从 Azure Java SDK 列出我的 Azure 权限
Listing my Azure permissions from Azure Java SDK
有 Azure API 用于列出我自己的权限。它在 Azure API Permissions doc 中有部分记录(认为他们错过了文档中的每个订阅案例)。
我正在努力寻找如何通过 Azure Java SDK - there is Access Management 接口调用此 API 的方法,该接口可通过 .accessManagement()
方法访问,但它包含用于列出角色和角色分配的方法,而不是用于列出实际权限。
这是 SDK 中缺少的还是我只是搜索不当?
有时 Azure SDK 缺少一些功能。而且我也查看了java SDK源码好像没有直接调用这个API的接口
所以你有两个选择:
1.获取角色分配,这样就可以得到实际的角色ID,使用这个角色ID可以通过下面的代码获取角色的实际权限:
Set<Permission> permissions = azureResourceManager.accessManagement().roleDefinitions().getById(
"{role id}")
.permissions();
2. 直接调用 REST API,试试下面的代码:
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
import java.util.List;
import java.util.stream.Collectors;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.management.AzureEnvironment;
import com.azure.core.management.profile.AzureProfile;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.google.gson.Gson;
public class testAzureAPI {
public static void main(String[] args) {
AzureProfile azureProfile = new AzureProfile(AzureEnvironment.AZURE);
//I use ClientSecretCredential just for demo here, you can change it your self
TokenCredential tokenCredential = new ClientSecretCredentialBuilder()
.clientId("").clientSecret("")
.tenantId("")
.authorityHost(azureProfile.getEnvironment().getActiveDirectoryEndpoint()).build();
String accessToken = tokenCredential
.getToken(new TokenRequestContext().addScopes("https://management.azure.com/.default")).block()
.getToken();
String reqURL = "https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/permissions?api-version=2015-07-01";
try {
URL url = new URL(reqURL);
URLConnection conn = url.openConnection();
conn.setRequestProperty("Authorization", "Bearer " + accessToken);
BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String inputLine = in.lines().collect(Collectors.joining());
in.close();
Permissions perms = new Gson().fromJson(inputLine, Permissions.class);
System.out.println(perms.getValue().get(2).getActions());
} catch (Exception e) {
e.printStackTrace();
}
}
public class Value {
public List<String> actions;
public List<Object> notActions;
public List<String> getActions() {
return actions;
}
public void setActions(List<String> actions) {
this.actions = actions;
}
public List<Object> getNotActions() {
return notActions;
}
public void setNotActions(List<Object> notActions) {
this.notActions = notActions;
}
}
public class Permissions {
public List<Value> value;
public List<Value> getValue() {
return value;
}
public void setValue(List<Value> value) {
this.value = value;
}
}
}
我已经在我这边进行了测试,它非常适合我:
结果:
通过 API:
通过代码:
有 Azure API 用于列出我自己的权限。它在 Azure API Permissions doc 中有部分记录(认为他们错过了文档中的每个订阅案例)。
我正在努力寻找如何通过 Azure Java SDK - there is Access Management 接口调用此 API 的方法,该接口可通过 .accessManagement()
方法访问,但它包含用于列出角色和角色分配的方法,而不是用于列出实际权限。
这是 SDK 中缺少的还是我只是搜索不当?
有时 Azure SDK 缺少一些功能。而且我也查看了java SDK源码好像没有直接调用这个API的接口
所以你有两个选择:
1.获取角色分配,这样就可以得到实际的角色ID,使用这个角色ID可以通过下面的代码获取角色的实际权限:
Set<Permission> permissions = azureResourceManager.accessManagement().roleDefinitions().getById(
"{role id}")
.permissions();
2. 直接调用 REST API,试试下面的代码:
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
import java.util.List;
import java.util.stream.Collectors;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.management.AzureEnvironment;
import com.azure.core.management.profile.AzureProfile;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.google.gson.Gson;
public class testAzureAPI {
public static void main(String[] args) {
AzureProfile azureProfile = new AzureProfile(AzureEnvironment.AZURE);
//I use ClientSecretCredential just for demo here, you can change it your self
TokenCredential tokenCredential = new ClientSecretCredentialBuilder()
.clientId("").clientSecret("")
.tenantId("")
.authorityHost(azureProfile.getEnvironment().getActiveDirectoryEndpoint()).build();
String accessToken = tokenCredential
.getToken(new TokenRequestContext().addScopes("https://management.azure.com/.default")).block()
.getToken();
String reqURL = "https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/permissions?api-version=2015-07-01";
try {
URL url = new URL(reqURL);
URLConnection conn = url.openConnection();
conn.setRequestProperty("Authorization", "Bearer " + accessToken);
BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String inputLine = in.lines().collect(Collectors.joining());
in.close();
Permissions perms = new Gson().fromJson(inputLine, Permissions.class);
System.out.println(perms.getValue().get(2).getActions());
} catch (Exception e) {
e.printStackTrace();
}
}
public class Value {
public List<String> actions;
public List<Object> notActions;
public List<String> getActions() {
return actions;
}
public void setActions(List<String> actions) {
this.actions = actions;
}
public List<Object> getNotActions() {
return notActions;
}
public void setNotActions(List<Object> notActions) {
this.notActions = notActions;
}
}
public class Permissions {
public List<Value> value;
public List<Value> getValue() {
return value;
}
public void setValue(List<Value> value) {
this.value = value;
}
}
}
我已经在我这边进行了测试,它非常适合我:
结果:
通过 API:
通过代码: