Ejemplo n.º 1
0
        public override void ExecuteCmdlet()
        {
            PSRoleAssignment             roleAssignment = null;
            FilterRoleAssignmentsOptions options        = new FilterRoleAssignmentsOptions()
            {
                Scope          = Scope,
                RoleDefinition = RoleDefinitionName,
                ADObjectFilter = new ADObjectFilterOptions
                {
                    Mail = Mail,
                    Id   = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
                    UPN  = UserPrincipalName,
                    SPN  = ServicePrincipalName
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource    = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName      = ResourceName,
                    ResourceType      = ResourceType,
                    Subscription      = CurrentContext.Subscription.Id.ToString()
                }
            };

            ConfirmAction(
                Force.IsPresent,
                string.Format(ProjectResources.RemovingRoleAssignment,
                              options.ADObjectFilter.ActiveFilter,
                              options.Scope,
                              options.RoleDefinition),
                ProjectResources.RemovingRoleAssignment,
                null,
                () => roleAssignment = PoliciesClient.RemoveRoleAssignment(options));

            if (PassThru)
            {
                WriteObject(roleAssignment);
            }
        }
Ejemplo n.º 2
0
        protected override void ProcessRecord()
        {
            PSRoleAssignment             roleAssignment = null;
            FilterRoleAssignmentsOptions options        = new FilterRoleAssignmentsOptions()
            {
                Scope          = Scope,
                RoleDefinition = RoleDefinitionName,
                ADObjectFilter = new ADObjectFilterOptions
                {
                    SignInName = SignInName,
                    Id         = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
                    SPN        = ServicePrincipalName
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource    = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName      = ResourceName,
                    ResourceType      = ResourceType,
                    Subscription      = DefaultProfile.Context.Subscription.Id.ToString()
                },
                ExcludeAssignmentsForDeletedPrincipals = false
            };

            ConfirmAction(
                Force.IsPresent,
                string.Format(ProjectResources.RemovingRoleAssignment,
                              options.ADObjectFilter.ActiveFilter,
                              options.Scope,
                              options.RoleDefinition),
                ProjectResources.RemovingRoleAssignment,
                null,
                () => roleAssignment = PoliciesClient.RemoveRoleAssignment(options));

            if (PassThru)
            {
                WriteObject(roleAssignment);
            }
        }
Ejemplo n.º 3
0
        public override void ExecuteCmdlet()
        {
            MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);

            // Build the new Role assignment
            if (ParameterSetName == ParameterSet.InputFile)
            {
                string fileName = this.TryResolvePath(InputFile);
                if (!(new FileInfo(fileName)).Exists)
                {
                    throw new PSArgumentException(string.Format("File {0} does not exist", fileName));
                }

                try
                {
                    InputObject = JsonConvert.DeserializeObject <PSRoleAssignment>(File.ReadAllText(fileName));
                }
                catch (JsonException)
                {
                    WriteVerbose("Deserializing the input role definition failed.");
                    throw new Exception("Deserializing the input role assignment failed. Please confirm the file is properly formated");
                }
            }

            // Build the Update Request
            var Subscription       = DefaultProfile.DefaultContext.Subscription.Id;
            var scope              = InputObject.Scope;
            var RoleAssignmentGUID = InputObject.RoleAssignmentId.GuidFromFullyQualifiedId();

            FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
            {
                Scope              = scope,
                RoleAssignmentId   = RoleAssignmentGUID,
                ResourceIdentifier = new ResourceIdentifier()
                {
                    Subscription = Subscription,
                }
            };
            PSRoleAssignment fetchedRole = null;

            try
            {
                fetchedRole = PoliciesClient.FilterRoleAssignments(parameters, Subscription).First();
            }
            catch (Exception)
            {
                fetchedRole = InputObject;
            }

            // Validate the request
            AuthorizationClient.ValidateScope(parameters.Scope, false);
            bool isValidRequest = true;

            // Check that only Description, Condition and ConditionVersion have been changed, if anything else is changed the whole request fails
            isValidRequest &= InputObject.RoleAssignmentId.Equals(fetchedRole.RoleAssignmentId);
            isValidRequest &= InputObject.Scope.Equals(fetchedRole.Scope, StringComparison.OrdinalIgnoreCase);
            isValidRequest &= InputObject.RoleDefinitionId.Equals(fetchedRole.RoleDefinitionId);
            isValidRequest &= InputObject.ObjectId.Equals(fetchedRole.ObjectId);
            isValidRequest &= InputObject.ObjectType.Equals(fetchedRole.ObjectType);
            isValidRequest &= InputObject.CanDelegate.Equals(fetchedRole.CanDelegate);

            if (!isValidRequest)
            {
                throw new ArgumentException("Changing a property other than 'Description', 'Condition' or 'Condition Version' is currently not supported.");
            }

