private PSKeyVaultRoleAssignment[] FilterAssignments(PSKeyVaultRoleAssignment[] assignments)
{
if (!string.IsNullOrEmpty(RoleDefinitionName))
{
var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
.FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
RoleDefinitionId = definition?.Id;
}
if (!string.IsNullOrEmpty(SignInName))
{
var user = GraphClient.Users.GetUser(SignInName);
ObjectId = user?.Id;
}
if (!string.IsNullOrEmpty(ApplicationId))
{
var filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(sp => sp.AppId == ApplicationId);
var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.FirstOrDefault();
ObjectId = servicePrincipal?.Id;
}
if (!string.IsNullOrEmpty(RoleDefinitionId))
{
assignments = assignments.Where(assignment => string.Equals(assignment.RoleDefinitionId, RoleDefinitionId, StringComparison.OrdinalIgnoreCase)).ToArray();
}
if (!string.IsNullOrEmpty(ObjectId))
{
assignments = assignments.Where(assignment => string.Equals(assignment.PrincipalId, ObjectId, StringComparison.OrdinalIgnoreCase)).ToArray();
}
return(assignments);
}
public override void ExecuteCmdlet()
{
MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);
// convert definition name to id
if (ParameterSetName == ParameterSet.DefinitionNameApplicationId ||
ParameterSetName == ParameterSet.DefinitionNameObjectId ||
ParameterSetName == ParameterSet.DefinitionNameSignInName)
{
var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
.FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
if (definition == null)
{
throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName));
}
RoleDefinitionId = definition.Id;
}
// convert user sign in name to object id
if (ParameterSetName == ParameterSet.DefinitionIdSignInName ||
ParameterSetName == ParameterSet.DefinitionNameSignInName)
{
var user = GraphClient.Users.GetUser(SignInName);
if (user == null)
{
throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName));
}
ObjectId = user.Id;
}
// convert service principal app id to object id
if (ParameterSetName == ParameterSet.DefinitionIdApplicationId ||
ParameterSetName == ParameterSet.DefinitionNameApplicationId)
{
// can't use string.Equals() here as it will result in incorrect filter string
string filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(s => s.AppId == ApplicationId);
var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.SingleOrDefault();
if (servicePrincipal == null)
{
throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId));
}
ObjectId = servicePrincipal.Id;
}
base.ConfirmAction(
string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope),
HsmName, () =>
{
PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId);
GetAssignmentDetails(roleAssignment, HsmName, Scope);
WriteObject(roleAssignment);
});
}
private string GetRoleAssignmentNameFromFilterParameters()
{
// convert definition name to id
if (ParameterSetName == ParameterSet.DefinitionNameApplicationId ||
ParameterSetName == ParameterSet.DefinitionNameObjectId ||
ParameterSetName == ParameterSet.DefinitionNameSignInName)
{
var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
.FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
if (definition == null)
{
throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName));
}
RoleDefinitionId = definition.Id;
}
// convert user sign in name to object id
if (ParameterSetName == ParameterSet.DefinitionIdSignInName ||
ParameterSetName == ParameterSet.DefinitionNameSignInName)
{
var user = GraphClient.Users.GetUser(SignInName);
if (user == null)
{
throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName));
}
ObjectId = user.Id;
}
// convert service principal app id to object id
if (ParameterSetName == ParameterSet.DefinitionIdApplicationId ||
ParameterSetName == ParameterSet.DefinitionNameApplicationId)
{
string filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(s => s.AppId == ApplicationId);
var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.SingleOrDefault();
if (servicePrincipal == null)
{
throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId));
}
ObjectId = servicePrincipal.Id;
}
var roleAssignment = Track2DataClient.GetHsmRoleAssignments(HsmName, Scope)
.FirstOrDefault(assignment => string.Equals(assignment.PrincipalId, ObjectId) && string.Equals(assignment.RoleDefinitionId, RoleDefinitionId));
if (roleAssignment == null)
{
throw new Exception(Resources.RoleAssignmentNotFound);
}
else
{
return(roleAssignment.Name);
}
}
private string GetObjectIdBySpn(string spn)
{
if (string.IsNullOrWhiteSpace(spn))
{
return(null);
}
string filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(s => s.ServicePrincipalNames.Contains(spn));
var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.SingleOrDefault();
var objId = servicePrincipal?.Id.ToString();
return(objId);
}
private string GetObjectIdByEmail(string email)
{
// In ADFS, Graph cannot handle this particular combination of filters.
if (DefaultProfile.DefaultContext.Environment.OnPremise || string.IsNullOrWhiteSpace(email))
{
return(null);
}
string objId = null;
string filter = ODataHelper.FormatFilterString <MicrosoftGraphUser>(s => s.Mail == email);
var users = GraphClient.Users.ListUser(filter: filter).Value;
if (users != null)
{
ThrowIfMultipleObjectIds(users, email);
var user = users.FirstOrDefault();
objId = user?.Id.ToString();
}
return(objId);
}
