com.microsoft.azure.management.graphrbac.RoleDefinition Java Examples

The following examples show how to use com.microsoft.azure.management.graphrbac.RoleDefinition. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: VirtualMachineEMSILMSIOperationsTests.java    From azure-libraries-for-java with MIT License 6 votes vote down vote up 
private Observable<RoleAssignment> lookupRoleAssignmentUsingScopeAndRoleAsync(final String scope, BuiltInRole role, final String principalId) {
    return this.msiManager.graphRbacManager()
            .roleDefinitions()
            .getByScopeAndRoleNameAsync(scope, role.toString())
            .flatMap(new Func1<RoleDefinition, Observable<RoleAssignment>>() {
                @Override
                public Observable<RoleAssignment> call(final RoleDefinition roleDefinition) {
                    return msiManager.graphRbacManager()
                            .roleAssignments()
                            .listByScopeAsync(scope)
                            .filter(new Func1<RoleAssignment, Boolean>() {
                                @Override
                                public Boolean call(RoleAssignment roleAssignment) {
                                    if (roleDefinition != null && roleAssignment != null) {
                                        return roleAssignment.roleDefinitionId().equalsIgnoreCase(roleDefinition.id()) && roleAssignment.principalId().equalsIgnoreCase(principalId);
                                    } else {
                                        return false;
                                    }
                                }
                            });
                }
            })
            .switchIfEmpty(Observable.<RoleAssignment>just(null));
}
Example #2
Source File: VirtualMachineScaleSetEMSILMSIOperationsTests.java    From azure-libraries-for-java with MIT License 6 votes vote down vote up 
private Observable<RoleAssignment> lookupRoleAssignmentUsingScopeAndRoleAsync(final String scope, BuiltInRole role, final String principalId) {
    return this.msiManager.graphRbacManager()
            .roleDefinitions()
            .getByScopeAndRoleNameAsync(scope, role.toString())
            .flatMap(new Func1<RoleDefinition, Observable<RoleAssignment>>() {
                @Override
                public Observable<RoleAssignment> call(final RoleDefinition roleDefinition) {
                    return msiManager.graphRbacManager()
                            .roleAssignments()
                            .listByScopeAsync(scope)
                            .filter(new Func1<RoleAssignment, Boolean>() {
                                @Override
                                public Boolean call(RoleAssignment roleAssignment) {
                                    if (roleDefinition != null && roleAssignment != null) {
                                        return roleAssignment.roleDefinitionId().equalsIgnoreCase(roleDefinition.id()) && roleAssignment.principalId().equalsIgnoreCase(principalId);
                                    } else {
                                        return false;
                                    }
                                }
                            });
                }
            })
            .switchIfEmpty(Observable.<RoleAssignment>just(null));
}
Example #3
Source File: AzureAadRoleScanner.java    From clouditor with Apache License 2.0 5 votes vote down vote up 
@Override
protected Asset transform(RoleDefinition role) throws ScanException {
  var asset = super.transform(role);

  var hasGlobalScope = false;
  var isAdminRole = false;

  for (var scope : role.assignableScopes()) {
    if (scope.equals("/") || scope.contains("subscription")) {
      hasGlobalScope = true;
    }
  }

  if (hasGlobalScope) {
    for (var permission : role.permissions()) {
      for (var action : permission.actions()) {
        if (action.equals("*")) {
          isAdminRole = true;
        }
      }
    }
  }

  asset.setProperty("customAdminRole", isAdminRole);

  return asset;
}
Example #4
Source File: AzureAadRoleScannerTest.java    From clouditor with Apache License 2.0 5 votes vote down vote up 
@BeforeAll
static void setUpOnce() {
  discoverAssets(
      AzureAadRoleScanner::new,
      api -> {
        var role = createWithId(RoleDefinition.class, "role-url", new RoleDefinitionInner());

        when(api.azure.accessManagement().roleDefinitions().listByScope(anyString()))
            .thenReturn(MockedPagedList.of(role));
      });
}
Example #5
Source File: Utils.java    From azure-libraries-for-java with MIT License 5 votes vote down vote up 
/**
 * Print Active Directory User info.
 * @param role role definition
 */
public static void print(RoleDefinition role) {
    StringBuilder builder = new StringBuilder()
            .append("Role Definition: ").append(role.id())
            .append("\n\tName: ").append(role.name())
            .append("\n\tRole Name: ").append(role.roleName())
            .append("\n\tType: ").append(role.type())
            .append("\n\tDescription: ").append(role.description())
            .append("\n\tType: ").append(role.type());

    Set<Permission> permissions = role.permissions();
    builder.append("\n\tPermissions: ").append(permissions.size());
    for (Permission permission : permissions) {
        builder.append("\n\t\tPermission Actions: " + permission.actions().size());
        for (String action : permission.actions()) {
            builder.append("\n\t\t\tName :").append(action);
        }
        builder.append("\n\t\tPermission Not Actions: " + permission.notActions().size());
        for (String notAction : permission.notActions()) {
            builder.append("\n\t\t\tName :").append(notAction);
        }
    }

