Skip to content

Commit

Permalink
fix(azure): iam policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@ioito
ioito committed Nov 20, 2024
1 parent 1c33059 commit ee859d5
Show file tree
Hide file tree
Showing 9 changed files with 200 additions and 460 deletions.
4 changes: 3 additions & 1 deletion pkg/multicloud/azure/azure.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -468,7 +468,7 @@ func (self *SAzureClient) _apiVersion(resource string, params url.Values) string
} else if utils.IsInStringArray("microsoft.insights", info) {
return "2017-03-01-preview"
} else if utils.IsInStringArray("microsoft.authorization", info) {
return "2018-01-01-preview"
return "2022-04-01"
} else if utils.IsInStringArray("microsoft.cache", info) {
if utils.IsInStringArray("redisenterprise", info) {
return "2021-03-01"
Expand Down Expand Up @@ -675,12 +675,14 @@ type sMessage struct {
Lang string
Value string
}

type sOdataError struct {
Code string
Message sMessage
RequestId string
Date time.Time
}

type AzureResponseError struct {
OdataError sOdataError `json:"odata.error"`
AzureError AzureError `json:"error"`
Expand Down
19 changes: 14 additions & 5 deletions pkg/multicloud/azure/azure_v2.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"yunion.io/x/cloudmux/pkg/cloudprovider"
"yunion.io/x/jsonutils"
"yunion.io/x/pkg/errors"
"yunion.io/x/pkg/gotypes"
"yunion.io/x/pkg/util/httputils"
)

Expand Down Expand Up @@ -151,24 +152,32 @@ func (self *SAzureClient) _request_v2(service string, method httputils.THttpMeth
if err != nil {
return nil, err
}
if gotypes.IsNil(resp) {
return jsonutils.NewDict(), nil
}
if !resp.Contains("value") {
return resp, nil
}
part := struct {
Value []jsonutils.JSONObject
NextLink string
Value []jsonutils.JSONObject
NextLink string
OdataNextLink string `json:"@odata.nextLink"`
}{}
err = resp.Unmarshal(&part)
if err != nil {
return nil, errors.Wrapf(err, "resp.Unmarshal")
}
value = append(value, part.Value...)
if len(part.Value) == 0 || len(part.NextLink) == 0 {
if len(part.Value) == 0 || (len(part.NextLink) == 0 && len(part.OdataNextLink) == 0) {
break
}
link, err := url.Parse(part.NextLink)
nextLink := part.NextLink
if len(nextLink) == 0 {
nextLink = part.OdataNextLink
}
link, err := url.Parse(nextLink)
if err != nil {
return nil, errors.Wrapf(err, "url.Parse(%s)", part.NextLink)
return nil, errors.Wrapf(err, "url.Parse(%s)", nextLink)
}
token := ""
for _, key := range []string{"$skipToken", "$skiptoken"} {
Expand Down
21 changes: 8 additions & 13 deletions pkg/multicloud/azure/cloudgroup.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,13 @@ func (group *SCloudgroup) GetDescription() string {
}

func (group *SCloudgroup) GetICloudpolicies() ([]cloudprovider.ICloudpolicy, error) {
policies, err := group.client.GetCloudpolicies(group.Id)
policies, err := group.client.GetPrincipalPolicy(group.Id)
if err != nil {
return nil, errors.Wrapf(err, "GetCloudpolicies(%s)", group.Id)
}
ret := []cloudprovider.ICloudpolicy{}
for i := range policies {
ret = append(ret, &policies[i])
ret = append(ret, &SCloudpolicy{Id: policies[i].RoleDefinitionId})
}
return ret, nil
}
Expand All @@ -87,22 +87,17 @@ func (group *SCloudgroup) RemoveUser(name string) error {
}

func (group *SCloudgroup) AttachPolicy(policyId string, policyType api.TPolicyType) error {
return group.client.AssignPolicy(group.Id, policyId, "")
return group.client.AssignPolicy(group.Id, policyId)
}

func (group *SCloudgroup) DetachPolicy(policyId string, policyType api.TPolicyType) error {
assignments, err := group.client.GetAssignments(group.Id)
policys, err := group.client.GetPrincipalPolicy(group.Id)
if err != nil {
return errors.Wrapf(err, "GetAssignments(%s)", group.Id)
return err
}
for _, assignment := range assignments {
role, err := group.client.GetRole(assignment.Properties.RoleDefinitionId)
if err != nil {
return errors.Wrapf(err, "GetRule(%s)", assignment.Properties.RoleDefinitionId)
}
if role.Properties.RoleName == policyId {
_, err := group.client._delete_v2(SERVICE_GRAPH, assignment.Id, "")
return err
for _, policy := range policys {
if policy.RoleDefinitionId == policyId {
return group.client.DeletePrincipalPolicy(policy.Id)
}
}
return nil
Expand Down
203 changes: 0 additions & 203 deletions pkg/multicloud/azure/cloudpolicy.go
View file

This file was deleted.

27 changes: 8 additions & 19 deletions pkg/multicloud/azure/clouduser.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,40 +103,29 @@ func (user *SClouduser) GetInviteUrl() string {
}

func (user *SClouduser) GetICloudpolicies() ([]cloudprovider.ICloudpolicy, error) {
policies, err := user.client.GetCloudpolicies(user.Id)
policies, err := user.client.GetPrincipalPolicy(user.Id)
if err != nil {
return nil, errors.Wrapf(err, "GetCloudpolicies(%s)", user.Id)
}
ret := []cloudprovider.ICloudpolicy{}
for i := range policies {
ret = append(ret, &policies[i])
ret = append(ret, &SCloudpolicy{Id: policies[i].RoleDefinitionId})
}
return ret, nil
}

func (user *SClouduser) AttachPolicy(policyId string, policyType api.TPolicyType) error {
for _, subscription := range user.client.subscriptions {
err := user.client.AssignPolicy(user.Id, policyId, subscription.SubscriptionId)
if err != nil {
return errors.Wrapf(err, "AssignPolicy for subscription %s", subscription.SubscriptionId)
}
}
return nil
return user.client.AssignPolicy(user.Id, policyId)
}

func (user *SClouduser) DetachPolicy(policyId string, policyType api.TPolicyType) error {
assignments, err := user.client.GetAssignments(user.Id)
policys, err := user.client.GetPrincipalPolicy(user.Id)
if err != nil {
return errors.Wrapf(err, "GetAssignments(%s)", user.Id)
return err
}
for _, assignment := range assignments {
role, err := user.client.GetRole(assignment.Properties.RoleDefinitionId)
if err != nil {
return errors.Wrapf(err, "GetRule(%s)", assignment.Properties.RoleDefinitionId)
}
if role.Properties.RoleName == policyId {
_, err := user.client._delete_v2(SERVICE_GRAPH, assignment.Id, "")
return err
for _, policy := range policys {
if policy.RoleDefinitionId == policyId {
return user.client.DeletePrincipalPolicy(policy.Id)
}
}
return nil
Expand Down
Loading

0 comments on commit ee859d5

Please sign in to comment.