static void Main(string[] args)
{
// whatever method you're using already for Authentication (like through file or with credentials or with cert
// same can be used to get AzureCredentials as well, just change the FromFile to FromServicePrincipal if required
IAzure azure = Azure.Authenticate("my.azureauth").WithDefaultSubscription();
var creds = SdkContext.AzureCredentialsFactory.FromFile("my.azureauth");
IGraphRbacManager graphRbacManager = GraphRbacManager.Authenticate(creds, "<your tenant Guid>");
var domains = graphRbacManager.Inner.Domains.ListAsync().GetAwaiter().GetResult();
string defaultDomain = string.Empty;
foreach (var domain in domains)
{
Console.WriteLine(domain.Name);
if (domain.IsDefault.HasValue && domain.IsDefault.Value == true)
{
defaultDomain = domain.Name;
}
// not breaking out of loop on purpose, just to print all domain names if multiple are there.
}
string identiferUri = string.Format("https://{0}/myuniqueapp1", defaultDomain);
var app = azure.AccessManagement.ActiveDirectoryApplications
.Define("My Unique App 1")
.WithSignOnUrl("https://myuniqueapp1.azurewebsites.net")
.WithAvailableToOtherTenants(true)
.WithIdentifierUrl(identiferUri)
.DefinePasswordCredential("string")
.WithPasswordValue("string")
.WithDuration(new TimeSpan(365, 0, 0, 0))
.Attach()
.CreateAsync();
Console.ReadLine();
}
/// <summary>
/// Creates VirtualMachineScaleSetMsiHandler.
/// </summary>
/// <param name="rbacManager">The graph rbac manager.</param>
internal VirtualMachineScaleSetMsiHelper(IGraphRbacManager rbacManager, VirtualMachineScaleSetImpl scaleSet)
: base(rbacManager, new VmssIdProvider(scaleSet))
{
this.scaleSet = scaleSet;
this.creatableIdentityKeys = new HashSet <string>();
this.userAssignedIdentities = new Dictionary <string, VirtualMachineScaleSetIdentityUserAssignedIdentitiesValue>();
}
/// <summary>
/// Creates ContainerInstanceMsiHandler
/// </summary>
/// <param name="rbacManager">The graph rbac manager</param>
/// <param name="containerGroup">Instance of container group</param>
internal ContainerGroupMsiHandler(IGraphRbacManager rbacManager, ContainerGroupImpl containerGroup)
: base(rbacManager, new ContainerGroupIdProvider(containerGroup))
{
this.containerGroup = containerGroup;
this.creatableIdentityKeys = new HashSet <string>();
this.userAssignedIdentities = new Dictionary <string, ContainerGroupIdentityUserAssignedIdentitiesValue>();
}
public Authenticated(RestClient restClient, string tenantId)
{
this.restClient = restClient;
resourceManagerAuthenticated = ResourceManager.Fluent.ResourceManager.Authenticate(this.restClient);
graphRbacManager = GraphRbacManager.Authenticate(this.restClient, tenantId);
this.tenantId = tenantId;
}
/// <summary>
/// Creates VirtualMachineMsiHelper.
/// </summary>
/// <param name="rbacManager">The graph rbac manager.</param>
/// <param name="idProvider">Provider that exposes MSI service principal id and resource id.</param>
internal VirtualMachineMsiHelper(IGraphRbacManager rbacManager, IIdProvider idProvider) : base(rbacManager, idProvider)
{
this.rbacManager = rbacManager;
this.userAssignedIdentityCreatableKeys = new HashSet <string>();
this.userAssignedIdentityIdsToAssociate = new HashSet <string>();
this.userAssignedIdentityIdsToRemove = new HashSet <string>();
}
public KeyVaultManager(RestClient restClient, string subscriptionId, string tenantId) :
base(restClient, subscriptionId, KeyVaultManagementClient.NewInstance(restClient))
{
Inner.SubscriptionId = subscriptionId;
graphRbacManager = GraphRbacManager.Authenticate(restClient, tenantId);
this.tenantId = tenantId;
}
/// <summary>
/// Creates WebAppMsiHandler.
