/// <summary>
/// Create a Claim Permissions
/// </summary>
/// <remarks>
/// Creates a permissions definition for a claim
/// </remarks>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='tenantId'>
/// The tenant within which the request should operate
/// </param>
/// <param name='body'>
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <object> CreateClaimPermissionsAsync(this IClaimsService operations, string tenantId, CreateClaimPermissionsRequest body, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.CreateClaimPermissionsWithHttpMessagesAsync(tenantId, body, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
private async Task <int> OnExecuteAsync(CommandLineApplication app, CancellationToken cancellationToken = default)
{
RulesetsAndClaimPermissions input = JsonConvert.DeserializeObject <RulesetsAndClaimPermissions>(
File.ReadAllText(this.FilePath));
ClaimsService claimsClient;
if (string.IsNullOrEmpty(this.MarainClaimsHeaderRoleValue))
{
var authenticationOptions = AuthenticationOptions.BuildFrom(this.UseAzCliDevAuth, this.TenantId);
ServiceClientCredentials credentials = await authenticationOptions.GetServiceClientCredentialsFromKeyVault(
this.ClaimsAppId, this.KeyVault, this.SecretName).ConfigureAwait(false);
claimsClient = new ClaimsService(new Uri(this.ClaimsServiceUrl), credentials);
}
else
{
claimsClient = new ClaimsService(new Uri(this.ClaimsServiceUrl), new BasicAuthenticationCredentials());
claimsClient.HttpClient.DefaultRequestHeaders.Add("X-MARAIN-CLAIMS", $"{{ \"roles\": [ \"{this.MarainClaimsHeaderRoleValue}\" ] }}");
}
using (claimsClient)
{
foreach (ResourceAccessRuleSet ruleSet in input.RuleSets)
{
try
{
app.Out.WriteLine($"Ruleset {ruleSet.Id} ('{ruleSet.DisplayName}')");
HttpOperationResponse <ResourceAccessRuleSet> result = await claimsClient.GetResourceAccessRuleSetWithHttpMessagesAsync(
ruleSet.Id, this.MarainTenantId, cancellationToken : cancellationToken).ConfigureAwait(false);
if (result.Response.StatusCode == HttpStatusCode.NotFound)
{
app.Error.WriteLine("Does not yet exist. Creating.");
var request = new ResourceAccessRuleSet
{
Id = ruleSet.Id,
DisplayName = ruleSet.DisplayName,
Rules = ruleSet.Rules,
};
await claimsClient.CreateResourceAccessRuleSetAsync(
this.MarainTenantId, request, cancellationToken : cancellationToken).ConfigureAwait(false);
}
else if (result.Response.IsSuccessStatusCode)
{
app.Out.WriteLine("Already exists. Updating.");
await claimsClient.SetResourceAccessRuleSetResourceAccessRulesAsync(
this.MarainTenantId, ruleSet.Id, ruleSet.Rules, cancellationToken : cancellationToken).ConfigureAwait(false);
}
else
{
app.Error.WriteLine("Error: " + result.Response.StatusCode);
string body = await result.Response.Content.ReadAsStringAsync(cancellationToken).ConfigureAwait(false);
if (!string.IsNullOrWhiteSpace(body))
{
app.Error.WriteLine(body);
}
}
}
catch (Exception x)
{
app.Error.WriteLine(x);
return(-1);
}
}
foreach (CreateClaimPermissionsRequest claimPermissions in input.ClaimPermissions)
{
try
{
app.Out.WriteLine($"Claim Permissions {claimPermissions.Id}");
HttpOperationResponse <ClaimPermissions> result = await claimsClient.GetClaimPermissionsWithHttpMessagesAsync(
claimPermissions.Id, this.MarainTenantId, cancellationToken : cancellationToken).ConfigureAwait(false);
if (result.Response.StatusCode == HttpStatusCode.NotFound)
{
app.Out.WriteLine("Does not yet exist. Creating.");
var request = new CreateClaimPermissionsRequest
{
Id = claimPermissions.Id,
ResourceAccessRules = claimPermissions.ResourceAccessRules,
ResourceAccessRuleSets = claimPermissions.ResourceAccessRuleSets,
};
await claimsClient.CreateClaimPermissionsAsync(
this.MarainTenantId, request, cancellationToken : cancellationToken).ConfigureAwait(false);
}
else if (result.Response.IsSuccessStatusCode)
{
app.Out.WriteLine("Already exists. Updating resource access rules.");
await claimsClient.SetClaimPermissionsResourceAccessRulesAsync(
this.MarainTenantId,
claimPermissions.Id,
claimPermissions.ResourceAccessRules,
cancellationToken : cancellationToken).ConfigureAwait(false);
app.Out.WriteLine("Updating resource access rule sets");
var ruleSetIds = claimPermissions
.ResourceAccessRuleSets
.Select(rs => new ResourceAccessRuleSetIdOnly(rs.Id))
.ToList();
await claimsClient.SetClaimPermissionsResourceAccessRuleSetsAsync(
this.MarainTenantId,
claimPermissions.Id,
ruleSetIds,
cancellationToken : cancellationToken).ConfigureAwait(false);
}
else
{
app.Error.WriteLine("Error: " + result.Response.StatusCode);
string body = await result.Response.Content.ReadAsStringAsync(cancellationToken).ConfigureAwait(false);
if (!string.IsNullOrWhiteSpace(body))
{
app.Error.WriteLine(body);
}
}
}
catch (Exception x)
{
app.Error.WriteLine(x);
return(-1);
}
}
}
return(0);
}
/// <summary>
/// Create a Claim Permissions
/// </summary>
/// <remarks>
/// Creates a permissions definition for a claim
/// </remarks>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='tenantId'>
/// The tenant within which the request should operate
/// </param>
/// <param name='body'>
/// </param>
public static object CreateClaimPermissions(this IClaimsService operations, string tenantId, CreateClaimPermissionsRequest body)
{
return(operations.CreateClaimPermissionsAsync(tenantId, body).GetAwaiter().GetResult());
}
