public async Task Prepare(IMigrationContext context)
{
this.context = context;
this.graphClient = context.TargetClient.Connection.GetClient <GraphHttpClient>();
this.licensingHttpClient = context.TargetClient.Connection.GetClient <LicensingHttpClient>();
this.identityHttpClient = context.TargetClient.Connection.GetClient <IdentityHttpClient>();
}
protected override void ExecuteCmdlet()
{
EnsureSubscription(ContentTypeString);
var url = $"{ApiUrl}/subscriptions/content?contentType={ContentTypeString}&PublisherIdentifier=${Token.TenantId}";
if (StartTime != DateTime.MinValue)
{
url += $"&startTime={StartTime:yyyy-MM-ddThh:mm:ss}";
}
if (EndTime != DateTime.MaxValue)
{
url += $"&endTime={EndTime:yyyy-MM-ddThh:mm:ss}";
}
var res = GraphHttpClient.MakeGetRequestForString(url.ToString(), AccessToken);
if (!string.IsNullOrEmpty(res))
{
var contents = JsonConvert.DeserializeObject <IEnumerable <ManagementApiSubscriptionContent> >(res);
foreach (var content in contents)
{
res = GraphHttpClient.MakeGetRequestForString(content.ContentUri, AccessToken);
var logs = JsonConvert.DeserializeObject <IEnumerable <ManagementApiUnifiedLogRecord> >(res);
WriteObject(logs, true);
}
}
}
public static async Task <string> GetUserDescriptorAsync(this GraphHttpClient client, Guid originId, IMemoryCache cache = null)
{
if (client is null)
{
throw new ArgumentNullException(nameof(client));
}
if (cache != null && cache.TryGetValue <string>($"{nameof(GetUserDescriptorAsync)}|{originId}", out var descriptor))
{
return(descriptor);
}
var page = await client
.ListUsersAsync()
.ConfigureAwait(false);
await foreach (var user in page.AsContinousEnumerationAsync((continuationToken) => client.ListUsersAsync(continuationToken: continuationToken)))
{
cache?.Set($"{nameof(GetUserDescriptorAsync)}|{user.OriginId}", user.Descriptor, new MemoryCacheEntryOptions()
{
SlidingExpiration = TimeSpan.FromMinutes(5)
});
if (originId.ToString().Equals(user.OriginId, StringComparison.OrdinalIgnoreCase))
{
return(user.Descriptor);
}
}
return(null);
}
internal PagedGraphGroups GetAllGroups()
{
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
PagedGraphGroups groups = graphClient.ListGroupsAsync().Result;
return(groups);
}
internal PagedGraphUsers GetAllUsers()
{
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
PagedGraphUsers users = graphClient.ListUsersAsync().Result;
return(users);
}
protected override void ExecuteCmdlet()
{
var response = GraphHttpClient.MakeGetRequestForString($"{ApiRootUrl}ServiceComms/Messages{(ParameterSpecified(nameof(Workload)) ? $"?$filter=Workload eq '{Workload.Value}'" : "")}", AccessToken);
var servicesJson = JObject.Parse(response);
var services = servicesJson["value"].ToObject <IEnumerable <ManagementApiServiceMessage> >();
WriteObject(services, true);
}
protected override void ExecuteCmdlet()
{
var response = GraphHttpClient.MakeGetRequestForString($"{ApiRootUrl}ServiceComms/Services", AccessToken);
var servicesJson = JObject.Parse(response);
var services = servicesJson["value"].ToObject <IEnumerable <ManagementApiService> >();
WriteObject(services, true);
}
private IEnumerable <ManagementApiSubscription> GetSubscriptions()
{
var url = $"{ApiUrl}/subscriptions/list";
var res = GraphHttpClient.MakeGetRequestForString(url.ToString(), AccessToken);
var subscriptions = JsonConvert.DeserializeObject <IEnumerable <ManagementApiSubscription> >(res);
return(subscriptions);
}
private void AddByGroup(List <Permission> permissions, GraphHttpClient graphClient, Dictionary <int, string> permission, string repositoryName, KeyValuePair <Microsoft.VisualStudio.Services.Identity.IdentityDescriptor, AccessControlEntry> kvp, GraphGroup group)