/// </summary>
/// <param name="rbacManager">The graph rbac manager.</param>
/// <param name="webAppBase">
/// The web app to which MSI extension needs to be installed and
/// for which role assignments needs to be created.
/// </param>
internal WebAppMsiHandler(IGraphRbacManager rbacManager, WebAppBaseImpl <FluentT, FluentImplT, DefAfterRegionT, DefAfterGroupT, UpdateT> webAppBaseImpl)
: base(rbacManager, new WebAppIdProvider(webAppBaseImpl))
{
this.webAppBaseImpl = webAppBaseImpl;
this.creatableIdentityKeys = new HashSet <string>();
this.userAssignedIdentities = new Dictionary <string, ManagedServiceIdentityUserAssignedIdentitiesValue>();
}
private ContainerInstanceManager(RestClient restClient, string subscriptionId) :
base(restClient, subscriptionId, ContainerInstanceManagementClient.NewInstance(restClient))
{
Inner.SubscriptionId = subscriptionId;
this.storageManager = StorageManager.Authenticate(restClient, subscriptionId);
this.rbacManager = GraphRbacManager.Authenticate(restClient, subscriptionId);
}
public void CanCRUDServicePrincipal()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
IGraphRbacManager manager = TestHelper.CreateGraphRbacManager();
IServicePrincipal servicePrincipal = null;
string name = SdkContext.RandomResourceName("javasdksp", 20);
try
{
servicePrincipal = manager.ServicePrincipals.Define(name)
.WithNewApplication("http://easycreate.azure.com/anotherapp/" + name)
.DefinePasswordCredential("sppass")
.WithPasswordValue("StrongPass!12")
.Attach()
.DefineCertificateCredential("spcert")
.WithAsymmetricX509Certificate()
.WithPublicKey(File.ReadAllBytes("Assets/myTest.cer"))
.WithDuration(TimeSpan.FromDays(1))
.Attach()
.Create();
Console.WriteLine(servicePrincipal.Id + " - " + string.Join(", ", servicePrincipal.ServicePrincipalNames));
Assert.NotNull(servicePrincipal.Id);
Assert.NotNull(servicePrincipal.ApplicationId);
Assert.Equal(2, servicePrincipal.ServicePrincipalNames.Count);
Assert.Equal(1, servicePrincipal.PasswordCredentials.Count);
Assert.Equal(1, servicePrincipal.CertificateCredentials.Count);
// Get
servicePrincipal = manager.ServicePrincipals.GetByName(servicePrincipal.ApplicationId);
Assert.NotNull(servicePrincipal);
Assert.NotNull(servicePrincipal.ApplicationId);
Assert.Equal(2, servicePrincipal.ServicePrincipalNames.Count);
Assert.Equal(1, servicePrincipal.PasswordCredentials.Count);
Assert.Equal(1, servicePrincipal.CertificateCredentials.Count);
// Update
servicePrincipal.Update()
.WithoutCredential("sppass")
.DefineCertificateCredential("spcert")
.WithAsymmetricX509Certificate()
.WithPublicKey(File.ReadAllBytes("Assets/myTest2.cer"))
.WithDuration(TimeSpan.FromDays(2))
.Attach()
.Apply();
Assert.NotNull(servicePrincipal);
Assert.NotNull(servicePrincipal.ApplicationId);
Assert.Equal(2, servicePrincipal.ServicePrincipalNames.Count);
Assert.Equal(0, servicePrincipal.PasswordCredentials.Count);
Assert.Equal(2, servicePrincipal.CertificateCredentials.Count);
}
finally
{
if (servicePrincipal != null)
{
manager.ServicePrincipals.DeleteById(servicePrincipal.Id);
manager.Applications.DeleteById(manager.Applications.GetByName(servicePrincipal.ApplicationId).Id);
}
}
}
}
/// <summary>
/// Creates VirtualMachineMsiHelper.
