/// <summary> /// Filters the existing role Definitions. /// If name is not provided, all role definitions are fetched. /// </summary> /// <param name="name">The role name</param> /// <returns>The matched role Definitions</returns> public List <PSRoleDefinition> FilterRoleDefinitions(string name, string scope, bool scopeAndBelow = false) { List <PSRoleDefinition> result = new List <PSRoleDefinition>(); #if !NETSTANDARD ListDefinitionFilterParameters parameters = new ListDefinitionFilterParameters { RoleName = name, AtScopeAndBelow = scopeAndBelow }; result.AddRange(AuthorizationManagementClient.RoleDefinitions.List(scope, parameters).RoleDefinitions.Select(r => r.ToPSRoleDefinition())); #else Rest.Azure.OData.ODataQuery <RoleDefinitionFilter> odataFilter = null; if (scopeAndBelow) { odataFilter = new Rest.Azure.OData.ODataQuery <RoleDefinitionFilter>(item => item.AtScopeAndBelow() && item.RoleName == name); } else { odataFilter = new Rest.Azure.OData.ODataQuery <RoleDefinitionFilter>(item => item.RoleName == name); } result.AddRange(AuthorizationManagementClient.RoleDefinitions.List( scope, odataFilter) .Select(r => r.ToPSRoleDefinition())); #endif return(result); }
public override void ExecuteCmdlet() { ExecutionBlock(() => { if (ObjectId != Guid.Empty) { WriteObject(ActiveDirectoryClient.GetApplication(ObjectId.ToString())); } else { Rest.Azure.OData.ODataQuery<Application> odataQueryFilter = null; if (ApplicationId != Guid.Empty) { string appId = ApplicationId.ToString(); odataQueryFilter = new Rest.Azure.OData.ODataQuery<Application>(a => a.AppId == appId); } else if (!string.IsNullOrEmpty(DisplayNameStartWith)) { odataQueryFilter = new Rest.Azure.OData.ODataQuery<Application>(a => a.DisplayName.StartsWith(DisplayNameStartWith)); } else if (!string.IsNullOrEmpty(IdentifierUri)) { odataQueryFilter = new Rest.Azure.OData.ODataQuery<Application>(a => a.IdentifierUris.Contains(IdentifierUri)); } WriteObject(ActiveDirectoryClient.GetApplicationWithFilters(odataQueryFilter), enumerateCollection: true); } }); }
/// <summary> /// Fetches all existing role Definitions. /// </summary> /// <returns>role Definitions</returns> public IEnumerable <PSRoleDefinition> GetAllRoleDefinitionsAtScopeAndBelow(string scope, ulong first = ulong.MaxValue, ulong skip = 0) { var odataQuery = new Rest.Azure.OData.ODataQuery <RoleDefinitionFilter>(); return(AuthorizationManagementClient.RoleDefinitions.List(scope ?? string.Empty, odataQuery) .Select(r => r.ToPSRoleDefinition())); }
/// <summary> /// Filters the existing role Definitions by CustomRole. /// </summary> /// <returns>The custom role Definitions</returns> public IEnumerable <PSRoleDefinition> FilterRoleDefinitionsByCustom(string scope, ulong first = ulong.MaxValue, ulong skip = 0) { var odataQuery = new Rest.Azure.OData.ODataQuery <RoleDefinitionFilter>(filter => filter.Type == AuthorizationClientExtensions.CustomRole); return(AuthorizationManagementClient.RoleDefinitions.List(scope, odataQuery: odataQuery) .Select(r => r.ToPSRoleDefinition())); }
public override void ExecuteCmdlet() { ExecutionBlock(() => { if (ObjectId != Guid.Empty) { WriteObject(ActiveDirectoryClient.GetApplication(ObjectId.ToString())); } else { Rest.Azure.OData.ODataQuery <Application> odataQueryFilter = new Rest.Azure.OData.ODataQuery <Application>(); if (ApplicationId != Guid.Empty) { string appId = ApplicationId.ToString(); odataQueryFilter = new Rest.Azure.OData.ODataQuery <Application>(a => a.AppId == appId); } else if (!string.IsNullOrEmpty(DisplayNameStartWith)) { odataQueryFilter = new Rest.Azure.OData.ODataQuery <Application>(a => a.DisplayName.StartsWith(DisplayNameStartWith)); } else if (!string.IsNullOrEmpty(IdentifierUri)) { odataQueryFilter = new Rest.Azure.OData.ODataQuery <Application>(a => a.IdentifierUris.Contains(IdentifierUri)); } WriteObject(ActiveDirectoryClient.GetApplicationWithFilters(odataQueryFilter), enumerateCollection: true); } }); }
