Merge pull request nccgroup#1504 from zachfey/bugfix/1503-fix-az-aad-…

…fetch-additional-users Update azure-mgmt-authorization
Talbane · May 29, 2023 · fc23d9d · fc23d9d
2 parents 73459b6 + a4f1722
commit fc23d9d
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 6 deletions.
diff --git a/ScoutSuite/providers/azure/facade/rbac.py b/ScoutSuite/providers/azure/facade/rbac.py
@@ -28,7 +28,8 @@ async def get_roles(self, subscription_id: str):
     async def get_role_assignments(self, subscription_id: str):
         try:
             client = self.get_client(subscription_id)
-            return await run_concurrently(lambda: list(client.role_assignments.list()))
+            scope = f'/subscriptions/{subscription_id}'
+            return await run_concurrently(lambda: list(client.role_assignments.list_for_scope(scope=scope)))
         except Exception as e:
             print_exception(f'Failed to retrieve role assignments: {e}')
             return []
diff --git a/ScoutSuite/providers/azure/resources/rbac/role_assignments.py b/ScoutSuite/providers/azure/resources/rbac/role_assignments.py
@@ -17,11 +17,11 @@ def _parse_role_assignment(self, raw_role_assignment):
         role_assignment_dict = {}
         role_assignment_dict['id'] = raw_role_assignment.name
         role_assignment_dict['name'] = raw_role_assignment.name
-        role_assignment_dict['role_definition_id'] = raw_role_assignment.properties.role_definition_id
+        role_assignment_dict['role_definition_id'] = raw_role_assignment.role_definition_id
         role_assignment_dict['type'] = raw_role_assignment.type
-        role_assignment_dict['scope'] = raw_role_assignment.properties.scope
-        role_assignment_dict['principal_id'] = raw_role_assignment.properties.principal_id
-        role_assignment_dict['principal_type'] = "None"
+        role_assignment_dict['scope'] = raw_role_assignment.scope
+        role_assignment_dict['principal_id'] = raw_role_assignment.principal_id
+        role_assignment_dict['principal_type'] = raw_role_assignment.principal_type
         role_assignment_dict['can_delegate'] = "None"
         role_assignment_dict['additional_properties'] = raw_role_assignment.additional_properties
         return role_assignment_dict['id'], role_assignment_dict
diff --git a/requirements.txt b/requirements.txt
@@ -44,7 +44,7 @@ azure-mgmt-network==17.1.0
 azure-mgmt-redis==12.0.0
 azure-mgmt-web==1.0.0
 azure-mgmt-compute==18.2.0
-azure-mgmt-authorization==1.0.0
+azure-mgmt-authorization==3.0.0
 azure-mgmt-rdbms==8.0.0
 
 msgraph-core==0.2.2