Azure 使用 Java SDK 为 VM 分配角色

Question

I am writing a Java program that creates a VM and accesses files from a storage. However, I am having trouble to assign that VM the role "Storage contributor/owner", so that it can.

I currently have this code, but I'm not sure if it's what I need and also I don't know what to write at some places:

rbacManager = GraphRbacManager.authenticate( credentials );
rbacManager.roleAssignments()
           .define("roletest")
           // which object? and where to find the ID? 
           .forObjectId("/subscription/" + subscription + "?")
           .withBuiltInRole(com.microsoft.azure.management.graphrbac.BuiltInRole.STORAGE_ACCOUNT_CONTRIBUTOR)
           // what should go as resource scope?
           .withResourceScope(?)
           .createAsync();

Esentially I want to do this step in Java code:

Thank you in advance!

Answer 1

Regarding the issue, please refer to the following steps

1. Create a service principal and assign Owner Role to the sp

az login
az ad sp create-for-rbac -n "MyApp" --role "Owner"\
    --scopes /subscriptions/{SubID} \
    --sdk-auth    

2. project

a. sdk

<dependency>
      <groupId>com.azure.resourcemanager</groupId>
      <artifactId>azure-resourcemanager</artifactId>
      <version>2.0.0</version>
    </dependency>
    <dependency>
      <groupId>com.azure</groupId>
      <artifactId>azure-identity</artifactId>
      <version>1.2.0</version>
    </dependency>

b.code

 AzureProfile profile = new AzureProfile(AzureEnvironment.AZURE);
        String clientId="<sp appid>";
        String clientSecret="<sp password>";
        String tenant="";
        String subscriptionId=""
        TokenCredential credential = new ClientSecretCredentialBuilder()
                .clientId(clientId)
                .clientSecret(clientSecret)
                .authorityHost(profile.getEnvironment().getActiveDirectoryEndpoint())
                .tenantId(tenant)
                .build();
        AzureResourceManager azureResourceManager = AzureResourceManager
                .configure()
                .withLogLevel(HttpLogDetailLevel.BASIC)
                .authenticate(credential, profile)
                .withSubscription(subscriptionId);
        // get storage account
        String accountGroup="";
        String accountName="";
        StorageAccount account = azureResourceManager.storageAccounts().getByResourceGroup(accountGroup,accountName);
        // get vm
        String vmGroup="";
        String vmName="test";
        VirtualMachine virtualMachine = azureResourceManager.virtualMachines().getByResourceGroup(vmGroup,vmName);
        virtualMachine.update()
                .withSystemAssignedManagedServiceIdentity()
                .withSystemAssignedIdentityBasedAccessTo(account.id(), BuiltInRole.fromString("Storage Blob Data Owner"))
                .apply();

    }