private PSKeyVaultRoleAssignment[] FilterAssignments(PSKeyVaultRoleAssignment[] assignments) { if (!string.IsNullOrEmpty(RoleDefinitionName)) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); RoleDefinitionId = definition?.Id; } if (!string.IsNullOrEmpty(SignInName)) { var filter = new ADObjectFilterOptions() { UPN = SignInName }; var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault(); ObjectId = user?.Id.ToString(); } if (!string.IsNullOrEmpty(ApplicationId)) { var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase)); var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault(); ObjectId = app?.ObjectId.ToString(); } if (!string.IsNullOrEmpty(RoleDefinitionId)) { assignments = assignments.Where(assignment => string.Equals(assignment.RoleDefinitionId, RoleDefinitionId, StringComparison.OrdinalIgnoreCase)).ToArray(); } if (!string.IsNullOrEmpty(ObjectId)) { assignments = assignments.Where(assignment => string.Equals(assignment.PrincipalId, ObjectId, StringComparison.OrdinalIgnoreCase)).ToArray(); } return(assignments); }
/// <summary> /// Assign owner role to Blueprint RP (so that we can do deployments) /// </summary> /// <param name="subscriptionId"></param> /// <param name="spnObjectId"></param> protected void AssignOwnerPermission(string subscriptionId, string spnObjectId) { string scope = string.Format(BlueprintConstants.SubscriptionScope, subscriptionId); var filter = new Rest.Azure.OData.ODataQuery<RoleAssignmentFilter>(); filter.SetFilter(a => a.AssignedTo(spnObjectId)); var roleAssignmentList = AuthorizationManagementClient.RoleAssignments.ListForScopeAsync(scope, filter).GetAwaiter().GetResult(); var roleAssignment = roleAssignmentList? .Where(ra => ra.Id.EndsWith(BlueprintConstants.OwnerRoleDefinitionId)) .FirstOrDefault(); if (roleAssignment != null) return; var roleAssignmentParams = new RoleAssignmentProperties( roleDefinitionId: BlueprintConstants.OwnerRoleDefinitionId, principalId: spnObjectId); try { AuthorizationManagementClient.RoleAssignments.CreateAsync(scope: scope, roleAssignmentName: Guid.NewGuid().ToString(), parameters: new RoleAssignmentCreateParameters(roleAssignmentParams)) .GetAwaiter().GetResult(); } catch (Exception ex) { // ignore if it already exists if (ex is CloudException cex && cex.Response.StatusCode != HttpStatusCode.Conflict) { throw; } } }
public virtual IEnumerable <PSResource> ListResources(Rest.Azure.OData.ODataQuery <GenericResourceFilter> filter = null, ulong first = ulong.MaxValue, ulong skip = ulong.MinValue) { return(new GenericPageEnumerable <GenericResource>( delegate() { return ResourceManagementClient.Resources.List(filter); }, ResourceManagementClient.Resources.ListNext, first, skip).Select(r => new PSResource(r))); }
public IEnumerable <PSADApplication> GetApplicationWithFilters(Rest.Azure.OData.ODataQuery <Application> odataQueryFilter, ulong first = ulong.MaxValue, ulong skip = 0) { return(new GenericPageEnumerable <Application>( delegate() { return GraphClient.Applications.List(odataQueryFilter); }, GraphClient.Applications.ListNext, first, skip).Select(a => a.ToPSADApplication())); }
public IEnumerable <PSADServicePrincipal> FilterServicePrincipals(Rest.Azure.OData.ODataQuery <ServicePrincipal> odataQuery, ulong first = ulong.MaxValue, ulong skip = 0) { return(new GenericPageEnumerable <ServicePrincipal>( delegate() { return GraphClient.ServicePrincipals.List(odataQuery); }, GraphClient.ServicePrincipals.ListNext, first, skip).Select(s => s.ToPSADServicePrincipal())); }
