protected override void ProcessRecord()
{
FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinition = RoleDefinitionName,
ADObjectFilter = new ADObjectFilterOptions
{
SignInName = SignInName,
SPN = ServicePrincipalName,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.Context.Subscription.Id.ToString()
},
ExpandPrincipalGroups = ExpandPrincipalGroups.IsPresent,
IncludeClassicAdministrators = IncludeClassicAdministrators.IsPresent,
ExcludeAssignmentsForDeletedPrincipals = true
};
WriteObject(PoliciesClient.FilterRoleAssignments(options, DefaultProfile.Context.Subscription.Id.ToString()), enumerateCollection: true);
}
public override void ExecuteCmdlet()
{
PSRoleDefinition role = null;
if (!string.IsNullOrEmpty(InputFile))
{
string fileName = this.TryResolvePath(InputFile);
if (!(new FileInfo(fileName)).Exists)
{
throw new PSArgumentException(string.Format("File {0} does not exist", fileName));
}
try
{
role = JsonConvert.DeserializeObject <PSRoleDefinition>(File.ReadAllText(fileName));
}
catch (JsonException)
{
WriteVerbose("Deserializing the input role definition failed.");
throw;
}
}
else
{
role = Role;
}
foreach (var scope in role.AssignableScopes)
{
AuthorizationClient.ValidateScope(scope, false);
}
WriteObject(PoliciesClient.CreateRoleDefinition(role, RoleDefinitionId));
}
protected override void ProcessRecord()
{
PSRoleDefinition role = null;
if (!string.IsNullOrEmpty(InputFile))
{
string fileName = this.TryResolvePath(InputFile);
if (!(new FileInfo(fileName)).Exists)
{
throw new PSArgumentException(string.Format("File {0} does not exist", fileName));
}
try
{
role = JsonConvert.DeserializeObject <PSRoleDefinition>(File.ReadAllText(fileName));
}
catch (JsonException)
{
WriteVerbose("Deserializing the input role definition failed.");
throw;
}
}
else
{
role = Role;
}
WriteObject(PoliciesClient.CreateRoleDefinition(role));
}
protected override void ProcessRecord()
{
PSRoleDefinition roleDefinition = null;
Action action = null;
string confirmMessage = null;
if (Id != Guid.Empty)
{
action = (() => roleDefinition = PoliciesClient.RemoveRoleDefinition(Id, DefaultProfile.Context.Subscription.Id.ToString()));
confirmMessage = string.Format(ProjectResources.RemoveRoleDefinition, Id);
}
else
{
action = (() => roleDefinition = PoliciesClient.RemoveRoleDefinition(Name, DefaultProfile.Context.Subscription.Id.ToString()));
confirmMessage = string.Format(ProjectResources.RemoveRoleDefinitionWithName, Name);
}
ConfirmAction(
Force.IsPresent,
confirmMessage,
ProjectResources.RemoveRoleDefinition,
Id.ToString(),
action);
if (PassThru)
{
WriteObject(roleDefinition);
}
}
public override void ExecuteCmdlet()
{
FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
SPN = ServicePrincipalName,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString()
},
ExpandPrincipalGroups = ExpandPrincipalGroups.IsPresent,
IncludeClassicAdministrators = IncludeClassicAdministrators.IsPresent,
ExcludeAssignmentsForDeletedPrincipals = true
};
AuthorizationClient.ValidateScope(options.Scope, true);
List <PSRoleAssignment> ra = PoliciesClient.FilterRoleAssignments(options, DefaultProfile.DefaultContext.Subscription.Id.ToString());
WriteObject(ra, enumerateCollection: true);
}
public override void ExecuteCmdlet()
{
FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
SPN = ApplicationId,
Id = ObjectId,
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = DefaultProfile.DefaultContext.Subscription.Id,
},
CanDelegate = AllowDelegation.IsPresent ? true : false,
};
AuthorizationClient.ValidateScope(parameters.Scope, false);
WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId));
}
