1

我正在编写一个 Java 程序,它创建一个 VM 并从存储中访问文件。但是,我无法为该 VM 分配角色“存储贡献者/所有者”,以便它可以。

我目前有这段代码,但我不确定它是否是我需要的,而且我不知道在某些地方写什么:

rbacManager = GraphRbacManager.authenticate( credentials );
rbacManager.roleAssignments()
           .define("roletest")
           // which object? and where to find the ID? 
           .forObjectId("/subscription/" + subscription + "?")
           .withBuiltInRole(com.microsoft.azure.management.graphrbac.BuiltInRole.STORAGE_ACCOUNT_CONTRIBUTOR)
           // what should go as resource scope?
           .withResourceScope(?)
           .createAsync();

基本上我想在 Java 代码中执行此步骤: 在此处输入图像描述

先感谢您!

4

1 回答 1

2

关于这个问题,请参考以下步骤

  1. 创建服务主体并将Owner角色分配给 sp
az login
az ad sp create-for-rbac -n "MyApp" --role "Owner"\
    --scopes /subscriptions/{SubID} \
    --sdk-auth
  1. 项目

一种。sdk

<dependency>
      <groupId>com.azure.resourcemanager</groupId>
      <artifactId>azure-resourcemanager</artifactId>
      <version>2.0.0</version>
    </dependency>
    <dependency>
      <groupId>com.azure</groupId>
      <artifactId>azure-identity</artifactId>
      <version>1.2.0</version>
    </dependency>

湾。代码

 AzureProfile profile = new AzureProfile(AzureEnvironment.AZURE);
        String clientId="<sp appid>";
        String clientSecret="<sp password>";
        String tenant="";
        String subscriptionId=""
        TokenCredential credential = new ClientSecretCredentialBuilder()
                .clientId(clientId)
                .clientSecret(clientSecret)
                .authorityHost(profile.getEnvironment().getActiveDirectoryEndpoint())
                .tenantId(tenant)
                .build();
        AzureResourceManager azureResourceManager = AzureResourceManager
                .configure()
                .withLogLevel(HttpLogDetailLevel.BASIC)
                .authenticate(credential, profile)
                .withSubscription(subscriptionId);
        // get storage account
        String accountGroup="";
        String accountName="";
        StorageAccount account = azureResourceManager.storageAccounts().getByResourceGroup(accountGroup,accountName);
        // get vm
        String vmGroup="";
        String vmName="test";
        VirtualMachine virtualMachine = azureResourceManager.virtualMachines().getByResourceGroup(vmGroup,vmName);
        virtualMachine.update()
                .withSystemAssignedManagedServiceIdentity()
                .withSystemAssignedIdentityBasedAccessTo(account.id(), BuiltInRole.fromString("Storage Blob Data Owner"))
                .apply();

    }

在此处输入图像描述

于 2020-11-17T05:39:06.700 回答