public IEnumerable <PSADServicePrincipal> FilterServicePrincipals(Rest.Azure.OData.ODataQuery <MicrosoftGraphServicePrincipal> odataQuery, int first = int.MaxValue, int skip = 0) { var response = GraphClient.ServicePrincipals.ListServicePrincipal( consistencyLevel: "eventual", filter: OdataHelper.GetFilterString(odataQuery) ); return(response.Value.Select(s => s.ToPSADServicePrincipal())); }
public IEnumerable <PSADUser> FilterUsers(ADObjectFilterOptions options, ulong first = ulong.MaxValue, ulong skip = 0) { if (!string.IsNullOrEmpty(options.Id)) { User user = null; try { user = GraphClient.Users.Get(Normalize(options.Id)); } catch { /* The user does not exist, ignore the exception. */ } if (user != null) { return(new List <PSADUser> { user.ToPSADUser() }); } } else if (!string.IsNullOrEmpty(options.UPN) || !string.IsNullOrEmpty(options.Mail)) { IPage <User> result = null; try { string upnOrMail = Normalize(options.UPN) ?? Normalize(options.Mail); var odataQuery = new Rest.Azure.OData.ODataQuery <User>(u => u.UserPrincipalName == upnOrMail); result = GraphClient.Users.List(odataQuery); } catch { /* The user does not exist, ignore the exception. */ } if (result != null) { return(result.Select(u => u.ToPSADUser())); } } else { Rest.Azure.OData.ODataQuery <User> odataQuery = null; if (!string.IsNullOrEmpty(options.SearchString) && options.SearchString.EndsWith("*")) { options.SearchString = options.SearchString.TrimEnd('*'); odataQuery = new Rest.Azure.OData.ODataQuery <User>(u => u.DisplayName.StartsWith(options.SearchString)); } else { odataQuery = new Rest.Azure.OData.ODataQuery <User>(u => u.DisplayName == options.SearchString); } return(new GenericPageEnumerable <User>( delegate() { return GraphClient.Users.List(odataQuery.ToString()); }, GraphClient.Users.ListNext, first, skip).Select(u => u.ToPSADUser())); } return(new List <PSADUser>()); }
private string GetRoleAssignmentNameFromFilterParameters() { // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var filter = new ADObjectFilterOptions() { UPN = SignInName }; var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault(); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id.ToString(); } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase)); var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault(); if (app == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = app.ObjectId.ToString(); } var roleAssignment = Track2DataClient.GetHsmRoleAssignments(HsmName, Scope) .FirstOrDefault(assignment => string.Equals(assignment.PrincipalId, ObjectId) && string.Equals(assignment.RoleDefinitionId, RoleDefinitionId)); if (roleAssignment == null) { throw new Exception(Resources.RoleAssignmentNotFound); } else { return(roleAssignment.Name); } }
private IEnumerable <PSKeyVaultIdentityItem> ListByResourceGroup( string resourceGroupName, Rest.Azure.OData.ODataQuery <GenericResourceFilter> filter, ulong first = ulong.MaxValue, ulong skip = ulong.MinValue) { IResourceManagementClient armClient = ResourceClient; return(new GenericPageEnumerable <GenericResource>(() => armClient.ResourceGroups.ListResources(resourceGroupName, filter), armClient.ResourceGroups.ListResourcesNext, first, skip).Select(r => new PSKeyVaultIdentityItem(r))); }
