public override void ExecuteCmdlet() { FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinition = RoleDefinitionName, ADObjectFilter = new ADObjectFilterOptions { Mail = Mail, UPN = UserPrincipalName, SPN = ServicePrincipalName, Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(), }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : CurrentContext.Subscription.Id.ToString() } }; WriteObject(PoliciesClient.FilterRoleAssignments(options), true); }
public override void ExecuteCmdlet() { FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, SPN = ApplicationId, Id = ObjectId, }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.DefaultContext.Subscription.Id, }, CanDelegate = AllowDelegation.IsPresent ? true : false, }; AuthorizationClient.ValidateScope(parameters.Scope, false); WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId)); }
public override void ExecuteCmdlet() { FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, SPN = ServicePrincipalName, Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(), }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString() }, ExpandPrincipalGroups = ExpandPrincipalGroups.IsPresent, IncludeClassicAdministrators = IncludeClassicAdministrators.IsPresent, ExcludeAssignmentsForDeletedPrincipals = true }; AuthorizationClient.ValidateScope(options.Scope, true); List <PSRoleAssignment> ra = PoliciesClient.FilterRoleAssignments(options, DefaultProfile.DefaultContext.Subscription.Id.ToString()); WriteObject(ra, enumerateCollection: true); }
protected override void ProcessRecord() { FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinition = RoleDefinitionName, ADObjectFilter = new ADObjectFilterOptions { SignInName = SignInName, SPN = ServicePrincipalName, Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(), }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.Context.Subscription.Id.ToString() }, ExpandPrincipalGroups = ExpandPrincipalGroups.IsPresent, IncludeClassicAdministrators = IncludeClassicAdministrators.IsPresent, ExcludeAssignmentsForDeletedPrincipals = true }; WriteObject(PoliciesClient.FilterRoleAssignments(options, DefaultProfile.Context.Subscription.Id.ToString()), enumerateCollection: true); }
public override void ExecuteCmdlet() { FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { SignInName = SignInName, SPN = ServicePrincipalName, Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(), }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.Context.Subscription.Id.ToString(), } }; WriteObject(PoliciesClient.CreateRoleAssignment(parameters)); }
public override void ExecuteCmdlet() { MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this); IEnumerable<PSRoleAssignment> roleAssignments = null; if (this.IsParameterBound(c => c.InputObject)) { Scope = InputObject.Scope; ObjectId = InputObject.ObjectId; RoleDefinitionName = InputObject.RoleDefinitionName; } FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, Id = ObjectId, SPN = ServicePrincipalName }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.DefaultContext.Subscription.Id }, // we should never expand principal groups in the Delete scenario ExpandPrincipalGroups = false, // never include classic administrators in the Delete scenario IncludeClassicAdministrators = false }; AuthorizationClient.ValidateScope(options.Scope, true); ConfirmAction( string.Format(ProjectResources.RemovingRoleAssignment, ObjectId, Scope, RoleDefinitionName), ObjectId, () => { roleAssignments = PoliciesClient.RemoveRoleAssignment(options, DefaultProfile.DefaultContext.Subscription.Id); if (PassThru) { WriteObject(roleAssignments, enumerateCollection: true); } }); }
public override void ExecuteCmdlet() { if (string.IsNullOrEmpty(Condition) ^ string.IsNullOrEmpty(ConditionVersion)) { if (!string.IsNullOrEmpty(Condition)) { ConditionVersion = "2.0"; WriteDebug("-Condition was set but -ConditionVersion was not, defaulting to lowest publicly available version: '2.0'"); } else { WriteExceptionError(new ArgumentException("If -ConditionVersion is set -Condition can not be empty.")); return; } } double _conditionVersion = double.Parse((ConditionVersion ?? "2.0")); if (_conditionVersion < 2.0) { WriteExceptionError(new ArgumentException("Argument -ConditionVersion must be greater or equal than 2.0")); return; } FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, SPN = ApplicationId, Id = ObjectId, }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.DefaultContext.Subscription.Id, }, CanDelegate = AllowDelegation.IsPresent ? true : false, Description = Description, Condition = Condition, ConditionVersion = ConditionVersion, }; AuthorizationClient.ValidateScope(parameters.Scope, false); WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId)); }