{
GroupMemberships expandedMembers = ExpandVSTSGroup(graphClient, group);
foreach (var user in expandedMembers.Users)
{
CreatePermissionList(permissions, permission, repositoryName, kvp, user, group);
}
}
private static GroupMemberships ExpandVSTSGroup(GraphHttpClient graphClient, GraphGroup group)
{
groupCache.TryGetValue(group, out GroupMemberships groupMemberships);
if (groupMemberships != null)
{
return(groupMemberships);
}
groupMemberships = new GroupMemberships();
// Convert all memberships into GraphSubjectLookupKeys
List <GraphSubjectLookupKey> lookupKeys = new List <GraphSubjectLookupKey>();
List <GraphMembership> memberships = graphClient.ListMembershipsAsync(group.Descriptor, GraphTraversalDirection.Down).Result;
foreach (var membership in memberships)
{
lookupKeys.Add(new GraphSubjectLookupKey(membership.MemberDescriptor));
}
IReadOnlyDictionary <SubjectDescriptor, GraphSubject> subjectLookups = graphClient.LookupSubjectsAsync(new GraphSubjectLookup(lookupKeys)).Result;
foreach (GraphSubject subject in subjectLookups.Values)
{
if (subject.OriginId.Equals(group.OriginId))
{
break; //Father paradox
}
switch (subject.Descriptor.SubjectType)
{
//member is an AAD user
case "aad":
groupMemberships.AddUser((GraphUser)subject);
break;
//member is an MSA user
case "asd2":
groupMemberships.AddUser((GraphUser)subject);
break;
//member is a nested AAD group
case "aadgp":
groupMemberships.AddAADGroup((GraphGroup)subject);
break;
//member is a nested VSTS group
case "vssgp":
GroupMemberships subGroupMemberships = ExpandVSTSGroup(graphClient, (GraphGroup)subject);
groupMemberships.Add(subGroupMemberships);
break;
default:
throw new Exception("Unknown SubjectType: " + subject.Descriptor.SubjectType);
}
}
groupCache.Add(group, groupMemberships);
return(groupMemberships);
}
public void AddRemoveAADGroupByOIDAsMemberOfVSTSGroup()
{
// Get the client
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
//
// Part 1: create the VSTS group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CreateVSTSGroup");
GraphGroupCreationContext createVSTSGroupContext = new GraphGroupVstsCreationContext
{
DisplayName = "Developers-" + Guid.NewGuid(),
Description = "Group created via client library"
};
GraphGroup newVSTSGroup = graphClient.CreateGroupAsync(createVSTSGroupContext).Result;
IEnumerable <VisualStudio.Services.Common.SubjectDescriptor> parentGroup = new List <VisualStudio.Services.Common.SubjectDescriptor>()
{
newVSTSGroup.Descriptor
};
string vstsGroupDescriptor = newVSTSGroup.Descriptor;
//
// Part 2: add the AAD group
//
GraphGroupCreationContext addAADGroupContext = new GraphGroupOriginIdCreationContext
{
OriginId = "7dee3381-2ec2-41c2-869a-7afe9b574095"
};
ClientSampleHttpLogger.SetOperationName(this.Context, "MaterializeAADGroupByOIDAsMember");
GraphGroup addedAADGroup = graphClient.CreateGroupAsync(addAADGroupContext, null, parentGroup).Result;
string aadGroupDescriptor = addedAADGroup.Descriptor;
Context.Log("New group created! ID: {0}", aadGroupDescriptor);
//
// Part 3: get the AAD group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "GetGroup-AddRemoveAADGroupByOIDAsMemberOfVSTSGroup");
GraphGroup newGroup = graphClient.GetGroupAsync(aadGroupDescriptor).Result;
//
// Part 4: remove the AAD group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteAADGroup-AddRemoveAADGroupByOIDAsMemberOfVSTSGroup");
graphClient.DeleteGroupAsync(aadGroupDescriptor).SyncResult();
//
