public override void ExecuteCmdlet()
        {
            FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
            {
                Scope = Scope,
                RoleDefinitionName = RoleDefinitionName,
                RoleDefinitionId   = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
                ADObjectFilter     = new ADObjectFilterOptions
                {
                    UPN = SignInName,
                    SPN = ServicePrincipalName,
                    Id  = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource    = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName      = ResourceName,
                    ResourceType      = ResourceType,
                    Subscription      = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString()
                },
                ExpandPrincipalGroups                  = ExpandPrincipalGroups.IsPresent,
                IncludeClassicAdministrators           = IncludeClassicAdministrators.IsPresent,
                ExcludeAssignmentsForDeletedPrincipals = true
            };

            AuthorizationClient.ValidateScope(options.Scope, true);

            List <PSRoleAssignment> ra = PoliciesClient.FilterRoleAssignments(options, DefaultProfile.DefaultContext.Subscription.Id.ToString());

            WriteObject(ra, enumerateCollection: true);
        }
        protected override void ProcessRecord()
        {
            FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
            {
                Scope = Scope,
                RoleDefinitionName = RoleDefinitionName,
                RoleDefinitionId   = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
                ADObjectFilter     = new ADObjectFilterOptions
                {
                    SignInName = SignInName,
                    SPN        = ServicePrincipalName,
                    Id         = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource    = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName      = ResourceName,
                    ResourceType      = ResourceType,
                    Subscription      = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.Context.Subscription.Id.ToString()
                },
                ExpandPrincipalGroups                  = ExpandPrincipalGroups.IsPresent,
                IncludeClassicAdministrators           = IncludeClassicAdministrators.IsPresent,
                ExcludeAssignmentsForDeletedPrincipals = true
            };

            WriteObject(PoliciesClient.FilterRoleAssignments(options, DefaultProfile.Context.Subscription.Id.ToString()), enumerateCollection: true);
        }
Пример #3
0
        public override void ExecuteCmdlet()
        {
            FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
            {
                Scope = Scope,
                RoleDefinitionName = RoleDefinitionName,
                RoleDefinitionId   = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
                ADObjectFilter     = new ADObjectFilterOptions
                {
                    UPN = SignInName,
                    SPN = ApplicationId,
                    Id  = ObjectId,
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource    = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName      = ResourceName,
                    ResourceType      = ResourceType,
                    Subscription      = DefaultProfile.DefaultContext.Subscription.Id,
                },
                CanDelegate = AllowDelegation.IsPresent ? true : false,
            };

            AuthorizationClient.ValidateScope(parameters.Scope, false);

            WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId));
        }
        public override void ExecuteCmdlet()
        {
            MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);

            IEnumerable<PSRoleAssignment> roleAssignments = null;
            if (this.IsParameterBound(c => c.InputObject))
            {
                Scope = InputObject.Scope;
                ObjectId = InputObject.ObjectId;
                RoleDefinitionName = InputObject.RoleDefinitionName;
            }

            FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
            {
                Scope = Scope,
                RoleDefinitionName = RoleDefinitionName,
                RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
                ADObjectFilter = new ADObjectFilterOptions
                {
                    UPN = SignInName,
                    Id = ObjectId,
                    SPN = ServicePrincipalName
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName = ResourceName,
                    ResourceType = ResourceType,
                    Subscription = DefaultProfile.DefaultContext.Subscription.Id
                },
                // we should never expand principal groups in the Delete scenario
                ExpandPrincipalGroups = false,
                // never include classic administrators in the Delete scenario
                IncludeClassicAdministrators = false
            };

            AuthorizationClient.ValidateScope(options.Scope, true);

            ConfirmAction(
                string.Format(ProjectResources.RemovingRoleAssignment, ObjectId, Scope, RoleDefinitionName),
                ObjectId,
                () =>
                {
                    roleAssignments = PoliciesClient.RemoveRoleAssignment(options,
                        DefaultProfile.DefaultContext.Subscription.Id);
                    if (PassThru)
                    {
                        WriteObject(roleAssignments, enumerateCollection: true);
                    }
                });

