Azure 使用 Java SDK 将角色分配给 VM
Azure assign role to VM with Java SDK
我正在编写一个 Java 程序来创建 VM 并从存储访问文件。但是,我无法为该 VM 分配角色“Storage contributor/owner”,因此它可以。
我目前有这段代码,但我不确定它是否是我需要的,而且我也不知道在某些地方写什么:
rbacManager = GraphRbacManager.authenticate( credentials );
rbacManager.roleAssignments()
.define("roletest")
// which object? and where to find the ID?
.forObjectId("/subscription/" + subscription + "?")
.withBuiltInRole(com.microsoft.azure.management.graphrbac.BuiltInRole.STORAGE_ACCOUNT_CONTRIBUTOR)
// what should go as resource scope?
.withResourceScope(?)
.createAsync();
基本上我想在 Java 代码中执行此步骤:
提前致谢!
问题请参考以下步骤
- 创建服务主体并将
Owner 角色分配给 sp
az login
az ad sp create-for-rbac -n "MyApp" --role "Owner"\
--scopes /subscriptions/{SubID} \
--sdk-auth
- 项目
一个。 SDK
<dependency>
<groupId>com.azure.resourcemanager</groupId>
<artifactId>azure-resourcemanager</artifactId>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.2.0</version>
</dependency>
b。代码
AzureProfile profile = new AzureProfile(AzureEnvironment.AZURE);
String clientId="<sp appid>";
String clientSecret="<sp password>";
String tenant="";
String subscriptionId=""
TokenCredential credential = new ClientSecretCredentialBuilder()
.clientId(clientId)
.clientSecret(clientSecret)
.authorityHost(profile.getEnvironment().getActiveDirectoryEndpoint())
.tenantId(tenant)
.build();
AzureResourceManager azureResourceManager = AzureResourceManager
.configure()
.withLogLevel(HttpLogDetailLevel.BASIC)
.authenticate(credential, profile)
.withSubscription(subscriptionId);
// get storage account
String accountGroup="";
String accountName="";
StorageAccount account = azureResourceManager.storageAccounts().getByResourceGroup(accountGroup,accountName);
// get vm
String vmGroup="";
String vmName="test";
VirtualMachine virtualMachine = azureResourceManager.virtualMachines().getByResourceGroup(vmGroup,vmName);
virtualMachine.update()
.withSystemAssignedManagedServiceIdentity()
.withSystemAssignedIdentityBasedAccessTo(account.id(), BuiltInRole.fromString("Storage Blob Data Owner"))
.apply();
}
我正在编写一个 Java 程序来创建 VM 并从存储访问文件。但是,我无法为该 VM 分配角色“Storage contributor/owner”,因此它可以。
我目前有这段代码,但我不确定它是否是我需要的,而且我也不知道在某些地方写什么:
rbacManager = GraphRbacManager.authenticate( credentials );
rbacManager.roleAssignments()
.define("roletest")
// which object? and where to find the ID?
.forObjectId("/subscription/" + subscription + "?")
.withBuiltInRole(com.microsoft.azure.management.graphrbac.BuiltInRole.STORAGE_ACCOUNT_CONTRIBUTOR)
// what should go as resource scope?
.withResourceScope(?)
.createAsync();
基本上我想在 Java 代码中执行此步骤:
提前致谢!
问题请参考以下步骤
- 创建服务主体并将
Owner角色分配给 sp
az login
az ad sp create-for-rbac -n "MyApp" --role "Owner"\
--scopes /subscriptions/{SubID} \
--sdk-auth
- 项目
一个。 SDK
<dependency>
<groupId>com.azure.resourcemanager</groupId>
<artifactId>azure-resourcemanager</artifactId>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.2.0</version>
</dependency>
b。代码
AzureProfile profile = new AzureProfile(AzureEnvironment.AZURE);
String clientId="<sp appid>";
String clientSecret="<sp password>";
String tenant="";
String subscriptionId=""
TokenCredential credential = new ClientSecretCredentialBuilder()
.clientId(clientId)
.clientSecret(clientSecret)
.authorityHost(profile.getEnvironment().getActiveDirectoryEndpoint())
.tenantId(tenant)
.build();
AzureResourceManager azureResourceManager = AzureResourceManager
.configure()
.withLogLevel(HttpLogDetailLevel.BASIC)
.authenticate(credential, profile)
.withSubscription(subscriptionId);
// get storage account
String accountGroup="";
String accountName="";
StorageAccount account = azureResourceManager.storageAccounts().getByResourceGroup(accountGroup,accountName);
// get vm
String vmGroup="";
String vmName="test";
VirtualMachine virtualMachine = azureResourceManager.virtualMachines().getByResourceGroup(vmGroup,vmName);
virtualMachine.update()
.withSystemAssignedManagedServiceIdentity()
.withSystemAssignedIdentityBasedAccessTo(account.id(), BuiltInRole.fromString("Storage Blob Data Owner"))
.apply();
}