public override void ExecuteCmdlet() { IEnumerable <PSRoleAssignment> roleAssignments = null; FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(), SPN = ServicePrincipalName }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.DefaultContext.Subscription.Id.ToString() }, ExcludeAssignmentsForDeletedPrincipals = false, // we should never expand principal groups in the Delete scenario ExpandPrincipalGroups = false, // never include classic administrators in the Delete scenario IncludeClassicAdministrators = false }; AuthorizationClient.ValidateScope(options.Scope, true); ConfirmAction( ProjectResources.RemovingRoleAssignment, string.Empty, () => { roleAssignments = PoliciesClient.RemoveRoleAssignment(options, DefaultProfile.DefaultContext.Subscription.Id.ToString()); if (PassThru) { WriteObject(roleAssignments, enumerateCollection: true); } }); }
protected override void ProcessRecord() { IEnumerable <PSRoleAssignment> roleAssignments = null; FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { SignInName = SignInName, Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(), SPN = ServicePrincipalName }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.Context.Subscription.Id.ToString() }, ExcludeAssignmentsForDeletedPrincipals = false }; ConfirmAction( Force.IsPresent, string.Format(ProjectResources.RemovingRoleAssignment, options.ADObjectFilter.ActiveFilter, options.Scope, options.RoleDefinitionName ?? RoleDefinitionId.ToString()), ProjectResources.RemovingRoleAssignment, null, () => roleAssignments = PoliciesClient.RemoveRoleAssignment(options, DefaultProfile.Context.Subscription.Id.ToString())); if (PassThru) { WriteObject(roleAssignments, enumerateCollection: true); } }
public override void ExecuteCmdlet() { PSRoleAssignment roleAssignment = null; FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinition = RoleDefinitionName, ADObjectFilter = new ADObjectFilterOptions { Mail = Mail, Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(), UPN = UserPrincipalName, SPN = ServicePrincipalName }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = CurrentContext.Subscription.Id.ToString() } }; ConfirmAction( Force.IsPresent, string.Format(ProjectResources.RemovingRoleAssignment, options.ADObjectFilter.ActiveFilter, options.Scope, options.RoleDefinition), ProjectResources.RemovingRoleAssignment, null, () => roleAssignment = PoliciesClient.RemoveRoleAssignment(options)); if (PassThru) { WriteObject(roleAssignment); } }
private void CreateSimpleServicePrincipal() { var subscriptionId = DefaultProfile.DefaultContext.Subscription.Id; if (!this.IsParameterBound(c => c.Scope)) { Scope = string.Format("/subscriptions/{0}", subscriptionId); WriteVerbose(string.Format("No scope provided - using the default scope '{0}'", Scope)); } AuthorizationClient.ValidateScope(Scope, true); if (!this.IsParameterBound(c => c.Role)) { Role = "Contributor"; WriteVerbose(string.Format("No role provided - using the default role '{0}'", Role)); } if (!this.IsParameterBound(c => c.StartDate)) { DateTime currentTime = DateTime.UtcNow; StartDate = currentTime; WriteVerbose("No start date provided - using the current time as default."); } if (!this.IsParameterBound(c => c.EndDate)) { EndDate = StartDate.AddYears(1); WriteVerbose("No end date provided - using the default value of one year after the start date."); } if (!this.IsParameterBound(c => c.DisplayName)) { DisplayName = "azure-powershell-" + StartDate.ToString("MM-dd-yyyy-HH-mm-ss"); WriteVerbose(string.Format("No display name provided - using the default display name of '{0}'", DisplayName)); } var identifierUri = "http://" + DisplayName; // Handle credentials