/// </summary>
/// <param name="rbacManager">The graph rbac manager.</param>
///GENMHASH:4B4A4AD2D9CD3095EFC5D25D8ADB59C4:0B494D62307BC80DFFADD0731B914984
internal VirtualMachineMsiHelper(IGraphRbacManager rbacManager)
{
this.rbacManager = rbacManager;
this.rolesToAssign = new Dictionary <string, Tuple <string, BuiltInRole> >();
this.roleDefinitionsToAssign = new Dictionary <string, Tuple <string, string> >();
Clear();
}
/// <summary>
/// Creates VirtualMachineMsiHelper.
/// </summary>
/// <param name="rbacManager">The graph rbac manager.</param>
internal VirtualMachineMsiHelper(IGraphRbacManager rbacManager, VirtualMachineImpl virtualMachine)
: base(rbacManager, new VmIdProvider(virtualMachine))
{
this.virtualMachine = virtualMachine;
this.creatableIdentityKeys = new HashSet <string>();
this.userAssignedIdentities = new Dictionary <string, VirtualMachineIdentityUserAssignedIdentitiesValue>();
}
public ComputeManager(RestClient restClient, string subscriptionId) :
base(restClient, subscriptionId, ComputeManagementClient.NewInstance(restClient))
{
Inner.SubscriptionId = subscriptionId;
storageManager = StorageManager.Authenticate(restClient, subscriptionId);
networkManager = NetworkManager.Authenticate(restClient, subscriptionId);
rbacManager = GraphRbacManager.Authenticate(restClient, restClient.Credentials.TenantId);
}
private MsiManager(RestClient restClient, string subscriptionId) :
base(restClient, subscriptionId, new ManagedServiceIdentityClient(restClient)
{
SubscriptionId = subscriptionId
})
{
this.graphRbacManager = Microsoft.Azure.Management.Graph.RBAC.Fluent.GraphRbacManager.Authenticate(restClient, restClient.Credentials.TenantId);
}
public KeyVaultManager(RestClient restClient, string subscriptionId, string tenantId) :
base(restClient, subscriptionId, new KeyVaultManagementClient(restClient)
{
SubscriptionId = subscriptionId
})
{
graphRbacManager = GraphRbacManager.Authenticate(restClient, tenantId);
this.tenantId = tenantId;
}
private ContainerInstanceManager(RestClient restClient, string subscriptionId) :
base(restClient, subscriptionId, new ContainerInstanceManagementClient(restClient)
{
SubscriptionId = subscriptionId
})
{
this.storageManager = StorageManager.Authenticate(restClient, subscriptionId);
this.rbacManager = GraphRbacManager.Authenticate(restClient, subscriptionId);
}
public void CanGetUserByDisplayName()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
IGraphRbacManager manager = TestHelper.CreateGraphRbacManager();
var user = manager.Users.GetByName("Reader zero");
Assert.Equal("Reader zero", user.Name);
}
}
public void CanGetUserByEmail()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
IGraphRbacManager manager = TestHelper.CreateGraphRbacManager();
var user = manager.Users.GetByName("*****@*****.**");
Assert.Equal("Admin", user.Name);
}
}
public void CanGetUserByForeignEmail()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
IGraphRbacManager manager = TestHelper.CreateGraphRbacManager();
var user = manager.Users.GetByName("*****@*****.**");
Assert.Equal("Jianghao Lu", user.Name);
}
}
/// <summary>
/// Creates RoleAssignmentHelper.