public override void ExecuteCmdlet()
{
FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinition = RoleDefinitionName,
ADObjectFilter = new ADObjectFilterOptions
{
Mail = Mail,
UPN = UserPrincipalName,
SPN = ServicePrincipalName,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : CurrentContext.Subscription.Id.ToString()
}
};
WriteObject(PoliciesClient.FilterRoleAssignments(options), true);
}
public override void ExecuteCmdlet()
{
FilterRoleDefinitionOptions options = new FilterRoleDefinitionOptions
{
CustomOnly = Custom.IsPresent ? true : false,
Scope = Scope,
ResourceIdentifier = new ResourceIdentifier
{
Subscription = DefaultProfile.DefaultContext.Subscription.Id?.ToString()
},
RoleDefinitionId = Id,
RoleDefinitionName = Name,
};
if (options.Scope == null && options.ResourceIdentifier.Subscription == null)
{
WriteTerminatingError("No subscription was found in the default profile and no scope was specified. Either specify a scope or use a tenant with a subscription to run the command.");
}
AuthorizationClient.ValidateScope(options.Scope, true);
IEnumerable <PSRoleDefinition> filteredRoleDefinitions = PoliciesClient.FilterRoleDefinitions(options);
if (filteredRoleDefinitions?.Count() == 0)
{
WriteWarning("No role definitions were found with those conditions.");
WriteWarning("If the role was created recently keep in mind there's a slight delay between creation and public view.");
WriteWarning("Please try again later.");
}
else
{
WriteObject(filteredRoleDefinitions, enumerateCollection: true);
}
}
public override void ExecuteCmdlet()
{
var options = new FilterDenyAssignmentsOptions()
{
DenyAssignmentId = Id,
DenyAssignmentName = DenyAssignmentName,
Scope = Scope,
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
SPN = ServicePrincipalName,
Id = ObjectId?.ToString(),
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString()
},
ExpandPrincipalGroups = ExpandPrincipalGroups.IsPresent,
ExcludeAssignmentsForDeletedPrincipals = false
};
AuthorizationClient.ValidateScope(options.Scope, true);
List <PSDenyAssignment> denyAssignments = PoliciesClient.FilterDenyAssignments(options, DefaultProfile.DefaultContext.Subscription.Id.ToString());
WriteObject(denyAssignments, enumerateCollection: true);
}
public override void ExecuteCmdlet()
{
FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
SignInName = SignInName,
SPN = ServicePrincipalName,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = DefaultProfile.Context.Subscription.Id.ToString(),
}
};
WriteObject(PoliciesClient.CreateRoleAssignment(parameters));
}
protected override void ProcessRecord()
{
if (Custom.IsPresent)
{
WriteObject(PoliciesClient.FilterRoleDefinitionsByCustom(), true);
}
else
{
WriteObject(PoliciesClient.FilterRoleDefinitions(Name), true);
}
}
public override void ExecuteCmdlet()
{
if (Custom.IsPresent)
{
WriteObject(PoliciesClient.FilterRoleDefinitionsByCustom(), true);
}
else
{
WriteObject(PoliciesClient.FilterRoleDefinitions(Name), true);
}
}
public override void ExecuteCmdlet()
{
PSRoleDefinition roleDefinition = null;
string confirmMessage = null;
if (this.IsParameterBound(c => c.InputObject))
{
var tempId = Guid.Empty;
if (!string.IsNullOrEmpty(InputObject.Id) && Guid.TryParse(InputObject.Id, out tempId))
{
Id = tempId;
}
else
{
Name = InputObject.Name;
}
}
if (Id != Guid.Empty)
{
confirmMessage = string.Format(ProjectResources.RemoveRoleDefinition, Id);
}
else
{
confirmMessage = string.Format(ProjectResources.RemoveRoleDefinitionWithName, Name);
}
FilterRoleDefinitionOptions options = new FilterRoleDefinitionOptions
{
RoleDefinitionId = Id,
RoleDefinitionName = Name,
Scope = Scope,
