private async Task CreateAclsAsync(
Waddle.AdoConnectionFactory factory,
Type enumType,
List <PermissionManifest> permissions, Dictionary <string, VstsAcesDictionaryEntry> aclDictioanry)
{
foreach (var permission in permissions)
{
if (permission.Allowed != null && permission.Allowed.Any())
{
var group = await GetGroupByNameAsync(factory, permission.Origin, permission.Group);
if (group != null)
{
var bitMask = 0;
foreach (var permissionItem in permission.Allowed)
{
bitMask |= EnumSupport.GetBitMaskValue(enumType, permissionItem);
}
aclDictioanry.Add(group.Sid, new VstsAcesDictionaryEntry
{
Descriptor = group.Sid,
Allow = bitMask,
Deny = 0
});
}
}
}
}
private async Task <VstsGroup> GetGroupByNameAsync(
Waddle.AdoConnectionFactory factory, string origin, string groupName, Guid?id = null)
{
var gService = factory.GetGroupService();
var groups = await gService.ListGroupsAsync();
var group = groups.Value
.FirstOrDefault(g =>
g.Origin.ToString().Equals(origin, StringComparison.OrdinalIgnoreCase) &&
g.PrincipalName.Contains(groupName, StringComparison.OrdinalIgnoreCase));
if (group == null && id.HasValue)
{
group = await gService.CreateAadGroupByObjectId(id.Value);
}
return(group);
}
private async Task EnsureEnvironmentExistsAsync(
ProjectManifest manifest,
Waddle.AdoConnectionFactory factory,
Waddle.Dtos.Project project)
{
if (project != null && manifest.Environments != null && manifest.Environments.Any())
{
var peService = factory.GetPipelineEnvironmentService();
foreach (var pe in manifest.Environments)
{
if (pe != null && !string.IsNullOrWhiteSpace(pe.Name))
{
await ProvisionEnvironmentAsync(factory, project, peService, pe);
}
}
}
}
private async Task ProvisionEnvironmentAsync(Waddle.AdoConnectionFactory factory,
Waddle.Dtos.Project project,
Waddle.PipelineEnvironmentService peService, EnvironmentManifest pe)
{
var peColl = await peService.ListEnvironmentsAsync(project.Id);
if (peColl != null)
{
var envObject = peColl.Value
.FirstOrDefault(penv => penv.Name.Equals(pe.Name, StringComparison.OrdinalIgnoreCase));
if (envObject == null)
{
envObject = await peService.CreateEnvironmentAsync(project.Id, pe.Name, pe.Description);
}
await ProvisionEnvironmentPermissionsAsync(factory, project, peService, pe, envObject);
}
}
private async Task EnsureRepositoryPermissionsAsync(
Waddle.AdoConnectionFactory factory, Waddle.Dtos.Project project,
RepositoryManifest repo, Microsoft.TeamFoundation.SourceControl.WebApi.GitRepository repository)
{
if (repository != null && repo.Permissions != null && repo.Permissions.Any())
{
var secService = factory.GetSecurityNamespaceService();
var gitNamespace = await secService.GetNamespaceAsync(SecurityNamespaceConstants.Git_Repositories);
var gitSecurityNamespaceId = gitNamespace.NamespaceId;
var aclDictioanry = new Dictionary <string, VstsAcesDictionaryEntry>();
await CreateAclsAsync(factory, typeof(GitRepositories), repo.Permissions, aclDictioanry);
if (aclDictioanry.Count > 0)
{
var repositorySecurityToken = $"repoV2/{project.Id}/{repository.Id}";
var aclService = factory.GetAclListService();
await aclService.SetAclsAsync(gitSecurityNamespaceId, repositorySecurityToken, aclDictioanry, false);
}
}
}
private async Task ProvisionBuildPathPermissionsAsync(
Waddle.AdoConnectionFactory factory,
Waddle.Dtos.Project project, PipelineFolder bp, VstsFolder existingItem)
{
if (existingItem != null)
{
var secService = factory.GetSecurityNamespaceService();
