private PSKeyVaultRoleAssignment[] FilterAssignments(PSKeyVaultRoleAssignment[] assignments) { if (!string.IsNullOrEmpty(RoleDefinitionName)) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); RoleDefinitionId = definition?.Id; } if (!string.IsNullOrEmpty(SignInName)) { var user = GraphClient.Users.GetUser(SignInName); ObjectId = user?.Id; } if (!string.IsNullOrEmpty(ApplicationId)) { var filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(sp => sp.AppId == ApplicationId); var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.FirstOrDefault(); ObjectId = servicePrincipal?.Id; } if (!string.IsNullOrEmpty(RoleDefinitionId)) { assignments = assignments.Where(assignment => string.Equals(assignment.RoleDefinitionId, RoleDefinitionId, StringComparison.OrdinalIgnoreCase)).ToArray(); } if (!string.IsNullOrEmpty(ObjectId)) { assignments = assignments.Where(assignment => string.Equals(assignment.PrincipalId, ObjectId, StringComparison.OrdinalIgnoreCase)).ToArray(); } return(assignments); }
public override void ExecuteCmdlet() { MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this); // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var user = GraphClient.Users.GetUser(SignInName); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id; } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { // can't use string.Equals() here as it will result in incorrect filter string string filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(s => s.AppId == ApplicationId); var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.SingleOrDefault(); if (servicePrincipal == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = servicePrincipal.Id; } base.ConfirmAction( string.Format(Resources.AssignRole, RoleDefinitionName ?? RoleDefinitionId, SignInName ?? ApplicationId ?? ObjectId, Scope), HsmName, () => { PSKeyVaultRoleAssignment roleAssignment = Track2DataClient.CreateHsmRoleAssignment(HsmName, Scope, RoleDefinitionId, ObjectId); GetAssignmentDetails(roleAssignment, HsmName, Scope); WriteObject(roleAssignment); }); }
private string GetRoleAssignmentNameFromFilterParameters() { // convert definition name to id if (ParameterSetName == ParameterSet.DefinitionNameApplicationId || ParameterSetName == ParameterSet.DefinitionNameObjectId || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var definition = Track2DataClient.GetHsmRoleDefinitions(HsmName, Scope) .FirstOrDefault(x => string.Equals(x.RoleName, RoleDefinitionName, StringComparison.OrdinalIgnoreCase)); if (definition == null) { throw new ArgumentException(string.Format(Resources.RoleDefinitionNotFound, RoleDefinitionName)); } RoleDefinitionId = definition.Id; } // convert user sign in name to object id if (ParameterSetName == ParameterSet.DefinitionIdSignInName || ParameterSetName == ParameterSet.DefinitionNameSignInName) { var user = GraphClient.Users.GetUser(SignInName); if (user == null) { throw new ArgumentException(string.Format(Resources.UserNotFoundBy, SignInName)); } ObjectId = user.Id; } // convert service principal app id to object id if (ParameterSetName == ParameterSet.DefinitionIdApplicationId || ParameterSetName == ParameterSet.DefinitionNameApplicationId) { string filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(s => s.AppId == ApplicationId); var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.SingleOrDefault(); if (servicePrincipal == null) { throw new ArgumentException(string.Format(Resources.ApplicationNotFoundBy, ApplicationId)); } ObjectId = servicePrincipal.Id; } var roleAssignment = Track2DataClient.GetHsmRoleAssignments(HsmName, Scope) .FirstOrDefault(assignment => string.Equals(assignment.PrincipalId, ObjectId) && string.Equals(assignment.RoleDefinitionId, RoleDefinitionId)); if (roleAssignment == null) { throw new Exception(Resources.RoleAssignmentNotFound); } else { return(roleAssignment.Name); } }
private string GetObjectIdBySpn(string spn) { if (string.IsNullOrWhiteSpace(spn)) { return(null); } string filter = ODataHelper.FormatFilterString <MicrosoftGraphServicePrincipal>(s => s.ServicePrincipalNames.Contains(spn)); var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.SingleOrDefault(); var objId = servicePrincipal?.Id.ToString(); return(objId); }
private string GetObjectIdByEmail(string email) { // In ADFS, Graph cannot handle this particular combination of filters. if (DefaultProfile.DefaultContext.Environment.OnPremise || string.IsNullOrWhiteSpace(email)) { return(null); } string objId = null; string filter = ODataHelper.FormatFilterString <MicrosoftGraphUser>(s => s.Mail == email); var users = GraphClient.Users.ListUser(filter: filter).Value; if (users != null) { ThrowIfMultipleObjectIds(users, email); var user = users.FirstOrDefault(); objId = user?.Id.ToString(); } return(objId); }