// Part 5: delete the VSTS group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteVSTSGroup-AddRemoveAADGroupByOIDAsMemberOfVSTSGroup");
graphClient.DeleteGroupAsync(vstsGroupDescriptor).SyncResult();
}
public void ConnectionIsCreated()
{
string PAT = Environment.GetEnvironmentVariable("ADOConnection_PAT");
string collectionUrl = Environment.GetEnvironmentVariable("ADOConnection_URL");
ADOConnection aDOConnection = new ADOConnection(collectionUrl, PAT);
using (GraphHttpClient graphClient = aDOConnection.Connection.GetClient <GraphHttpClient>())
{
PagedGraphGroups groups = graphClient.ListGroupsAsync().Result;
Assert.IsNotNull(groups.GraphGroups);
}
}
public void CreateDeleteProjectVSTSGroup()
{
// Get the client
VssConnection connection = Context.Connection;
//
// Part 1: get the project id
//
ClientSampleHttpLogger.SetOperationName(this.Context, "GetProjectId");
ProjectHttpClient projectClient = connection.GetClient <ProjectHttpClient>();
string projectName = ClientSampleHelpers.FindAnyProject(this.Context).Name;
TeamProject project = projectClient.GetProject(projectName, includeCapabilities: true, includeHistory: true).Result;
Guid projectId = project.Id;
//
// Part 2: get the project scope descriptor
//
ClientSampleHttpLogger.SetOperationName(this.Context, "GetProjectScopeDescriptor");
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
GraphDescriptorResult projectDescriptor = graphClient.GetDescriptorAsync(projectId).Result;
//
// Part 3: create a group at the project level
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CreateGroupInProject");
GraphGroupCreationContext createGroupContext = new GraphGroupVstsCreationContext
{
DisplayName = "Project Developers-" + Guid.NewGuid(),
Description = "Group at project level created via client library"
};
GraphGroup newGroup = graphClient.CreateGroupAsync(createGroupContext, projectDescriptor.Value).Result;
string groupDescriptor = newGroup.Descriptor;
Context.Log("New group created! ID: {0}", groupDescriptor);
//
// Part 4: delete the group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteGroup");
graphClient.DeleteGroupAsync(groupDescriptor).SyncResult();
// Try to get the deleted group (should result in an exception)
ClientSampleHttpLogger.SetOperationName(this.Context, "GetDisabledGroup");
try
{
newGroup = graphClient.GetGroupAsync(groupDescriptor).Result;
}
catch (Exception e)
{
Context.Log("Unable to get the deleted group:" + e.Message);
}
}
public async Task <List <string> > GetUsers(string organization)
{
VssConnection connection = null;
try
{
string url = $"https://dev.azure.com/{organization}";
if (_adoConfig.UsePta)
{
connection = new VssConnection(new Uri(url), new VssBasicCredential(string.Empty, _adoConfig.AdoPersonalAccessToken));
}
//connection = new VssConnection()
else
{
connection = new VssConnection(new Uri(url), new VssClientCredentials(true));
}
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
PagedGraphGroups groups = await graphClient.ListGroupsAsync();
var users = await graphClient.ListUsersAsync();
return(users?.GraphUsers.Where(a => a.Origin.Contains("ad", StringComparison.OrdinalIgnoreCase))?.Select(a => a.DisplayName)?.ToList());
//UserHttpClient userHttpClient = connection.GetClient<UserHttpClient>();
//TeamHttpClient teamHttpClient = connection.GetClient<TeamHttpClient>();
//AccountHttpClient accountHttpClient = connection.GetClient<AccountHttpClient>();
//var res = await accountHttpClient.GetAccountsAsync();
//return res.Select(a => a.AccountName).ToList();
//ProfileHttpClient profileHttpClient = connection.GetClient<ProfileHttpClient>();