if (!this.IsParameterBound(c => c.Password)) { // If no credentials provided, set the password to a randomly generated GUID Password = Guid.NewGuid().ToString().ConvertToSecureString(); } // Create an application and get the applicationId var passwordCredential = new PSADPasswordCredential() { StartDate = StartDate, EndDate = EndDate, KeyId = Guid.NewGuid(), Password = SecureStringExtensions.ConvertToString(Password) }; if (!this.IsParameterBound(c => c.ApplicationId)) { CreatePSApplicationParameters appParameters = new CreatePSApplicationParameters { DisplayName = DisplayName, IdentifierUris = new[] { identifierUri }, HomePage = identifierUri, PasswordCredentials = new PSADPasswordCredential[] { passwordCredential } }; if (ShouldProcess(target: appParameters.DisplayName, action: string.Format("Adding a new application for with display name '{0}'", appParameters.DisplayName))) { var application = ActiveDirectoryClient.CreateApplication(appParameters); ApplicationId = application.ApplicationId; WriteVerbose(string.Format("No application id provided - created new AD application with application id '{0}'", ApplicationId)); } } CreatePSServicePrincipalParameters createParameters = new CreatePSServicePrincipalParameters { ApplicationId = ApplicationId, AccountEnabled = true, PasswordCredentials = new PSADPasswordCredential[] { passwordCredential } }; if (ShouldProcess(target: createParameters.ApplicationId.ToString(), action: string.Format("Adding a new service principal to be associated with an application having AppId '{0}'", createParameters.ApplicationId))) { var servicePrincipal = ActiveDirectoryClient.CreateServicePrincipal(createParameters); WriteObject(servicePrincipal); if (this.IsParameterBound(c => c.SkipAssignment)) { WriteVerbose("Skipping role assignment for the service principal."); return; } FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = this.Scope, RoleDefinitionName = this.Role, ADObjectFilter = new ADObjectFilterOptions { SPN = servicePrincipal.ApplicationId.ToString(), Id = servicePrincipal.Id.ToString() }, ResourceIdentifier = new ResourceIdentifier() { Subscription = subscriptionId }, CanDelegate = false }; for (var i = 0; i < 6; i++) { try { TestMockSupport.Delay(5000); PoliciesClient.CreateRoleAssignment(parameters); var ra = PoliciesClient.FilterRoleAssignments(parameters, subscriptionId); if (ra != null) { WriteVerbose(string.Format("Role assignment with role '{0}' and scope '{1}' successfully created for the created service principal.", this.Role, this.Scope)); break; } } catch (Exception) { // Do nothing } } } }
public override void ExecuteCmdlet() { MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this); // Build the new Role assignment if (ParameterSetName == ParameterSet.InputFile) { string fileName = this.TryResolvePath(InputFile); if (!(new FileInfo(fileName)).Exists) { throw new PSArgumentException(string.Format("File {0} does not exist", fileName)); } try { InputObject = JsonConvert.DeserializeObject <PSRoleAssignment>(File.ReadAllText(fileName)); } catch (JsonException) { WriteVerbose("Deserializing the input role definition failed."); throw new Exception("Deserializing the input role assignment failed. Please confirm the file is properly formated"); } } // Build the Update Request var Subscription = DefaultProfile.DefaultContext.Subscription.Id; var scope = InputObject.Scope; var RoleAssignmentGUID = InputObject.RoleAssignmentId.GuidFromFullyQualifiedId(); FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = scope, RoleAssignmentId = RoleAssignmentGUID, ResourceIdentifier = new ResourceIdentifier() { Subscription = Subscription, } }; PSRoleAssignment fetchedRole = null; try { fetchedRole = PoliciesClient.FilterRoleAssignments(parameters, Subscription).First(); } catch (Exception) { fetchedRole = InputObject; } // Validate the request AuthorizationClient.ValidateScope(parameters.Scope, false); bool isValidRequest = true; // Check that only Description, Condition and ConditionVersion have been changed, if anything else is changed the whole request fails isValidRequest &= InputObject.RoleAssignmentId.Equals(fetchedRole.RoleAssignmentId); isValidRequest &= InputObject.Scope.Equals(fetchedRole.Scope, StringComparison.OrdinalIgnoreCase); isValidRequest &= InputObject.RoleDefinitionId.Equals(fetchedRole.RoleDefinitionId); isValidRequest &= InputObject.ObjectId.Equals(fetchedRole.ObjectId); isValidRequest &= InputObject.ObjectType.Equals(fetchedRole.ObjectType); isValidRequest &= InputObject.CanDelegate.Equals(fetchedRole.CanDelegate); if (!isValidRequest) { throw new ArgumentException("Changing a property other than 'Description', 'Condition' or 'Condition Version' is currently not supported."); } // If ConditionVersion is changed, validate it's in the allowed values var oldConditionVersion = string.IsNullOrWhiteSpace(fetchedRole.ConditionVersion)? Version.Parse("0.0") : Version.Parse(fetchedRole.ConditionVersion); var newConditionVersion = string.IsNullOrWhiteSpace(InputObject.ConditionVersion) ? Version.Parse("0.0") : Version.Parse(InputObject.ConditionVersion); // A condition version can change but currently we don't support downgrading to 1.0 // we only verify the change if it's a downgrade if ((oldConditionVersion > newConditionVersion) && (newConditionVersion.Major < 2)) { throw new ArgumentException("Condition version different than '2.0' is not supported for update operations"); } fetchedRole.Description = InputObject.Description; fetchedRole.Condition = InputObject.Condition; fetchedRole.ConditionVersion = InputObject.ConditionVersion; // Send Request ConfirmAction( string.Format(ProjectResources.UpdatingRoleAssignment, fetchedRole.RoleAssignmentId, fetchedRole.Scope, fetchedRole.RoleDefinitionName), fetchedRole.RoleAssignmentId, () => { var roleAssignments = PoliciesClient.UpdateRoleAssignment(fetchedRole); if (PassThru) { WriteObject(roleAssignments, enumerateCollection: true); } }); }
public override void ExecuteCmdlet() { MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this); if (ParameterSetName == ParameterSet.InputFile) { string fileName = this.TryResolvePath(InputFile); if (!(new FileInfo(fileName)).Exists) { throw new PSArgumentException(string.Format("File {0} does not exist", fileName)); } try { PSRoleAssignment RoleAssignment = JsonConvert.DeserializeObject <PSRoleAssignment>(File.ReadAllText(fileName)); this.ObjectId = RoleAssignment.ObjectId; this.ObjectType = RoleAssignment.ObjectType; this.ResourceType = RoleAssignment.ObjectType; this.Scope = RoleAssignment.Scope; Guid guid = Guid.Empty; Guid.TryParse(RoleAssignment.RoleDefinitionId, out guid); this.RoleDefinitionId = guid; this.Description = RoleAssignment.Description; this.Condition = RoleAssignment.Condition; this.ConditionVersion = RoleAssignment.ConditionVersion; } catch (JsonException) { WriteVerbose("Deserializing the input role assignment failed."); throw new Exception("Deserializing the input role assignment failed. Please confirm the file is properly formated"); } } if (string.IsNullOrEmpty(Condition) ^ string.IsNullOrEmpty(ConditionVersion)) { if (!string.IsNullOrEmpty(Condition)) { ConditionVersion = "2.0"; WriteDebug("-Condition was set but -ConditionVersion was not, defaulting to lowest publicly available version: '2.0'"); } else { WriteExceptionError(new ArgumentException("If -ConditionVersion is set -Condition can not be empty.")); return; } } // ensure that if ConditionVersion is empty in any way, it becomes null ConditionVersion = string.IsNullOrEmpty(ConditionVersion) ? null : string.IsNullOrWhiteSpace(ConditionVersion) ? null : ConditionVersion; var _conditionVersion = Version.Parse(ConditionVersion ?? "2.0"); if (_conditionVersion.Major < 2) { WriteExceptionError(new ArgumentException("Argument -ConditionVersion must be greater or equal than 2.0")); return; } FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, SPN = ApplicationId, Id = ObjectId, ObjectType = ObjectType, }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.DefaultContext.Subscription.Id, }, CanDelegate = AllowDelegation.IsPresent ? true : false, Description = Description, Condition = Condition, ConditionVersion = ConditionVersion, }; AuthorizationClient.ValidateScope(parameters.Scope, false); WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId)); }
