2

I need to check whether the provided blob is assigned to the organisation represented by tenant ID. Provided information is: - storage URI - SAS token

My solution is to list all the subscription within the organisation, get the subscription of provided blob and find the match.

The problem is, in Azure SDK i can not find any method to get information about subscription.

The only way I can list the properties about my storage account is to use azure CLI by running command 

az storage account show

Is there any way to get subscription information having such parameters? If not, could you suggest me some solution to check blob belongingness?

pawelen
  • 133
  • 1
  • 1
  • 5
  • So your question is to use `tenant ID` , `storage URI` , `SAS token` to know the storage account belongs to which subscription? – Joy Wang Jun 05 '19 at 08:58
  • Input data are storage URI and SAS token. Tenant ID is known. I need to check if storage account with provided storage URI and SAS token belongs to any subscription of organisation represented by Tenant ID. – pawelen Jun 05 '19 at 09:07
  • You want to do this via java sdk? – Joy Wang Jun 05 '19 at 09:09
  • Exactly. But first, I want to know if it's even possible. – pawelen Jun 05 '19 at 09:11
  • Do you have roles for all the subscriptions in the tenant? – Joy Wang Jun 05 '19 at 09:24
  • In Management groups I can see that subscriptions are grouped, but column "My role" is empty. So I assume there are no roles. – pawelen Jun 05 '19 at 09:41
  • If so, you could not access the subscriptions, you will not be able to check if the storage account exists or not. – Joy Wang Jun 05 '19 at 09:44
  • Thank you! Could you recommend me some other solution to confirm blob belongingness? Maybe I need more input data? If so, what kind of data? – pawelen Jun 05 '19 at 09:46

1 Answers1

0

In your case, you need to have the permissions for all the subscriptions in the tenant(e.g. you are the owners of the subscriptions).

My workaround is to call the REST API Subscriptions - List in java(seems there is no sdk to list subscriptions), to call the rest api in java, you could refer to this link.

Then List resource groups in every subscription, after that you can List all storage accounts in a resource group. Then check the storage account if exists in them.

Could you recommend me some other solution to confirm blob belongingness? Maybe I need more input data? If so, what kind of data?

First, your purpose is a reverse search, so we could not know the subscription, resource group. So we could not know the details about the storage account, like the resource id of the storage account, becasue the resource id includes the subscription id and resource group name. So even if you have other input data, which is not related to the storage account directly, we just could use the workaround above.

Joy Wang
  • 39,905
  • 3
  • 30
  • 54