private async Task <int> OnExecuteAsync(CommandLineApplication app, CancellationToken cancellationToken = default) { var authenticationOptions = AuthenticationOptions.BuildFrom(this.UseAzCliDevAuth, this.TenantId); IAppServiceManager appServiceManager = AppServiceManagerSource.Get( authenticationOptions, this.SubscriptionId); IWebAppAuthentication webAppAuthConfig; ManagedServiceIdentity managedIdentity; IFunctionApp function = null; try { function = appServiceManager.FunctionApps.GetByResourceGroup(this.ResourceGroupName, this.AppName); } catch (NullReferenceException) { // Unhelpfully, we seem to get a null reference exception if the app isn't found } if (function != null) { managedIdentity = function.Inner.Identity; webAppAuthConfig = await function.GetAuthenticationConfigAsync(cancellationToken).ConfigureAwait(false); } else { IWebApp webApp = appServiceManager.WebApps.GetByResourceGroup(this.ResourceGroupName, this.AppName); if (webApp == null) { app.Error.WriteLine($"Unable to find either a Function or Web App in resource group '{this.ResourceGroupName}' called '{this.AppName}'"); return(-1); } managedIdentity = webApp.Inner.Identity; webAppAuthConfig = await webApp.GetAuthenticationConfigAsync(cancellationToken).ConfigureAwait(false); } if (webAppAuthConfig.Inner.Enabled == true) { app.Out.WriteLine($"Default Easy Auth: {webAppAuthConfig.Inner.DefaultProvider}"); app.Out.WriteLine($" Client ID: {webAppAuthConfig.Inner.ClientId}"); } else { app.Out.WriteLine("Easy Auth not enabled"); } if (managedIdentity == null) { app.Out.WriteLine("No managed identity"); } else { app.Out.WriteLine("Managed identity:"); app.Out.WriteLine($" Type: {managedIdentity.Type}"); app.Out.WriteLine($" TenantId: {managedIdentity.TenantId}"); app.Out.WriteLine($" PrincipalId: {managedIdentity.PrincipalId}"); if (managedIdentity.UserAssignedIdentities != null) { foreach ((string id, ManagedServiceIdentityUserAssignedIdentitiesValue value) in managedIdentity.UserAssignedIdentities) { app.Out.WriteLine($" UserAssignedIdentity: Id = {id}, ClientId = {value.ClientId}, PrincipalId = {value.PrincipalId}"); } } } return(0); }
private async Task <int> OnExecuteAsync(CommandLineApplication app, CancellationToken cancellationToken = default) { RulesetsAndClaimPermissions input = JsonConvert.DeserializeObject <RulesetsAndClaimPermissions>( File.ReadAllText(this.FilePath)); ClaimsService claimsClient; if (string.IsNullOrEmpty(this.MarainClaimsHeaderRoleValue)) { var authenticationOptions = AuthenticationOptions.BuildFrom(this.UseAzCliDevAuth, this.TenantId); ServiceClientCredentials credentials = await authenticationOptions.GetServiceClientCredentialsFromKeyVault( this.ClaimsAppId, this.KeyVault, this.SecretName).ConfigureAwait(false); claimsClient = new ClaimsService(new Uri(this.ClaimsServiceUrl), credentials); } else { claimsClient = new ClaimsService(new Uri(this.ClaimsServiceUrl), new BasicAuthenticationCredentials()); claimsClient.HttpClient.DefaultRequestHeaders.Add("X-MARAIN-CLAIMS", $"{{ \"roles\": [ \"{this.MarainClaimsHeaderRoleValue}\" ] }}"); } using (claimsClient) { foreach (ResourceAccessRuleSet ruleSet in input.RuleSets) { try { app.Out.WriteLine($"Ruleset {ruleSet.Id} ('{ruleSet.DisplayName}')"); HttpOperationResponse <ResourceAccessRuleSet> result = await claimsClient.GetResourceAccessRuleSetWithHttpMessagesAsync( ruleSet.Id, this.MarainTenantId, cancellationToken : cancellationToken).ConfigureAwait(false); if (result.Response.StatusCode == HttpStatusCode.NotFound) { app.Error.WriteLine("Does not yet exist. Creating."); var request = new ResourceAccessRuleSet { Id = ruleSet.Id, DisplayName = ruleSet.DisplayName, Rules = ruleSet.Rules, }; await claimsClient.CreateResourceAccessRuleSetAsync( this.MarainTenantId, request, cancellationToken : cancellationToken).ConfigureAwait(false); } else if (result.Response.IsSuccessStatusCode) { app.Out.WriteLine("Already exists. Updating."); await claimsClient.SetResourceAccessRuleSetResourceAccessRulesAsync( this.MarainTenantId, ruleSet.Id, ruleSet.Rules, cancellationToken : cancellationToken).ConfigureAwait(false); } else { app.Error.WriteLine("Error: " + result.Response.StatusCode); string body = await