/// <summary>
/// Assign owner role to Blueprint RP (so that we can do deployments)
/// </summary>
/// <param name="subscriptionId"></param>
/// <param name="spnObjectId"></param>
protected void AssignOwnerPermission(string subscriptionId, string spnObjectId)
{
string scope = string.Format(BlueprintConstants.SubscriptionScope, subscriptionId);
var filter = new Rest.Azure.OData.ODataQuery<RoleAssignmentFilter>();
filter.SetFilter(a => a.AssignedTo(spnObjectId));
var roleAssignmentList = AuthorizationManagementClient.RoleAssignments.ListForScopeAsync(scope, filter).GetAwaiter().GetResult();
var roleAssignment = roleAssignmentList?
.Where(ra => ra.Id.EndsWith(BlueprintConstants.OwnerRoleDefinitionId))
.FirstOrDefault();
if (roleAssignment != null) return;
var roleAssignmentParams = new RoleAssignmentProperties(
roleDefinitionId: BlueprintConstants.OwnerRoleDefinitionId, principalId: spnObjectId);
try
{
AuthorizationManagementClient.RoleAssignments.CreateAsync(scope: scope,
roleAssignmentName: Guid.NewGuid().ToString(),
parameters: new RoleAssignmentCreateParameters(roleAssignmentParams))
.GetAwaiter().GetResult();
}
catch (Exception ex)
{
// ignore if it already exists
if (ex is CloudException cex && cex.Response.StatusCode != HttpStatusCode.Conflict)
{
throw;
}
}
}
public IEnumerable <PSADUser> FilterUsers(ADObjectFilterOptions options, ulong first = ulong.MaxValue, ulong skip = 0)
{
if (!string.IsNullOrEmpty(options.Id))
{
User user = null;
try
{
user = GraphClient.Users.Get(Normalize(options.Id));
}
catch { /* The user does not exist, ignore the exception. */ }
if (user != null)
{
return(new List <PSADUser> {
user.ToPSADUser()
});
}
}
else if (!string.IsNullOrEmpty(options.UPN) || !string.IsNullOrEmpty(options.Mail))
{
IPage <User> result = null;
try
{
string upnOrMail = Normalize(options.UPN) ?? Normalize(options.Mail);
var odataQuery = new Rest.Azure.OData.ODataQuery <User>();
if (!string.IsNullOrEmpty(options.UPN))
{
odataQuery.SetFilter(u => u.UserPrincipalName == upnOrMail);
}
else
{
odataQuery.SetFilter(u => u.Mail == upnOrMail);
}
result = GraphClient.Users.List(odataQuery);
}
catch { /* The user does not exist, ignore the exception. */ }
if (result != null)
{
return(result.Select(u => u.ToPSADUser()));
}
}
else
{
Rest.Azure.OData.ODataQuery <User> odataQuery = null;
if (!string.IsNullOrEmpty(options.SearchString) && options.SearchString.EndsWith("*"))
{
options.SearchString = options.SearchString.TrimEnd('*');
odataQuery = new Rest.Azure.OData.ODataQuery <User>(u => u.DisplayName.StartsWith(options.SearchString));
}
else
{
odataQuery = new Rest.Azure.OData.ODataQuery <User>(u => u.DisplayName == options.SearchString);
}
return(new GenericPageEnumerable <User>(
delegate()
{
return GraphClient.Users.List(odataQuery.ToString());
}, GraphClient.Users.ListNext, first, skip).Select(u => u.ToPSADUser()));
}
return(new List <PSADUser>());
}
public IEnumerable <PSADUser> FilterUsers(ADObjectFilterOptions options, int first = int.MaxValue, int skip = 0)
{
if (!string.IsNullOrEmpty(options.Id))
{
MicrosoftGraphUser user = null;
try
{
user = GraphClient.Users.GetUser(Normalize(options.Id));
}
catch { /* The user does not exist, ignore the exception. */ }
if (user != null)
{
return(new List <PSADUser> {
user.ToPSADUser()
});
}
}
else if (!string.IsNullOrEmpty(options.UPN) || !string.IsNullOrEmpty(options.Mail))
{
IList <MicrosoftGraphUser> result = null;
try
{
string upnOrMail = Normalize(options.UPN) ?? Normalize(options.Mail);
var odataQuery = new Rest.Azure.OData.ODataQuery <MicrosoftGraphUser>();
if (!string.IsNullOrEmpty(options.UPN))
{
odataQuery.SetFilter(u => u.UserPrincipalName == upnOrMail);
}
else
{
odataQuery.SetFilter(u => u.Mail == upnOrMail);
}
result = GraphClient.Users.ListUser(
"eventual",
filter: OdataHelper.GetFilterString(odataQuery)
).Value;
}
catch { /* The user does not exist, ignore the exception. */ }
if (result != null)
{
return(result.Select(u => u.ToPSADUser()));
}
}
else
{
Rest.Azure.OData.ODataQuery <MicrosoftGraphUser> odataQuery = null;
if (!string.IsNullOrEmpty(options.SearchString) && options.SearchString.EndsWith("*"))
{
options.SearchString = options.SearchString.TrimEnd('*');
odataQuery = new Rest.Azure.OData.ODataQuery <MicrosoftGraphUser>(u => u.DisplayName != null && u.DisplayName.StartsWith(options.SearchString));
}
else
{
odataQuery = new Rest.Azure.OData.ODataQuery <MicrosoftGraphUser>(u => u.DisplayName == options.SearchString);
}
return(GraphClient.Users.ListUser(
consistencyLevel: "eventual",
filter: OdataHelper.GetFilterString(odataQuery)
).Value.Select(u => u.ToPSADUser()));
}
return(new List <PSADUser>());
}