    Set<String> assignableScopes = role.assignableScopes();
    builder.append("\n\tAssignable scopes: ").append(assignableScopes.size());
    for (String scope : assignableScopes) {
        builder.append("\n\t\tAssignable Scope: ")
                .append("\n\t\t\tName :").append(scope);
    }

    System.out.println(builder.toString());
}
Example #6
Source File: RoleDefinitionsImpl.java    From azure-libraries-for-java with MIT License 5 votes vote down vote up 
@Override
public Observable<RoleDefinition> getByIdAsync(String id) {
    return manager().roleInner().roleDefinitions().getByIdAsync(id).map(new Func1<RoleDefinitionInner, RoleDefinition>() {
        @Override
        public RoleDefinition call(RoleDefinitionInner roleDefinitionInner) {
            if (roleDefinitionInner == null) {
                return null;
            } else {
                return new RoleDefinitionImpl(roleDefinitionInner, manager());
            }
        }
    });
}
Example #7
Source File: RoleDefinitionsImpl.java    From azure-libraries-for-java with MIT License 5 votes vote down vote up 
@Override
public Observable<RoleDefinition> getByScopeAsync(String scope,  String name) {
    return manager().roleInner().roleDefinitions().getAsync(scope, name)
            .map(new Func1<RoleDefinitionInner, RoleDefinition>() {
                @Override
                public RoleDefinition call(RoleDefinitionInner roleDefinitionInner) {
                    if (roleDefinitionInner == null) {
                        return null;
                    }
                    return new RoleDefinitionImpl(roleDefinitionInner, manager());
                }
            });
}
Example #8
Source File: RoleDefinitionsImpl.java    From azure-libraries-for-java with MIT License 5 votes vote down vote up 
@Override
public Observable<RoleDefinition> getByScopeAndRoleNameAsync(String scope,  String roleName) {
    return manager().roleInner().roleDefinitions().listAsync(scope, String.format("roleName eq '%s'", roleName))
            .map(new Func1<Page<RoleDefinitionInner>, RoleDefinition>() {
                @Override
                public RoleDefinition call(Page<RoleDefinitionInner> roleDefinitionInnerPage) {
                    if (roleDefinitionInnerPage == null || roleDefinitionInnerPage.items() == null || roleDefinitionInnerPage.items().isEmpty()) {
                        return null;
                    }
                    return new RoleDefinitionImpl(roleDefinitionInnerPage.items().get(0), manager());
                }
            });
}
Example #9
Source File: ITManagedStorageAccountKey.java    From azure-keyvault-java with MIT License 5 votes vote down vote up 
private RoleDefinition getKeyVaultRole() {
    RoleDefinition keyVaultRole = null;
    PagedList<RoleDefinition> roleDefinitions = graphRbacManager.roleDefinitions().listByScope("\\");
    Iterator<RoleDefinition> roleDefs = roleDefinitions.iterator();
    while (roleDefs.hasNext()) {
        RoleDefinition definition = roleDefs.next();
        if (definition.roleName().equals("Storage Account Key Operator Service Role")) {
            keyVaultRole = definition;
            break;
        }
    }
    return keyVaultRole;
}
Example #10
Source File: AzureAadRoleScanner.java    From clouditor with Apache License 2.0 4 votes vote down vote up 
public AzureAadRoleScanner() {
  super(RoleDefinition::id, RoleDefinition::roleName);
}
Example #11
Source File: AzureAadRoleScanner.java    From clouditor with Apache License 2.0 4 votes vote down vote up 
@Override
protected List<RoleDefinition> list() {
  return this.api.azure().accessManagement().roleDefinitions().listByScope("");
}
Example #12
Source File: RoleDefinitionsImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up 
@Override
public ServiceFuture<RoleDefinition> getByIdAsync(String id, ServiceCallback<RoleDefinition> callback) {
    return ServiceFuture.fromBody(getByIdAsync(id), callback);
}
Example #13
Source File: RoleDefinitionsImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up 
@Override
public ServiceFuture<RoleDefinition> getByScopeAsync(String scope, String name, ServiceCallback<RoleDefinition> callback) {
    return ServiceFuture.fromBody(getByScopeAsync(scope, name), callback);
}
Example #14
Source File: RoleDefinitionsImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up 
@Override
public Observable<RoleDefinition> listByScopeAsync(String scope) {
    return wrapPageAsync(manager().roleInner().roleDefinitions().listAsync(scope));
}
Example #15
Source File: RoleDefinitionsImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up 
@Override
public PagedList<RoleDefinition> listByScope(String scope) {
    return wrapList(manager().roleInner().roleDefinitions().list(scope));
}
Example #16
Source File: RoleDefinitionsImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up 
@Override
public ServiceFuture<RoleDefinition> getByScopeAndRoleNameAsync(String scope, String roleName, ServiceCallback<RoleDefinition> callback) {
    return ServiceFuture.fromBody(getByScopeAndRoleNameAsync(scope, roleName), callback);
}