result.Response.Content.ReadAsStringAsync(cancellationToken).ConfigureAwait(false); if (!string.IsNullOrWhiteSpace(body)) { app.Error.WriteLine(body); } } } catch (Exception x) { app.Error.WriteLine(x); return(-1); } } foreach (CreateClaimPermissionsRequest claimPermissions in input.ClaimPermissions) { try { app.Out.WriteLine($"Claim Permissions {claimPermissions.Id}"); HttpOperationResponse <ClaimPermissions> result = await claimsClient.GetClaimPermissionsWithHttpMessagesAsync( claimPermissions.Id, this.MarainTenantId, cancellationToken : cancellationToken).ConfigureAwait(false); if (result.Response.StatusCode == HttpStatusCode.NotFound) { app.Out.WriteLine("Does not yet exist. Creating."); var request = new CreateClaimPermissionsRequest { Id = claimPermissions.Id, ResourceAccessRules = claimPermissions.ResourceAccessRules, ResourceAccessRuleSets = claimPermissions.ResourceAccessRuleSets, }; await claimsClient.CreateClaimPermissionsAsync( this.MarainTenantId, request, cancellationToken : cancellationToken).ConfigureAwait(false); } else if (result.Response.IsSuccessStatusCode) { app.Out.WriteLine("Already exists. Updating resource access rules."); await claimsClient.SetClaimPermissionsResourceAccessRulesAsync( this.MarainTenantId, claimPermissions.Id, claimPermissions.ResourceAccessRules, cancellationToken : cancellationToken).ConfigureAwait(false); app.Out.WriteLine("Updating resource access rule sets"); var ruleSetIds = claimPermissions .ResourceAccessRuleSets .Select(rs => new ResourceAccessRuleSetIdOnly(rs.Id)) .ToList(); await claimsClient.SetClaimPermissionsResourceAccessRuleSetsAsync( this.MarainTenantId, claimPermissions.Id, ruleSetIds, cancellationToken : cancellationToken).ConfigureAwait(false); } else { app.Error.WriteLine("Error: " + result.Response.StatusCode); string body = await result.Response.Content.ReadAsStringAsync(cancellationToken).ConfigureAwait(false); if (!string.IsNullOrWhiteSpace(body)) { app.Error.WriteLine(body); } } } catch (Exception x) { app.Error.WriteLine(x); return(-1); } } } return(0); }
private async Task <int> OnExecuteAsync(CommandLineApplication app, CancellationToken cancellationToken = default) { ClaimsService claimsClient; if (string.IsNullOrEmpty(this.MarainClaimsHeaderRoleValue)) { var authenticationOptions = AuthenticationOptions.BuildFrom(this.UseAzCliDevAuth, this.TenantId); ServiceClientCredentials credentials = await authenticationOptions.GetServiceClientCredentialsFromKeyVault( this.ClaimsAppId, this.KeyVault, this.SecretName).ConfigureAwait(false); claimsClient = new ClaimsService(new Uri(this.ClaimsServiceUrl), credentials); } else { claimsClient = new ClaimsService(new Uri(this.ClaimsServiceUrl), new BasicAuthenticationCredentials()); claimsClient.HttpClient.DefaultRequestHeaders.Add("X-MARAIN-CLAIMS", $"{{ \"roles\": [ \"{this.MarainClaimsHeaderRoleValue}\" ] }}"); } using (claimsClient) { try { HttpOperationResponse <ProblemDetails> result = await claimsClient.InitializeTenantWithHttpMessagesAsync( this.MarainTenantId, new Body { AdministratorPrincipalObjectId = this.AdminPrincipalObjectId }, cancellationToken : cancellationToken) .ConfigureAwait(false); if (result.Response.IsSuccessStatusCode) { app.Out.WriteLine("Succeeded"); } else { app.Error.WriteLine($"Failed with status code {result.Response.StatusCode}"); if (result.Body != null) { app.Error.WriteLine(result.Body.Title); app.Error.WriteLine(result.Body.Detail); } } } catch (HttpOperationException x) { app.Error.WriteLine($"Failed with status code {x.Response.StatusCode}"); if (!string.IsNullOrWhiteSpace(x.Response.Content)) { app.Error.WriteLine("Response content:"); app.Error.WriteLine(x.Response.Content); } if (x.Response.StatusCode == HttpStatusCode.Unauthorized) { app.Error.WriteLine(); app.Error.WriteLine("Check that you have specified the correct tenant and claims id"); } if (x.Response.Headers.TryGetValue("WWW-Authenticate", out IEnumerable <string> values)) { var valueList = values.ToList(); if (valueList.Count > 0) { Console.WriteLine("WWW-Authenticate header{0}:", valueList.Count > 1 ? "s" : string.Empty); foreach (string value in valueList) { app.Error.WriteLine(value); } } } return(-1); } } return(0); }