python-3.x - 无法在 python 中迭代 Azure ADGroupPaged 对象

Question

使用 python3 进行实验以列出 AD 组，但在尝试循环 ADPagedGroup 类时被错误阻止...使用了 azure=4.0.0 和 azure-graphrbac=0.61.0 的包

我尝试过使用 2 个版本的 azure-graphrbac 0.40.0，因为这是 azure 4.0.0 所需要的，而使用 0.61.0 时，无论哪种方式都会出错。

这些_groups 是 ADGroupPaged 的一种类型，但微软网站上没有对我有意义的示例或文档。

在下面的代码中，我尝试了迭代对象这些_groups的各种排列

# ./adal_test1.py ## piece of shoe

from azure.common.credentials import get_azure_cli_credentials
from azure.graphrbac import GraphRbacManagementClient
from azure.common.credentials import ServicePrincipalCredentials
from azure.graphrbac.models import GroupCreateParameters, GroupAddMemberParameters   

# client_id, secret and tenant_id defined in list, but redacted here

credentials = ServicePrincipalCredentials(
    client_id=client_id,
    secret=secret,
    tenant=tenant_id
)

try:
    these_groups = graphrbac_client.groups.list()

except expression as identifier:
    print('Huh, why?')

finally:
    for a in vars(these_groups):
        print("DEBUG: VAR::",a)

    for b in these_groups:
    #also    these_groups.list:
    # "           "      .list():
    # "           "      .list():
    # "           "      ._get_next:
    # "           "      .current_page:   # NOTHING RETURNED
       print('DEBUG: B is::',b)           # <-- we NEVER make it here
       for c in vars(b):
            print('DEBUG: LOOP LIST::',c)

pip3 adal_test1.py的结果

VAR: _async_get_next
VAR: next_link
VAR: _current_page_iter_index
VAR: current_page
VAR: _derserializer
VAR: _get_next
VAR: _response
VAR: _raw_headers
Traceback (most recent call last):
  File "adal_test1.py", line 50, in <module>
    for b in these_groups:
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/msrest/paging.py", line 143, in __next__
    self.advance_page()
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/msrest/paging.py", line 129, in advance_page
    self._response = self._get_next(self.next_link)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/azure/graphrbac/operations/groups_operations.py", line 306, in internal_paging

只想引用返回的每个 AD 组，但无法弄清楚如何使用 Paged对象。

失败样本

for b in these_groups._get_next:
     TypeError: 'function' object is not iterable

for b in these_groups:
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/msrest/paging.py", line 143, in __next__
    self.advance_page()
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/msrest/paging.py", line 129, in advance_page
    self._response = self._get_next(self.next_link)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/azure/graphrbac/operations/groups_operations.py", line 306, in internal_paging
    url = self._client.format_url(url, **path_format_arguments)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/msrest/service_client.py", line 155, in format_url
    base = self.config.base_url.format(**kwargs).rstrip('/')
AttributeError: 'tuple' object has no attribute 'format'

    for b in these_groups.list:
AttributeError: 'ADGroupPaged' object has no attribute 'list'

有趣的是，使用方法 current_page 和 next_link 时，没有返回任何内容，

Answer 1

事实证明我的问题的解决方案非常简单，只是在任何 MS 文档或其他(我能找到的)中并不明显

两个变化:

1) 强制。对于 ActiveDirectory 调用，ServicePrincipalCredentials 构造需要专门设置为 graph.windows.net

的资源参数

例如

resource_adgraph = "https://graph.windows.net"
credentials = ServicePrincipalCredentials(
    client_id=client_id,
    secret=secret,
    tenant=tenant_id,
    resource=resource_adgraph
)

graphrbac_client = GraphRbacManagementClient( 
    credentials, 
    tenant_id
)

2) 可选。导入 ADGroup 类

from azure.graphrbac.models import GroupCreateParameters, GroupAddMemberParameters, GetObjectsParameters, ADGroup

新输出:相关名称已编辑

. . .
DEBUG: VAR:: _async_get_next
DEBUG: VAR:: next_link
DEBUG: VAR:: _current_page_iter_index
DEBUG: VAR:: current_page
DEBUG: VAR:: _derserializer
DEBUG: VAR:: _get_next
DEBUG: VAR:: _response
DEBUG: VAR:: _raw_headers
DEBUG: B is:: {'additional_properties': {'dirSyncEnabled': None, 'onPremisesDomainName': None, 'odata.type': 'Microsoft.DirectoryServices.Group', 'onPremisesSamAccountName': None, 'provisioningErrors': [], 'proxyAddresses': [], 'description': None, 'onPremisesSecurityIdentifier': None, 'lastDirSyncTime': None, 'onPremisesNetBiosName': None}, 'object_id': '04b__VALUE_REDACTED__43e', 'deletion_timestamp': None, 'object_type': 'Group', 'display_name': '__VALUE_REDACTED__', 'mail_enabled': False, 'mail_nickname': '__VALUE_REDACTED__', 'security_enabled': True, 'mail': None}
RAW ADGraph object:  __GROUP__NAME__REDACTED__
DEBUG: LOOP LIST:: additional_properties
DEBUG: LOOP LIST:: object_id
DEBUG: LOOP LIST:: deletion_timestamp
DEBUG: LOOP LIST:: object_type
DEBUG: LOOP LIST:: display_name
DEBUG: LOOP LIST:: mail_enabled
DEBUG: LOOP LIST:: mail_nickname
DEBUG: LOOP LIST:: security_enabled
DEBUG: LOOP LIST:: mail
. . . [snip] . . .