/// <summary>
        /// Updates a role assignment.
        /// </summary>
        /// <param name="roleAssignment">The role assignment to update.</param>
        /// <returns>The updated role assignment.</returns>
        public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment)
        {
            string principalId             = roleAssignment.ObjectId;
            var    roleAssignmentGuidIndex = roleAssignment.RoleAssignmentId.LastIndexOf("/");
            var    roleAssignmentId        = roleAssignmentGuidIndex != -1 ? roleAssignment.RoleAssignmentId.Substring(roleAssignmentGuidIndex + 1) : roleAssignment.RoleAssignmentId;
            string scope            = roleAssignment.Scope;
            string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId);
            var    Description      = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description;
            var    Condition        = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition;
            var    ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion;
            var    createParameters = new RoleAssignmentCreateParameters
            {
                PrincipalId      = principalId.ToString(),
                RoleDefinitionId = roleDefinitionId,
                PrincipalType    = roleAssignment.ObjectType,
                CanDelegate      = roleAssignment.CanDelegate,
                Description      = Description,
                Condition        = Condition,
                ConditionVersion = ConditionVersion
            };

            RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
                scope, roleAssignmentId, createParameters);
            var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient);

            return(PSRoleAssignment);
        }
        /// <summary>
        /// Updates a role assignment.
        /// </summary>
        /// <param name="roleAssignment">The role assignment to update.</param>
        /// <returns>The updated role assignment.</returns>
        public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment)
        {
            string principalType;

            // check added in case Set-AzRoleAssignment is called as a create operation but the user didn't add the object type
            if (roleAssignment.ObjectType == null)
            {
                PSADObject asignee = ActiveDirectoryClient.GetADObject(new ADObjectFilterOptions()
                {
                    Id = roleAssignment.ObjectId
                });

                if (asignee == null)
                {
                    throw new ArgumentException("No AD object could be found with current parameters, please confirm the information provided is correct and try again");
                }

                principalType = asignee is PSADUser ? "User" : asignee is PSADServicePrincipal ? "ServicePrincipal" : asignee is PSADGroup ? "Group" : null;
            }
            else
            {
                principalType = roleAssignment.ObjectType;
            }

            string principalId             = roleAssignment.ObjectId;
            var    roleAssignmentGuidIndex = roleAssignment.RoleAssignmentId.LastIndexOf("/");
            var    roleAssignmentId        = roleAssignmentGuidIndex != -1 ? roleAssignment.RoleAssignmentId.Substring(roleAssignmentGuidIndex + 1) : roleAssignment.RoleAssignmentId;
            string scope            = roleAssignment.Scope;
            string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId);
            var    Description      = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description;
            var    Condition        = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition;
            var    ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion;

            var createParameters = new RoleAssignmentCreateParameters
            {
                PrincipalId      = principalId.ToString(),
                RoleDefinitionId = roleDefinitionId,
                PrincipalType    = principalType,
                CanDelegate      = roleAssignment.CanDelegate,
                Description      = Description,
                Condition        = Condition,
                ConditionVersion = ConditionVersion
            };

            RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
                scope, roleAssignmentId, createParameters);
            var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient);

            return(PSRoleAssignment);
        }
Exemple #3
0
        /// <summary>
        /// Deletes a role assignments based on the used options.
        /// </summary>
        /// <param name="options">The role assignment filtering options</param>
        /// <returns>The deleted role assignments</returns>
        public PSRoleAssignment RemoveRoleAssignment(FilterRoleAssignmentsOptions options)
        {
            PSRoleAssignment roleAssignment = FilterRoleAssignments(options).FirstOrDefault();

            if (roleAssignment != null)
            {
                AuthorizationManagementClient.RoleAssignments.DeleteById(roleAssignment.RoleAssignmentId);
            }
            else
            {
                throw new KeyNotFoundException("The provided information does not map to a role assignment.");
            }

            return(roleAssignment);
        }
Exemple #4
0
        /// <summary>
        /// Updates a role assignment.
        /// </summary>
        /// <param name="roleAssignment">The role assignment to update.</param>
        /// <returns>The updated role assignment.</returns>
        public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment)
        {
            string principalType = null;

