Search in sources :

Example 1 with RoleAssignmentInner

use of com.microsoft.azure.management.graphrbac.implementation.RoleAssignmentInner in project cloudbreak by hortonworks.

the class AzureIDBrokerObjectStorageValidator method validateStorageAccount.

private void validateStorageAccount(AzureClient client, Set<Identity> identities, String location, CloudIdentityType cloudIdentityType, ValidationResultBuilder resultBuilder) {
    AdlsGen2Config adlsGen2Config = adlsGen2ConfigGenerator.generateStorageConfig(location);
    String storageAccountName = adlsGen2Config.getAccount();
    Optional<String> storageAccountIdOptional = azureStorage.findStorageAccountIdInVisibleSubscriptions(client, storageAccountName);
    if (storageAccountIdOptional.isEmpty()) {
        LOGGER.debug("Storage account {} not found or insufficient permission to list subscriptions and / or storage accounts.", storageAccountName);
        addError(resultBuilder, String.format("Storage account with name %s not found in the given Azure subscription. %s", storageAccountName, getAdviceMessage(STORAGE_LOCATION, cloudIdentityType)));
        return;
    }
    List<RoleAssignmentInner> roleAssignments = client.listRoleAssignmentsByScopeInner(storageAccountIdOptional.get());
    ResourceId storageAccountResourceId = ResourceId.fromString(storageAccountIdOptional.get());
    boolean differentSubscriptions = !client.getCurrentSubscription().subscriptionId().equals(storageAccountResourceId.subscriptionId());
    List<RoleAssignmentInner> roleAssignmentsForSubscription = getRoleAssignmentsOfSubscription(roleAssignments, storageAccountResourceId.subscriptionId(), client, differentSubscriptions);
    for (Identity identity : identities) {
        validateRoleAssigmentAndScope(roleAssignmentsForSubscription, resultBuilder, identity, List.of(storageAccountName, storageAccountResourceId.resourceGroupName(), storageAccountResourceId.subscriptionId()), differentSubscriptions, cloudIdentityType);
    }
}
Also used : ResourceId(com.microsoft.azure.management.resources.fluentcore.arm.ResourceId) AdlsGen2Config(com.sequenceiq.cloudbreak.telemetry.fluent.cloud.AdlsGen2Config) RoleAssignmentInner(com.microsoft.azure.management.graphrbac.implementation.RoleAssignmentInner) Identity(com.microsoft.azure.management.msi.Identity)

Example 2 with RoleAssignmentInner

use of com.microsoft.azure.management.graphrbac.implementation.RoleAssignmentInner in project cloudbreak by hortonworks.

the class AzureIDBrokerObjectStorageValidator method validateObjectStorage.

public ValidationResult validateObjectStorage(AzureClient client, SpiFileSystem spiFileSystem, String logsLocationBase, String backupLocationBase, String singleResourceGroupName, ValidationResultBuilder resultBuilder) {
    LOGGER.info("Validating Azure identities...");
    List<CloudFileSystemView> cloudFileSystems = spiFileSystem.getCloudFileSystems();
    validateHierarchicalNamespace(client, spiFileSystem, logsLocationBase, backupLocationBase, resultBuilder);
    if (Objects.nonNull(cloudFileSystems) && cloudFileSystems.size() > 0) {
        for (CloudFileSystemView cloudFileSystemView : cloudFileSystems) {
            CloudAdlsGen2View cloudFileSystem = (CloudAdlsGen2View) cloudFileSystemView;
            String managedIdentityId = cloudFileSystem.getManagedIdentity();
            Identity identity = client.getIdentityById(managedIdentityId);
            CloudIdentityType cloudIdentityType = cloudFileSystem.getCloudIdentityType();
            if (identity != null) {
                if (ID_BROKER.equals(cloudIdentityType)) {
                    List<RoleAssignmentInner> roleAssignments;
                    Optional<ResourceGroup> singleResourceGroup;
                    if (singleResourceGroupName != null) {
                        ResourceGroup resourceGroup = client.getResourceGroup(singleResourceGroupName);
                        roleAssignments = client.listRoleAssignmentsByScopeInner(resourceGroup.id());
                        singleResourceGroup = Optional.of(resourceGroup);
                    } else {
                        roleAssignments = client.listRoleAssignments();
                        singleResourceGroup = Optional.empty();
                    }
                    validateIDBroker(client, roleAssignments, identity, cloudFileSystem, singleResourceGroup, resultBuilder);
                } else if (LOG.equals(cloudIdentityType)) {
                    validateLog(client, identity, logsLocationBase, resultBuilder);
                }
            } else {
                addError(resultBuilder, String.format("%s Identity with id %s does not exist in the given Azure subscription. %s", getIdentityType(cloudIdentityType), managedIdentityId, getAdviceMessage(IDENTITY, cloudIdentityType)));
            }
        }
    }
    return resultBuilder.build();
}
Also used : CloudFileSystemView(com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudFileSystemView) CloudAdlsGen2View(com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudAdlsGen2View) CloudIdentityType(com.sequenceiq.common.model.CloudIdentityType) Identity(com.microsoft.azure.management.msi.Identity) RoleAssignmentInner(com.microsoft.azure.management.graphrbac.implementation.RoleAssignmentInner) ResourceGroup(com.microsoft.azure.management.resources.ResourceGroup)

Aggregations

RoleAssignmentInner (com.microsoft.azure.management.graphrbac.implementation.RoleAssignmentInner)2 Identity (com.microsoft.azure.management.msi.Identity)2 ResourceGroup (com.microsoft.azure.management.resources.ResourceGroup)1 ResourceId (com.microsoft.azure.management.resources.fluentcore.arm.ResourceId)1 CloudAdlsGen2View (com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudAdlsGen2View)1 CloudFileSystemView (com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudFileSystemView)1 AdlsGen2Config (com.sequenceiq.cloudbreak.telemetry.fluent.cloud.AdlsGen2Config)1 CloudIdentityType (com.sequenceiq.common.model.CloudIdentityType)1