/// </summary>
/// <param name="rbacManager">the graph rbac manager</param>
/// <param name="idProvider">the provider that provides service principal id and resource id</param>
public RoleAssignmentHelper(IGraphRbacManager rbacManager, IIdProvider idProvider)
{
this.rbacManager = rbacManager;
this.idProvider = idProvider;
this.rolesToAssign = new Dictionary <string, System.Tuple <string, BuiltInRole> >();
this.roleDefinitionsToAssign = new Dictionary <string, System.Tuple <string, string> >();
this.roleAssignmentIdsToRemove = new List <string>();
this.roleAssignmentsToRemove = new Dictionary <string, System.Tuple <string, BuiltInRole> >();
}
public AppServiceManager(RestClient restClient, string subscriptionId, string tenantId) :
base(restClient, subscriptionId, WebSiteManagementClient.NewInstance(restClient))
{
Inner.SubscriptionId = subscriptionId;
keyVaultManager = KeyVault.Fluent.KeyVaultManager.Authenticate(restClient, subscriptionId, tenantId);
storageManager = Storage.Fluent.StorageManager.Authenticate(restClient, subscriptionId);
graphRbacManager = Graph.RBAC.Fluent.GraphRbacManager.Authenticate(restClient, tenantId);
this.tenantId = tenantId;
this.restClient = restClient;
}
public ComputeManager(RestClient restClient, string subscriptionId) :
base(restClient, subscriptionId, new ComputeManagementClient(restClient)
{
SubscriptionId = subscriptionId
})
{
storageManager = StorageManager.Authenticate(restClient, subscriptionId);
networkManager = NetworkManager.Authenticate(restClient, subscriptionId);
rbacManager = GraphRbacManager.Authenticate(restClient, restClient.Credentials.TenantId);
}
///GENMHASH:D153EE3A7098DCC0FDE502B79387242D:20D58C6F0677BACCE2BBFE4994C6C570
internal VirtualMachineScaleSetsImpl(
IComputeManager computeManager,
IStorageManager storageManager,
INetworkManager networkManager,
IGraphRbacManager rbacManager) : base(computeManager.Inner.VirtualMachineScaleSets, computeManager)
{
this.storageManager = storageManager;
this.networkManager = networkManager;
this.rbacManager = rbacManager;
}
public void CanListAll()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
IGraphRbacManager manager = TestHelper.CreateGraphRbacManager();
IEnumerable <IActiveDirectoryUser> users = manager.Users.ListAsync(true).Result;
// It might not be true in live.
Assert.True(users.Count() > 100);
}
}
private MsiManager(RestClient restClient, string subscriptionId) :
base(restClient, subscriptionId, new ManagedServiceIdentityClient(new Uri(restClient.BaseUri),
restClient.Credentials,
restClient.RootHttpHandler,
restClient.Handlers.ToArray())
{
SubscriptionId = subscriptionId
})
{
this.graphRbacManager = Microsoft.Azure.Management.Graph.RBAC.Fluent.GraphRbacManager.Authenticate(restClient, ((AzureCredentials)(restClient.Credentials)).TenantId);
}
///GENMHASH:CF74C66AC4A6B06C41B8E9D08F5D5F4B:DB478B04CDDECD11BE9F5F93E71FB984
internal VirtualMachinesImpl(
IComputeManager computeManager,
IStorageManager storageManager,
INetworkManager networkManager,
IGraphRbacManager rbacManager) :
base(computeManager.Inner.VirtualMachines, computeManager)
{
this.storageManager = storageManager;
this.networkManager = networkManager;
this.rbacManager = rbacManager;
this.vmSizes = new VirtualMachineSizesImpl(computeManager.Inner.VirtualMachineSizes);
}
public KeyVaultManager(RestClient restClient, string subscriptionId, string tenantId) :
base(restClient, subscriptionId, new KeyVaultManagementClient(new Uri(restClient.BaseUri),
restClient.Credentials,
restClient.RootHttpHandler,
restClient.Handlers.ToArray())
{
