我想用lambda通过lambda like this developer以编程方式将AWS IAM角色镜像到我的SAML联邦
我想验证在Azure中,自动化软件的凭据需要具有什么样的最低访问权限,所以我尝试了一个简单的python脚本来模拟这个(见下文)。你知道吗
我可以更新值并检索更新后的值,但是当我进入Azure门户并查看清单文件时,它没有改变。你知道吗
现在我想知道为什么会这样:在pythoncli for Azure中是否存在缓存?我没有以正确的方式发现一些潜在的错误吗?你知道吗
from azure.graphrbac import GraphRbacManagementClient
from azure.common.credentials import UserPassCredentials
from azure.graphrbac.models.app_role import AppRole
credentials = UserPassCredentials(
username='my-user@company',
password='my-ad-password',
resource="https://graph.windows.net"
)
tenant_id = "guid-of-my-company-tenant-from-ad-admins"
graphrbac_client = GraphRbacManagementClient(
credentials,
tenant_id
)
oid = "guid-of-object-id"
principal = graphrbac_client.service_principals.get(object_id=oid)
print('display_name: {}'.format(principal.display_name))
try:
for role in principal.app_roles:
if( role.display_name == 'AWSRoleInManifestFile'):
print("is_enabled: ", role.is_enabled)
# Verify update works by changing one role to isEnabled = false
for role in principal.app_roles:
if( role.display_name == 'AWSRoleInManifestFile'):
role.is_enabled = False
# Update using the api.
retval = graphrbac_client.service_principals.update(oid, principal)
except Exception as e:
print("Exception occured.", e)
# retrieve the values again to see if the change is done.
principal = graphrbac_client.service_principals.get(object_id=oid)
for role in principal.app_roles:
if( role.display_name == 'AWSRoleInManifestFile'):
print("role.is_enabled: ", role.is_enabled)
print("done.")
使用update调用的原始参数,我可以看到发送的是一个补丁请求,响应是204。你知道吗
retval = graphrbac_client.service_principals.update(object_id=oid, parameters=principal, custom_headers=None, raw=True)
目前没有回答
相关问题 更多 >
编程相关推荐