search

Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.59k stars 2.8k forks source link

How to get current context (logged in entity) objectId #4350

Closed 4c74356b41 closed 5 years ago

4c74356b41 commented 5 years ago 
graphrbac_client = GraphRbacManagementClient(
    credentials = ServicePrincipalCredentials(
        client_id = CLIENT,
        secret = KEY,
        tenant = TENANT_ID,
        resource = "https://graph.windows.net"
    ),
    TENANT_ID
)
for sp in graphrbac_client.service_principals.list():
  if sp.app_id == graphrbac_client.config.credentials.id:
    print('found it')

This requires too much permissions for the application (I've only managed to get it work with Directory.ReadAll, doesnt work with Application.ReadWrite.All, for some reason despite docs saying it should). All the methods I seem to find seem to require to know objectId upfront... which is what I'm trying to retrieve.

adal==1.2.0
ansible==2.7.5
applicationinsights==0.11.7
argcomplete==1.9.4
asn1crypto==0.24.0
astroid==2.1.0
atomicwrites==1.2.1
attrs==18.2.0
azure-cli-core==2.0.35
azure-cli-nspkg==3.0.2
azure-common==1.1.11
azure-graphrbac==0.40.0
azure-keyvault==1.0.0a1
azure-mgmt-batch==4.1.0
azure-mgmt-compute==2.1.0
azure-mgmt-containerinstance==0.4.0
azure-mgmt-containerregistry==2.0.0
azure-mgmt-containerservice==3.0.1
azure-mgmt-cosmosdb==0.5.2
azure-mgmt-dns==1.2.0
azure-mgmt-keyvault==0.40.0
azure-mgmt-marketplaceordering==0.1.0
azure-mgmt-monitor==0.5.2
azure-mgmt-network==1.7.1
azure-mgmt-nspkg==2.0.0
azure-mgmt-rdbms==1.2.0
azure-mgmt-resource==1.2.2
azure-mgmt-sql==0.7.1
azure-mgmt-storage==1.5.0
azure-mgmt-trafficmanager==0.50.0
azure-mgmt-web==0.32.0
azure-nspkg==2.0.0
azure-storage==0.35.1
bcrypt==3.1.5
certifi==2018.11.29
cffi==1.11.5
chardet==3.0.4
colorama==0.4.1
cryptography==2.4.2
entrypoints==0.2.3
humanfriendly==4.17
idna==2.8
isodate==0.6.0
isort==4.3.4
jeepney==0.4
Jinja2==2.10
jmespath==0.9.3
keyring==17.1.1
knack==0.3.3
lazy-object-proxy==1.3.1
MarkupSafe==1.1.0
mccabe==0.6.1
more-itertools==5.0.0
msrest==0.6.2
msrestazure==0.6.0
oauthlib==2.1.0
packaging==18.0
paramiko==2.4.2
pluggy==0.8.0
py==1.7.0
pyasn1==0.4.5
pycparser==2.19
Pygments==2.3.1
PyJWT==1.7.1
pylint==2.2.2
PyNaCl==1.3.0
pyOpenSSL==18.0.0
pyparsing==2.3.0
pytest==4.0.2
python-dateutil==2.7.5
PyYAML==3.13
requests==2.21.0
requests-oauthlib==1.0.0
SecretStorage==3.1.0
six==1.12.0
tabulate==0.8.2
typed-ast==1.1.1
urllib3==1.24.1
wrapt==1.10.11
lmazuel commented 5 years ago

Would this help?

def resolve_service_principal(identifier):
    """Get an object_id from a client_id.
    """
    graphrbac_credentials = ServicePrincipalCredentials(
        client_id=os.environ['AZURE_CLIENT_ID'],
        secret=os.environ['AZURE_CLIENT_SECRET'],
        tenant=os.environ['AZURE_TENANT_ID'],
        resource="https://graph.windows.net"
    )
    graphrbac_client = GraphRbacManagementClient(
        graphrbac_credentials,
        os.environ['AZURE_TENANT_ID']
    )

    result = list(graphrbac_client.service_principals.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(identifier)))
    if result:
        return result[0].object_id
    raise RuntimeError("Unable to get object_id from client_id")
4c74356b41 commented 5 years ago

ok, this seem to work, but how? lol. what I meant to say, I was unable to find any docs on the filtering, questionmark

johanste commented 5 years ago

The filter is an OData filter. I believe that this may be of help...