如何使用Azure Python SDK将principal_id转换为用户名 [英] How do you turn a principal_id into a username using the Azure Python SDK

问题描述

使用Azure Python SDK，我正在尝试构建一个脚本，该脚本将审核我们的各种用户角色授权.我可以使用以下命令提取角色分配列表:

Using the Azure Python SDK I'm trying to build a script that will audit our various user role authorizations. I'm able to pull a list of role assignments using the following:

authorizationClient = AuthorizationManagementClient(credential, subscription_id)
roles = authorizationClient.role_assignments.list()

这有效，并且我得到了一系列字典，其中似乎包含除principal_name之外我需要的所有信息.响应示例:

This works, and I get a list of dicts that seems to have every piece of info I need except the principal_name. Example response:

{'additional_properties': {}, 'id': '/providers/Microsoft.Management/managementGroups/<group_ID>/providers/Microsoft.Authorization/roleAssignments/<role_ID>', 'name': '<role_ID>', 'type': 'Microsoft.Authorization/roleAssignments', 'scope': '/providers/Microsoft.Management/managementGroups/<scope_ID>', 'role_definition_id': '/subscriptions/<subscription_ID>/providers/Microsoft.Authorization/roleDefinitions/<role_def_id>', 'principal_id': '<principal_ID>', 'principal_type': 'Group', 'can_delegate': None}

使用Azure Python SDK，有没有一种方法可以在给定principal_id的情况下查找principal_name?

Using the Azure Python SDK, is there a way to look up a principal_name given a principal_id?

我已经阅读了几个小时的SDK文档，但似乎找不到答案.我所能发现的是，默认情况下，蔚蓝的cli会弹出principal_id和principal_name，但SDK不会.感谢您的任何帮助.

I've been reading through the SDK documentation for a few hours now and can't seem to find the answer. All I can find is that the azure cli spits out the principal_id and principal_name by default, but the SDK doesn't. Any help here is appreciated.

推荐答案

您需要使用 azure-graphrbac 软件包: https://pypi.org/project/azure-graphrbac/

用法示例:

    objects = graphrbac_client.objects.get_objects_by_object_ids({
        'object_ids': [app.object_id],
        'types': ['ServicePrincipal']
    })

也有过滤器语法.我没有用ID过滤的人，但这给了你一个主意:

There is a filter syntax as well. I don't have the one that filter with ID, but that gives you an idea:

    users = graphrbac_client.users.list(
        filter="displayName eq 'Test Buddy'"
    )

graphrbac的文档: https://azuresdkdocs.blob.core.windows.net/$ web/python/azure-graphrbac/0.61.1/azure.graphrbac.html

The doc of graphrbac: https://azuresdkdocs.blob.core.windows.net/$web/python/azure-graphrbac/0.61.1/azure.graphrbac.html

一些广泛的单元测试可以帮助: https://github.com/Azure/azure-sdk-for-python/blob/master/sdk/graphrbac/azure-graphrbac/tests/test_graphrbac.py

Some extensive unittests that could help: https://github.com/Azure/azure-sdk-for-python/blob/master/sdk/graphrbac/azure-graphrbac/tests/test_graphrbac.py

RestAPI文档可以为您提供一些有关SDK可以做什么的见解: https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/api/api-catalog

The RestAPI doc could give you some insights into what the SDK can do: https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/api/api-catalog

(我在Python SDK团队的MS部门工作)

(I work at MS in the Python SDK team)

这篇关于如何使用Azure Python SDK将principal_id转换为用户名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！