//OrganizationHttpClient organizatioClient = connection.GetClient<OrganizationHttpClient>();
//var res = profileHttpClient.ge
//var res = await teamHttpClient.GetTeamMembers()
return(null);
}
catch (Exception ex)
{
//throw;
}
finally
{
connection?.Dispose();
}
return(null);
}
public PagedGraphGroups GetAllGroups()
{
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
PagedGraphGroups groups = graphClient.GetGroupsAsync().Result;
foreach (var group in groups.GraphGroups)
{
LogGroup(group);
}
return(groups);
}
private static Tuple <List <GraphUser>, List <GraphGroup> > ExpandVstsGroup(GraphHttpClient graphClient, GraphGroup group)
{
//List of user principle names
List <GraphUser> users = new List <GraphUser>();
//List of Graph subjects for AAD groups
List <GraphGroup> aadGroups = new List <GraphGroup>();
List <GraphMembership> memberships = graphClient.GetMembershipsAsync(group.Descriptor, Microsoft.VisualStudio.Services.Graph.GraphTraversalDirection.Down).Result;
while (memberships.Count != 0)
{
List <GraphSubjectLookupKey> lookupKeys = new List <GraphSubjectLookupKey>();
foreach (var membership in memberships)
{
lookupKeys.Add(new GraphSubjectLookupKey(membership.MemberDescriptor));
}
memberships.Clear();
IReadOnlyDictionary <SubjectDescriptor, GraphSubject> memberDict = graphClient.LookupSubjectsAsync(new GraphSubjectLookup(lookupKeys)).Result;
foreach (GraphSubject member in memberDict.Values)
{
switch (member.Descriptor.SubjectType)
{
//member is an AAD user
case Constants.SubjectType.AadUser:
users.Add((GraphUser)member);
break;
//member is an MSA user
case Constants.SubjectType.MsaUser:
users.Add((GraphUser)member);
break;
//member is a nested AAD group
case Constants.SubjectType.AadGroup:
aadGroups.Add((GraphGroup)member);
break;
//member is a nested VSTS group
case Constants.SubjectType.VstsGroup:
memberships.AddRange(graphClient.GetMembershipsAsync(member.Descriptor, Microsoft.VisualStudio.Services.Graph.GraphTraversalDirection.Down).Result);
break;
default:
throw new Exception("shouldn't be here");
}
}
}
return(new Tuple <List <GraphUser>, List <GraphGroup> >(users, aadGroups));
}
public void CreateUpdateDeleteVSTSGroup()
{
// Get the client
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
//
// Part 1: create a group at the account level
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CreateGroup");
GraphGroupCreationContext createGroupContext = new GraphGroupVstsCreationContext
{
DisplayName = "Developers-" + Guid.NewGuid(),
Description = "Group created via client library"
};
GraphGroup newGroup = graphClient.CreateGroupAsync(createGroupContext).Result;
string groupDescriptor = newGroup.Descriptor;
Context.Log("New group created! ID: {0}", groupDescriptor);
//
// Part 2: update the description attribute for the group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "UpdateGroup");
Microsoft.VisualStudio.Services.WebApi.Patch.Json.JsonPatchDocument patchDocument = VssJsonPatchDocumentFactory.ConstructJsonPatchDocument(VisualStudio.Services.WebApi.Patch.Operation.Replace, Constants.GroupUpdateFields.Description, "Updated description");
GraphGroup updatedGroup = graphClient.UpdateGroupAsync(groupDescriptor, patchDocument).Result;
string groupDescription = updatedGroup.Description;
Context.Log("Updated group description: {0}", groupDescription);
//
// Part 3: delete the group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteGroup");
graphClient.DeleteGroupAsync(groupDescriptor).SyncResult();
// Try to get the deleted group (should result in an exception)
try
{
ClientSampleHttpLogger.SetOperationName(this.Context, "GetDisabledGroup");
