对我的azure应用程序清单的更改在azure p中看不到

2024-03-29 00:45:03 发布

您现在位置:Python中文网/ 问答频道 /正文

我想用lambda通过lambda like this developer以编程方式将AWS IAM角色镜像到我的SAML联邦

我想验证在Azure中,自动化软件的凭据需要具有什么样的最低访问权限,所以我尝试了一个简单的python脚本来模拟这个(见下文)。你知道吗

我可以更新值并检索更新后的值,但是当我进入Azure门户并查看清单文件时,它没有改变。你知道吗

现在我想知道为什么会这样:在pythoncli for Azure中是否存在缓存?我没有以正确的方式发现一些潜在的错误吗?你知道吗

from azure.graphrbac import GraphRbacManagementClient
from azure.common.credentials import UserPassCredentials
from azure.graphrbac.models.app_role import AppRole

credentials = UserPassCredentials(
            username='my-user@company',
            password='my-ad-password',
            resource="https://graph.windows.net"
    )

tenant_id = "guid-of-my-company-tenant-from-ad-admins"
graphrbac_client = GraphRbacManagementClient(
    credentials,
    tenant_id
)
oid = "guid-of-object-id"
principal = graphrbac_client.service_principals.get(object_id=oid)
print('display_name: {}'.format(principal.display_name))
try:
    for role in principal.app_roles:
        if( role.display_name == 'AWSRoleInManifestFile'):
            print("is_enabled: ", role.is_enabled)

    # Verify update works by changing one role to isEnabled = false
    for role in principal.app_roles:
        if( role.display_name == 'AWSRoleInManifestFile'):
            role.is_enabled = False

    # Update using the api.
    retval = graphrbac_client.service_principals.update(oid, principal)
except Exception as e:
    print("Exception occured.", e)

# retrieve the values again to see if the change is done.
principal = graphrbac_client.service_principals.get(object_id=oid)

for role in principal.app_roles:
    if( role.display_name == 'AWSRoleInManifestFile'):
        print("role.is_enabled: ", role.is_enabled)
print("done.")

使用update调用的原始参数,我可以看到发送的是一个补丁请求,响应是204。你知道吗

retval = graphrbac_client.service_principals.update(object_id=oid, parameters=principal, custom_headers=None, raw=True)

Tags: namefromclientidprincipalappforobject