public override void ExecuteCmdlet() { PSRoleAssignment roleAssignment = null; FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinition = RoleDefinitionName, ADObjectFilter = new ADObjectFilterOptions { Mail = Mail, Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(), UPN = UserPrincipalName, SPN = ServicePrincipalName }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = CurrentContext.Subscription.Id.ToString() } }; ConfirmAction( Force.IsPresent, string.Format(ProjectResources.RemovingRoleAssignment, options.ADObjectFilter.ActiveFilter, options.Scope, options.RoleDefinition), ProjectResources.RemovingRoleAssignment, null, () => roleAssignment = PoliciesClient.RemoveRoleAssignment(options)); if (PassThru) { WriteObject(roleAssignment); } }
protected override void ProcessRecord() { PSRoleAssignment roleAssignment = null; FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinition = RoleDefinitionName, ADObjectFilter = new ADObjectFilterOptions { SignInName = SignInName, Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(), SPN = ServicePrincipalName }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.Context.Subscription.Id.ToString() }, ExcludeAssignmentsForDeletedPrincipals = false }; ConfirmAction( Force.IsPresent, string.Format(ProjectResources.RemovingRoleAssignment, options.ADObjectFilter.ActiveFilter, options.Scope, options.RoleDefinition), ProjectResources.RemovingRoleAssignment, null, () => roleAssignment = PoliciesClient.RemoveRoleAssignment(options)); if (PassThru) { WriteObject(roleAssignment); } }
public override void ExecuteCmdlet() { MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this); // Build the new Role assignment if (ParameterSetName == ParameterSet.InputFile) { string fileName = this.TryResolvePath(InputFile); if (!(new FileInfo(fileName)).Exists) { throw new PSArgumentException(string.Format("File {0} does not exist", fileName)); } try { InputObject = JsonConvert.DeserializeObject <PSRoleAssignment>(File.ReadAllText(fileName)); } catch (JsonException) { WriteVerbose("Deserializing the input role definition failed."); throw new Exception("Deserializing the input role assignment failed. Please confirm the file is properly formated"); } } // Build the Update Request var Subscription = DefaultProfile.DefaultContext.Subscription.Id; var scope = InputObject.Scope; var RoleAssignmentGUID = InputObject.RoleAssignmentId.GuidFromFullyQualifiedId(); FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = scope, RoleAssignmentId = RoleAssignmentGUID, ResourceIdentifier = new ResourceIdentifier() { Subscription = Subscription, } }; PSRoleAssignment fetchedRole = null; try { fetchedRole = PoliciesClient.FilterRoleAssignments(parameters, Subscription).First(); } catch (Exception) { fetchedRole = InputObject; } // Validate the request AuthorizationClient.ValidateScope(parameters.Scope, false); bool isValidRequest = true; // Check that only Description, Condition and ConditionVersion have been changed, if anything else is changed the whole request fails isValidRequest &= InputObject.RoleAssignmentId.Equals(fetchedRole.RoleAssignmentId); isValidRequest &= InputObject.Scope.Equals(fetchedRole.Scope, StringComparison.OrdinalIgnoreCase); isValidRequest &= InputObject.RoleDefinitionId.Equals(fetchedRole.RoleDefinitionId); isValidRequest &= InputObject.ObjectId.Equals(fetchedRole.ObjectId); isValidRequest &= InputObject.ObjectType.Equals(fetchedRole.ObjectType); isValidRequest &= InputObject.CanDelegate.Equals(fetchedRole.CanDelegate); if (!isValidRequest) { throw new ArgumentException("Changing a property other than 'Description', 'Condition' or 'Condition Version' is currently not supported."); } // If ConditionVersion is changed, validate it's in the allowed values var oldConditionVersion = string.IsNullOrWhiteSpace(fetchedRole.ConditionVersion)? Version.Parse("0.0") : Version.Parse(fetchedRole.ConditionVersion); var newConditionVersion = string.IsNullOrWhiteSpace(InputObject.ConditionVersion) ? Version.Parse("0.0") : Version.Parse(InputObject.ConditionVersion); // A condition version can change but currently we don't support downgrading to 1.0 // we only verify the change if it's a downgrade if ((oldConditionVersion > newConditionVersion) && (newConditionVersion.Major < 2)) { throw new ArgumentException("Condition version different than '2.0' is not supported for update operations"); } fetchedRole.Description = InputObject.Description; fetchedRole.Condition = InputObject.Condition; fetchedRole.ConditionVersion = InputObject.ConditionVersion; // Send Request ConfirmAction( string.Format(ProjectResources.UpdatingRoleAssignment, fetchedRole.RoleAssignmentId, fetchedRole.Scope, fetchedRole.RoleDefinitionName), fetchedRole.RoleAssignmentId, () => { var roleAssignments = PoliciesClient.UpdateRoleAssignment(fetchedRole); if (PassThru) { WriteObject(roleAssignments, enumerateCollection: true); } }); }
public override void ExecuteCmdlet() { MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this); if (ParameterSetName == ParameterSet.InputFile) { string fileName = this.TryResolvePath(InputFile); if (!(new FileInfo(fileName)).Exists) { throw new PSArgumentException(string.Format("File {0} does not exist", fileName)); } try { PSRoleAssignment RoleAssignment = JsonConvert.DeserializeObject <PSRoleAssignment>(File.ReadAllText(fileName)); this.ObjectId = RoleAssignment.ObjectId; this.ObjectType = RoleAssignment.ObjectType; this.ResourceType = RoleAssignment.ObjectType; this.Scope = RoleAssignment.Scope; Guid guid = Guid.Empty; Guid.TryParse(RoleAssignment.RoleDefinitionId, out guid); this.RoleDefinitionId = guid; this.Description = RoleAssignment.Description; this.Condition = RoleAssignment.Condition; this.ConditionVersion = RoleAssignment.ConditionVersion; } catch (JsonException) { WriteVerbose("Deserializing the input role assignment failed."); throw new Exception("Deserializing the input role assignment failed. Please confirm the file is properly formated"); } } if (string.IsNullOrEmpty(Condition) ^ string.IsNullOrEmpty(ConditionVersion)) { if (!string.IsNullOrEmpty(Condition)) { ConditionVersion = "2.0"; WriteDebug("-Condition was set but -ConditionVersion was not, defaulting to lowest publicly available version: '2.0'"); } else { WriteExceptionError(new ArgumentException("If -ConditionVersion is set -Condition can not be empty.")); return; } } // ensure that if ConditionVersion is empty in any way, it becomes null ConditionVersion = string.IsNullOrEmpty(ConditionVersion) ? null : string.IsNullOrWhiteSpace(ConditionVersion) ? null : ConditionVersion; var _conditionVersion = Version.Parse(ConditionVersion ?? "2.0"); if (_conditionVersion.Major < 2) { WriteExceptionError(new ArgumentException("Argument -ConditionVersion must be greater or equal than 2.0")); return; } FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, SPN = ApplicationId, Id = ObjectId, ObjectType = ObjectType, }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.DefaultContext.Subscription.Id, }, CanDelegate = AllowDelegation.IsPresent ? true : false, Description = Description, Condition = Condition, ConditionVersion = ConditionVersion, }; AuthorizationClient.ValidateScope(parameters.Scope, false); WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId)); }