ResourceIdentifier = new ResourceIdentifier
{
Subscription = DefaultProfile.DefaultContext.Subscription.Id.ToString()
}
};
AuthorizationClient.ValidateScope(options.Scope, true);
ConfirmAction(
Force.IsPresent,
confirmMessage,
ProjectResources.RemoveRoleDefinition,
Id.ToString(),
() =>
{
roleDefinition = PoliciesClient.RemoveRoleDefinition(options);
if (PassThru)
{
WriteObject(roleDefinition);
}
});
}
public override void ExecuteCmdlet()
{
MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);
IEnumerable<PSRoleAssignment> roleAssignments = null;
if (this.IsParameterBound(c => c.InputObject))
{
Scope = InputObject.Scope;
ObjectId = InputObject.ObjectId;
RoleDefinitionName = InputObject.RoleDefinitionName;
}
FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
Id = ObjectId,
SPN = ServicePrincipalName
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = DefaultProfile.DefaultContext.Subscription.Id
},
// we should never expand principal groups in the Delete scenario
ExpandPrincipalGroups = false,
// never include classic administrators in the Delete scenario
IncludeClassicAdministrators = false
};
AuthorizationClient.ValidateScope(options.Scope, true);
ConfirmAction(
string.Format(ProjectResources.RemovingRoleAssignment, ObjectId, Scope, RoleDefinitionName),
ObjectId,
() =>
{
roleAssignments = PoliciesClient.RemoveRoleAssignment(options,
DefaultProfile.DefaultContext.Subscription.Id);
if (PassThru)
{
WriteObject(roleAssignments, enumerateCollection: true);
}
});
}
public override void ExecuteCmdlet()
{
if (string.IsNullOrEmpty(Condition) ^ string.IsNullOrEmpty(ConditionVersion))
{
if (!string.IsNullOrEmpty(Condition))
{
ConditionVersion = "2.0";
WriteDebug("-Condition was set but -ConditionVersion was not, defaulting to lowest publicly available version: '2.0'");
}
else
{
WriteExceptionError(new ArgumentException("If -ConditionVersion is set -Condition can not be empty."));
return;
}
}
double _conditionVersion = double.Parse((ConditionVersion ?? "2.0"));
if (_conditionVersion < 2.0)
{
WriteExceptionError(new ArgumentException("Argument -ConditionVersion must be greater or equal than 2.0"));
return;
}
FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
SPN = ApplicationId,
Id = ObjectId,
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = DefaultProfile.DefaultContext.Subscription.Id,
},
CanDelegate = AllowDelegation.IsPresent ? true : false,
Description = Description,
Condition = Condition,
ConditionVersion = ConditionVersion,
};
AuthorizationClient.ValidateScope(parameters.Scope, false);
WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId));
}
protected override void ProcessRecord()
{
if (Custom.IsPresent)
{
WriteObject(PoliciesClient.FilterRoleDefinitionsByCustom(), enumerateCollection: true);
}
else if (Id != Guid.Empty)
{
WriteObject(PoliciesClient.GetRoleDefinition(Id));
}
else
{
WriteObject(PoliciesClient.FilterRoleDefinitions(Name), enumerateCollection: true);
}
}
protected override void ProcessRecord()
{
PSRoleDefinition roleDefinition = null;
ConfirmAction(
Force.IsPresent,
string.Format(ProjectResources.RemoveRoleDefinition, Id),
ProjectResources.RemoveRoleDefinition,
Id,
() => roleDefinition = PoliciesClient.RemoveRoleDefinition(Id));
if (PassThru)
{
WriteObject(roleDefinition);
}
}
public override void ExecuteCmdlet()
{
PSRoleDefinition roleDefinition = null;
ConfirmAction(
Force.IsPresent,
string.Format(ProjectResources.RemoveRoleDefinition, Id),
ProjectResources.RemoveRoleDefinition,
Id,
() => roleDefinition = PoliciesClient.RemoveRoleDefinition(Id));
if (PassThru)
{
WriteObject(roleDefinition);
}
}
public override void ExecuteCmdlet()
{