newGroup = graphClient.GetGroupAsync(groupDescriptor).Result;
}
catch (Exception e)
{
Context.Log("Unable to get the deleted group:" + e.Message);
}
}
public void AddRemoveAADUserByOIDWithStorageKey()
{
// Get the client
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
//
// Part 1: add the AAD user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "MaterializeAADUserByOIDWithStorageKey");
GraphUserCreationContext addAADUserContext = new GraphUserOriginIdCreationContext
{
OriginId = "27dbfced-5593-4756-98a3-913c39af7612",
StorageKey = new Guid("9b71f216-4c4f-6b74-a911-efb0fa9c777f")
};
GraphUser newUser = graphClient.CreateUserAsync(addAADUserContext).Result;
string userDescriptor = newUser.Descriptor;
Context.Log("New user added! ID: {0}", userDescriptor);
//
// Part 2: get the user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "GetUser-AddRemoveAADUserByOIDWithStorageKey");
newUser = graphClient.GetUserAsync(userDescriptor).Result;
//
// Part 3: remove the user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteUser-AddRemoveAADUserByOIDWithStorageKey");
graphClient.DeleteUserAsync(userDescriptor).SyncResult();
// Try to get the deleted user
ClientSampleHttpLogger.SetOperationName(this.Context, "GetMembershipState-AddRemoveAADUserByOIDWithStorageKey");
GraphMembershipState membershipState = graphClient.GetMembershipStateAsync(userDescriptor).Result;
try
{
if (membershipState.Active)
{
throw new Exception();
}
}
catch (Exception)
{
Context.Log("The deleted user is not disabled!");
}
}
internal List <Permission> GitPermissionsDetails(AccessControlList acessControlList,
IEnumerable <GraphUser> users,
IEnumerable <GraphGroup> groups,
List <GitRepository> repositories)
{
List <Permission> permissions = new List <Permission>();
Regex extractEmail = new Regex(@"\\(.*$)");
Regex extractGuid = new Regex(@".{8}-.{9}-.{4}-.{12}");
GitHttpClient gitClient = connection.GetClient <GitHttpClient>();
SecurityHttpClient securityClient = connection.GetClient <SecurityHttpClient>();
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
// Guid guid = Guid.Parse(acessControlList.Token.Remove(0, 7));
IEnumerable <AccessControlList> acls = securityClient.QueryAccessControlListsAsync(
Guid.Parse("2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"),
acessControlList.Token,
descriptors: null,
includeExtendedInfo: false,
recurse: true).Result;
// get the details for Git permissions
Dictionary <int, string> permission = GetGitPermissionNames();
var tokenGuids = extractGuid.Matches(acessControlList.Token);
var lastGuidFromToken = Guid.Parse(tokenGuids[tokenGuids.Count - 1].Value);
var repository = repositories.FirstOrDefault(r => r.Id.Equals(lastGuidFromToken));
var repositoryName = repository != null ? repository.Name : "<none>";
// use the Git permissions data to expand the ACL
Console.WriteLine("Expanding ACL for {0} ({1} ACEs)", repositoryName, acessControlList.AcesDictionary.Count());
foreach (var kvp in acessControlList.AcesDictionary)
{
// in the key-value pair, Key is an identity and Value is an ACE (access control entry)
// allow and deny are bit flags indicating which permissions are allowed/denied
//PagedGraphUsers group = graphClient.GetGroupAsync(kvp.Key);
//var user = users.First(u => u.Descriptor.ToString().Equals(kvp.Key.ToString()));
var group = groups.FirstOrDefault(g => g.Descriptor.Identifier.Equals(kvp.Key.Identifier));
if (group != null)
{
AddByGroup(permissions, graphClient, permission, repositoryName, kvp, group);
}
else
{
AddByUser(users, permissions, extractEmail, permission, repositoryName, kvp);
