def _enhance_policies(self, access_policies):
if not access_policies:
return access_policies
if self.graph_client is None:
s = Session(resource='https://graph.windows.net')
self.graph_client = GraphRbacManagementClient(
s.get_credentials(), s.get_tenant_id())
# Retrieve graph objects for all object_id
object_ids = [p['objectId'] for p in access_policies]
# GraphHelper.get_principal_dictionary returns empty AADObject if not found with graph
# or if graph is not available.
principal_dics = GraphHelper.get_principal_dictionary(
self.graph_client, object_ids, True)
for policy in access_policies:
aad_object = principal_dics[policy['objectId']]
if aad_object.object_id:
policy['displayName'] = aad_object.display_name
policy['aadType'] = aad_object.object_type
policy['principalName'] = GraphHelper.get_principal_name(
aad_object)
return access_policies
def _enhance_policies(self, access_policies):
if not access_policies:
return access_policies
if self.graph_client is None:
s = Session(resource_endpoint_type=GRAPH_AUTH_ENDPOINT)
self.graph_client = s.client(
'azure.graphrbac.GraphRbacManagementClient')
# Retrieve graph objects for all object_id
object_ids = [p['objectId'] for p in access_policies]
# GraphHelper.get_principal_dictionary returns empty AADObject if not found with graph
# or if graph is not available.
principal_dics = GraphHelper.get_principal_dictionary(
self.graph_client, object_ids, True)
for policy in access_policies:
aad_object = principal_dics[policy['objectId']]
if aad_object.object_id:
policy['displayName'] = aad_object.display_name
policy['aadType'] = aad_object.object_type
policy['principalName'] = GraphHelper.get_principal_name(
aad_object)
return access_policies
def augment(self, resources):
s = Session(resource='https://graph.windows.net')
graph_client = GraphRbacManagementClient(s.get_credentials(), s.get_tenant_id())
object_ids = list(set(
resource['properties']['principalId'] for resource in resources
if resource['properties']['principalId']))
principal_dics = GraphHelper.get_principal_dictionary(graph_client, object_ids)
for resource in resources:
if resource['properties']['principalId'] in principal_dics.keys():
graph_resource = principal_dics[resource['properties']['principalId']]
resource['principalName'] = GraphHelper.get_principal_name(graph_resource)
resource['displayName'] = graph_resource.display_name
resource['aadType'] = graph_resource.object_type
return resources
def enhance_policies(self, access_policies):
if self.graph_client is None:
s = Session(resource='https://graph.windows.net')
self.graph_client = GraphRbacManagementClient(s.get_credentials(), s.get_tenant_id())
# Retrieve graph objects for all object_id
object_ids = [p['objectId'] for p in access_policies]
# GraphHelper.get_principal_dictionary returns empty AADObject if not found with graph
# or if graph is not available.
principal_dics = GraphHelper.get_principal_dictionary(self.graph_client, object_ids)
for policy in access_policies:
aad_object = principal_dics[policy['objectId']]
policy['displayName'] = aad_object.display_name
policy['aadType'] = aad_object.object_type
policy['principalName'] = GraphHelper.get_principal_name(aad_object)
return access_policies
def augment(self, resources):
s = Session(resource='https://graph.windows.net')
graph_client = GraphRbacManagementClient(s.get_credentials(), s.get_tenant_id())
object_ids = list(set(
resource['properties']['principalId'] for resource in resources
if resource['properties']['principalId']))
principal_dics = GraphHelper.get_principal_dictionary(graph_client, object_ids)
for resource in resources:
if resource['properties']['principalId'] in principal_dics.keys():
graph_resource = principal_dics[resource['properties']['principalId']]
if graph_resource.object_id:
resource['principalName'] = GraphHelper.get_principal_name(graph_resource)
resource['displayName'] = graph_resource.display_name
resource['aadType'] = graph_resource.object_type
return resources
def augment(self, resources):
s = self.get_session().get_session_for_resource(GRAPH_AUTH_ENDPOINT)
graph_client = s.client('azure.graphrbac.GraphRbacManagementClient')
object_ids = list(
set(resource['properties']['principalId'] for resource in resources
if resource['properties']['principalId']))
principal_dics = GraphHelper.get_principal_dictionary(
graph_client, object_ids)
for resource in resources:
if resource['properties']['principalId'] in principal_dics.keys():
graph_resource = principal_dics[resource['properties']
['principalId']]
if graph_resource.object_id:
resource['principalName'] = GraphHelper.get_principal_name(
graph_resource)
resource['displayName'] = graph_resource.display_name
resource['aadType'] = graph_resource.object_type
return resources