        }
        public override void ExecuteCmdlet()
        {
            if (string.IsNullOrEmpty(Condition) ^ string.IsNullOrEmpty(ConditionVersion))
            {
                if (!string.IsNullOrEmpty(Condition))
                {
                    ConditionVersion = "2.0";
                    WriteDebug("-Condition was set but -ConditionVersion was not, defaulting to lowest publicly available version: '2.0'");
                }
                else
                {
                    WriteExceptionError(new ArgumentException("If -ConditionVersion is set -Condition can not be empty."));
                    return;
                }
            }
            double _conditionVersion = double.Parse((ConditionVersion ?? "2.0"));

            if (_conditionVersion < 2.0)
            {
                WriteExceptionError(new ArgumentException("Argument -ConditionVersion must be greater or equal than 2.0"));
                return;
            }
            FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
            {
                Scope = Scope,
                RoleDefinitionName = RoleDefinitionName,
                RoleDefinitionId   = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
                ADObjectFilter     = new ADObjectFilterOptions
                {
                    UPN = SignInName,
                    SPN = ApplicationId,
                    Id  = ObjectId,
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource    = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName      = ResourceName,
                    ResourceType      = ResourceType,
                    Subscription      = DefaultProfile.DefaultContext.Subscription.Id,
                },
                CanDelegate      = AllowDelegation.IsPresent ? true : false,
                Description      = Description,
                Condition        = Condition,
                ConditionVersion = ConditionVersion,
            };

            AuthorizationClient.ValidateScope(parameters.Scope, false);

            WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId));
        }
Пример #6
0
        public override void ExecuteCmdlet()
        {
            IEnumerable <PSRoleAssignment> roleAssignments = null;
            FilterRoleAssignmentsOptions   options         = new FilterRoleAssignmentsOptions()
            {
                Scope = Scope,
                RoleDefinitionName = RoleDefinitionName,
                RoleDefinitionId   = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
                ADObjectFilter     = new ADObjectFilterOptions
                {
                    UPN = SignInName,
                    Id  = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
                    SPN = ServicePrincipalName
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource    = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName      = ResourceName,
                    ResourceType      = ResourceType,
                    Subscription      = DefaultProfile.DefaultContext.Subscription.Id.ToString()
                },
                ExcludeAssignmentsForDeletedPrincipals = false,
                // we should never expand principal groups in the Delete scenario
                ExpandPrincipalGroups = false,
                // never include classic administrators in the Delete scenario
                IncludeClassicAdministrators = false
            };

            AuthorizationClient.ValidateScope(options.Scope, true);

            ConfirmAction(
                ProjectResources.RemovingRoleAssignment,
                string.Empty,
                () =>
            {
                roleAssignments = PoliciesClient.RemoveRoleAssignment(options,
                                                                      DefaultProfile.DefaultContext.Subscription.Id.ToString());
                if (PassThru)
                {
                    WriteObject(roleAssignments, enumerateCollection: true);
                }
            });
        }
Пример #7
0
        protected override void ProcessRecord()
        {
            IEnumerable <PSRoleAssignment> roleAssignments = null;
            FilterRoleAssignmentsOptions   options         = new FilterRoleAssignmentsOptions()
            {
                Scope = Scope,
                RoleDefinitionName = RoleDefinitionName,
                RoleDefinitionId   = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
                ADObjectFilter     = new ADObjectFilterOptions
                {
                    SignInName = SignInName,
                    Id         = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
                    SPN        = ServicePrincipalName
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource    = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName      = ResourceName,
                    ResourceType      = ResourceType,
                    Subscription      = DefaultProfile.Context.Subscription.Id.ToString()
                },
                ExcludeAssignmentsForDeletedPrincipals = false
            };