public virtual IEnumerable <PSKeyVaultIdentityItem> ListResources(Rest.Azure.OData.ODataQuery <GenericResourceFilter> filter = null, ulong first = ulong.MaxValue, ulong skip = ulong.MinValue) { IResourceManagementClient armClient = this.ResourceClient; return(new GenericPageEnumerable <GenericResource>( delegate() { return armClient.Resources.List(filter); }, armClient.Resources.ListNext, first, skip).Select(r => new PSKeyVaultIdentityItem(r))); }
public virtual Rest.Azure.IPage <GenericResource> ListResources( Rest.Azure.OData.ODataQuery <GenericResourceFilter> filter = null, string NextPageLink = null) { IResourceManagementClient armClient = ResourceClient; return(string.IsNullOrEmpty(NextPageLink) ? armClient.Resources.List(filter) : armClient.Resources.ListNext(NextPageLink)); }
/// <summary> /// Filters the existing role Definitions. /// If scopeAndBelow is true, Will fetch Roledefinitions with scopeAndBelow and provided name. /// Otherwise will fetch Roledefinitions with provided name /// </summary> /// <param name="name">The role name</param> /// <returns>The matched role Definitions</returns> public IEnumerable <PSRoleDefinition> FilterRoleDefinitions(string name, string scope, ulong first = ulong.MaxValue, ulong skip = 0) { Rest.Azure.OData.ODataQuery <RoleDefinitionFilter> odataFilter = new Rest.Azure.OData.ODataQuery <RoleDefinitionFilter>(item => item.RoleName == name); return(new GenericPageEnumerable <RoleDefinition>( delegate() { return AuthorizationManagementClient.RoleDefinitions.List(scope, odataFilter); }, AuthorizationManagementClient.RoleDefinitions.ListNext, first, skip) .Select(r => r.ToPSRoleDefinition())); }
private void RunSimpleCmdlet() { if (this.IsParameterBound(c => c.Tag)) { this.TagName = TagsHelper.GetTagNameFromParameters(this.Tag, null); this.TagValue = TagsHelper.GetTagValueFromParameters(this.Tag, null); } var expression = QueryFilterBuilder.CreateFilter( subscriptionId: null, resourceGroup: null, resourceType: this.ResourceType, resourceName: null, tagName: null, tagValue: null, filter: this.ODataQuery); var odataQuery = new Rest.Azure.OData.ODataQuery <GenericResourceFilter>(expression); var result = Enumerable.Empty <PSResource>(); if (!ShouldListBySubscription(ResourceGroupName, Name)) { result = this.ResourceManagerSdkClient.ListByResourceGroup(this.ResourceGroupName, odataQuery); } else { result = this.ResourceManagerSdkClient.ListResources(odataQuery); } result = TopLevelWildcardFilter(ResourceGroupName, Name, result); if (!string.IsNullOrEmpty(this.TagName) && !string.IsNullOrEmpty(this.TagValue)) { result = result.Where(r => r.Tags != null && r.Tags.Keys != null && r.Tags.Keys.Where(k => string.Equals(k, this.TagName, StringComparison.OrdinalIgnoreCase)) .Any(k => string.Equals(r.Tags[k], this.TagValue, StringComparison.OrdinalIgnoreCase))); } else if (!string.IsNullOrEmpty(this.TagName)) { result = result.Where(r => r.Tags != null && r.Tags.Keys != null && r.Tags.Keys.Where(k => string.Equals(k, this.TagName, StringComparison.OrdinalIgnoreCase)) .Any()); } else if (!string.IsNullOrEmpty(this.TagValue)) { result = result.Where(r => r.Tags != null && r.Tags.Values != null && r.Tags.Values.Where(v => string.Equals(v, this.TagValue, StringComparison.OrdinalIgnoreCase)) .Any()); } WriteObject(result, true); }
/// <summary> /// Filters deny assignments based on the passed options. /// </summary> /// <param name="options">The filtering options</param> /// <param name="currentSubscription">The current subscription</param> /// <returns>The filtered deny assignments</returns> public List <PSDenyAssignment> FilterDenyAssignments(FilterDenyAssignmentsOptions options, string currentSubscription) { var result = new List <PSDenyAssignment>(); string principalId = null; PSADObject adObject = null; Rest.Azure.OData.ODataQuery <DenyAssignmentFilter> odataQuery = null; if (options.DenyAssignmentId != Guid.Empty) { var scope = !string.IsNullOrEmpty(options.Scope) ? options.Scope : AuthorizationHelper.GetSubscriptionScope(currentSubscription); return(new List <PSDenyAssignment> { AuthorizationManagementClient.DenyAssignments.Get(scope, options.DenyAssignmentId.ToString()) .ToPSDenyAssignment(ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals) }); } if (!string.IsNullOrEmpty(options.DenyAssignmentName)) { odataQuery = new Rest.Azure.OData.ODataQuery <DenyAssignmentFilter>(item => item.DenyAssignmentName == options.DenyAssignmentName); } else if (options.ADObjectFilter.HasFilter) { if (string.IsNullOrEmpty(options.ADObjectFilter.Id) || options.ExpandPrincipalGroups) { adObject = ActiveDirectoryClient.GetADObject(options.ADObjectFilter); if (adObject == null) { throw new KeyNotFoundException(ProjectResources.PrincipalNotFound); } } // Filter first by principal if (options.ExpandPrincipalGroups) { if (!(adObject is PSADUser)) { throw new InvalidOperationException(ProjectResources.ExpandGroupsNotSupported); } principalId = adObject.Id.ToString(); odataQuery = new Rest.Azure.OData.ODataQuery <DenyAssignmentFilter>(f => f.AssignedTo(principalId)); } else { principalId = string.IsNullOrEmpty(options.ADObjectFilter.Id) ? adObject.Id.ToString() : options.ADObjectFilter.Id; odataQuery = new Rest.Azure.OData.ODataQuery <DenyAssignmentFilter>(f => f.PrincipalId == principalId); } } result.AddRange(this.FilterDenyAssignmentsByScope(options, odataQuery, currentSubscription)); return(result); }
public static (string, string) GetDetailsFromADObjectId(string objectId, ActiveDirectoryClient adClient) { var displayName = ""; var upnOrSpn = ""; var objectType = "Unknown"; if (adClient == null || string.IsNullOrWhiteSpace(objectId)) { return(displayName, objectType); } try { var obj = adClient.GetObjectsByObjectId(new List <string> { objectId }).FirstOrDefault(); if (obj != null) { if (obj.Type.Equals("user", StringComparison.InvariantCultureIgnoreCase)) { var user = adClient.FilterUsers(new ADObjectFilterOptions { Id = objectId }).FirstOrDefault(); displayName = user.DisplayName; upnOrSpn = user.UserPrincipalName; objectType = "User"; } else if (obj.Type.Equals("serviceprincipal", StringComparison.InvariantCultureIgnoreCase)) { var odataQuery = new Rest.Azure.OData.ODataQuery <Graph.RBAC.Version1_6.Models.ServicePrincipal>(s => s.ObjectId == objectId); var servicePrincipal = adClient.FilterServicePrincipals(odataQuery).FirstOrDefault(); displayName = servicePrincipal.DisplayName; upnOrSpn = servicePrincipal.ServicePrincipalNames.FirstOrDefault(); objectType = "Service Principal"; } else if (obj.Type.Equals("group", StringComparison.InvariantCultureIgnoreCase)) { var group = adClient.FilterGroups(new ADObjectFilterOptions { Id = objectId }).FirstOrDefault(); displayName = group.DisplayName; objectType = "Group"; } } } catch { // Error occurred. Don't get the friendly name } return( displayName + (!string.IsNullOrWhiteSpace(upnOrSpn) ? (" (" + upnOrSpn + ")") : ""), objectType ); }
private Rest.Azure.IPage <GenericResource> ListByResourceGroup( string resourceGroupName, Rest.Azure.OData.ODataQuery <GenericResourceFilter> filter = null, string NextPageLink = null) { IResourceManagementClient armClient = ResourceClient; return(string.IsNullOrEmpty(NextPageLink) ? armClient.ResourceGroups.ListResources(resourceGroupName, filter) : armClient.ResourceGroups.ListResourcesNext(NextPageLink)); }
