fix keyvault sample (#255)

graphrbac/graph.go

@@ -2,6 +2,7 @@ package graphrbac
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	"github.com/Azure-Samples/azure-sdk-for-go-samples/internal/config"
@@ -113,3 +114,17 @@ func DeleteADGroup(ctx context.Context, groupObjID string) (autorest.Response, e
 	groupClient := getADGroupsClient()
 	return groupClient.Delete(ctx, groupObjID)
 }
+
+// GetServicePrincipalObjectID returns the service principal object ID for the specified client ID.
+func GetServicePrincipalObjectID(ctx context.Context, clientID string) (string, error) {
+	spClient := getServicePrincipalsClient()
+	page, err := spClient.List(ctx, fmt.Sprintf("servicePrincipalNames/any(c:c eq '%s')", clientID))
+	if err != nil {
+		return "", err
+	}
+	servicePrincipals := page.Values()
+	if len(servicePrincipals) == 0 {
+		return "", fmt.Errorf("didn't find any service principals for client ID %s", clientID)
+	}
+	return *servicePrincipals[0].ObjectID, nil
+}

keyvault/vault.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault"
 
+	"github.com/Azure-Samples/azure-sdk-for-go-samples/graphrbac"
 	"github.com/Azure-Samples/azure-sdk-for-go-samples/internal/config"
 	"github.com/Azure-Samples/azure-sdk-for-go-samples/internal/iam"
 	"github.com/Azure/go-autorest/autorest"
@@ -113,7 +114,10 @@ func SetVaultPermissions(ctx context.Context, vaultName string) (keyvault.Vault,
 		return keyvault.Vault{}, err
 	}
 
-	clientID := config.ClientID()
+	objectID, err := graphrbac.GetServicePrincipalObjectID(ctx, config.ClientID())
+	if err != nil {
+		return keyvault.Vault{}, err
+	}
 
 	return vaultsClient.CreateOrUpdate(
 		ctx,
@@ -129,7 +133,7 @@ func SetVaultPermissions(ctx context.Context, vaultName string) (keyvault.Vault,
 				},
 				AccessPolicies: &[]keyvault.AccessPolicyEntry{
 					{
-						ObjectID: &clientID,
+						ObjectID: &objectID,
 						TenantID: &tenantID,
 						Permissions: &keyvault.Permissions{
 							Keys: &[]keyvault.KeyPermissions{