private void CreateSimpleServicePrincipal() { var subscriptionId = DefaultContext.Subscription?.Id; if (!this.IsParameterBound(c => c.StartDate)) { DateTime currentTime = DateTime.UtcNow; StartDate = currentTime; WriteVerbose("No start date provided - using the current time as default."); } if (!this.IsParameterBound(c => c.EndDate)) { EndDate = StartDate.AddYears(1); WriteVerbose(Resources.Properties.Resources.DefaultEndDateUsed); } if (!this.IsParameterBound(c => c.DisplayName)) { DisplayName = "azure-powershell-" + StartDate.ToString("MM-dd-yyyy-HH-mm-ss"); WriteVerbose(string.Format("No display name provided - using the default display name of '{0}'", DisplayName)); } var identifierUri = "http://" + DisplayName; bool printPassword = false; bool printUseExistingSecret = true; // Handle credentials var Password = Guid.NewGuid().ToString().ConvertToSecureString(); // Create an application and get the applicationId if (!this.IsParameterBound(c => c.ApplicationId)) { printUseExistingSecret = false; CreatePSApplicationParameters appParameters = new CreatePSApplicationParameters { DisplayName = DisplayName, IdentifierUris = new[] { identifierUri }, HomePage = identifierUri, PasswordCredentials = new PSADPasswordCredential[] { new PSADPasswordCredential() { StartDate = StartDate, EndDate = EndDate, KeyId = Guid.NewGuid(), Password = SecureStringExtensions.ConvertToString(Password) } } }; if (ShouldProcess(target: appParameters.DisplayName, action: string.Format("Adding a new application for with display name '{0}'", appParameters.DisplayName))) { var application = ActiveDirectoryClient.CreateApplication(appParameters); ApplicationId = application.ApplicationId; WriteVerbose(string.Format("No application id provided - created new AD application with application id '{0}'", ApplicationId)); printPassword = true; } } CreatePSServicePrincipalParameters createParameters = new CreatePSServicePrincipalParameters { ApplicationId = ApplicationId, AccountEnabled = true, }; var shouldProcessMessage = string.Format("Adding a new service principal to be associated with an application " + "having AppId '{0}' with no permissions.", createParameters.ApplicationId); if (!SkipRoleAssignment()) { if (!this.IsParameterBound(c => c.Scope)) { Scope = string.Format("/subscriptions/{0}", subscriptionId); WriteVerbose(string.Format("No scope provided - using the default scope '{0}'", Scope)); } AuthorizationClient.ValidateScope(Scope, true); if (!this.IsParameterBound(c => c.Role)) { Role = "Contributor"; WriteVerbose(string.Format("No role provided - using the default role '{0}'", Role)); } shouldProcessMessage = string.Format("Adding a new service principal to be associated with an application " + "having AppId '{0}' with '{1}' role over scope '{2}'.", createParameters.ApplicationId, this.Role, this.Scope); } if (ShouldProcess(target: createParameters.ApplicationId.ToString(), action: shouldProcessMessage)) { PSADServicePrincipalWrapper servicePrincipal = new PSADServicePrincipalWrapper(ActiveDirectoryClient.CreateServicePrincipal(createParameters)); if (printPassword) { servicePrincipal.Secret = Password; } else if (printUseExistingSecret) { WriteVerbose(String.Format(ProjectResources.ServicePrincipalCreatedWithCredentials, ApplicationId)); } WriteObject(servicePrincipal); if (SkipRoleAssignment()) { WriteVerbose("Skipping role assignment for the service principal."); return; } WriteWarning(string.Format("Assigning role '{0}' over scope '{1}' to the new service principal.", this.Role, this.Scope)); FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = this.Scope, RoleDefinitionName = this.Role, ADObjectFilter = new ADObjectFilterOptions { SPN = servicePrincipal.ApplicationId.ToString(), Id = servicePrincipal.Id.ToString() }, ResourceIdentifier = new ResourceIdentifier() { Subscription = subscriptionId }, CanDelegate = false }; for (var i = 0; i < 6; i++) { try { TestMockSupport.Delay(5000); PoliciesClient.CreateRoleAssignment(parameters); var ra = PoliciesClient.FilterRoleAssignments(parameters, subscriptionId); if (ra != null) { WriteVerbose(string.Format("Role assignment with role '{0}' and scope '{1}' successfully created for the created service principal.", this.Role, this.Scope)); break; } } catch (Exception) { // Do nothing } } } }