I have an App1 (MultiTenant) which is in HomeTenant1 and has Clientid1.
This App1 is registered as Service Principal in Tenant2.
This App1 was then assigned few roles in Tenant2 on Subscription level scope. Ex. Contributor role on Subs2 of Tenant2.
I want to determine through Java SDK how to get list of roles assigned to this SP on Tenent2.
This is possible to do via az cli
az role assignment list --all --assignee <app client id>
But we want to get this via Java SDK.
Following is the code snipped which we tried.
public class AzureRoles {
private final static String TENANT_ID = "redacted"; //target tenant
private final static String CLIENT_ID = "redacted"; // From apps home tenant
private final static String SUBSCRIPTIONID = "redacted"; //target tenant
private final static String CLIENT_SECRET = "redacted"; // From apps home tenant
public static void main(String []args) throws Exception {
try {
AzureProfile profile = new AzureProfile(TENANT_ID, SUBSCRIPTIONID, AzureEnvironment.AZURE);
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(CLIENT_ID)
.clientSecret(CLIENT_SECRET)
.tenantId(TENANT_ID)
.build();
System.out.println(clientSecretCredential);
System.out.println(profile.getSubscriptionId());
AzureResourceManager azureResourceManager = AzureResourceManager
.authenticate(clientSecretCredential, profile)
.withSubscription(SUBSCRIPTIONID);
System.out.println(azureResourceManager);
RoleDefinition roleDefinition = azureResourceManager.accessManagement().roleDefinitions()
.getByScopeAndRoleName("subscriptions/" + profile.getSubscriptionId(), "Contributor");
StringBuilder builder = new StringBuilder()
.append("Role Definition: ").append(roleDefinition.id())
.append("\n\tName: ").append(roleDefinition.name())
.append("\n\tRole Name: ").append(roleDefinition.roleName())
.append("\n\tType: ").append(roleDefinition.type())
.append("\n\tDescription: ").append(roleDefinition.description())
.append("\n\tType: ").append(roleDefinition.type());
Set<Permission> permissions = roleDefinition.permissions();
builder.append("\n\tPermissions: ").append(permissions.size());
for (Permission permission : permissions) {
builder.append("\n\t\tPermission Actions: " + permission.actions().size());
for (String action : permission.actions()) {
builder.append("\n\t\t\tName :").append(action);
}
builder.append("\n\t\tPermission Not Actions: " + permission.notActions().size());
for (String notAction : permission.notActions()) {
builder.append("\n\t\t\tName :").append(notAction);
}
}
Set<String> assignableScopes = roleDefinition.assignableScopes();
builder.append("\n\tAssignable scopes: ").append(assignableScopes.size());
for (String scope : assignableScopes) {
builder.append("\n\t\tAssignable Scope: ")
.append("\n\t\t\tName :").append(scope);
}
System.out.println(builder.toString());
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
}
}
Its throwing NPE at AzureResourceManager azureResourceManager declaration.
Any ideas on how to get this done in Java SDK ?