public IList <AzureTenant> ListAccountTenants(IAccessToken accessToken, IAzureEnvironment environment)
        {
            List <AzureTenant> result = new List <AzureTenant>();

            SubscriptionClient subscriptionClient = null;

            try
            {
                subscriptionClient = AzureSession.Instance.ClientFactory.CreateCustomArmClient <SubscriptionClient>(
                    environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ResourceManager),
                    new TokenCredentials(accessToken.AccessToken) as ServiceClientCredentials,
                    AzureSession.Instance.ClientFactory.GetCustomHandlers());

                var tenants = new GenericPageEnumerable <TenantIdDescription>(subscriptionClient.Tenants.List, subscriptionClient.Tenants.ListNext, ulong.MaxValue, 0).ToList();
                if (tenants != null)
                {
                    result = new List <AzureTenant>();
                    tenants.ForEach((t) =>
                    {
                        result.Add(t.ToAzureTenant(accessToken));
                    });
                }
            }
            finally
            {
                // In test mode, we are reusing the client since disposing of it will
                // fail some tests (due to HttpClient being null)
                if (subscriptionClient != null && !TestMockSupport.RunningMocked)
                {
                    subscriptionClient.Dispose();
                }
            }

            return(result);
        }
예제 #2
0
        /// <summary>
        /// Filters role assignments based on the passed options.
        /// </summary>
        /// <param name="options">The filtering options</param>
        /// <param name="currentSubscription">The current subscription</param>
        /// <returns>The filtered role assignments</returns>
        public List <PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions options, string currentSubscription, ulong first = ulong.MaxValue, ulong skip = 0)
        {
            List <PSRoleAssignment> result = new List <PSRoleAssignment>();
            string principalId             = null;

            PSADObject adObject   = null;
            var        odataQuery = new Rest.Azure.OData.ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == principalId);

            if (options.ADObjectFilter.HasFilter)
            {
                if (string.IsNullOrEmpty(options.ADObjectFilter.Id) || options.ExpandPrincipalGroups || options.IncludeClassicAdministrators)
                {
                    adObject = ActiveDirectoryClient.GetADObject(options.ADObjectFilter);

                    if (adObject == null)
                    {
                        throw new KeyNotFoundException(ProjectResources.PrincipalNotFound);
                    }
                }

                // Filter first by principal
                if (options.ExpandPrincipalGroups)
                {
                    if (!(adObject is PSADUser))
                    {
                        throw new InvalidOperationException(ProjectResources.ExpandGroupsNotSupported);
                    }

                    principalId = adObject.Id.ToString();
                }
                else
                {
                    principalId = string.IsNullOrEmpty(options.ADObjectFilter.Id) ? adObject.Id.ToString() : options.ADObjectFilter.Id;
                }

                odataQuery = new Rest.Azure.OData.ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == principalId);
                if (!string.IsNullOrEmpty(options.Scope))
                {
                    var tempResult = new GenericPageEnumerable <RoleAssignment>(
                        delegate()
                    {
                        return(AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, odataQuery));
                    }, AuthorizationManagementClient.RoleAssignments.ListForScopeNext, first, skip);
                    result.AddRange(tempResult
                                    .FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
                                    .ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals));
                }
                else
                {
                    var tempResult = new GenericPageEnumerable <RoleAssignment>(
                        delegate()
                    {
                        return(AuthorizationManagementClient.RoleAssignments.List(odataQuery));
                    }, AuthorizationManagementClient.RoleAssignments.ListNext, first, skip);
                    result.AddRange(tempResult
                                    .FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
                                    .ToPSRoleAssignments(this, ActiveDirectoryClient, AuthorizationHelper.GetSubscriptionScope(currentSubscription), options.ExcludeAssignmentsForDeletedPrincipals));
                }

                // Filter out by scope
                if (!string.IsNullOrEmpty(options.Scope))
                {
                    result.RemoveAll(r => !options.Scope.StartsWith(r.Scope, StringComparison.OrdinalIgnoreCase));
                }
            }
            else if (!string.IsNullOrEmpty(options.Scope))
            {
                // Filter by scope and above directly
                var tempResult = new GenericPageEnumerable <RoleAssignment>(
                    delegate()
                {
                    return(AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, odataQuery));
                }, AuthorizationManagementClient.RoleAssignments.ListForScopeNext, first, skip);
                result.AddRange(tempResult
                                .FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
                                .ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals));
            }
            else
            {
                var tempResult = new GenericPageEnumerable <RoleAssignment>(
                    delegate()
                {
                    return(AuthorizationManagementClient.RoleAssignments.List(odataQuery));
                }, AuthorizationManagementClient.RoleAssignments.ListNext, first, skip);
                result.AddRange(tempResult
                                .FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
                                .ToPSRoleAssignments(this, ActiveDirectoryClient, AuthorizationHelper.GetSubscriptionScope(currentSubscription), options.ExcludeAssignmentsForDeletedPrincipals));
            }

            if (!string.IsNullOrEmpty(options.RoleDefinitionName))
            {
                result = result.Where(r => r.RoleDefinitionName.Equals(options.RoleDefinitionName, StringComparison.OrdinalIgnoreCase)).ToList();
            }

            if (options.IncludeClassicAdministrators)
            {
                // Get classic administrator access assignments
                List <ClassicAdministrator> classicAdministrators = AuthorizationManagementClient.ClassicAdministrators
                                                                    .List().ToList();
                List <PSRoleAssignment> classicAdministratorsAssignments = classicAdministrators.Select(a => a.ToPSRoleAssignment(currentSubscription)).ToList();

                // Filter by principal if provided
                if (options.ADObjectFilter.HasFilter)
                {
                    if (!(adObject is PSADUser))
                    {
                        throw new InvalidOperationException(ProjectResources.IncludeClassicAdminsNotSupported);
                    }

                    var userObject = adObject as PSADUser;
                    classicAdministratorsAssignments = classicAdministratorsAssignments.Where(c =>
                                                                                              c.DisplayName.Equals(userObject.UserPrincipalName, StringComparison.OrdinalIgnoreCase)).ToList();
                }

                result.AddRange(classicAdministratorsAssignments);
            }

            return(result);
        }