}
}
return(permissions);
}
//================ VSTS graph api helper code ===========================================================
private static GraphGroup GetGraphGroupFromString(GraphHttpClient graphClient, string groupDisplayname)
{
PagedGraphGroups groups = graphClient.GetGroupsAsync().Result;
GraphGroup selectedGroup = null;
foreach (var group in groups.GraphGroups)
{
if (group.DisplayName.Equals(groupDisplayName))
{
return(selectedGroup = group);
}
}
return(null);
}
public void AddRemoveAADUserByUPN()
{
// Get the client
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
//
// Part 1: add the AAD user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CreateUserAAD");
GraphUserCreationContext addAADUserContext = new GraphUserPrincipalNameCreationContext
{
PrincipalName = "*****@*****.**"
};
GraphUser newUser = graphClient.CreateUserAsync(addAADUserContext).Result;
string userDescriptor = newUser.Descriptor;
Context.Log("New user added! ID: {0}", userDescriptor);
//
// Part 2: get the user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "GetUserAAD");
newUser = graphClient.GetUserAsync(userDescriptor).Result;
//
// Part 3: remove the user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteUserAAD");
graphClient.DeleteUserAsync(userDescriptor).SyncResult();
// Try to get the deleted user
ClientSampleHttpLogger.SetOperationName(this.Context, "GetMembershipStateAAD");
GraphMembershipState membershipState = graphClient.GetMembershipStateAsync(userDescriptor).Result;
try
{
if (membershipState.Active)
{
throw new Exception();
}
}
catch (Exception)
{
Context.Log("The deleted user is not disabled!");
}
}
public void AddRemoveAADUserByOID()
{
// Get the client
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
//
// Part 1: add the AAD user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "MaterializeAADUserByOID");
GraphUserCreationContext addAADUserContext = new GraphUserOriginIdCreationContext
{
OriginId = "e97b0e7f-0a61-41ad-860c-748ec5fcb20b"
};
GraphUser newUser = graphClient.CreateUserAsync(addAADUserContext).Result;
string userDescriptor = newUser.Descriptor;
Context.Log("New user added! ID: {0}", userDescriptor);
//
// Part 2: get the user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "GetUser-AddRemoveAADUserByOID");
newUser = graphClient.GetUserAsync(userDescriptor).Result;
//
// Part 3: remove the user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteUser-AddRemoveAADUserByOID");
graphClient.DeleteUserAsync(userDescriptor).SyncResult();
// Try to get the deleted user
ClientSampleHttpLogger.SetOperationName(this.Context, "GetMembershipState-AddRemoveAADUserByOID");
GraphMembershipState membershipState = graphClient.GetMembershipStateAsync(userDescriptor).Result;
try
{
if (membershipState.Active)
{
throw new Exception();
}
}
catch (Exception)
{
Context.Log("The deleted user is not disabled!");
}
}
public void LookupSubject()
{
// Get the client
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
//
// Part 1: add the AAD user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "MaterializeAADUserByOIDWithStorageKey");
GraphUserCreationContext addAADUserContext = new GraphUserOriginIdCreationContext
{
OriginId = "e97b0e7f-0a61-41ad-860c-748ec5fcb20b",
StorageKey = Guid.NewGuid()
};
GraphUser newUser = graphClient.CreateUserAsync(addAADUserContext).Result;
string userDescriptor = newUser.Descriptor;
Context.Log("New user added! ID: {0}", userDescriptor);
//
// Part 2: add the AAD group
//
ClientSampleHttpLogger.SetOperationName(this.Context, "MaterializeAADGroupByOIDWithStorageKey");
