获取Node.js中资源组的访问控制列表(IAM) [英] Get access control list (IAM) of a resource group in Node.js
问题描述
例如,我正在使用Node.js与Azure进行交互,以创建资源组:
I am using Node.js to interact with Azure, for example, to create a resource group:
const { ResourceManagementClient } = require('azure-arm-resource');
createResourceGroup(location, groupName) {
const groupParameters = {
location: location,
};
return this.resourceClient.resourceGroups.createOrUpdate(groupName, groupParameters);
}
如何使用这些天蓝色的臂模块检索资源组的访问控制(IAM)列表?
How can I use these azure-arm modules to retrieve the access control (IAM) list of a resource group?
我的意思是这个清单:
I mean to this list:
推荐答案
You will need to make use of the Azure Authorization Modules for Node.js
以下是基于Microsoft文档的示例代码
Here is sample code based on Microsoft Docs
安装Azure授权模块
Installing Azure Authorization module
npm install azure-arm-authorization
列出特定资源组的所有角色分配
List all role assignments for a specific resource group
const msRestAzure = require('ms-rest-azure');
const authorizationManagement = require('azure-arm-authorization');
const resourceGroup = 'resource-group-name';
const subscriptionId = 'your-subscription-id';
msRestAzure.interactiveLogin().then(credentials => {
const client = new authorizationManagement(credentials, subscriptionId);
client.roleAssignments.listForResourceGroup(resourceGroupName).then(result => {
console.log(result);
});
});
另外,请注意,用于这些操作的实际REST API是:
Also on a side note, know that the actual REST API being used for these operations is:
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01
类似的API,它接受通用范围(不仅可以使用资源组,还可以使用其他资源)
Similar API, which accepts a generic scope (to work with not just resource groups but other resources as well)
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01
更新(尝试回答评论中的查询)
UPDATE (trying to answer queries from comments)
使用上面的代码列出特定资源组的所有角色分配(或角色分配-资源组REST API的列表)..您将返回角色分配的集合,就像您的评论所反映的那样.
Using the code above to list all role assignments for a specific resource group (or role assignments - list for resource group REST API).. you will be returned a collection of role assignments, like your comments reflect.
我想根据问题的屏幕快照,这就是您所需要的,因为您已选择角色分配"选项卡,并且该列表显示在下面的Azure Portal中.
I suppose this is what you need based on the screenshot from your question, as you have Role Assignments tab selected and the list is being shown below in Azure Portal.
现在,角色分配本身是由以下人员组成的:
Now a role assignment in itself is formed by:
-
安全主体ID(您要通过角色向其授予权限的用户,组,服务主体等)
A security principal Id (user, group, service principal etc. to whom you're trying to give permissions through a role)
角色定义ID(您分配的角色的标识符,例如该角色的贡献者,所有者或自定义RBAC角色)
Role Definition Id (identifier for the role which you assigning like contributor, owner or a custom RBAC role for that matter)
范围(分配此角色的范围,例如在订阅级别或在特定资源组或资源级别)
Scope (at which this role is assigned, like at subscription level or at a specific resource group or resource level)
For your purpose to make sense of the response UUIDs, you will be able to find the list of all role definitions (to know their ID, Name Description etc. using Role Definitions List through node SDK or using Role Definitions - List REST API
主体ID是用户,组或应用程序服务主体的ID.
Principal ID is the ID of user, group or app service principal.
在您的情况下,范围是您要查询其角色分配的资源组.
Scope in your case is the resource group that you're trying to query role assignments for.
这篇关于获取Node.js中资源组的访问控制列表(IAM)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