            // check added in case Set-AzRoleAssignment is called as a create operation but the user didn't add the object type
            if (roleAssignment.ObjectType == null)
            {
                var asignee = ActiveDirectoryClient.GetObjectsByObjectId(new List <string> {
                    roleAssignment.ObjectId
                }).SingleOrDefault();

                if (!(asignee is PSErrorHelperObject) && asignee.Type != null)
                {
                    principalType = asignee.Type;
                }
            }
            else
            {
                principalType = roleAssignment.ObjectType;
            }

            string principalId             = roleAssignment.ObjectId;
            var    roleAssignmentGuidIndex = roleAssignment.RoleAssignmentId.LastIndexOf("/");
            var    roleAssignmentId        = roleAssignmentGuidIndex != -1 ? roleAssignment.RoleAssignmentId.Substring(roleAssignmentGuidIndex + 1) : roleAssignment.RoleAssignmentId;
            string scope            = roleAssignment.Scope;
            string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId);
            var    Description      = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description;
            var    Condition        = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition;
            var    ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion;
            var    createParameters = new RoleAssignmentCreateParameters
            {
                PrincipalId      = principalId.ToString(),
                RoleDefinitionId = roleDefinitionId,
                PrincipalType    = principalType,
                CanDelegate      = roleAssignment.CanDelegate,
                Description      = Description,
                Condition        = Condition,
                ConditionVersion = ConditionVersion
            };

            RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
                scope, roleAssignmentId, createParameters);
            var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient);

            return(PSRoleAssignment);
        }
        /// <summary>
        /// Deletes a role assignments based on the used options.
        /// </summary>
        /// <param name="options">The role assignment filtering options</param>
        /// <returns>The deleted role assignments</returns>
        public PSRoleAssignment RemoveRoleAssignment(FilterRoleAssignmentsOptions options)
        {
            // Match role assignments at exact scope. At most 1 roleAssignment should match the criteria
            PSRoleAssignment roleAssignment = FilterRoleAssignments(options, currentSubscription: string.Empty)
                                              .Where(ra => ra.Scope == options.Scope.TrimEnd('/'))
                                              .FirstOrDefault();

            if (roleAssignment != null)
            {
                AuthorizationManagementClient.RoleAssignments.DeleteById(roleAssignment.RoleAssignmentId);
            }
            else
            {
                throw new KeyNotFoundException("The provided information does not map to a role assignment.");
            }

            return(roleAssignment);
        }
Exemple #6
0
        /// <summary>
        /// Updates a role assignment.
        /// </summary>
        /// <param name="roleAssignment">The role assignment to update.</param>
        /// <returns>The updated role assignment.</returns>
        public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment)
        {
            string principalType = null;

            // check added in case Set-AzRoleAssignment is called as a create operation but the user didn't add the object type
            if (string.IsNullOrEmpty(roleAssignment.ObjectType))
            {
                try
                {
                    var assignee = ActiveDirectoryClient.GetObjectByObjectId(roleAssignment.ObjectId);
                    principalType = assignee?.Type;
                }
                catch
                {
                    // Ignore
                }
            }
            else
            {
                principalType = roleAssignment.ObjectType;
            }

            string principalId      = roleAssignment.ObjectId;
            var    roleAssignmentId = roleAssignment.RoleAssignmentId.GuidFromFullyQualifiedId();
            string scope            = roleAssignment.Scope;
            string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId);
            var    Description      = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description;
            var    Condition        = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition;
            var    ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion;
            var    createParameters = new RoleAssignmentCreateParameters
            {
                PrincipalId      = principalId.ToString(),
                RoleDefinitionId = roleDefinitionId,
                PrincipalType    = principalType,
                Description      = Description,
                Condition        = Condition,
                ConditionVersion = ConditionVersion
            };

            return(AuthorizationManagementClient.RoleAssignments.Create(scope, roleAssignmentId, createParameters).ToPSRoleAssignment(this, ActiveDirectoryClient));
        }