public string GetObjectIdFromApplicationId(string applicationId) { var odataQueryFilter = new Rest.Azure.OData.ODataQuery <Application>(a => a.AppId == applicationId); var app = GetApplicationWithFilters(odataQueryFilter).SingleOrDefault(); if (app == null) { throw new InvalidOperationException(String.Format(ProjectResources.ApplicationWithAppIdDoesntExist, applicationId)); } return(app.ObjectId.ToString()); }
public override void ExecuteCmdlet() { ExecutionBlock(() => { var sp = InputObject; if (sp == null) { IEnumerable <PSADServicePrincipal> result = null; if (this.IsParameterBound(c => c.ApplicationId)) { var appId = ApplicationId.ToString(); Rest.Azure.OData.ODataQuery <ServicePrincipal> odataQuery = new Rest.Azure.OData.ODataQuery <ServicePrincipal>(s => s.AppId == appId); result = ActiveDirectoryClient.FilterServicePrincipals(odataQuery); } else { ADObjectFilterOptions options = new ADObjectFilterOptions() { SPN = ServicePrincipalName, Id = ObjectId }; result = ActiveDirectoryClient.FilterServicePrincipals(options); } if (result == null) { throw new InvalidOperationException("ServicePrincipal does not exist."); } sp = result.FirstOrDefault(); } // Get AppObjectId var applicationObjectId = GetObjectIdFromApplicationId(sp.ApplicationId.ToString()); ApplicationUpdateParameters parameters = new ApplicationUpdateParameters() { DisplayName = DisplayName, Homepage = Homepage, IdentifierUris = (IdentifierUri == null) ? new string[] { } : IdentifierUri, KeyCredentials = KeyCredential, PasswordCredentials = PasswordCredential }; if (ShouldProcess(target: sp.Id, action: string.Format("Updating properties on application associated with a service principal with object id '{0}'", sp.Id))) { ActiveDirectoryClient.UpdateApplication(applicationObjectId, parameters); WriteObject(ActiveDirectoryClient.FilterServicePrincipals(new ADObjectFilterOptions() { Id = applicationObjectId }).FirstOrDefault()); } }); }
private string GetObjectIdFromApplicationId(string applicationId) { var odataQueryFilter = new Rest.Azure.OData.ODataQuery <Application>(a => a.AppId == applicationId); var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQueryFilter).SingleOrDefault(); if (app == null) { throw new InvalidOperationException(String.Format("Application with AppId '{0}' does not exist.", applicationId)); } return(app.ObjectId); }
public Guid GetObjectIdFromUPN(string upn) { var odataQueryFilter = new Rest.Azure.OData.ODataQuery <User>(s => s.UserPrincipalName == upn); var user = GraphClient.Users.List(odataQueryFilter.ToString()).SingleOrDefault(); if (user == null) { throw new InvalidOperationException(String.Format(ProjectResources.UserWithUPNDoesntExist, upn)); } return(new Guid(user.ObjectId)); }
public override void ExecuteCmdlet() { // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var filter = new ADObjectFilterOptions() { UPN = SignInName }; var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault(); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id.ToString(); } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase)); var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault(); if (app == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = app.ObjectId.ToString(); } base.ConfirmAction( string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope), HsmName, () => { PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId); GetAssignmentDetails(roleAssignment, HsmName, Scope); WriteObject(roleAssignment); }); }
// Temporary until this code has moved into ActiveDirectoryClient. private static string GetObjectIdFromUPN(ActiveDirectoryClient activeDirectoryClient, string upn) { var odataQueryFilter = new Rest.Azure.OData.ODataQuery <User>(s => s.UserPrincipalName == upn); var user = activeDirectoryClient.GraphClient.Users.List(odataQueryFilter.ToString()).SingleOrDefault(); if (user == null) { throw new InvalidOperationException(String.Format("User with UPN '{0}' does not exist.", upn)); } return(user.ObjectId); }
