- I have an App1 (MultiTenant) which is in HomeTenant1 and has Clientid1.
- This App1 is registered as Service Principal in Tenant2.
- This App1 was then assigned few roles in Tenant2 on Subscription level scope. Ex. say Contributor role on Subs2 of Tenant2.
- I want to determine through Java SDK how to get list of roles assigned to this SP on Tenent2.
This is possible to do via az cli az role assignment list --all --assignee
But we want to get this via Java SDK. Following is the code snipped which we tried.
public class AzureRoles {
private final static String TENANT_ID = "redacted"; //target tenant
private final static String CLIENT_ID = "redacted"; // From apps home tenant
private final static String SUBSCRIPTIONID = "redacted"; //target tenant
private final static String CLIENT_SECRET = "redacted"; // From apps home tenant
public static void main(String []args) throws Exception {
try {
AzureProfile profile = new AzureProfile(TENANT_ID, SUBSCRIPTIONID, AzureEnvironment.AZURE);
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(CLIENT_ID)
.clientSecret(CLIENT_SECRET)
.tenantId(TENANT_ID)
.build();
System.out.println(clientSecretCredential);
System.out.println(profile.getSubscriptionId());
AzureResourceManager azureResourceManager = AzureResourceManager
.authenticate(clientSecretCredential, profile)
.withSubscription(SUBSCRIPTIONID);
System.out.println(azureResourceManager);
RoleDefinition roleDefinition = azureResourceManager.accessManagement().roleDefinitions()
.getByScopeAndRoleName("subscriptions/" + profile.getSubscriptionId(), "Contributor");
StringBuilder builder = new StringBuilder()
.append("Role Definition: ").append(roleDefinition.id())
.append("\n\tName: ").append(roleDefinition.name())
.append("\n\tRole Name: ").append(roleDefinition.roleName())
.append("\n\tType: ").append(roleDefinition.type())
.append("\n\tDescription: ").append(roleDefinition.description())
.append("\n\tType: ").append(roleDefinition.type());
Set<Permission> permissions = roleDefinition.permissions();
builder.append("\n\tPermissions: ").append(permissions.size());
for (Permission permission : permissions) {
builder.append("\n\t\tPermission Actions: " + permission.actions().size());
for (String action : permission.actions()) {
builder.append("\n\t\t\tName :").append(action);
}
builder.append("\n\t\tPermission Not Actions: " + permission.notActions().size());
for (String notAction : permission.notActions()) {
builder.append("\n\t\t\tName :").append(notAction);
}
}
Set<String> assignableScopes = roleDefinition.assignableScopes();
builder.append("\n\tAssignable scopes: ").append(assignableScopes.size());
for (String scope : assignableScopes) {
builder.append("\n\t\tAssignable Scope: ")
.append("\n\t\t\tName :").append(scope);
}
System.out.println(builder.toString());
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
}
}
Its throwing NPE at azureResourceManager assignment.
Any ideas on how to get this done in Java SDK ?
Update1
New Code:
import com.azure.core.credential.TokenCredential;
import com.azure.core.http.rest.PagedIterable;
import com.azure.core.management.AzureEnvironment;
import com.azure.core.management.profile.AzureProfile;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.resourcemanager.AzureResourceManager;
import com.azure.resourcemanager.authorization.models.RoleAssignment;
import com.azure.resourcemanager.authorization.models.RoleDefinition;
public class AzureRoles {
private final static String TENANT_ID = "redacted";
private final static String HOME_TENANT_ID = "redacted";
private final static String CLIENT_ID = "redacted";
private final static String SUBSCRIPTIONID = "redacted";
private final static String CLIENT_SECRET = "redacted";
public static void main(String []args) throws Exception {
try {
AzureProfile profile = new AzureProfile(TENANT_ID, SUBSCRIPTIONID, AzureEnvironment.AZURE);
TokenCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(CLIENT_ID)
.clientSecret(CLIENT_SECRET)
.tenantId(TENANT_ID)
.authorityHost(profile.getEnvironment().getActiveDirectoryEndpoint())
.build();
System.out.println(clientSecretCredential);
System.out.println(profile);
AzureResourceManager azureResourceManager = AzureResourceManager
.authenticate(clientSecretCredential, profile)
.withSubscription(SUBSCRIPTIONID) ;
System.out.println(azureResourceManager);
PagedIterable<RoleAssignment> items =azureResourceManager.accessManagement().roleAssignments()
.listByServicePrincipal("redacted");
for (RoleAssignment item:items) {
RoleDefinition role = azureResourceManager.accessManagement().roleDefinitions().getById(item.roleDefinitionId());
System.out.println(role.roleName());
}
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
}
}
Error message
com.azure.identity.ClientSecretCredential@5223e5ee
com.azure.core.management.profile.AzureProfile@bef2d72
null
java.lang.NullPointerException
at java.util.Objects.requireNonNull(Objects.java:203)
at com.azure.core.http.policy.BearerTokenAuthenticationPolicy.<init>(BearerTokenAuthenticationPolicy.java:36)
at com.azure.core.management.http.policy.ArmChallengeAuthenticationPolicy.<init>(ArmChallengeAuthenticationPolicy.java:47)
at com.azure.resourcemanager.resources.fluentcore.policy.AuthenticationPolicy.<init>(AuthenticationPolicy.java:28)
at com.azure.resourcemanager.resources.fluentcore.utils.HttpPipelineProvider.buildHttpPipeline(HttpPipelineProvider.java:74)
at com.azure.resourcemanager.resources.fluentcore.utils.HttpPipelineProvider.buildHttpPipeline(HttpPipelineProvider.java:45)
at com.azure.resourcemanager.AzureResourceManager.authenticate(AzureResourceManager.java:163)
at AzureRoles.main(AzureRoles.java:32)
