Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add paging to get around directoryObjects.getByIds limit of 1000 #132

Closed
amanohar opened this issue Apr 30, 2018 · 0 comments
Closed

Add paging to get around directoryObjects.getByIds limit of 1000 #132

amanohar opened this issue Apr 30, 2018 · 0 comments
Assignees
@amanohar

Comments

@amanohar
Copy link
Contributor

amanohar commented Apr 30, 2018
edited

When trying to detailed description of AAD membership groups using API getbyids: https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/v1.0/api/directoryobject_getbyids.md if AAD member has more than 1000 group memerships AAD returns:
image

Therefore, guard needs to do page queries to get details of all groups the user belong to. But getbyids does not support query options like $top and $expand and returns error:
image

So in this case guard cannot rely on AAD to do paging and needs to do paging itself to fetch membership group details from AAD.
amanohar added a commit to amanohar/guard that referenced this issue Apr 30, 2018
@amanohar
Add paging to get around directoryObjects.getByIds limit of 1000
51c03fe 
When trying to detailed description of AAD membership groups using API getbyids: https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/v1.0/api/directoryobject_getbyids.md if AAD member has more than 1000 group memerships

AAD returns:
    "code": "Request_BadRequest",
    "message": "Number of included identifiers cannot exceed '1000'.",

Therefore, guard needs to do page queries to get details of all groups the user belong to. But getbyids does not support query options like $top and $expand and returns error:

    "code": "Request_BadRequest",
    "message": "The following query options are not supported by this request method or cannot be applied to the requested resource: $filter,$expand,$orderby,$count,$inlinecount,$select,$skiptoken,$skip,$top"

So in this case guard cannot rely on AAD to do paging and needs to do paging itself to fetch membership group details from AAD.

Github issue: kubeguard#132
@amanohar amanohar mentioned this issue Apr 30, 2018
Merged
tamalsaha pushed a commit that referenced this issue May 4, 2018
@amanohar @tamalsaha
Add paging to get around directoryObjects.getByIds limit of 1000 (#133)
2b3b478 
* Add paging to get around directoryObjects.getByIds limit of 1000

When trying to detailed description of AAD membership groups using API getbyids: https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/v1.0/api/directoryobject_getbyids.md if AAD member has more than 1000 group memerships

AAD returns:
    "code": "Request_BadRequest",
    "message": "Number of included identifiers cannot exceed '1000'.",

Therefore, guard needs to do page queries to get details of all groups the user belong to. But getbyids does not support query options like $top and $expand and returns error:

    "code": "Request_BadRequest",
    "message": "The following query options are not supported by this request method or cannot be applied to the requested resource: $filter,$expand,$orderby,$count,$inlinecount,$select,$skiptoken,$skip,$top"

So in this case guard cannot rely on AAD to do paging and needs to do paging itself to fetch membership group details from AAD.

Github issue: #132
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amanohar amanohar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@amanohar