            ConfirmAction(
                Force.IsPresent,
                string.Format(ProjectResources.RemovingRoleAssignment,
                              options.ADObjectFilter.ActiveFilter,
                              options.Scope,
                              options.RoleDefinitionName ?? RoleDefinitionId.ToString()),
                ProjectResources.RemovingRoleAssignment,
                null,
                () => roleAssignments = PoliciesClient.RemoveRoleAssignment(options, DefaultProfile.Context.Subscription.Id.ToString()));

            if (PassThru)
            {
                WriteObject(roleAssignments, enumerateCollection: true);
            }
        }
Пример #8
0
        public override void ExecuteCmdlet()
        {
            MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);

            if (ParameterSetName == ParameterSet.InputFile)
            {
                string fileName = this.TryResolvePath(InputFile);
                if (!(new FileInfo(fileName)).Exists)
                {
                    throw new PSArgumentException(string.Format("File {0} does not exist", fileName));
                }

                try
                {
                    PSRoleAssignment RoleAssignment = JsonConvert.DeserializeObject <PSRoleAssignment>(File.ReadAllText(fileName));

                    this.ObjectId     = RoleAssignment.ObjectId;
                    this.ObjectType   = RoleAssignment.ObjectType;
                    this.ResourceType = RoleAssignment.ObjectType;
                    this.Scope        = RoleAssignment.Scope;
                    Guid guid = Guid.Empty;
                    Guid.TryParse(RoleAssignment.RoleDefinitionId, out guid);
                    this.RoleDefinitionId = guid;
                    this.Description      = RoleAssignment.Description;
                    this.Condition        = RoleAssignment.Condition;
                    this.ConditionVersion = RoleAssignment.ConditionVersion;
                }
                catch (JsonException)
                {
                    WriteVerbose("Deserializing the input role assignment failed.");
                    throw new Exception("Deserializing the input role assignment failed. Please confirm the file is properly formated");
                }
            }
            if (string.IsNullOrEmpty(Condition) ^ string.IsNullOrEmpty(ConditionVersion))
            {
                if (!string.IsNullOrEmpty(Condition))
                {
                    ConditionVersion = "2.0";
                    WriteDebug("-Condition was set but -ConditionVersion was not, defaulting to lowest publicly available version: '2.0'");
                }
                else
                {
                    WriteExceptionError(new ArgumentException("If -ConditionVersion is set -Condition can not be empty."));
                    return;
                }
            }
            // ensure that if ConditionVersion is empty in any way, it becomes null
            ConditionVersion = string.IsNullOrEmpty(ConditionVersion) ? null : string.IsNullOrWhiteSpace(ConditionVersion) ? null : ConditionVersion;
            var _conditionVersion = Version.Parse(ConditionVersion ?? "2.0");

            if (_conditionVersion.Major < 2)
            {
                WriteExceptionError(new ArgumentException("Argument -ConditionVersion must be greater or equal than 2.0"));
                return;
            }
            FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
            {
                Scope = Scope,
                RoleDefinitionName = RoleDefinitionName,
                RoleDefinitionId   = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
                ADObjectFilter     = new ADObjectFilterOptions
                {
                    UPN        = SignInName,
                    SPN        = ApplicationId,
                    Id         = ObjectId,
                    ObjectType = ObjectType,
                },
                ResourceIdentifier = new ResourceIdentifier()
                {
                    ParentResource    = ParentResource,
                    ResourceGroupName = ResourceGroupName,
                    ResourceName      = ResourceName,
                    ResourceType      = ResourceType,
                    Subscription      = DefaultProfile.DefaultContext.Subscription.Id,
                },
                CanDelegate      = AllowDelegation.IsPresent ? true : false,
                Description      = Description,
                Condition        = Condition,
                ConditionVersion = ConditionVersion,
            };

            AuthorizationClient.ValidateScope(parameters.Scope, false);

            WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId));
        }