1

I am trying to resolve a list of principal ids into the details like name of the user/service. I have the following code -

from azure.common.credentials import ServicePrincipalCredentials
from azure.graphrbac import GraphRbacManagementClient

TENANT = 'something.onmicrosoft.com'
TENANT_ID = '...'
CLIENT_ID = '...'
SECRET = '...'
List_of_Principal_IDs= ['...','...']
credentials = ServicePrincipalCredentials(
    client_id=CLIENT_ID,
    secret=SECRET,
    tenant=TENANT_ID,
    resource="https://graph.windows.net"
)
client = GraphRbacManagementClient(credentials, TENANT)

I tried following the advice on on one of the stackoverflow pages but I am running into errors (see following). Any guidance on how I can resolve these principal ids to human understandable format would be appreciated.

users = client.users.list(
         filter=f"principal_id eq '{List_of_Principal_IDs[0]}'"
     )
test = users.next()

Error -

azure.graphrbac.models.graph_error_py3.GraphErrorException: Property 'principal_id' does not exist as a declared property or extension property.

users = client.objects.get_objects_by_object_ids(List_of_Principal_IDs[0])
user = users.next()

Error -

msrest.exceptions.SerializationError: Unable to build a model: Unable to deserialize to object: type, AttributeError: 'str' object has no attribute 'get', DeserializationError: Unable to deserialize to object: type, AttributeError: 'str' object has no attribute 'get'

Steve_Greenwood
  • 546
  • 8
  • 20

1 Answers1

1

azure.graphrbac.models.graph_error_py3.GraphErrorException: Property 'principal_id' does not exist as a declared property or extension property.

About this error, principal_id does not exist in the properties of users. If I don't misunderstand, the principal_id means the Object ID of the user. But Object_id doesn't support filter, you need to use get method instead of list method.

user = client.users.get(upn_or_object_id)

msrest.exceptions.SerializationError: Unable to build a model: Unable to deserialize to object: type, AttributeError: 'str' object has no attribute 'get', DeserializationError: Unable to deserialize to object: type, AttributeError: 'str' object has no attribute 'get'

get_objects_by_object_ids needs parameters of GetObjectsParameters class, but not just a list.

objects = graphrbac_client.objects.get_objects_by_object_ids({
    'object_ids': [list of object ids],
    'types': [list of object types]
})
unknown
  • 6,778
  • 1
  • 5
  • 14
  • The second method fails when converting the objects returned to list if you searched for the object ids of deleted objects. Since I usually do 1000+ at a time would it usually is very slow to do them individually. Any work arounds that you can think of? – Steve_Greenwood Jan 10 '21 at 17:32