Example 1 with RoleAssignmentInner
use of com.microsoft.azure.management.graphrbac.implementation.RoleAssignmentInner in project cloudbreak by hortonworks.
the class AzureIDBrokerObjectStorageValidator method validateStorageAccount.
private void validateStorageAccount(AzureClient client, Set<Identity> identities, String location, CloudIdentityType cloudIdentityType, ValidationResultBuilder resultBuilder) {
AdlsGen2Config adlsGen2Config = adlsGen2ConfigGenerator.generateStorageConfig(location);
String storageAccountName = adlsGen2Config.getAccount();
Optional<String> storageAccountIdOptional = azureStorage.findStorageAccountIdInVisibleSubscriptions(client, storageAccountName);
if (storageAccountIdOptional.isEmpty()) {
LOGGER.debug("Storage account {} not found or insufficient permission to list subscriptions and / or storage accounts.", storageAccountName);
addError(resultBuilder, String.format("Storage account with name %s not found in the given Azure subscription. %s", storageAccountName, getAdviceMessage(STORAGE_LOCATION, cloudIdentityType)));
return;
}
List<RoleAssignmentInner> roleAssignments = client.listRoleAssignmentsByScopeInner(storageAccountIdOptional.get());
ResourceId storageAccountResourceId = ResourceId.fromString(storageAccountIdOptional.get());
boolean differentSubscriptions = !client.getCurrentSubscription().subscriptionId().equals(storageAccountResourceId.subscriptionId());
List<RoleAssignmentInner> roleAssignmentsForSubscription = getRoleAssignmentsOfSubscription(roleAssignments, storageAccountResourceId.subscriptionId(), client, differentSubscriptions);
for (Identity identity : identities) {
validateRoleAssigmentAndScope(roleAssignmentsForSubscription, resultBuilder, identity, List.of(storageAccountName, storageAccountResourceId.resourceGroupName(), storageAccountResourceId.subscriptionId()), differentSubscriptions, cloudIdentityType);
}
}
Also used :
ResourceId(com.microsoft.azure.management.resources.fluentcore.arm.ResourceId)
AdlsGen2Config(com.sequenceiq.cloudbreak.telemetry.fluent.cloud.AdlsGen2Config)
RoleAssignmentInner(com.microsoft.azure.management.graphrbac.implementation.RoleAssignmentInner)
Identity(com.microsoft.azure.management.msi.Identity)
Example 2 with RoleAssignmentInner
use of com.microsoft.azure.management.graphrbac.implementation.RoleAssignmentInner in project cloudbreak by hortonworks.
the class AzureIDBrokerObjectStorageValidator method validateObjectStorage.
public ValidationResult validateObjectStorage(AzureClient client, SpiFileSystem spiFileSystem, String logsLocationBase, String backupLocationBase, String singleResourceGroupName, ValidationResultBuilder resultBuilder) {
LOGGER.info("Validating Azure identities...");
List<CloudFileSystemView> cloudFileSystems = spiFileSystem.getCloudFileSystems();
validateHierarchicalNamespace(client, spiFileSystem, logsLocationBase, backupLocationBase, resultBuilder);
if (Objects.nonNull(cloudFileSystems) && cloudFileSystems.size() > 0) {
for (CloudFileSystemView cloudFileSystemView : cloudFileSystems) {
CloudAdlsGen2View cloudFileSystem = (CloudAdlsGen2View) cloudFileSystemView;
String managedIdentityId = cloudFileSystem.getManagedIdentity();
Identity identity = client.getIdentityById(managedIdentityId);
CloudIdentityType cloudIdentityType = cloudFileSystem.getCloudIdentityType();
if (identity != null) {
if (ID_BROKER.equals(cloudIdentityType)) {
List<RoleAssignmentInner> roleAssignments;
Optional<ResourceGroup> singleResourceGroup;
if (singleResourceGroupName != null) {
ResourceGroup resourceGroup = client.getResourceGroup(singleResourceGroupName);
roleAssignments = client.listRoleAssignmentsByScopeInner(resourceGroup.id());
singleResourceGroup = Optional.of(resourceGroup);
} else {
roleAssignments = client.listRoleAssignments();
singleResourceGroup = Optional.empty();
}
validateIDBroker(client, roleAssignments, identity, cloudFileSystem, singleResourceGroup, resultBuilder);
} else if (LOG.equals(cloudIdentityType)) {
validateLog(client, identity, logsLocationBase, resultBuilder);
}
} else {
addError(resultBuilder, String.format("%s Identity with id %s does not exist in the given Azure subscription. %s", getIdentityType(cloudIdentityType), managedIdentityId, getAdviceMessage(IDENTITY, cloudIdentityType)));
}
}
}
return resultBuilder.build();
}
Also used :
CloudFileSystemView(com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudFileSystemView)
CloudAdlsGen2View(com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudAdlsGen2View)
CloudIdentityType(com.sequenceiq.common.model.CloudIdentityType)
Identity(com.microsoft.azure.management.msi.Identity)
RoleAssignmentInner(com.microsoft.azure.management.graphrbac.implementation.RoleAssignmentInner)
ResourceGroup(com.microsoft.azure.management.resources.ResourceGroup)
Aggregations
RoleAssignmentInner (com.microsoft.azure.management.graphrbac.implementation.RoleAssignmentInner)2
Identity (com.microsoft.azure.management.msi.Identity)2
ResourceGroup (com.microsoft.azure.management.resources.ResourceGroup)1
ResourceId (com.microsoft.azure.management.resources.fluentcore.arm.ResourceId)1
CloudAdlsGen2View (com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudAdlsGen2View)1
CloudFileSystemView (com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudFileSystemView)1
AdlsGen2Config (com.sequenceiq.cloudbreak.telemetry.fluent.cloud.AdlsGen2Config)1
CloudIdentityType (com.sequenceiq.common.model.CloudIdentityType)1
