コード例 #1
0
    def _enhance_policies(self, access_policies):
        if not access_policies:
            return access_policies

        if self.graph_client is None:
            s = Session(resource='https://graph.windows.net')
            self.graph_client = GraphRbacManagementClient(
                s.get_credentials(), s.get_tenant_id())

        # Retrieve graph objects for all object_id
        object_ids = [p['objectId'] for p in access_policies]
        # GraphHelper.get_principal_dictionary returns empty AADObject if not found with graph
        # or if graph is not available.
        principal_dics = GraphHelper.get_principal_dictionary(
            self.graph_client, object_ids, True)

        for policy in access_policies:
            aad_object = principal_dics[policy['objectId']]
            if aad_object.object_id:
                policy['displayName'] = aad_object.display_name
                policy['aadType'] = aad_object.object_type
                policy['principalName'] = GraphHelper.get_principal_name(
                    aad_object)

        return access_policies
コード例 #2
0
ファイル: key_vault.py プロジェクト: xxyjoel/cloud-custodian
    def _enhance_policies(self, access_policies):
        if not access_policies:
            return access_policies

        if self.graph_client is None:
            s = Session(resource_endpoint_type=GRAPH_AUTH_ENDPOINT)
            self.graph_client = s.client(
                'azure.graphrbac.GraphRbacManagementClient')

        # Retrieve graph objects for all object_id
        object_ids = [p['objectId'] for p in access_policies]
        # GraphHelper.get_principal_dictionary returns empty AADObject if not found with graph
        # or if graph is not available.
        principal_dics = GraphHelper.get_principal_dictionary(
            self.graph_client, object_ids, True)

        for policy in access_policies:
            aad_object = principal_dics[policy['objectId']]
            if aad_object.object_id:
                policy['displayName'] = aad_object.display_name
                policy['aadType'] = aad_object.object_type
                policy['principalName'] = GraphHelper.get_principal_name(
                    aad_object)

        return access_policies
コード例 #3
0
    def augment(self, resources):
        s = Session(resource='https://graph.windows.net')
        graph_client = GraphRbacManagementClient(s.get_credentials(), s.get_tenant_id())

        object_ids = list(set(
            resource['properties']['principalId'] for resource in resources
            if resource['properties']['principalId']))

        principal_dics = GraphHelper.get_principal_dictionary(graph_client, object_ids)

        for resource in resources:
            if resource['properties']['principalId'] in principal_dics.keys():
                graph_resource = principal_dics[resource['properties']['principalId']]
                resource['principalName'] = GraphHelper.get_principal_name(graph_resource)
                resource['displayName'] = graph_resource.display_name
                resource['aadType'] = graph_resource.object_type

        return resources
コード例 #4
0
ファイル: key_vault.py プロジェクト: jpoley/cloud-custodian
    def enhance_policies(self, access_policies):
        if self.graph_client is None:
            s = Session(resource='https://graph.windows.net')
            self.graph_client = GraphRbacManagementClient(s.get_credentials(), s.get_tenant_id())

        # Retrieve graph objects for all object_id
        object_ids = [p['objectId'] for p in access_policies]
        # GraphHelper.get_principal_dictionary returns empty AADObject if not found with graph
        # or if graph is not available.
        principal_dics = GraphHelper.get_principal_dictionary(self.graph_client, object_ids)

        for policy in access_policies:
            aad_object = principal_dics[policy['objectId']]
            policy['displayName'] = aad_object.display_name
            policy['aadType'] = aad_object.object_type
            policy['principalName'] = GraphHelper.get_principal_name(aad_object)

        return access_policies
コード例 #5
0
    def augment(self, resources):
        s = Session(resource='https://graph.windows.net')
        graph_client = GraphRbacManagementClient(s.get_credentials(), s.get_tenant_id())

        object_ids = list(set(
            resource['properties']['principalId'] for resource in resources
            if resource['properties']['principalId']))

        principal_dics = GraphHelper.get_principal_dictionary(graph_client, object_ids)

        for resource in resources:
            if resource['properties']['principalId'] in principal_dics.keys():
                graph_resource = principal_dics[resource['properties']['principalId']]
                if graph_resource.object_id:
                    resource['principalName'] = GraphHelper.get_principal_name(graph_resource)
                    resource['displayName'] = graph_resource.display_name
                    resource['aadType'] = graph_resource.object_type

        return resources
コード例 #6
0
    def augment(self, resources):
        s = self.get_session().get_session_for_resource(GRAPH_AUTH_ENDPOINT)
        graph_client = s.client('azure.graphrbac.GraphRbacManagementClient')

        object_ids = list(
            set(resource['properties']['principalId'] for resource in resources
                if resource['properties']['principalId']))

        principal_dics = GraphHelper.get_principal_dictionary(
            graph_client, object_ids)

        for resource in resources:
            if resource['properties']['principalId'] in principal_dics.keys():
                graph_resource = principal_dics[resource['properties']
                                                ['principalId']]
                if graph_resource.object_id:
                    resource['principalName'] = GraphHelper.get_principal_name(
                        graph_resource)
                    resource['displayName'] = graph_resource.display_name
                    resource['aadType'] = graph_resource.object_type

        return resources