[KeyVault] Handle Role Definition UUID Name Internally

sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py

@@ -3,6 +3,7 @@
 # Licensed under the MIT License.
 # ------------------------------------
 from typing import TYPE_CHECKING
+from uuid import uuid4
 
 from azure.core.tracing.decorator import distributed_trace
 
@@ -27,18 +28,20 @@ class KeyVaultAccessControlClient(KeyVaultClientBase):
     # pylint:disable=protected-access
 
     @distributed_trace
-    def create_role_assignment(self, role_scope, role_assignment_name, role_definition_id, principal_id, **kwargs):
-        # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], str, str, **Any) -> KeyVaultRoleAssignment
+    def create_role_assignment(
+        self, role_scope, role_definition_id, principal_id, **kwargs
+    ):
+        # type: (Union[str, KeyVaultRoleScope], str, str, **Any) -> KeyVaultRoleAssignment
         """Create a role assignment.
 
         :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common
             broad scopes. Specify a narrower scope as a string.
         :type role_scope: str or KeyVaultRoleScope
-        :param role_assignment_name: a name for the role assignment. Must be a UUID.
-        :type role_assignment_name: str or uuid.UUID
         :param str role_definition_id: ID of the role's definition
         :param str principal_id: Azure Active Directory object ID of the principal which will be assigned the role. The
             principal can be a user, service principal, or security group.
+        :keyword role_assignment_name: a name for the role assignment. Must be a UUID.
+        :type role_assignment_name: str or uuid.UUID
         :rtype: KeyVaultRoleAssignment
         """
         create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters(
@@ -49,7 +52,7 @@ def create_role_assignment(self, role_scope, role_assignment_name, role_definiti
         assignment = self._client.role_assignments.create(
             vault_base_url=self._vault_url,
             scope=role_scope,
-            role_assignment_name=role_assignment_name,
+            role_assignment_name=kwargs.pop("role_assignment_name", None) or uuid4(),
             parameters=create_parameters,
             **kwargs
         )
@@ -69,7 +72,10 @@ def delete_role_assignment(self, role_scope, role_assignment_name, **kwargs):
         :rtype: KeyVaultRoleAssignment
         """
         assignment = self._client.role_assignments.delete(
-            vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs
+            vault_base_url=self._vault_url,
+            scope=role_scope,
+            role_assignment_name=str(role_assignment_name),
+            **kwargs
         )
         return KeyVaultRoleAssignment._from_generated(assignment)
 
@@ -86,7 +92,10 @@ def get_role_assignment(self, role_scope, role_assignment_name, **kwargs):
         :rtype: KeyVaultRoleAssignment
         """
         assignment = self._client.role_assignments.get(
-            vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs
+            vault_base_url=self._vault_url,
+            scope=role_scope,
+            role_assignment_name=str(role_assignment_name),
+            **kwargs
         )
         return KeyVaultRoleAssignment._from_generated(assignment)
 
@@ -103,7 +112,9 @@ def list_role_assignments(self, role_scope, **kwargs):
         return self._client.role_assignments.list_for_scope(
             self._vault_url,
             role_scope,
-            cls=lambda result: [KeyVaultRoleAssignment._from_generated(a) for a in result],
+            cls=lambda result: [
+                KeyVaultRoleAssignment._from_generated(a) for a in result
+            ],
             **kwargs
         )
 
@@ -120,6 +131,8 @@ def list_role_definitions(self, role_scope, **kwargs):
         return self._client.role_definitions.list(
             self._vault_url,
             role_scope,
-            cls=lambda result: [KeyVaultRoleDefinition._from_generated(d) for d in result],
+            cls=lambda result: [
+                KeyVaultRoleDefinition._from_generated(d) for d in result
+            ],
             **kwargs
         )

sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py

@@ -3,6 +3,7 @@
 # Licensed under the MIT License.
 # ------------------------------------
 from typing import TYPE_CHECKING
+from uuid import uuid4
 
