private string GetRoleAssignmentNameFromFilterParameters() { // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var filter = new ADObjectFilterOptions() { UPN = SignInName }; var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault(); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id.ToString(); } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase)); var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault(); if (app == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = app.ObjectId.ToString(); } var roleAssignment = Track2DataClient.GetHsmRoleAssignments(HsmName, Scope) .FirstOrDefault(assignment => string.Equals(assignment.PrincipalId, ObjectId) && string.Equals(assignment.RoleDefinitionId, RoleDefinitionId)); if (roleAssignment == null) { throw new Exception(Resources.RoleAssignmentNotFound); } else { return(roleAssignment.Name); } }
public override void ExecuteCmdlet() { MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this); // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var user = GraphClient.Users.GetUser(SignInName); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id; } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { // can't use string.Equals() here as it will result in incorrect filter string string filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(s => s.AppId == ApplicationId); var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.SingleOrDefault(); if (servicePrincipal == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = servicePrincipal.Id; } base.ConfirmAction( string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope), HsmName, () => { PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId); GetAssignmentDetails(roleAssignment, HsmName, Scope); WriteObject(roleAssignment); }); }
public override void ExecuteCmdlet() { // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var filter = new ADObjectFilterOptions() { UPN = SignInName }; var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault(); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id.ToString(); } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase)); var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault(); if (app == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = app.ObjectId.ToString(); } base.ConfirmAction( string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope), HsmName, () => { PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId); GetAssignmentDetails(roleAssignment, HsmName, Scope); WriteObject(roleAssignment); }); }
private string GetRoleAssignmentNameFromFilterParameters() { // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var user = GraphClient.Users.GetUser(SignInName); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id; } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { string filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(s => s.AppId == ApplicationId); var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.SingleOrDefault(); if (servicePrincipal == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = servicePrincipal.Id; } var roleAssignment = Track2DataClient.GetHsmRoleAssignments(HsmName, Scope) .FirstOrDefault(assignment => string.Equals(assignment.PrincipalId, ObjectId) && string.Equals(assignment.RoleDefinitionId, RoleDefinitionId)); if (roleAssignment == null) { throw new Exception(Resources.RoleAssignmentNotFound); } else { return(roleAssignment.Name); } }
public override void ExecuteCmdlet() { NormalizeKeySourceParameters(); var result = Track2DataClient.GetManagedHsmRandomNumber(HsmName, Count); if (AsBase64String.IsPresent) { this.WriteObject(Convert.ToBase64String(result)); } else { this.WriteObject(result, true); } }
/// <summary> /// Get details of the role assignment -- principal name, role definition name, etc., /// and assign them back in the role assignment object. /// </summary> /// <param name="assignment"></param> protected void GetAssignmentDetails(PSKeyVaultRoleAssignment assignment, string hsmName, string scope) { // get all role definition var definitions = Track2DataClient.GetHsmRoleDefinitions(hsmName, scope); // get info about assignee var assignee = ModelExtensions.GetDetailsFromADObjectId(assignment.PrincipalId, GraphClient); (assignment.DisplayName, assignment.ObjectType) = assignee; // traverse role definitions to find the correct one assignment.RoleDefinitionName = definitions .FirstOrDefault(definition => string.Equals(definition.Id, assignment.RoleDefinitionId, StringComparison.OrdinalIgnoreCase)) ?.RoleName; }
public override void ExecuteCmdlet() { var roleDefinitions = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope); switch (ParameterSetName) { case InteractiveCreateParameterSet: WriteObject(roleDefinitions, enumerateCollection: true); break; case ByNameParameterSet: WriteObject(roleDefinitions.FirstOrDefault(def => string.Equals(RoleDefinitionName, def.RoleName, StringComparison.OrdinalIgnoreCase))); break; } }
public override void DoExecuteCmdlet() { ConfirmAction( string.Format(Resources.DoFullBackup, StorageContainerUri), Name, () => { try { WriteObject(Track2DataClient.BackupHsm(Name, StorageContainerUri, SasToken.ConvertToString()).AbsoluteUri); } catch (Exception ex) { throw new Exception(string.Format(Resources.FullBackupFailed, Name), ex); } }); }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ByNameParameterSet: var roles = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope).Where(r => r.RoleName == RoleName); if (roles.Count() > 1) { WriteWarning($"There are more than 1 role definitions with the name {RoleName}. Please use `-InputObject` instead to specify which role to remove."); if (PassThru) { WriteObject(false); } return; } if (!roles.Any()) { throw new AzPSArgumentException( $"Could not find any role definition matching the name {RoleName} at scope {Scope}", nameof(RoleName)); } InputObject = roles.First(); break; case InputObjectParameterSet: break; } ConfirmAction( Force, $"Removing role definition {InputObject.Name} (RoleName: \"{InputObject.RoleName}\")", "Removing role definition", InputObject.Name, () => { Track2DataClient.RemoveHsmRoleDefinition(HsmName, Scope, InputObject.Name); } ); if (PassThru) { WriteObject(true); } }
public override void DoExecuteCmdlet() { ConfirmAction( string.Format(Resources.DoFullRestore, StorageContainerUri), Name, () => { try { Track2DataClient.RestoreHsm(Name, StorageContainerUri, SasToken.ConvertToString(), BackupFolder); } catch (Exception ex) { throw new Exception(string.Format(Resources.FullRestoreFailed, Name), ex); } if (PassThru) { WriteObject(true); } } ); }
internal void NormalizeParameterSets() { if (null != InputObject) { Name = InputObject.Name; if (InputObject.IsHsm) { throw new NotImplementedException("Updating key rotation policy on managed HSM is not supported yet"); } else { VaultName = InputObject.VaultName; } } switch (this.ParameterSetName) { case SetByRotationPolicyFileViaVaultName: case SetByRotationPolicyFileViaKeyInputObject: KeyRotationPolicy = ConstructKeyRotationPolicyFromFile(PolicyPath); break; case SetByExpandedPropertiesViaVaultName: case SetByExpandedPropertiesViaKeyInputObject: KeyRotationPolicy = new PSKeyRotationPolicy() { VaultName = VaultName, KeyName = Name, ExpiresIn = ExpiresIn ?? Track2DataClient.GetKeyRotationPolicy(VaultName, Name).ExpiresIn, LifetimeActions = KeyRotationLifetimeAction ?? Track2DataClient.GetKeyRotationPolicy(VaultName, Name).LifetimeActions }; break; default: // do nothing break; } }
internal override void NormalizeParameterSets() { if (null != InputObject) { Name = InputObject.Name; if (InputObject.IsHsm) { throw new NotImplementedException("Updating key rotation policy on managed HSM is not supported yet"); } else { VaultName = InputObject.VaultName; } } if (!this.ParameterSetName.Equals(ByKeyRotationPolicyInputObjectParameterSet)) { // Only update specified parameter, others keep same KeyRotationPolicy = Track2DataClient.GetKeyRotationPolicy(VaultName, Name) ?? new PSKeyRotationPolicy() { VaultName = VaultName, KeyName = Name, ExpiresIn = null, LifetimeActions = null }; if (MyInvocation.BoundParameters.ContainsKey("ExpiresIn")) { KeyRotationPolicy.ExpiresIn = ExpiresIn; } if (MyInvocation.BoundParameters.ContainsKey("KeyRotationLifetimeAction")) { KeyRotationPolicy.LifetimeActions = KeyRotationLifetimeAction; } } }