public override void ExecuteCmdlet() { MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this); // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var user = GraphClient.Users.GetUser(SignInName); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id; } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { // can't use string.Equals() here as it will result in incorrect filter string string filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(s => s.AppId == ApplicationId); var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.SingleOrDefault(); if (servicePrincipal == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = servicePrincipal.Id; } base.ConfirmAction( string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope), HsmName, () => { PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId); GetAssignmentDetails(roleAssignment, HsmName, Scope); WriteObject(roleAssignment); }); }
public override void ExecuteCmdlet() { // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var filter = new ADObjectFilterOptions() { UPN = SignInName }; var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault(); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id.ToString(); } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase)); var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault(); if (app == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = app.ObjectId.ToString(); } base.ConfirmAction( string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope), HsmName, () => { PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId); GetAssignmentDetails(roleAssignment, HsmName, Scope); WriteObject(roleAssignment); }); }
/// <summary> /// Get details of the role assignment -- principal name, role definition name, etc., /// and assign them back in the role assignment object. /// </summary> /// <param name="assignment"></param> protected void GetAssignmentDetails(PSKeyVaultRoleAssignment assignment, string hsmName, string scope) { // get all role definition var definitions = Track2DataClient.GetHsmRoleDefinitions(hsmName, scope); // get info about assignee var assignee = ModelExtensions.GetDetailsFromADObjectId(assignment.PrincipalId, GraphClient); (assignment.DisplayName, assignment.ObjectType) = assignee; // traverse role definitions to find the correct one assignment.RoleDefinitionName = definitions .FirstOrDefault(definition => string.Equals(definition.Id, assignment.RoleDefinitionId, StringComparison.OrdinalIgnoreCase)) ?.RoleName; }