azure-sdk-python status code not found GraphRbacManagementClient

0
votes

I am trying to enumerate Azure AD users from an azure subscription, with this code: WORKING_DIRECTORY = os.getcwd() TENANT_ID = "REDACTED_AZURE_ID_OF_MY_AZURE_AD_USER" AZURE_AUTH_LOCATION = os.path.join(WORKING_DIRECTORY, "mycredentials.json") # from: az ad sp create-for-rbac --sdk-auth > mycredentials.json

# I've tried with get_client_from_cli_profile() while logged in azure CLI
# I've tried with and without parameters auth_path and tenant_id
rbac_client = get_client_from_auth_file(GraphRbacManagementClient,auth_path=AZURE_AUTH_LOCATION, tenant_id=TENANT_ID)

# Try to list users
for user in rbac_client.users.list():
    pprint(user.__dict__)

As I've detailed in the comments, I've tried to fix the issue with a couple of unsuccessful attempts, here is the stacktrace

/home/guillaumedsde/.virtualenvs/champollion/bin/python /home/guillaumedsde/PycharmProjects/champollion/champollion/champollion.py
Traceback (most recent call last):
  File "/home/guillaumedsde/PycharmProjects/champollion/champollion/champollion.py", line 582, in <module>
    gitlab_project_member.access_level)
  File "/home/guillaumedsde/PycharmProjects/champollion/champollion/champollion.py", line 306, in create_role_assignment
    "principal_id": get_user_azure_id(user)}  # get_user_azure_id(user)}  # TODO
  File "/home/guillaumedsde/PycharmProjects/champollion/champollion/champollion.py", line 329, in get_user_azure_id
    for user in rbac_client.users.list():
  File "/home/guillaumedsde/.virtualenvs/champollion/lib/python3.6/site-packages/msrest/paging.py", line 131, in __next__
    self.advance_page()
  File "/home/guillaumedsde/.virtualenvs/champollion/lib/python3.6/site-packages/msrest/paging.py", line 117, in advance_page
    self._response = self._get_next(self.next_link)
  File "/home/guillaumedsde/.virtualenvs/champollion/lib/python3.6/site-packages/azure/graphrbac/operations/users_operations.py", line 158, in internal_paging
    raise models.GraphErrorException(self._deserialize, response)
azure.graphrbac.models.graph_error.GraphErrorException: Operation returned an invalid status code 'Not Found'

Process finished with exit code 1
1
azure-sdk-python
Code sounds good, could you try with the CLI docs.microsoft.com/cli/azure/ad/… if it works, that's not a permission problem.Laurent Mazuel
I tried with the CLI, it returns the list of users without any problems, I managed to get a list of users from my python script using the graph.windows.net API not the graph.microsoft.com API and only with user authentication, what is the difference between theses 2 APIs?guillaumedsde
Looking at your code, I found a bug in get_client_from_auth_file for GraphRbac (github.com/Azure/azure-sdk-for-python/issues/2857). Could you try get_client_from_cli_profile instead? It will load your CLI profile instead of your auth file (be sure CLI is authenticated with the credentials you want to use).Laurent Mazuel

1 Answers

1
votes

Was a bug fixed in azure-common 1.1.13 https://pypi.org/project/azure-common/1.1.13/

You can now simply do that (with no tenant ID)

rbac_client = get_client_from_auth_file(GraphRbacManagementClient,auth_path=AZURE_AUTH_LOCATION)

I took this opportunity to fix the CLI version of this method as well.

(I own this code at MS)