GraphGroupCreationContext addAADGroupContext = new GraphGroupOriginIdCreationContext
{
OriginId = "f0d20172-7b96-42f6-9436-941433654b48",
StorageKey = Guid.NewGuid()
};
GraphGroup newGroup = graphClient.CreateGroupAsync(addAADGroupContext).Result;
string groupDescriptor = newGroup.Descriptor;
Context.Log("New group created! ID: {0}", groupDescriptor);
//
// Part 3: lookup subjects
//
GraphSubjectLookup subjectLookup = new GraphSubjectLookup(new[] {
new GraphSubjectLookupKey(newGroup.Descriptor),
new GraphSubjectLookupKey(newUser.Descriptor)
});
ClientSampleHttpLogger.SetOperationName(this.Context, "LookupSubjects");
IReadOnlyDictionary <SubjectDescriptor, GraphSubject> lookups = graphClient.LookupSubjectsAsync(subjectLookup).Result;
}
private void EnsureSubscription(string contentType)
{
var subscriptions = GetSubscriptions();
var subscription = subscriptions.FirstOrDefault(s => s.ContentType == contentType);
if (subscription == null)
{
var url = $"{ApiUrl}/subscriptions/start?contentType={contentType}&PublisherIdentifier={Token.TenantId}";
var res = GraphHttpClient.MakePostRequestForString(url.ToString(), accessToken: AccessToken);
var response = JsonConvert.DeserializeObject <ManagementApiSubscription>(res);
if (response.Status != "enabled")
{
throw new Exception($"Cannot enable subscription for {contentType}");
}
}
}
internal static async IAsyncEnumerable <GraphUser> ListAllUsersAsync(this GraphHttpClient client)
{
if (client is null)
{
throw new ArgumentNullException(nameof(client));
}
var graphUsersPage = await client
.ListUsersAsync()
.ConfigureAwait(false);
await foreach (var graphUser in graphUsersPage.AsContinuousCollectionAsync((continuationToken) => client.ListUsersAsync(continuationToken: continuationToken)))
{
yield return(graphUser);
}
}
internal static async IAsyncEnumerable <GraphGroup> ListAllGroupsAsync(this GraphHttpClient client, string scopeDescriptor = null)
{
if (client is null)
{
throw new ArgumentNullException(nameof(client));
}
var graphGroupsPage = await client
.ListGroupsAsync(scopeDescriptor)
.ConfigureAwait(false);
await foreach (var graphGroup in graphGroupsPage.AsContinuousCollectionAsync((continuationToken) => client.ListGroupsAsync(scopeDescriptor, continuationToken: continuationToken)))
{
yield return(graphGroup);
}
}
public void AddRemoveAADUserByUPN()
{
// Get the client
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
//
// Part 1: add the AAD user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "CreateUserAAD");
GraphUserCreationContext addAADUserContext = new GraphUserPrincipalNameCreationContext
{
PrincipalName = "*****@*****.**"
};
GraphUser newUser = graphClient.CreateUserAsync(addAADUserContext).Result;
string userDescriptor = newUser.Descriptor;
Context.Log("New user added! ID: {0}", userDescriptor);
//
// Part 2: get the user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "GetUserAAD");
//newUser = graphClient.GetUserAsync(userDescriptor).Result; //BUG ???: {"TF14045: The identity with type 'Microsoft.IdentityModel.Claims.ClaimsIdentity' and identifier '45aa3d2d-7442-473d-b4d3-3c670da9dd96\\[email protected]' could not be found."}
//
// Part 3: remove the user
//
ClientSampleHttpLogger.SetOperationName(this.Context, "DeleteUserAAD");
graphClient.DeleteUserAsync(userDescriptor).SyncResult();
// Try to get the deleted user
try
{
ClientSampleHttpLogger.SetOperationName(this.Context, "GetDisabledUserAAD");
newUser = graphClient.GetUserAsync(userDescriptor).Result;
if (!newUser.Disabled)
{
throw new Exception();
}
