在 Node.js 中获取资源组的访问控制列表 (IAM) [英] Get access control list (IAM) of a resource group in Node.js
问题描述
我正在使用 Node.js 与 Azure 交互,例如创建资源组:
const { ResourceManagementClient } = require('azure-arm-resource');createResourceGroup(位置,组名){常量组参数 = {地点:地点,};返回 this.resourceClient.resourceGroups.createOrUpdate(groupName, groupParameters);}如何使用这些 azure-arm 模块来检索资源组的访问控制 (IAM) 列表?
我的意思是这个列表:
您需要使用
I am using Node.js to interact with Azure, for example, to create a resource group:
const { ResourceManagementClient } = require('azure-arm-resource');
createResourceGroup(location, groupName) {
const groupParameters = {
location: location,
};
return this.resourceClient.resourceGroups.createOrUpdate(groupName, groupParameters);
}
How can I use these azure-arm modules to retrieve the access control (IAM) list of a resource group?
I mean to this list:
You will need to make use of the Azure Authorization Modules for Node.js
Here is sample code based on Microsoft Docs
Installing Azure Authorization module
npm install azure-arm-authorization
List all role assignments for a specific resource group
const msRestAzure = require('ms-rest-azure');
const authorizationManagement = require('azure-arm-authorization');
const resourceGroup = 'resource-group-name';
const subscriptionId = 'your-subscription-id';
msRestAzure.interactiveLogin().then(credentials => {
const client = new authorizationManagement(credentials, subscriptionId);
client.roleAssignments.listForResourceGroup(resourceGroupName).then(result => {
console.log(result);
});
});
Also on a side note, know that the actual REST API being used for these operations is:
Role Assignments - List For Resource Group
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01
Similar API, which accepts a generic scope (to work with not just resource groups but other resources as well)
Role Assignments - List For Scope
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01
UPDATE (trying to answer queries from comments)
Using the code above to list all role assignments for a specific resource group (or role assignments - list for resource group REST API).. you will be returned a collection of role assignments, like your comments reflect.
I suppose this is what you need based on the screenshot from your question, as you have Role Assignments tab selected and the list is being shown below in Azure Portal.
Now a role assignment in itself is formed by:
A security principal Id (user, group, service principal etc. to whom you're trying to give permissions through a role)
Role Definition Id (identifier for the role which you assigning like contributor, owner or a custom RBAC role for that matter)
Scope (at which this role is assigned, like at subscription level or at a specific resource group or resource level)
This concept is explained in detail and very well here on Microsoft Docs
For your purpose to make sense of the response UUIDs, you will be able to find the list of all role definitions (to know their ID, Name Description etc. using Role Definitions List through node SDK or using Role Definitions - List REST API
Principal ID is the ID of user, group or app service principal.
Scope in your case is the resource group that you're trying to query role assignments for.
这篇关于在 Node.js 中获取资源组的访问控制列表 (IAM)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