FilterRoleDefinitionOptions options = new FilterRoleDefinitionOptions
{
CustomOnly = Custom.IsPresent ? true : false,
ScopeAndBelow = AtScopeAndBelow.IsPresent ? true : false,
Scope = Scope,
ResourceIdentifier = new ResourceIdentifier
{
Subscription = DefaultProfile.Context.Subscription.Id.ToString()
},
RoleDefinitionId = Id,
RoleDefinitionName = Name,
};
WriteObject(PoliciesClient.FilterRoleDefinitions(options), enumerateCollection: true);
}
public override void ExecuteCmdlet()
{
IEnumerable <PSRoleAssignment> roleAssignments = null;
FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
SPN = ServicePrincipalName
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = DefaultProfile.DefaultContext.Subscription.Id.ToString()
},
ExcludeAssignmentsForDeletedPrincipals = false,
// we should never expand principal groups in the Delete scenario
ExpandPrincipalGroups = false,
// never include classic administrators in the Delete scenario
IncludeClassicAdministrators = false
};
AuthorizationClient.ValidateScope(options.Scope, true);
ConfirmAction(
ProjectResources.RemovingRoleAssignment,
string.Empty,
() =>
{
roleAssignments = PoliciesClient.RemoveRoleAssignment(options,
DefaultProfile.DefaultContext.Subscription.Id.ToString());
if (PassThru)
{
WriteObject(roleAssignments, enumerateCollection: true);
}
});
}
public override void ExecuteCmdlet()
{
FilterRoleDefinitionOptions options = new FilterRoleDefinitionOptions
{
CustomOnly = Custom.IsPresent ? true : false,
#pragma warning disable 0618
ScopeAndBelow = AtScopeAndBelow.IsPresent ? true : false,
#pragma warning restore 0618
Scope = Scope,
ResourceIdentifier = new ResourceIdentifier
{
Subscription = DefaultProfile.DefaultContext.Subscription.Id.ToString()
},
RoleDefinitionId = Id,
RoleDefinitionName = Name,
};
AuthorizationClient.ValidateScope(options.Scope, true);
WriteObject(PoliciesClient.FilterRoleDefinitions(options), enumerateCollection: true);
}
protected override void ProcessRecord()
{
IEnumerable <PSRoleAssignment> roleAssignments = null;
FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
SignInName = SignInName,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
SPN = ServicePrincipalName
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = DefaultProfile.Context.Subscription.Id.ToString()
},
ExcludeAssignmentsForDeletedPrincipals = false
};
ConfirmAction(
Force.IsPresent,
string.Format(ProjectResources.RemovingRoleAssignment,
options.ADObjectFilter.ActiveFilter,
options.Scope,
options.RoleDefinitionName ?? RoleDefinitionId.ToString()),
ProjectResources.RemovingRoleAssignment,
null,
() => roleAssignments = PoliciesClient.RemoveRoleAssignment(options, DefaultProfile.Context.Subscription.Id.ToString()));
if (PassThru)
{
WriteObject(roleAssignments, enumerateCollection: true);
}
}
public override void ExecuteCmdlet()
{
PSRoleAssignment roleAssignment = null;
FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinition = RoleDefinitionName,
ADObjectFilter = new ADObjectFilterOptions
{
Mail = Mail,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
UPN = UserPrincipalName,
SPN = ServicePrincipalName
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = CurrentContext.Subscription.Id.ToString()
}
};
ConfirmAction(
Force.IsPresent,
string.Format(ProjectResources.RemovingRoleAssignment,
options.ADObjectFilter.ActiveFilter,
options.Scope,
options.RoleDefinition),
ProjectResources.RemovingRoleAssignment,
null,
() => roleAssignment = PoliciesClient.RemoveRoleAssignment(options));
if (PassThru)
{
WriteObject(roleAssignment);
}
}
public override void ExecuteCmdlet()
{
PSRoleDefinition roleDefinition = null;
string confirmMessage = null;
