def augment(self, resources): s = Session(resource='https://graph.windows.net') graph_client = GraphRbacManagementClient(s.get_credentials(), s.get_tenant_id()) object_ids = list(set( resource['properties']['principalId'] for resource in resources if resource['properties']['principalId'])) object_params = GetObjectsParameters( include_directory_object_references=True, object_ids=object_ids) aad_objects = graph_client.objects.get_objects_by_object_ids(object_params) try: principal_dics = {aad_object.object_id: aad_object for aad_object in aad_objects} for resource in resources: graph_resource = principal_dics[resource['properties']['principalId']] resource['principalName'] = self.get_principal_name(graph_resource) resource['displayName'] = graph_resource.display_name resource['aadType'] = graph_resource.object_type except CloudError: log.warning('Credentials not authorized for access to read from Microsoft Graph. \n ' 'Can not query on principalName, displayName, or aadType. \n' ) return resources
def test_initialize_session_auth_file(self): with patch('azure.common.credentials.ServicePrincipalCredentials.__init__', autospec=True, return_value=None): s = Session(authorization_file=self.authorization_file) self.assertIs(type(s.get_credentials()), ServicePrincipalCredentials) self.assertEqual(s.get_subscription_id(), DEFAULT_SUBSCRIPTION_ID) self.assertEqual(s.get_tenant_id(), 'tenant')
def test_initialize_session_principal(self): with patch('azure.common.credentials.ServicePrincipalCredentials.__init__', autospec=True, return_value=None): with patch.dict(os.environ, { constants.ENV_TENANT_ID: 'tenant', constants.ENV_SUB_ID: DEFAULT_SUBSCRIPTION_ID, constants.ENV_CLIENT_ID: 'client', constants.ENV_CLIENT_SECRET: 'secret' }, clear=True): s = Session() self.assertIs(type(s.get_credentials()), ServicePrincipalCredentials) self.assertEqual(s.get_subscription_id(), DEFAULT_SUBSCRIPTION_ID) self.assertEqual(s.get_tenant_id(), 'tenant')
def enhance_policies(self, access_policies): if self.graph_client is None: s = Session(resource='https://graph.windows.net') self.graph_client = GraphRbacManagementClient(s.get_credentials(), s.get_tenant_id()) # Retrieve graph objects for all object_id object_ids = [p['objectId'] for p in access_policies] # GraphHelper.get_principal_dictionary returns empty AADObject if not found with graph # or if graph is not available. principal_dics = GraphHelper.get_principal_dictionary(self.graph_client, object_ids) for policy in access_policies: aad_object = principal_dics[policy['objectId']] policy['displayName'] = aad_object.display_name policy['aadType'] = aad_object.object_type policy['principalName'] = GraphHelper.get_principal_name(aad_object) return access_policies
def augment(self, resources): s = Session(resource='https://graph.windows.net') graph_client = GraphRbacManagementClient(s.get_credentials(), s.get_tenant_id()) object_ids = list(set( resource['properties']['principalId'] for resource in resources if resource['properties']['principalId'])) principal_dics = GraphHelper.get_principal_dictionary(graph_client, object_ids) for resource in resources: if resource['properties']['principalId'] in principal_dics.keys(): graph_resource = principal_dics[resource['properties']['principalId']] if graph_resource.object_id: resource['principalName'] = GraphHelper.get_principal_name(graph_resource) resource['displayName'] = graph_resource.display_name resource['aadType'] = graph_resource.object_type return resources
def test_initialize_session_principal(self): with patch( 'azure.common.credentials.ServicePrincipalCredentials.__init__', autospec=True, return_value=None): with patch.dict(os.environ, { constants.ENV_TENANT_ID: DEFAULT_TENANT_ID, constants.ENV_SUB_ID: DEFAULT_SUBSCRIPTION_ID, constants.ENV_CLIENT_ID: 'client', constants.ENV_CLIENT_SECRET: 'secret' }, clear=True): s = Session() self.assertIs(type(s.get_credentials()), ServicePrincipalCredentials) self.assertEqual(s.get_subscription_id(), DEFAULT_SUBSCRIPTION_ID) self.assertEqual(s.get_tenant_id(), DEFAULT_TENANT_ID)
def enhance_policies(self, access_policies): if self.graph_client is None: s = Session(resource='https://graph.windows.net') self.graph_client = GraphRbacManagementClient( s.get_credentials(), s.get_tenant_id()) # Retrieve graph objects for all object_id object_ids = [p['objectId'] for p in access_policies] # GraphHelper.get_principal_dictionary returns empty AADObject if not found with graph # or if graph is not available. principal_dics = GraphHelper.get_principal_dictionary( self.graph_client, object_ids) for policy in access_policies: aad_object = principal_dics[policy['objectId']] policy['displayName'] = aad_object.display_name policy['aadType'] = aad_object.object_type policy['principalName'] = GraphHelper.get_principal_name( aad_object) return access_policies
def test_initialize_session_auth_file(self): s = Session(authorization_file=self.authorization_file) self.assertIs(type(s.get_credentials()._credential), ClientSecretCredential) self.assertEqual(s.get_subscription_id(), DEFAULT_SUBSCRIPTION_ID) self.assertEqual(s.get_tenant_id(), 'tenant')