Beispiel #1
0
 private PSKeyVaultRoleAssignment[] FilterAssignments(PSKeyVaultRoleAssignment[] assignments)
 {
     if (!string.IsNullOrEmpty(RoleDefinitionName))
     {
         var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
                          .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
         RoleDefinitionId = definition?.Id;
     }
     if (!string.IsNullOrEmpty(SignInName))
     {
         var filter = new ADObjectFilterOptions()
         {
             UPN = SignInName
         };
         var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault();
         ObjectId = user?.Id.ToString();
     }
     if (!string.IsNullOrEmpty(ApplicationId))
     {
         var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase));
         var app        = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault();
         ObjectId = app?.ObjectId.ToString();
     }
     if (!string.IsNullOrEmpty(RoleDefinitionId))
     {
         assignments = assignments.Where(assignment => string.Equals(assignment.RoleDefinitionId, RoleDefinitionId, StringComparison.OrdinalIgnoreCase)).ToArray();
     }
     if (!string.IsNullOrEmpty(ObjectId))
     {
         assignments = assignments.Where(assignment => string.Equals(assignment.PrincipalId, ObjectId, StringComparison.OrdinalIgnoreCase)).ToArray();
     }
     return(assignments);
 }
Beispiel #2
0
        private string GetRoleAssignmentNameFromFilterParameters()
        {
            // convert definition name to id
            if (ParameterSetName == ParameterSet.DefinitionNameApplicationId ||
                ParameterSetName == ParameterSet.DefinitionNameObjectId ||
                ParameterSetName == ParameterSet.DefinitionNameSignInName)
            {
                var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
                                 .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
                if (definition == null)
                {
                    throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName));
                }
                RoleDefinitionId = definition.Id;
            }

            // convert user sign in name to object id
            if (ParameterSetName == ParameterSet.DefinitionIdSignInName ||
                ParameterSetName == ParameterSet.DefinitionNameSignInName)
            {
                var filter = new ADObjectFilterOptions()
                {
                    UPN = SignInName
                };
                var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault();
                if (user == null)
                {
                    throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName));
                }
                ObjectId = user.Id.ToString();
            }
            // convert service principal app id to object id
            if (ParameterSetName == ParameterSet.DefinitionIdApplicationId ||
                ParameterSetName == ParameterSet.DefinitionNameApplicationId)
            {
                var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase));
                var app        = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault();
                if (app == null)
                {
                    throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId));
                }
                ObjectId = app.ObjectId.ToString();
            }

            var roleAssignment = Track2DataClient.GetHsmRoleAssignments(HsmName, Scope)
                                 .FirstOrDefault(assignment => string.Equals(assignment.PrincipalId, ObjectId) && string.Equals(assignment.RoleDefinitionId, RoleDefinitionId));

            if (roleAssignment == null)
            {
                throw new Exception(Resources.RoleAssignmentNotFound);
            }
            else
            {
                return(roleAssignment.Name);
            }
        }
        public override void ExecuteCmdlet()
        {
            // convert definition name to id
            if (ParameterSetName == ParameterSet.DefinitionNameApplicationId ||
                ParameterSetName == ParameterSet.DefinitionNameObjectId ||
                ParameterSetName == ParameterSet.DefinitionNameSignInName)
            {
                var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
                                 .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
                if (definition == null)
                {
                    throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName));
                }
                RoleDefinitionId = definition.Id;
            }

            // convert user sign in name to object id
            if (ParameterSetName == ParameterSet.DefinitionIdSignInName ||
                ParameterSetName == ParameterSet.DefinitionNameSignInName)
            {
                var filter = new ADObjectFilterOptions()
                {
                    UPN = SignInName
                };
                var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault();
                if (user == null)
                {
                    throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName));
                }
                ObjectId = user.Id.ToString();
            }
            // convert service principal app id to object id
            if (ParameterSetName == ParameterSet.DefinitionIdApplicationId ||
                ParameterSetName == ParameterSet.DefinitionNameApplicationId)
            {
                var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase));
                var app        = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault();
                if (app == null)
                {
                    throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId));
                }
                ObjectId = app.ObjectId.ToString();
            }

            base.ConfirmAction(
                string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope),
                HsmName, () =>
            {
                PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId);
                GetAssignmentDetails(roleAssignment, HsmName, Scope);
                WriteObject(roleAssignment);
            });
        }