【发布时间】:2021-05-20 14:39:13
【问题描述】:
我想使用 Azure python SDK 查询服务原则过期数据时间。我已经有了“GlobalReader”权限的服务原则。我可以使用以下代码进行身份验证。
>>> from azureml.core.authentication import ServicePrincipalAuthentication
>>> x=ServicePrincipalAuthentication(tenant_id=tenant_id, service_principal_id=client_id, service_principal_password=client_secret)
>>> dir(x)
['__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__metaclass__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_cached_arm_token', '_cached_azureml_client_token', '_cached_graph_token', '_check_if_subscription_exists', '_cloud_type', '_enable_caching', '_get_adal_auth_object', '_get_all_subscription_ids', '_get_aml_resource_id', '_get_arm_end_point', '_get_arm_token', '_get_azureml_client_token', '_get_cloud_suffix', '_get_cloud_type', '_get_graph_token', '_get_service_client', '_get_sp_credential_object', '_get_workspace', '_initialize_sp_auth', '_is_token_expired', '_service_principal_id', '_service_principal_password', '_sp_auth_lock', '_tenant_id', '_token_type_to_field_dict', 'get_authentication_header', 'signed_session']
>>>
>>>
>>> x._get_all_subscription_ids
<bound method ServicePrincipalAuthentication._get_all_subscription_ids of <azureml.core.authentication.ServicePrincipalAuthentication object at 0x7f0a174443d0>>
>>> x._get_all_subscription_ids()
如何获取其他服务原则过期详情?喜欢az ad sp credential list --id "[ID]" --query "[].endDate" -o tsv。
更新 1
我想我需要研究azure-graphrbac 模块。我从this issue看到,az ad sp crendential list的debug,有方法graph_client.applications.list_password_credentials(app_object_id),但是不知道怎么用
【问题讨论】:
标签: azure azure-service-principal azureml-python-sdk