if (Id != Guid.Empty)
{
confirmMessage = string.Format(ProjectResources.RemoveRoleDefinition, Id);
}
else
{
confirmMessage = string.Format(ProjectResources.RemoveRoleDefinitionWithName, Name);
}
FilterRoleDefinitionOptions options = new FilterRoleDefinitionOptions
{
RoleDefinitionId = Id,
RoleDefinitionName = Name,
Scope = Scope,
ResourceIdentifier = new ResourceIdentifier
{
Subscription = DefaultProfile.Context.Subscription.Id.ToString()
}
};
ConfirmAction(
Force.IsPresent,
confirmMessage,
ProjectResources.RemoveRoleDefinition,
Id.ToString(),
() =>
{
roleDefinition = PoliciesClient.RemoveRoleDefinition(options);
if (PassThru)
{
WriteObject(roleDefinition);
}
});
}
public override void ExecuteCmdlet()
{
FilterRoleDefinitionOptions options = new FilterRoleDefinitionOptions
{
CustomOnly = Custom.IsPresent ? true : false,
Scope = Scope,
ResourceIdentifier = new ResourceIdentifier
{
Subscription = DefaultProfile.DefaultContext.Subscription.Id?.ToString()
},
RoleDefinitionId = Id,
RoleDefinitionName = Name,
};
if (options.Scope == null && options.ResourceIdentifier.Subscription == null)
{
WriteTerminatingError("No subscription was found in the default profile and no scope was specified. Either specify a scope or use a tenant with a subscription to run the command.");
}
AuthorizationClient.ValidateScope(options.Scope, true);
WriteObject(PoliciesClient.FilterRoleDefinitions(options), enumerateCollection: true);
}
public override void ExecuteCmdlet()
{
MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);
if (ParameterSetName == ParameterSet.InputFile)
{
string fileName = this.TryResolvePath(InputFile);
if (!(new FileInfo(fileName)).Exists)
{
throw new PSArgumentException(string.Format("File {0} does not exist", fileName));
}
try
{
PSRoleAssignment RoleAssignment = JsonConvert.DeserializeObject <PSRoleAssignment>(File.ReadAllText(fileName));
this.ObjectId = RoleAssignment.ObjectId;
this.ObjectType = RoleAssignment.ObjectType;
this.ResourceType = RoleAssignment.ObjectType;
this.Scope = RoleAssignment.Scope;
Guid guid = Guid.Empty;
Guid.TryParse(RoleAssignment.RoleDefinitionId, out guid);
this.RoleDefinitionId = guid;
this.Description = RoleAssignment.Description;
this.Condition = RoleAssignment.Condition;
this.ConditionVersion = RoleAssignment.ConditionVersion;
}
catch (JsonException)
{
WriteVerbose("Deserializing the input role assignment failed.");
throw new Exception("Deserializing the input role assignment failed. Please confirm the file is properly formated");
}
}
if (string.IsNullOrEmpty(Condition) ^ string.IsNullOrEmpty(ConditionVersion))
{
if (!string.IsNullOrEmpty(Condition))
{
ConditionVersion = "2.0";
WriteDebug("-Condition was set but -ConditionVersion was not, defaulting to lowest publicly available version: '2.0'");
}
else
{
WriteExceptionError(new ArgumentException("If -ConditionVersion is set -Condition can not be empty."));
return;
}
}
// ensure that if ConditionVersion is empty in any way, it becomes null
ConditionVersion = string.IsNullOrEmpty(ConditionVersion) ? null : string.IsNullOrWhiteSpace(ConditionVersion) ? null : ConditionVersion;
var _conditionVersion = Version.Parse(ConditionVersion ?? "2.0");
if (_conditionVersion.Major < 2)
{
WriteExceptionError(new ArgumentException("Argument -ConditionVersion must be greater or equal than 2.0"));
return;
}
FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
SPN = ApplicationId,
Id = ObjectId,
ObjectType = ObjectType,
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = DefaultProfile.DefaultContext.Subscription.Id,
},
CanDelegate = AllowDelegation.IsPresent ? true : false,
Description = Description,
Condition = Condition,
