/// <summary>
/// Process all the Groups in the set. Get the groups members (recursively) and add them to the right Role buckets
/// </summary>
/// <param name="azureGraph"></param>
/// <param name="thisGroupAsSet"></param>
/// <param name="groupToRetrieve"></param>
/// <returns></returns>
private async Task GenerateUsersRolesListFromAzureGroups_ProcessGroups(
GraphServiceClient azureGraph,
IGraphServiceGroupsCollectionPage thisGroupAsSet,
ProvisionConfigExternalDirectorySync.SynchronizeGroupToRole groupToRetrieve)
{
//Degenerate case: No data here...
if ((thisGroupAsSet == null) || (thisGroupAsSet.CurrentPage.Count < 1))
{
return;
}
//============================================================================================
//Get all the groups from the current page of Azure results, and then get any subsequent pages
//============================================================================================
do
{
//----------------------------------------------------------------------
//Loop through all the Azure Groups in the current returned page
//----------------------------------------------------------------------
var currentPage = thisGroupAsSet.CurrentPage;
var currentPage_ItemCount = currentPage.Count;
for (var idxGroup = 0; idxGroup < currentPage_ItemCount; idxGroup++)
{
await GenerateUsersRolesListFromAzureGroups_ProcessSingleGroup(azureGraph, currentPage[idxGroup], groupToRetrieve);
}
//-----------------------------------------------------------------------
//Advance to the next page (if there is one)
//-----------------------------------------------------------------------
var requestNextPage = thisGroupAsSet.NextPageRequest;
if (requestNextPage != null)
{
thisGroupAsSet = await requestNextPage.GetAsync();
}
else
{
thisGroupAsSet = null;
}
} while (thisGroupAsSet != null);
}
/// <summary>
/// Itterate down a groups membership, looing in any sub-groups, and record all the members
/// </summary>
/// <param name="azureGraph"></param>
/// <param name="thisGroupsMembers"></param>
/// <param name="baseGroupToRetrieve"></param>
async Task AzureRecurseGroupsGenerateRolesList(GraphServiceClient azureGraph, IGroupMembersCollectionWithReferencesPage thisGroupsMembers, ProvisionConfigExternalDirectorySync.SynchronizeGroupToRole baseGroupToRetrieve)
{
var thispage_members = thisGroupsMembers;
do
{
if (thispage_members.Count > 0)
{
foreach (var thisMember in thispage_members)
{
var asUser = thisMember as Microsoft.Graph.User;
var asSubGroup = thisMember as Microsoft.Graph.Group;
if (asUser != null)
{
AddUserToRoleProvisioningTrackingManager(
baseGroupToRetrieve.TableauRole,
baseGroupToRetrieve.AllowPromotedRoleForMembers,
baseGroupToRetrieve.AuthenticationModel,
asUser,
baseGroupToRetrieve.SourceGroupName);
//Add them to the list of users
}
else if (asSubGroup != null)
{
//-----------------------------------------------------------------------------------
//Recurse down the subgroup and get its members
//-----------------------------------------------------------------------------------
var subGroupsMembers = await azureGraph.Groups[asSubGroup.Id].Members.Request().GetAsync();
await AzureRecurseGroupsGenerateRolesList(azureGraph, subGroupsMembers, baseGroupToRetrieve);
}
}
}
//Go to the next page
if (thispage_members.NextPageRequest != null)
{
thispage_members = await thispage_members.NextPageRequest.GetAsync();
}
else
{
thispage_members = null;
}
} while (thispage_members != null);
}
/// <summary>
/// Get the group's members (recursively) and add them to the right Role buckets
/// </summary>
/// <param name="azureGraph"></param>
/// <param name="thisGroupAsSet"></param>
/// <param name="groupToRetrieve"></param>
/// <returns></returns>
private async Task GenerateUsersRolesListFromAzureGroups_ProcessSingleGroup(GraphServiceClient azureGraph, Group azureGroup, ProvisionConfigExternalDirectorySync.SynchronizeGroupToRole groupToRetrieve)
{
//----------------------------------------------------------------------------------------------------------------------------------------------
//See if there is an additional 'contains' filter we need to apply to the result
//----------------------------------------------------------------------------------------------------------------------------------------------
if (!string.IsNullOrWhiteSpace(groupToRetrieve.FilterSourceGroupNameContains))
{
//If the Azure Group does not contain the specified Contains fitering term, then skip it
if (!azureGroup.DisplayName.Contains(groupToRetrieve.FilterSourceGroupNameContains))
{
_statusLogs.AddStatus("Skipping members of group: '"
+ azureGroup.DisplayName
+ "', becuase the group name does not contain the filter term '"
+ groupToRetrieve.FilterSourceGroupNameContains
+ "'");
return;
}
}
_statusLogs.AddStatus("Get Azure AD group membership from '" + azureGroup.DisplayName + "' for user-role mapping for group '" + groupToRetrieve.SourceGroupName + "'");
//----------------------------------------------------------------------------------------------------
//Get all the members of the group
//----------------------------------------------------------------------------------------------------
var thiGroupId = azureGroup.Id;
//https://docs.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http
//UNDONE: Filter down to just USERS and SUB-GROUPS
var thisGroupsMembers = await azureGraph.Groups[thiGroupId].Members.Request().GetAsync();
//TEST: Test paging by forcing the # of items to be returned per page to be 2
//var thisGroupsMembers = await azureGraph.Groups[thiGroupId].Members.Request().Top(2).GetAsync();
//Get all the users in the group and sub-groups
await AzureRecurseGroupsGenerateRolesList(azureGraph, thisGroupsMembers, groupToRetrieve);
}
