internal void HandleExternalIdentities(SitePatchResource siteUpdate)
{
if (this.HandleRemoveAllExternalIdentitiesCase(siteUpdate))
{
return;
}
else
{
// At this point one of the following condition is met:
//
// 1. User don't want touch the 'Site.Identity.UserAssignedIdentities' property
// [this.userAssignedIdentities.Empty() == true]
// 2. User want to add some identities to 'Site.Identity.UserAssignedIdentities'
// [this.userAssignedIdentities.Empty() == false and this.webAppBase.Inner().Identity() != null]
// 3. User want to remove some (not all) identities in 'Site.Identity.UserAssignedIdentities'
// [this.userAssignedIdentities.Empty() == false and this.webAppBase.Inner().Identity() != null]
// Note: The scenario where this.webAppBase.Inner().Identity() is null in #3 is already handled in
// handleRemoveAllExternalIdentitiesCase method
// 4. User want to add and remove (all or subset) some identities in 'Site.Identity.UserAssignedIdentities'
// [this.userAssignedIdentities.Empty() == false and this.webAppBase.Inner().Identity() != null]
//
SiteInner siteInner = this.webAppBaseImpl.Inner;
ManagedServiceIdentity currentIdentity = siteInner.Identity;
siteUpdate.Identity = currentIdentity;
if (this.userAssignedIdentities.Any())
{
// At this point its guaranteed that 'currentIdentity' is not null so vmUpdate.Identity() is.
siteUpdate.Identity.UserAssignedIdentities = this.userAssignedIdentities;
}
else
{
// User don't want to touch 'VM.Identity.UserAssignedIdentities' property
if (currentIdentity != null)
{
// and currently there is identity exists or user want to manipulate some other properties of
// identity, set identities to null so that it won't send over wire.
currentIdentity.UserAssignedIdentities = null;
}
}
}
}
internal async override Task <SiteInner> UpdateInnerAsync(SitePatchResource siteUpdate, CancellationToken cancellationToken = default(CancellationToken))
{
return(await Manager.Inner.WebApps.UpdateSlotAsync(ResourceGroupName, parent.Name, siteUpdate, Name, cancellationToken : cancellationToken));
}
/// <summary>
/// Method that handle the case where user request indicates all it want to do is remove all identities associated
/// with the virtual machine.
/// </summary>
/// <param name="siteUpdate">The vm update payload model.</param>
/// <return>True if user indented to remove all the identities.</return>
private bool HandleRemoveAllExternalIdentitiesCase(SitePatchResource siteUpdate)
{
SiteInner siteInner = (SiteInner)this.webAppBaseImpl.Inner;
if (this.userAssignedIdentities.Any())
{
int rmCount = 0;
foreach (var v in this.userAssignedIdentities.Values)
{
if (v == null)
{
rmCount++;
}
else
{
break;
}
}
bool containsRemoveOnly = rmCount > 0 && rmCount == this.userAssignedIdentities.Count;
// Check if user request contains only request for removal of identities.
if (containsRemoveOnly)
{
HashSet <string> currentIds = new HashSet <string>();
ManagedServiceIdentity currentIdentity = siteInner.Identity;
if (currentIdentity != null && currentIdentity.UserAssignedIdentities != null)
{
foreach (String id in currentIdentity.UserAssignedIdentities.Keys)
{
currentIds.Add(id.ToLower());
}
}
HashSet <string> removeIds = new HashSet <string>();
foreach (var entrySet in this.userAssignedIdentities)
{
if (entrySet.Value == null)
{
removeIds.Add(entrySet.Key.ToLower());
}
}
var removeAllCurrentIds = currentIds.Count == removeIds.Count && !removeIds.Any(id => !currentIds.Contains(id)); // Java part looks like this -> && currentIds.ContainsAll(removeIds);
if (removeAllCurrentIds)
{
// If so adjust the identity type [Setting type to SYSTEM_ASSIGNED orNONE will remove all the identities]
if (currentIdentity == null || currentIdentity.Type == null)
{
siteUpdate.Identity = new ManagedServiceIdentity()
{
Type = ManagedServiceIdentityType.None
};
}
else if (currentIdentity.Type.Equals(ManagedServiceIdentityType.SystemAssigned))
{
siteUpdate.Identity = currentIdentity;
siteUpdate.Identity.Type = ManagedServiceIdentityType.SystemAssigned;
}
else if (currentIdentity.Type.Equals(ManagedServiceIdentityType.UserAssigned))
{
siteUpdate.Identity = currentIdentity;
siteUpdate.Identity.Type = ManagedServiceIdentityType.None;
}
// and set identities property in the payload model to null so that it won't be sent
siteUpdate.Identity.UserAssignedIdentities = null;
return(true);
}
else
{
// Check user is asking to remove identities though there is no identities currently associated
if (currentIds.Count == 0 &&
removeIds.Count != 0 &&
currentIdentity == null)
{
// If so we are in a invalid state but we want to send user input to service and let service
// handle it (ignore or error).
siteUpdate.Identity = new ManagedServiceIdentity()
{
Type = ManagedServiceIdentityType.None,
UserAssignedIdentities = null
};
return(true);
}
}
}
}
return(false);
}