/// <summary> /// Gets the integration account maps by resource group name. /// </summary> /// <param name="resourceGroupName">The integration account resource group name.</param> /// <param name="integrationAccountName">The integration account name.</param> /// <param name="mapType">The map type to filter by.</param> /// <returns>List of integration account maps.</returns> public IPage <IntegrationAccountMap> ListIntegrationAccountMaps(string resourceGroupName, string integrationAccountName, string mapType) { var filter = new Rest.Azure.OData.ODataQuery <IntegrationAccountMapFilter>(); if (!string.IsNullOrWhiteSpace(mapType)) { filter.Filter = $"MapType eq '{mapType}'"; } filter.Top = 1000; return(this.LogicManagementClient.IntegrationAccountMaps.List(resourceGroupName, integrationAccountName, filter)); }
public Guid GetObjectIdFromSPN(string spn) { var odataQueryFilter = new Rest.Azure.OData.ODataQuery <ServicePrincipal>(s => s.ServicePrincipalNames.Contains(spn)); var sp = GraphClient.ServicePrincipals.List(odataQueryFilter.ToString()).SingleOrDefault(); if (sp == null) { throw new InvalidOperationException(String.Format(ProjectResources.ServicePrincipalWithSPNDoesntExist, spn)); } return(new Guid(sp.ObjectId)); }
public override void ExecuteCmdlet() { ExecutionBlock(() => { PSADServicePrincipal servicePrincipal = null; if (this.IsParameterBound(c => c.InputObject)) { ObjectId = InputObject.Id; } if (!this.IsParameterBound(c => c.ObjectId) && ObjectId != Guid.Empty) { IEnumerable <PSADServicePrincipal> result = null; if (this.IsParameterBound(c => c.ApplicationId) || this.IsParameterBound(c => c.ApplicationObject)) { var appId = ApplicationObject == null ? ApplicationId.ToString() : ApplicationObject.ApplicationId.ToString(); Rest.Azure.OData.ODataQuery <ServicePrincipal> odataQuery = new Rest.Azure.OData.ODataQuery <ServicePrincipal>(s => s.AppId == appId); result = ActiveDirectoryClient.FilterServicePrincipals(odataQuery); } else if (this.IsParameterBound(c => c.ServicePrincipalName) || this.IsParameterBound(c => c.DisplayName)) { ADObjectFilterOptions options = new ADObjectFilterOptions() { SPN = ServicePrincipalName, SearchString = DisplayName }; result = ActiveDirectoryClient.FilterServicePrincipals(options); } if (result == null) { throw new ArgumentException(string.Format("Could not find a service principal with the name {0}.", ServicePrincipalName)); } ObjectId = result.Select(s => s.Id).FirstOrDefault(); } ConfirmAction( Force.IsPresent, string.Format(ProjectResources.RemovingServicePrincipal, ObjectId), ProjectResources.RemoveServicePrincipal, ObjectId.ToString(), () => servicePrincipal = ActiveDirectoryClient.RemoveServicePrincipal(ObjectId)); if (PassThru) { WriteObject(servicePrincipal); } }); }
public PSADServicePrincipal GetServicePrincipalBySPN(string spn) { PSADServicePrincipal servicePrincipal = null; try { var odataQuery = new Rest.Azure.OData.ODataQuery <ServicePrincipal>(s => s.ServicePrincipalNames.Contains(spn)); servicePrincipal = GraphClient.ServicePrincipals.List(odataQuery.ToString()).FirstOrDefault()?.ToPSADServicePrincipal(); } catch { /* The service principal does not exist, ignore the exception. */ } return(servicePrincipal); }
