- 我有一个App1 (MultiTenant),它位于HomeTenant1中并具有 Clientid1。
- 此App1在Tenant2中注册为服务主体。
- 然后,此App1在订阅级别范围内的租户2中分配了几个角色。前任。在 Tenant2 的 Subs2 上说贡献者角色。
- 我想通过 Java SDK 确定如何在 Tenent2 上获取分配给该 SP 的角色列表。
这可以通过 az cli az role assignment list --all --assignee
但是我们想通过 Java SDK 来获得它。以下是我们尝试过的代码片段。
public class AzureRoles {
private final static String TENANT_ID = "redacted"; //target tenant
private final static String CLIENT_ID = "redacted"; // From apps home tenant
private final static String SUBSCRIPTIONID = "redacted"; //target tenant
private final static String CLIENT_SECRET = "redacted"; // From apps home tenant
public static void main(String []args) throws Exception {
try {
AzureProfile profile = new AzureProfile(TENANT_ID, SUBSCRIPTIONID, AzureEnvironment.AZURE);
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(CLIENT_ID)
.clientSecret(CLIENT_SECRET)
.tenantId(TENANT_ID)
.build();
System.out.println(clientSecretCredential);
System.out.println(profile.getSubscriptionId());
AzureResourceManager azureResourceManager = AzureResourceManager
.authenticate(clientSecretCredential, profile)
.withSubscription(SUBSCRIPTIONID);
System.out.println(azureResourceManager);
RoleDefinition roleDefinition = azureResourceManager.accessManagement().roleDefinitions()
.getByScopeAndRoleName("subscriptions/" + profile.getSubscriptionId(), "Contributor");
StringBuilder builder = new StringBuilder()
.append("Role Definition: ").append(roleDefinition.id())
.append("\n\tName: ").append(roleDefinition.name())
.append("\n\tRole Name: ").append(roleDefinition.roleName())
.append("\n\tType: ").append(roleDefinition.type())
.append("\n\tDescription: ").append(roleDefinition.description())
.append("\n\tType: ").append(roleDefinition.type());
Set<Permission> permissions = roleDefinition.permissions();
builder.append("\n\tPermissions: ").append(permissions.size());
for (Permission permission : permissions) {
builder.append("\n\t\tPermission Actions: " + permission.actions().size());
for (String action : permission.actions()) {
builder.append("\n\t\t\tName :").append(action);
}
builder.append("\n\t\tPermission Not Actions: " + permission.notActions().size());
for (String notAction : permission.notActions()) {
builder.append("\n\t\t\tName :").append(notAction);
}
}
Set<String> assignableScopes = roleDefinition.assignableScopes();
builder.append("\n\tAssignable scopes: ").append(assignableScopes.size());
for (String scope : assignableScopes) {
builder.append("\n\t\tAssignable Scope: ")
.append("\n\t\t\tName :").append(scope);
}
System.out.println(builder.toString());
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
}
}
它在 azureResourceManager 分配中抛出 NPE。
关于如何在 Java SDK 中完成这项工作的任何想法?
更新1
新代码:
import com.azure.core.credential.TokenCredential;
import com.azure.core.http.rest.PagedIterable;
import com.azure.core.management.AzureEnvironment;
import com.azure.core.management.profile.AzureProfile;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.resourcemanager.AzureResourceManager;
import com.azure.resourcemanager.authorization.models.RoleAssignment;
import com.azure.resourcemanager.authorization.models.RoleDefinition;
public class AzureRoles {
private final static String TENANT_ID = "redacted";
private final static String HOME_TENANT_ID = "redacted";
private final static String CLIENT_ID = "redacted";
private final static String SUBSCRIPTIONID = "redacted";
private final static String CLIENT_SECRET = "redacted";
public static void main(String []args) throws Exception {
try {
AzureProfile profile = new AzureProfile(TENANT_ID, SUBSCRIPTIONID, AzureEnvironment.AZURE);
TokenCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(CLIENT_ID)
.clientSecret(CLIENT_SECRET)
.tenantId(TENANT_ID)
.authorityHost(profile.getEnvironment().getActiveDirectoryEndpoint())
.build();
System.out.println(clientSecretCredential);
System.out.println(profile);
AzureResourceManager azureResourceManager = AzureResourceManager
.authenticate(clientSecretCredential, profile)
.withSubscription(SUBSCRIPTIONID) ;
System.out.println(azureResourceManager);
PagedIterable<RoleAssignment> items =azureResourceManager.accessManagement().roleAssignments()
.listByServicePrincipal("redacted");
for (RoleAssignment item:items) {
RoleDefinition role = azureResourceManager.accessManagement().roleDefinitions().getById(item.roleDefinitionId());
System.out.println(role.roleName());
}
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
}
}
错误信息
com.azure.identity.ClientSecretCredential@5223e5ee
com.azure.core.management.profile.AzureProfile@bef2d72
null
java.lang.NullPointerException
at java.util.Objects.requireNonNull(Objects.java:203)
at com.azure.core.http.policy.BearerTokenAuthenticationPolicy.<init>(BearerTokenAuthenticationPolicy.java:36)
at com.azure.core.management.http.policy.ArmChallengeAuthenticationPolicy.<init>(ArmChallengeAuthenticationPolicy.java:47)
at com.azure.resourcemanager.resources.fluentcore.policy.AuthenticationPolicy.<init>(AuthenticationPolicy.java:28)
at com.azure.resourcemanager.resources.fluentcore.utils.HttpPipelineProvider.buildHttpPipeline(HttpPipelineProvider.java:74)
at com.azure.resourcemanager.resources.fluentcore.utils.HttpPipelineProvider.buildHttpPipeline(HttpPipelineProvider.java:45)
at com.azure.resourcemanager.AzureResourceManager.authenticate(AzureResourceManager.java:163)
at AzureRoles.main(AzureRoles.java:32)
