public IList <AzureTenant> ListAccountTenants(IAccessToken accessToken, IAzureEnvironment environment)
{
List <AzureTenant> result = new List <AzureTenant>();
SubscriptionClient subscriptionClient = null;
try
{
subscriptionClient = AzureSession.Instance.ClientFactory.CreateCustomArmClient <SubscriptionClient>(
environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ResourceManager),
new TokenCredentials(accessToken.AccessToken) as ServiceClientCredentials,
AzureSession.Instance.ClientFactory.GetCustomHandlers());
var tenants = new GenericPageEnumerable <TenantIdDescription>(subscriptionClient.Tenants.List, subscriptionClient.Tenants.ListNext, ulong.MaxValue, 0).ToList();
if (tenants != null)
{
result = new List <AzureTenant>();
tenants.ForEach((t) =>
{
result.Add(t.ToAzureTenant(accessToken));
});
}
}
finally
{
// In test mode, we are reusing the client since disposing of it will
// fail some tests (due to HttpClient being null)
if (subscriptionClient != null && !TestMockSupport.RunningMocked)
{
subscriptionClient.Dispose();
}
}
return(result);
}
/// <summary>
/// Filters role assignments based on the passed options.
/// </summary>
/// <param name="options">The filtering options</param>
/// <param name="currentSubscription">The current subscription</param>
/// <returns>The filtered role assignments</returns>
public List <PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions options, string currentSubscription, ulong first = ulong.MaxValue, ulong skip = 0)
{
List <PSRoleAssignment> result = new List <PSRoleAssignment>();
string principalId = null;
PSADObject adObject = null;
var odataQuery = new Rest.Azure.OData.ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == principalId);
if (options.ADObjectFilter.HasFilter)
{
if (string.IsNullOrEmpty(options.ADObjectFilter.Id) || options.ExpandPrincipalGroups || options.IncludeClassicAdministrators)
{
adObject = ActiveDirectoryClient.GetADObject(options.ADObjectFilter);
if (adObject == null)
{
throw new KeyNotFoundException(ProjectResources.PrincipalNotFound);
}
}
// Filter first by principal
if (options.ExpandPrincipalGroups)
{
if (!(adObject is PSADUser))
{
throw new InvalidOperationException(ProjectResources.ExpandGroupsNotSupported);
}
principalId = adObject.Id.ToString();
}
else
{
principalId = string.IsNullOrEmpty(options.ADObjectFilter.Id) ? adObject.Id.ToString() : options.ADObjectFilter.Id;
}
odataQuery = new Rest.Azure.OData.ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == principalId);
if (!string.IsNullOrEmpty(options.Scope))
{
var tempResult = new GenericPageEnumerable <RoleAssignment>(
delegate()
{
return(AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, odataQuery));
}, AuthorizationManagementClient.RoleAssignments.ListForScopeNext, first, skip);
result.AddRange(tempResult
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals));
}
else
{
var tempResult = new GenericPageEnumerable <RoleAssignment>(
delegate()
{
return(AuthorizationManagementClient.RoleAssignments.List(odataQuery));
}, AuthorizationManagementClient.RoleAssignments.ListNext, first, skip);
result.AddRange(tempResult
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, AuthorizationHelper.GetSubscriptionScope(currentSubscription), options.ExcludeAssignmentsForDeletedPrincipals));
}
// Filter out by scope
if (!string.IsNullOrEmpty(options.Scope))
{
result.RemoveAll(r => !options.Scope.StartsWith(r.Scope, StringComparison.OrdinalIgnoreCase));
}
}
else if (!string.IsNullOrEmpty(options.Scope))
{
// Filter by scope and above directly
var tempResult = new GenericPageEnumerable <RoleAssignment>(
delegate()
{
return(AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, odataQuery));
}, AuthorizationManagementClient.RoleAssignments.ListForScopeNext, first, skip);
result.AddRange(tempResult
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals));
}
else
{
var tempResult = new GenericPageEnumerable <RoleAssignment>(
delegate()
{
return(AuthorizationManagementClient.RoleAssignments.List(odataQuery));
}, AuthorizationManagementClient.RoleAssignments.ListNext, first, skip);
result.AddRange(tempResult
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, AuthorizationHelper.GetSubscriptionScope(currentSubscription), options.ExcludeAssignmentsForDeletedPrincipals));
}
if (!string.IsNullOrEmpty(options.RoleDefinitionName))
{
result = result.Where(r => r.RoleDefinitionName.Equals(options.RoleDefinitionName, StringComparison.OrdinalIgnoreCase)).ToList();
}
if (options.IncludeClassicAdministrators)
{
// Get classic administrator access assignments
List <ClassicAdministrator> classicAdministrators = AuthorizationManagementClient.ClassicAdministrators
.List().ToList();
List <PSRoleAssignment> classicAdministratorsAssignments = classicAdministrators.Select(a => a.ToPSRoleAssignment(currentSubscription)).ToList();
// Filter by principal if provided
if (options.ADObjectFilter.HasFilter)
{
if (!(adObject is PSADUser))
{
throw new InvalidOperationException(ProjectResources.IncludeClassicAdminsNotSupported);
}
var userObject = adObject as PSADUser;
classicAdministratorsAssignments = classicAdministratorsAssignments.Where(c =>
c.DisplayName.Equals(userObject.UserPrincipalName, StringComparison.OrdinalIgnoreCase)).ToList();
}
result.AddRange(classicAdministratorsAssignments);
}
return(result);
}