private PSKeyVaultRoleAssignment[] FilterAssignments(PSKeyVaultRoleAssignment[] assignments)
{
if (!string.IsNullOrEmpty(RoleDefinitionName))
{
var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
.FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
RoleDefinitionId = definition?.Id;
}
if (!string.IsNullOrEmpty(SignInName))
{
var filter = new ADObjectFilterOptions()
{
UPN = SignInName
};
var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault();
ObjectId = user?.Id.ToString();
}
if (!string.IsNullOrEmpty(ApplicationId))
{
var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase));
var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault();
ObjectId = app?.ObjectId.ToString();
}
if (!string.IsNullOrEmpty(RoleDefinitionId))
{
assignments = assignments.Where(assignment => string.Equals(assignment.RoleDefinitionId, RoleDefinitionId, StringComparison.OrdinalIgnoreCase)).ToArray();
}
if (!string.IsNullOrEmpty(ObjectId))
{
assignments = assignments.Where(assignment => string.Equals(assignment.PrincipalId, ObjectId, StringComparison.OrdinalIgnoreCase)).ToArray();
}
return(assignments);
}
private string GetRoleAssignmentNameFromFilterParameters()
{
// convert definition name to id
if (ParameterSetName == ParameterSet.DefinitionNameApplicationId ||
ParameterSetName == ParameterSet.DefinitionNameObjectId ||
ParameterSetName == ParameterSet.DefinitionNameSignInName)
{
var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
.FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
if (definition == null)
{
throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName));
}
RoleDefinitionId = definition.Id;
}
// convert user sign in name to object id
if (ParameterSetName == ParameterSet.DefinitionIdSignInName ||
ParameterSetName == ParameterSet.DefinitionNameSignInName)
{
var filter = new ADObjectFilterOptions()
{
UPN = SignInName
};
var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault();
if (user == null)
{
throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName));
}
ObjectId = user.Id.ToString();
}
// convert service principal app id to object id
if (ParameterSetName == ParameterSet.DefinitionIdApplicationId ||
ParameterSetName == ParameterSet.DefinitionNameApplicationId)
{
var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase));
var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault();
if (app == null)
{
throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId));
}
ObjectId = app.ObjectId.ToString();
}
var roleAssignment = Track2DataClient.GetHsmRoleAssignments(HsmName, Scope)
.FirstOrDefault(assignment => string.Equals(assignment.PrincipalId, ObjectId) && string.Equals(assignment.RoleDefinitionId, RoleDefinitionId));
if (roleAssignment == null)
{
throw new Exception(Resources.RoleAssignmentNotFound);
}
else
{
return(roleAssignment.Name);
}
}
public override void ExecuteCmdlet()
{
// convert definition name to id
if (ParameterSetName == ParameterSet.DefinitionNameApplicationId ||
ParameterSetName == ParameterSet.DefinitionNameObjectId ||
ParameterSetName == ParameterSet.DefinitionNameSignInName)
{
var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope)
.FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase));
if (definition == null)
{
throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName));
}
RoleDefinitionId = definition.Id;
}
// convert user sign in name to object id
if (ParameterSetName == ParameterSet.DefinitionIdSignInName ||
ParameterSetName == ParameterSet.DefinitionNameSignInName)
{
var filter = new ADObjectFilterOptions()
{
UPN = SignInName
};
var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault();
if (user == null)
{
throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName));
}
ObjectId = user.Id.ToString();
}
// convert service principal app id to object id
if (ParameterSetName == ParameterSet.DefinitionIdApplicationId ||
ParameterSetName == ParameterSet.DefinitionNameApplicationId)
{
var odataQuery = new Rest.Azure.OData.ODataQuery <Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase));
var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault();
if (app == null)
{
throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId));
}
ObjectId = app.ObjectId.ToString();
}
base.ConfirmAction(
string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope),
HsmName, () =>
{
PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId);
GetAssignmentDetails(roleAssignment, HsmName, Scope);
WriteObject(roleAssignment);
});
}