ConditionVersion = ConditionVersion,
};
AuthorizationClient.ValidateScope(parameters.Scope, false);
WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId));
}
public override void ExecuteCmdlet()
{
WriteObject(PoliciesClient.FilterRoleDefinitions(Name), true);
}
public override void ExecuteCmdlet()
{
MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);
// Build the new Role assignment
if (ParameterSetName == ParameterSet.InputFile)
{
string fileName = this.TryResolvePath(InputFile);
if (!(new FileInfo(fileName)).Exists)
{
throw new PSArgumentException(string.Format("File {0} does not exist", fileName));
}
try
{
InputObject = JsonConvert.DeserializeObject <PSRoleAssignment>(File.ReadAllText(fileName));
}
catch (JsonException)
{
WriteVerbose("Deserializing the input role definition failed.");
throw new Exception("Deserializing the input role assignment failed. Please confirm the file is properly formated");
}
}
// Build the Update Request
var Subscription = DefaultProfile.DefaultContext.Subscription.Id;
var scope = InputObject.Scope;
var RoleAssignmentGUID = InputObject.RoleAssignmentId.GuidFromFullyQualifiedId();
FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
{
Scope = scope,
RoleAssignmentId = RoleAssignmentGUID,
ResourceIdentifier = new ResourceIdentifier()
{
Subscription = Subscription,
}
};
PSRoleAssignment fetchedRole = null;
try
{
fetchedRole = PoliciesClient.FilterRoleAssignments(parameters, Subscription).First();
}
catch (Exception)
{
fetchedRole = InputObject;
}
// Validate the request
AuthorizationClient.ValidateScope(parameters.Scope, false);
bool isValidRequest = true;
// Check that only Description, Condition and ConditionVersion have been changed, if anything else is changed the whole request fails
isValidRequest &= InputObject.RoleAssignmentId.Equals(fetchedRole.RoleAssignmentId);
isValidRequest &= InputObject.Scope.Equals(fetchedRole.Scope, StringComparison.OrdinalIgnoreCase);
isValidRequest &= InputObject.RoleDefinitionId.Equals(fetchedRole.RoleDefinitionId);
isValidRequest &= InputObject.ObjectId.Equals(fetchedRole.ObjectId);
isValidRequest &= InputObject.ObjectType.Equals(fetchedRole.ObjectType);
isValidRequest &= InputObject.CanDelegate.Equals(fetchedRole.CanDelegate);
if (!isValidRequest)
{
throw new ArgumentException("Changing a property other than 'Description', 'Condition' or 'Condition Version' is currently not supported.");
}
// If ConditionVersion is changed, validate it's in the allowed values
var oldConditionVersion = string.IsNullOrWhiteSpace(fetchedRole.ConditionVersion)? Version.Parse("0.0") : Version.Parse(fetchedRole.ConditionVersion);
var newConditionVersion = string.IsNullOrWhiteSpace(InputObject.ConditionVersion) ? Version.Parse("0.0") : Version.Parse(InputObject.ConditionVersion);
// A condition version can change but currently we don't support downgrading to 1.0
// we only verify the change if it's a downgrade
if ((oldConditionVersion > newConditionVersion) && (newConditionVersion.Major < 2))
{
throw new ArgumentException("Condition version different than '2.0' is not supported for update operations");
}
fetchedRole.Description = InputObject.Description;
fetchedRole.Condition = InputObject.Condition;
fetchedRole.ConditionVersion = InputObject.ConditionVersion;
// Send Request
ConfirmAction(
string.Format(ProjectResources.UpdatingRoleAssignment, fetchedRole.RoleAssignmentId, fetchedRole.Scope, fetchedRole.RoleDefinitionName),
fetchedRole.RoleAssignmentId,
() =>
{
var roleAssignments = PoliciesClient.UpdateRoleAssignment(fetchedRole);
if (PassThru)
{
WriteObject(roleAssignments, enumerateCollection: true);
}
});
}