 from azure.core.tracing.decorator import distributed_trace
 from azure.core.tracing.decorator_async import distributed_trace_async
@@ -31,7 +32,6 @@ class KeyVaultAccessControlClient(AsyncKeyVaultClientBase):
     async def create_role_assignment(
         self,
         role_scope: "Union[str, KeyVaultRoleScope]",
-        role_assignment_name: "Union[str, UUID]",
         role_definition_id: str,
         principal_id: str,
         **kwargs: "Any"
@@ -41,11 +41,11 @@ async def create_role_assignment(
         :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common broad
             scopes. Specify a narrower scope as a string.
         :type role_scope: str or KeyVaultRoleScope
-        :param role_assignment_name: a name for the role assignment. Must be a UUID.
-        :type role_assignment_name: str or uuid.UUID
         :param str role_definition_id: ID of the role's definition
         :param str principal_id: Azure Active Directory object ID of the principal which will be assigned the role. The
             principal can be a user, service principal, or security group.
+        :keyword role_assignment_name: a name for the role assignment. Must be a UUID.
+        :type role_assignment_name: str or uuid.UUID
         :rtype: KeyVaultRoleAssignment
         """
         create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters(
@@ -56,15 +56,18 @@ async def create_role_assignment(
         assignment = await self._client.role_assignments.create(
             vault_base_url=self._vault_url,
             scope=role_scope,
-            role_assignment_name=role_assignment_name,
+            role_assignment_name=kwargs.pop("role_assignment_name", None) or uuid4(),
             parameters=create_parameters,
             **kwargs
         )
         return KeyVaultRoleAssignment._from_generated(assignment)
 
     @distributed_trace_async
     async def delete_role_assignment(
-        self, role_scope: "Union[str, KeyVaultRoleScope]", role_assignment_name: "Union[str, UUID]", **kwargs: "Any"
+        self,
+        role_scope: "Union[str, KeyVaultRoleScope]",
+        role_assignment_name: "Union[str, UUID]",
+        **kwargs: "Any"
     ) -> KeyVaultRoleAssignment:
         """Delete a role assignment.
 
@@ -77,13 +80,19 @@ async def delete_role_assignment(
         :rtype: KeyVaultRoleAssignment
         """
         assignment = await self._client.role_assignments.delete(
-            vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs
+            vault_base_url=self._vault_url,
+            scope=role_scope,
+            role_assignment_name=str(role_assignment_name),
+            **kwargs
         )
         return KeyVaultRoleAssignment._from_generated(assignment)
 
     @distributed_trace_async
     async def get_role_assignment(
-        self, role_scope: "Union[str, KeyVaultRoleScope]", role_assignment_name: "Union[str, UUID]", **kwargs: "Any"
+        self,
+        role_scope: "Union[str, KeyVaultRoleScope]",
+        role_assignment_name: "Union[str, UUID]",
+        **kwargs: "Any"
     ) -> KeyVaultRoleAssignment:
         """Get a role assignment.
 
@@ -95,7 +104,10 @@ async def get_role_assignment(
         :rtype: KeyVaultRoleAssignment
         """
         assignment = await self._client.role_assignments.get(
-            vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs
+            vault_base_url=self._vault_url,
+            scope=role_scope,
+            role_assignment_name=str(role_assignment_name),
+            **kwargs
         )
         return KeyVaultRoleAssignment._from_generated(assignment)
 
@@ -113,7 +125,9 @@ def list_role_assignments(
         return self._client.role_assignments.list_for_scope(
             self._vault_url,
             role_scope,
-            cls=lambda result: [KeyVaultRoleAssignment._from_generated(a) for a in result],
+            cls=lambda result: [
+                KeyVaultRoleAssignment._from_generated(a) for a in result
+            ],
             **kwargs
         )
 
@@ -131,6 +145,8 @@ def list_role_definitions(
         return self._client.role_definitions.list(
             self._vault_url,
             role_scope,
-            cls=lambda result: [KeyVaultRoleDefinition._from_generated(d) for d in result],
+            cls=lambda result: [
+                KeyVaultRoleDefinition._from_generated(d) for d in result
+            ],
             **kwargs
         )

sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py

@@ -66,7 +66,7 @@ def test_role_assignment(self, client):
         principal_id = self.get_service_principal_id()
         name = self.get_replayable_uuid("some-uuid")
 
-        created = client.create_role_assignment(scope, name, definition.id, principal_id)
+        created = client.create_role_assignment(scope, definition.id, principal_id, role_assignment_name=name)
         assert created.name == name
         assert created.principal_id == principal_id
         assert created.role_definition_id == definition.id

sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py

@@ -71,7 +71,7 @@ async def test_role_assignment(self, client):
         principal_id = self.get_service_principal_id()
         name = self.get_replayable_uuid("some-uuid")
 
-        created = await client.create_role_assignment(scope, name, definition.id, principal_id)
+        created = await client.create_role_assignment(scope, definition.id, principal_id, role_assignment_name=name)
         assert created.name == name
         assert created.principal_id == principal_id
         assert created.role_definition_id == definition.id