}
catch (Exception)
{
Context.Log("The deleted user is not disabled!");
}
}
private static GroupMemberships ExpandVSTSGroup(GraphHttpClient graphClient, GraphGroup group)
{
GroupMemberships groupMemberships = new GroupMemberships();
// Convert all memberships into GraphSubjectLookupKeys
List <GraphSubjectLookupKey> lookupKeys = new List <GraphSubjectLookupKey>();
List <GraphMembership> memberships = graphClient.GetMembershipsAsync(group.Descriptor, Microsoft.VisualStudio.Services.Graph.GraphTraversalDirection.Down).Result;
foreach (var membership in memberships)
{
lookupKeys.Add(new GraphSubjectLookupKey(membership.MemberDescriptor));
}
IReadOnlyDictionary <SubjectDescriptor, GraphSubject> subjectLookups = graphClient.LookupSubjectsAsync(new GraphSubjectLookup(lookupKeys)).Result;
foreach (GraphSubject subject in subjectLookups.Values)
{
switch (subject.Descriptor.SubjectType)
{
//member is an AAD user
case Constants.SubjectType.AadUser:
groupMemberships.AddUser((GraphUser)subject);
break;
//member is an MSA user
case Constants.SubjectType.MsaUser:
groupMemberships.AddUser((GraphUser)subject);
break;
//member is a nested AAD group
case Constants.SubjectType.AadGroup:
groupMemberships.AddAADGroup((GraphGroup)subject);
break;
//member is a nested VSTS group
case Constants.SubjectType.VstsGroup:
GroupMemberships subGroupMemberships = ExpandVSTSGroup(graphClient, (GraphGroup)subject);
groupMemberships.Add(subGroupMemberships);
break;
default:
throw new Exception("Unknown SubjectType: " + subject.Descriptor.SubjectType);
}
}
return(groupMemberships);
}
/// <summary>
/// Retrieves the current value for the Site Classification of a Site Collection
/// </summary>
/// <param name="site">The target site</param>
/// <param name="classificationValue">The new value for the Site Classification</param>
/// <param name="accessToken">The OAuth Access Token to consume Microsoft Graph, required only for GROUP#0 site collections</param>
/// <returns>The classification for the site</returns>
public static void SetSiteClassification(this Site site, String classificationValue, String accessToken = null)
{
// Determine the modern site template
var baseTemplateValue = site.RootWeb.GetBaseTemplateId();
switch (baseTemplateValue)
{
// It is a "modern" team site
case "GROUP#0":
if (String.IsNullOrEmpty(accessToken))
{
throw new ArgumentNullException("accessToken");
}
// Ensure the GroupId value
site.EnsureProperty(s => s.GroupId);
// Update the Classification of the Office 365 Group
// PATCH https://graph.microsoft.com/beta/groups/{groupId}
string updateGroupUrl = $"{GraphHttpClient.MicrosoftGraphBetaBaseUri}groups/{site.GroupId}";
var updateGroupResult = GraphHttpClient.MakePatchRequestForString(
updateGroupUrl,
content: new
{
classification = classificationValue
},
contentType: "application/json",
accessToken: accessToken);
// Still update the local value to give prompt feedback to the user
site.Classification = classificationValue;
site.Context.ExecuteQueryRetry();
break;
// It is a "modern" communication site
case "SITEPAGEPUBLISHING#0":
default:
site.Classification = classificationValue;
site.Context.ExecuteQueryRetry();
break;
}
}
public PagedGraphUsers GetAllUsers()
{
VssConnection connection = Context.Connection;
GraphHttpClient graphClient = connection.GetClient <GraphHttpClient>();
PagedGraphUsers users = graphClient.ListUsersAsync().Result;
foreach (var user in users.GraphUsers)
{
Context.Log("{0} {1} {2}",
user.Descriptor.ToString().PadRight(8),
user.DisplayName.PadRight(20),
user.PrincipalName.PadRight(20)
);
}
return(users);
}
