/// <summary> /// Process all the Groups in the set. Get the groups members (recursively) and add them to the right Role buckets /// </summary> /// <param name="azureGraph"></param> /// <param name="thisGroupAsSet"></param> /// <param name="groupToRetrieve"></param> /// <returns></returns> private async Task GenerateUsersRolesListFromAzureGroups_ProcessGroups( GraphServiceClient azureGraph, IGraphServiceGroupsCollectionPage thisGroupAsSet, ProvisionConfigExternalDirectorySync.SynchronizeGroupToRole groupToRetrieve) { //Degenerate case: No data here... if ((thisGroupAsSet == null) || (thisGroupAsSet.CurrentPage.Count < 1)) { return; } //============================================================================================ //Get all the groups from the current page of Azure results, and then get any subsequent pages //============================================================================================ do { //---------------------------------------------------------------------- //Loop through all the Azure Groups in the current returned page //---------------------------------------------------------------------- var currentPage = thisGroupAsSet.CurrentPage; var currentPage_ItemCount = currentPage.Count; for (var idxGroup = 0; idxGroup < currentPage_ItemCount; idxGroup++) { await GenerateUsersRolesListFromAzureGroups_ProcessSingleGroup(azureGraph, currentPage[idxGroup], groupToRetrieve); } //----------------------------------------------------------------------- //Advance to the next page (if there is one) //----------------------------------------------------------------------- var requestNextPage = thisGroupAsSet.NextPageRequest; if (requestNextPage != null) { thisGroupAsSet = await requestNextPage.GetAsync(); } else { thisGroupAsSet = null; } } while (thisGroupAsSet != null); }
/// <summary> /// Itterate down a groups membership, looing in any sub-groups, and record all the members /// </summary> /// <param name="azureGraph"></param> /// <param name="thisGroupsMembers"></param> /// <param name="baseGroupToRetrieve"></param> async Task AzureRecurseGroupsGenerateRolesList(GraphServiceClient azureGraph, IGroupMembersCollectionWithReferencesPage thisGroupsMembers, ProvisionConfigExternalDirectorySync.SynchronizeGroupToRole baseGroupToRetrieve) { var thispage_members = thisGroupsMembers; do { if (thispage_members.Count > 0) { foreach (var thisMember in thispage_members) { var asUser = thisMember as Microsoft.Graph.User; var asSubGroup = thisMember as Microsoft.Graph.Group; if (asUser != null) { AddUserToRoleProvisioningTrackingManager( baseGroupToRetrieve.TableauRole, baseGroupToRetrieve.AllowPromotedRoleForMembers, baseGroupToRetrieve.AuthenticationModel, asUser, baseGroupToRetrieve.SourceGroupName); //Add them to the list of users } else if (asSubGroup != null) { //----------------------------------------------------------------------------------- //Recurse down the subgroup and get its members //----------------------------------------------------------------------------------- var subGroupsMembers = await azureGraph.Groups[asSubGroup.Id].Members.Request().GetAsync(); await AzureRecurseGroupsGenerateRolesList(azureGraph, subGroupsMembers, baseGroupToRetrieve); } } } //Go to the next page if (thispage_members.NextPageRequest != null) { thispage_members = await thispage_members.NextPageRequest.GetAsync(); } else { thispage_members = null; } } while (thispage_members != null); }
/// <summary> /// Get the group's members (recursively) and add them to the right Role buckets /// </summary> /// <param name="azureGraph"></param> /// <param name="thisGroupAsSet"></param> /// <param name="groupToRetrieve"></param> /// <returns></returns> private async Task GenerateUsersRolesListFromAzureGroups_ProcessSingleGroup(GraphServiceClient azureGraph, Group azureGroup, ProvisionConfigExternalDirectorySync.SynchronizeGroupToRole groupToRetrieve) { //---------------------------------------------------------------------------------------------------------------------------------------------- //See if there is an additional 'contains' filter we need to apply to the result //---------------------------------------------------------------------------------------------------------------------------------------------- if (!string.IsNullOrWhiteSpace(groupToRetrieve.FilterSourceGroupNameContains)) { //If the Azure Group does not contain the specified Contains fitering term, then skip it if (!azureGroup.DisplayName.Contains(groupToRetrieve.FilterSourceGroupNameContains)) { _statusLogs.AddStatus("Skipping members of group: '" + azureGroup.DisplayName + "', becuase the group name does not contain the filter term '" + groupToRetrieve.FilterSourceGroupNameContains + "'"); return; } } _statusLogs.AddStatus("Get Azure AD group membership from '" + azureGroup.DisplayName + "' for user-role mapping for group '" + groupToRetrieve.SourceGroupName + "'"); //---------------------------------------------------------------------------------------------------- //Get all the members of the group //---------------------------------------------------------------------------------------------------- var thiGroupId = azureGroup.Id; //https://docs.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http //UNDONE: Filter down to just USERS and SUB-GROUPS var thisGroupsMembers = await azureGraph.Groups[thiGroupId].Members.Request().GetAsync(); //TEST: Test paging by forcing the # of items to be returned per page to be 2 //var thisGroupsMembers = await azureGraph.Groups[thiGroupId].Members.Request().Top(2).GetAsync(); //Get all the users in the group and sub-groups await AzureRecurseGroupsGenerateRolesList(azureGraph, thisGroupsMembers, groupToRetrieve); }