我正在尝试创建一个AD安全组并将所有者添加到该组。我在python中执行它。
我可以创建该组,但无法将所有者添加到该组。我正在使用服务主体来执行此操作。
以下是我的代码
from azure.graphrbac import GraphRbacManagementClient
from azure.common.credentials import ServicePrincipalCredentials
from azure.graphrbac.models import GroupCreateParameters, GroupAddMemberParameters
credentials = ServicePrincipalCredentials(
client_id="service_principal",
secret="keyof_service_principal",
resource="https://graph.windows.net",
tenant = ''
)
tenant_id = ""
graphrbac_client = GraphRbacManagementClient(
credentials,
tenant_id
)
group = GroupCreateParameters(display_name="GroupName", mail_nickname="GroupMail-at-microsoft.com")
graphrbac_client.groups.create(group)
但是当我尝试执行add_owner时,它会抛出一个错误。
graphrbac_client.groups.add_owner(groupId, owner)
Traceback (most recent call last):
File "<stdin>", line 1, in <module> AttributeError: 'GroupsOperations' object has no attribute 'add_owner'
>>> dir(graphrbac_client.groups)
['__class__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__hash__', '__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_client', '_deserialize', '_serialize', 'add_member', 'api_version', 'config', 'create', 'delete', 'get', 'get_group_members', 'get_member_groups', 'is_member_of', 'list', 'models', 'remove_member']
我在dir中没有看到add_owner。
谢谢,
这就是诀窍,
我安装了带有版本0.40的graphrbac的azure模块
$pip freeze | grep rbac
azure-graphrbac==0.40.0
检查azure-graphrbac当前版本是0.60
我不得不单独卸载azure-graphrbac并使用pip重新安装当前版本。这解决了这个问题。
虽然它抛出了一个与azure模块不兼容的错误,但我现在还不认为这是一个问题。
azure 4.0.0 has requirement azure-graphrbac~=0.40.0, but you'll have azure-graphrbac 0.60.0 which is incompatible.