public List<PSADGroup> FilterGroups(ADObjectFilterOptions options) { List<PSADGroup> groups = new List<PSADGroup>(); ADGroup group = null; if (!string.IsNullOrEmpty(options.Id)) { try { group = GraphClient.Groups.Get(options.Id); } catch { /* The group does not exist, ignore the exception */ } if (group != null) { groups.Add(group.ToPSADGroup()); } } else { Rest.Azure.IPage<ADGroup> result = null; Rest.Azure.OData.ODataQuery<ADGroup> odataQuery = null; if (options.Paging) { if (string.IsNullOrEmpty(options.NextLink)) { if (options.Mail != null) { odataQuery = new Rest.Azure.OData.ODataQuery<ADGroup>(g => g.Mail == options.Mail); } else { odataQuery = new Rest.Azure.OData.ODataQuery<ADGroup>(g => g.DisplayName.StartsWith(options.SearchString)); } result = GraphClient.Groups.List(odataQuery); } else { result = GraphClient.Groups.ListNext(options.NextLink); } groups.AddRange(result.Select(g => g.ToPSADGroup())); options.NextLink = result.NextPageLink; } else { if (options.Mail != null) { odataQuery = new Rest.Azure.OData.ODataQuery<ADGroup>(g => g.Mail == options.Mail); } else { odataQuery = new Rest.Azure.OData.ODataQuery<ADGroup>(g => g.DisplayName.StartsWith(options.SearchString)); } result = GraphClient.Groups.List(odataQuery); groups.AddRange(result.Select(g => g.ToPSADGroup())); while (!string.IsNullOrEmpty(result.NextPageLink)) { result = GraphClient.Groups.ListNext(result.NextPageLink); groups.AddRange(result.Select(g => g.ToPSADGroup())); } } } return groups; }
public List<PSADGroup> FilterGroups(ADObjectFilterOptions options) { List<PSADGroup> groups = new List<PSADGroup>(); if (!string.IsNullOrEmpty(options.Id)) { try { // use GetObjectsByObjectId to handle Redirects in the CSP scenario PSADGroup group = this.GetObjectsByObjectId(new List<string> { options.Id }).FirstOrDefault() as PSADGroup; if (group != null) { groups.Add(group); } } catch { /* The group does not exist, ignore the exception */ } } else { Rest.Azure.IPage<ADGroup> result = null; Rest.Azure.OData.ODataQuery<ADGroup> odataQuery = null; if (options.Paging) { if (string.IsNullOrEmpty(options.NextLink)) { if (options.Mail != null) { odataQuery = new Rest.Azure.OData.ODataQuery<ADGroup>(g => g.Mail == options.Mail); } else { odataQuery = new Rest.Azure.OData.ODataQuery<ADGroup>(g => g.DisplayName.StartsWith(options.SearchString)); } result = GraphClient.Groups.List(odataQuery); } else { result = GraphClient.Groups.ListNext(options.NextLink); } groups.AddRange(result.Select(g => g.ToPSADGroup())); options.NextLink = result.NextPageLink; } else { if (options.Mail != null) { odataQuery = new Rest.Azure.OData.ODataQuery<ADGroup>(g => g.Mail == options.Mail); } else { odataQuery = new Rest.Azure.OData.ODataQuery<ADGroup>(g => g.DisplayName.StartsWith(options.SearchString)); } result = GraphClient.Groups.List(odataQuery); groups.AddRange(result.Select(g => g.ToPSADGroup())); while (!string.IsNullOrEmpty(result.NextPageLink)) { result = GraphClient.Groups.ListNext(result.NextPageLink); groups.AddRange(result.Select(g => g.ToPSADGroup())); } } } return groups; }
public string GetObjectIdFromApplicationId(string applicationId) { var odataQueryFilter = new Rest.Azure.OData.ODataQuery<Application>(a => a.AppId == applicationId); var app = GetApplicationWithFilters(odataQueryFilter).SingleOrDefault(); if (app == null) { throw new InvalidOperationException(String.Format(ProjectResources.ApplicationWithAppIdDoesntExist, applicationId)); } return app.ObjectId.ToString(); }
public string GetObjectIdFromSPN(string spn) { var odataQueryFilter = new Rest.Azure.OData.ODataQuery<ServicePrincipal>(s => s.ServicePrincipalNames.Contains(spn)); var sp = GraphClient.ServicePrincipals.List(odataQueryFilter).SingleOrDefault(); if (sp == null) { throw new InvalidOperationException(String.Format(ProjectResources.ServicePrincipalWithSPNDoesntExist, spn)); } return sp.ObjectId; }