SubscriptionId = subscriptionId
})
{
graphRbacManager = GraphRbacManager.Authenticate(restClient, tenantId);
this.tenantId = tenantId;
}
public void CanCRUDApplication()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
IGraphRbacManager manager = TestHelper.CreateGraphRbacManager();
String name = SdkContext.RandomResourceName("javasdkapp", 20);
IActiveDirectoryApplication application = null;
try
{
application = manager.Applications.Define(name)
.WithSignOnUrl("http://easycreate.azure.com/" + name)
.DefinePasswordCredential("passwd")
.WithPasswordValue("P@ssw0rd")
.WithDuration(TimeSpan.FromDays(100))
.Attach()
.DefineCertificateCredential("cert")
.WithAsymmetricX509Certificate()
.WithPublicKey(File.ReadAllBytes("Assets/myTest.cer"))
.WithDuration(TimeSpan.FromDays(100))
.Attach()
.DefineCertificateCredential("cert")
.WithAsymmetricX509Certificate()
.WithPublicKey(File.ReadAllBytes("Assets/myTest2.cer"))
.WithDuration(TimeSpan.FromDays(80))
.Attach()
.Create();
Console.WriteLine(application.Id + " - " + application.ApplicationId);
Assert.NotNull(application.Id);
Assert.NotNull(application.ApplicationId);
Assert.Equal(name, application.Name);
Assert.Equal(2, application.CertificateCredentials.Count);
Assert.Equal(1, application.PasswordCredentials.Count);
Assert.Equal(1, application.ReplyUrls.Count);
Assert.Equal(1, application.IdentifierUris.Count);
Assert.Equal("http://easycreate.azure.com/" + name, application.SignOnUrl.ToString());
application.Update()
.WithoutCredential("passwd")
.Apply();
Console.WriteLine(application.Id + " - " + application.ApplicationId);
Assert.Equal(0, application.PasswordCredentials.Count);
}
finally
{
if (application != null)
{
manager.Applications.DeleteById(application.Id);
}
}
}
}
///GENMHASH:6553208EDE6088A698CBA12162179CE6:F1BA2A0D99BABACBDE52E4CA2270EF7E
internal VaultImpl(string name, VaultInner innerObject, IKeyVaultManager manager, IGraphRbacManager graphRbacManager)
: base(name, innerObject, manager)
{
this.graphRbacManager = graphRbacManager;
this.accessPolicies = new List <AccessPolicyImpl>();
if (innerObject != null && innerObject.Properties != null && innerObject.Properties.AccessPolicies != null)
{
foreach (var entry in innerObject.Properties.AccessPolicies)
{
this.accessPolicies.Add(new AccessPolicyImpl(entry, this));
}
}
}
public ComputeManager(RestClient restClient, string subscriptionId) :
base(restClient, subscriptionId, new ComputeManagementClient(new Uri(restClient.BaseUri),
restClient.Credentials,
restClient.RootHttpHandler,
restClient.Handlers.ToArray())
{
SubscriptionId = subscriptionId
})
{
storageManager = StorageManager.Authenticate(restClient, subscriptionId);
networkManager = NetworkManager.Authenticate(restClient, subscriptionId);
rbacManager = GraphRbacManager.Authenticate(restClient, ((AzureCredentials)(restClient.Credentials)).TenantId);
}
///GENMHASH:6553208EDE6088A698CBA12162179CE6:F1BA2A0D99BABACBDE52E4CA2270EF7E
internal VaultImpl(string name, VaultInner innerObject, IKeyVaultManager manager, IGraphRbacManager graphRbacManager)
: base(name, innerObject, manager)
{
this.graphRbacManager = graphRbacManager;
this.accessPolicies = new List <AccessPolicyImpl>();
if (innerObject != null && innerObject.Properties != null && innerObject.Properties.AccessPolicies != null)
{
foreach (var entry in innerObject.Properties.AccessPolicies)
{
this.accessPolicies.Add(new AccessPolicyImpl(entry, this));
}
}
this.client = new KeyVaultClientInternal(Manager.RestClient.Credentials, Manager.RestClient.RootHttpHandler, Manager.RestClient.Handlers.ToArray());
}