            // If ConditionVersion is changed, validate it's in the allowed values

            var oldConditionVersion = string.IsNullOrWhiteSpace(fetchedRole.ConditionVersion)? Version.Parse("0.0") : Version.Parse(fetchedRole.ConditionVersion);
            var newConditionVersion = string.IsNullOrWhiteSpace(InputObject.ConditionVersion) ? Version.Parse("0.0") : Version.Parse(InputObject.ConditionVersion);

            // A condition version can change but currently we don't support downgrading to 1.0
            // we only verify the change if it's a downgrade
            if ((oldConditionVersion > newConditionVersion) && (newConditionVersion.Major < 2))
            {
                throw new ArgumentException("Condition version different than '2.0' is not supported for update operations");
            }
            fetchedRole.Description      = InputObject.Description;
            fetchedRole.Condition        = InputObject.Condition;
            fetchedRole.ConditionVersion = InputObject.ConditionVersion;

            // Send Request
            ConfirmAction(
                string.Format(ProjectResources.UpdatingRoleAssignment, fetchedRole.RoleAssignmentId, fetchedRole.Scope, fetchedRole.RoleDefinitionName),
                fetchedRole.RoleAssignmentId,
                () =>
            {
                var roleAssignments = PoliciesClient.UpdateRoleAssignment(fetchedRole);
                if (PassThru)
                {
                    WriteObject(roleAssignments, enumerateCollection: true);
                }
            });
        }
Ejemplo n.º 4
0
        public override void ExecuteCmdlet()
        {
            MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);

            if (ParameterSetName == ParameterSet.InputFile)
            {
                string fileName = this.TryResolvePath(InputFile);
                if (!(new FileInfo(fileName)).Exists)
                {
                    throw new PSArgumentException(string.Format("File {0} does not exist", fileName));
                }

                try
                {
                    PSRoleAssignment RoleAssignment = JsonConvert.DeserializeObject <PSRoleAssignment>(File.ReadAllText(fileName));

                    this.ObjectId     = RoleAssignment.ObjectId;
                    this.ObjectType   = RoleAssignment.ObjectType;
                    this.ResourceType = RoleAssignment.ObjectType;
                    this.Scope        = RoleAssignment.Scope;
                    Guid guid = Guid.Empty;
                    Guid.TryParse(RoleAssignment.RoleDefinitionId, out guid);
                    this.RoleDefinitionId = guid;
                    this.Description      = RoleAssignment.Description;
                    this.Condition        = RoleAssignment.Condition;
                    this.ConditionVersion = RoleAssignment.ConditionVersion;
                }
                catch (JsonException)
                {
                    WriteVerbose("Deserializing the input role assignment failed.");
                    throw new Exception("Deserializing the input role assignment failed. Please confirm the file is properly formated");
                }
            }
            if (string.IsNullOrEmpty(Condition) ^ string.IsNullOrEmpty(ConditionVersion))
            {
                if (!string.IsNullOrEmpty(Condition))
                {
                    ConditionVersion = "2.0";
                    WriteDebug("-Condition was set but -ConditionVersion was not, defaulting to lowest publicly available version: '2.0'");
                }
                else
                {
                    WriteExceptionError(new ArgumentException("If -ConditionVersion is set -Condition can not be empty."));
                    return;
                }
            }
            // ensure that if ConditionVersion is empty in any way, it becomes null
            ConditionVersion = string.IsNullOrEmpty(ConditionVersion) ? null : string.IsNullOrWhiteSpace(ConditionVersion) ? null : ConditionVersion;
            var _conditionVersion = Version.Parse(ConditionVersion ?? "2.0");

            if (_conditionVersion.Major < 2)
            {
                WriteExceptionError(new ArgumentException("Argument -ConditionVersion must be greater or equal than 2.0"));
                return;
            }
            FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
            {
                Scope = Scope,
                RoleDefinitionName = RoleDefinitionName,
                RoleDefinitionId   = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
                ADObjectFilter     = new ADObjectFilterOptions
                {
                    UPN        = SignInName,
                    SPN        = ApplicationId,
                    Id         = ObjectId,
                    ObjectType = ObjectType,
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource    = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName      = ResourceName,
                    ResourceType      = ResourceType,
                    Subscription      = DefaultProfile.DefaultContext.Subscription.Id,
                },
                CanDelegate      = AllowDelegation.IsPresent ? true : false,
                Description      = Description,
                Condition        = Condition,
                ConditionVersion = ConditionVersion,
            };

            AuthorizationClient.ValidateScope(parameters.Scope, false);

            WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId));
        }