_resource_name,
    digital_twins_create={"location": "westeurope"},
).result()
print(response)


# ...
# 'provisioning_state': 'Succeeded',
# ...

I know that I need to add the 'Azure Digital Twins Data Owner' role before being able to manipulate it using the Azure Digital Twins Python SDK. I can do that using the Azure CLI as follows:

>>> az dt role-assignment create --dt-name myDigitalTwinsService --assignee "my UUID" --role "Azure Digital Twins Data Owner" --debug

But I am unable to add the same role using the Azure Authorization Management Client. So far I have tried the code below:

from azure.mgmt.authorization.models import RoleAssignmentCreateParameters
from azure.mgmt.authorization import AuthorizationManagementClient

authorization_client = AuthorizationManagementClient(
    credential=DefaultAzureCredential(),
    subscription_id=subscription_id,
)

adt_data_owner_role_id ='bcd981a7-7f74-457b-83e1-cceb9e632ffe'
role_def_id = f'/subscriptions/{subscription_id}/providers/Microsoft.Authorization/roleDefinitions/{adt_data_owner_role_id}'
authorization_client.role_assignments.create(
    scope=SCOPE,
    role_assignment_name=f"/subscriptions/{subscription_id}/resourceGroups/Tutorial-RG/providers/Microsoft.DigitalTwins/digitalTwinsInstances/myDigitalTwinsService/providers/Microsoft.Authorization/roleAssignments/60252f13-5e5a-4686-8265-3ac2db6443f1",
    parameters=RoleAssignmentCreateParameters(
        role_definition_id= role_def_id,
        principal_id= 'my UUID',
        principal_type="User",
    )
)

I have taken the parameters from the az call mentioned above by passing the --debug flag. But I get the following error:

HttpResponseError: (NoRegisteredProviderFound) No registered resource provider found for location 'westeurope' and API version '2022-04-01' for type 'digitalTwinsInstances'. The supported api-versions are '2023-01-31, 2022-10-31, 2022-05-31, 2021-06-30-preview, 2020-12-01, 2020-10-31, 2020-03-01-preview'. The supported locations are 'westcentralus, westus2, northeurope, australiaeast, westeurope, eastus, southcentralus, southeastasia, uksouth, eastus2, westus3, japaneast, koreacentral, qatarcentral'.
Code: NoRegisteredProviderFound
Message: No registered resource provider found for location 'westeurope' and API version '2022-04-01' for type 'digitalTwinsInstances'. The supported api-versions are '2023-01-31, 2022-10-31, 2022-05-31, 2021-06-30-preview, 2020-12-01, 2020-10-31, 2020-03-01-preview'. The supported locations are 'westcentralus, westus2, northeurope, australiaeast, westeurope, eastus, southcentralus, southeastasia, uksouth, eastus2, westus3, japaneast, koreacentral, qatarcentral'.

Even changing the location to a supported region doesn't help despite the error message saying so. When I change the api version, it doesn't work. I just get a different error:

authorization_client = AuthorizationManagementClient(
    credential=DefaultAzureCredential(),
    subscription_id=subscription_id,
    api_version = '2022-05-31'
)
# same everything else

# ValueError: API version 2022-05-31 does not have operation group 'role_assignments'

How do I fix this error? Or the action that I want to do is not supported by the Azure Python SDK at present ?

The versions of the azure SDK that I am using are as follows: Generated using pip list --format=freeze | grep azure:

azure-common==1.1.28
azure-core==1.26.2
azure-digitaltwins-core==1.2.0
azure-identity==1.12.0
azure-mgmt-authorization==3.0.0
azure-mgmt-core==1.3.2
azure-mgmt-digitaltwins==6.4.0
azure-mgmt-resource==22.0.0
cozek
  • 755
  • 6
  • 9

1 Answers1

0

Here is the Python SDK code that worked for me to assign Azure Digital Twins Data Owner role to the user.

from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
from azure.mgmt.authorization.models import RoleAssignmentCreateParameters
import uuid

credential = DefaultAzureCredential()
subscription_id="<Azure-Subscription-id>"

# Create a DigitalTwinsManagementClient instance
client = AuthorizationManagementClient(credential, subscription_id)

# Define the parameters for the role assignment
role_assignment_params = RoleAssignmentCreateParameters(
    role_definition_id="/subscriptions/<your-subscription-id>/providers/Microsoft.Authorization/roleDefinitions/bcd981a7-7f74-457b-83e1-cceb9e632ffe",
    principal_id="<Azure-user-object-id>"
)

# Create the role assignment
response = client.role_assignments.create(
    scope="/subscriptions/<your-subscription-id>/resourceGroups/IoTHubResources/providers/Microsoft.DigitalTwins/digitalTwinsInstances/<your-Azure-Digital-Twins-instance>",
    role_assignment_name=str(uuid.uuid4()),
    parameters=role_assignment_params
)
print(response)

Please ensure to replace your Azure subscription id in variables subscription_id, role_definition_id and scope. Provide your Azure user id to the variable principal_id. Replace your-Azure-Digital-Twins-instance at the end of scope variable with your Azure Digital Twin instance name.

The versions of the azure SDK that I am using are as follows

azure-common==1.1.28
azure-core==1.26.3
azure-digitaltwins-core==1.2.0
azure-identity==1.12.0
azure-mgmt-authorization==3.0.0
azure-mgmt-core==1.3.2
azure-mgmt-digitaltwins==6.3.0
azure-mgmt-resource==22.0.0
LeelaRajesh_Sayana
  • 333
  • 1
  • 9