var buildNamespace = await secService.GetNamespaceAsync(SecurityNamespaceConstants.Build);
var namespaceId = buildNamespace.NamespaceId;
var aclDictioanry = new Dictionary <string, VstsAcesDictionaryEntry>();
await CreateAclsAsync(factory, typeof(Waddle.Constants.Build), bp.Permissions, aclDictioanry);
if (aclDictioanry.Count > 0)
{
var fpath = bp.Path.TrimStart("\\/".ToCharArray()).Replace("\\", "/");
var token = $"{project.Id}/{fpath}";
var aclService = factory.GetAclListService();
await aclService.SetAclsAsync(namespaceId, token, aclDictioanry, false);
}
}
}
private async Task EnsureRepositoriesExistsAsync(
ProjectManifest manifest, Waddle.AdoConnectionFactory factory,
Waddle.RepositoryService repoService,
Waddle.Dtos.Project project,
bool projectWasAbsent)
{
if (project != null && manifest.Repositories != null && manifest.Repositories.Any())
{
foreach (var repo in manifest.Repositories)
{
if (!string.IsNullOrWhiteSpace(repo.Name))
{
var reposCollection = await repoService.GetRepositoryListAsync(project.Id);
var repository = reposCollection
.FirstOrDefault(r => r.Name.Equals(repo.Name, StringComparison.OrdinalIgnoreCase));
if (repository == null)
{
Logger.StatusBegin($"Creating Repository {repo.Name}...");
await ExecutionSupports.Retry(async() =>
{
repository = await repoService.CreateAsync(project.Id, repo.Name);
},
exception => { Logger.SilentError(exception.Message); });
Logger.StatusEndSuccess("Succeed");
}
Logger.StatusBegin($"Setting up permissions for repository {repo.Name}...");
await EnsureRepositoryPermissionsAsync(factory, project, repo, repository);
Logger.StatusEndSuccess("Succeed");
}
}
await DeleteDefaultRepoAsync(repoService, project, projectWasAbsent);
}
}
private async Task ProvisionEnvironmentPermissionsAsync(
Waddle.AdoConnectionFactory factory,
Waddle.Dtos.Project project,
Waddle.PipelineEnvironmentService peService,
EnvironmentManifest pe, PipelineEnvironment envObject)
{
if (envObject != null && pe.Permissions != null && pe.Permissions.Any())
{
foreach (var permissionObject in pe.Permissions)
{
Logger.StatusBegin($"Configuring Environment ({pe.Name}) permissions: AAD object ({permissionObject.Group}) ...");
var group = await GetGroupByNameAsync(factory,
permissionObject.Origin, permissionObject.Group, permissionObject.Id);
if (group != null)
{
var legacyIdentity = await factory.GetGroupService()
.GetLegacyIdentitiesBySidAsync(group.Sid);
if (legacyIdentity != null && legacyIdentity.Value.Any())
{
var localId = legacyIdentity.Value.First().Id;
foreach (var role in permissionObject.Roles)
{
await peService.SetPermissionAsync(project.Id, envObject.Id, localId, role);
}
Logger.StatusEndSuccess("Succeeded");
}
}
else
{
Logger.StatusEndFailed("Failed (Not found in AAD)");
}
}
}
}
private async Task EnsureBuildFoldersAsync(ProjectManifest manifest,
Waddle.AdoConnectionFactory factory, Waddle.Dtos.Project project)
{
if (manifest.BuildFolders != null && manifest.BuildFolders.Any())
{
var buildService = factory.GetBuildService();
var buildPaths = await buildService.ListFoldersAsync(project.Id);
foreach (var bp in manifest.BuildFolders)
{
var existingItem = buildPaths.Value
.FirstOrDefault(p => p.Path.Replace("\\", "/").Equals(bp.Path, StringComparison.OrdinalIgnoreCase));
if (existingItem == null)
{
existingItem = await buildService.CreateFolderAsync(project.Id, bp.Path);
}
Logger.StatusBegin($"Creating permissions {bp.Path}...");
await ProvisionBuildPathPermissionsAsync(factory, project, bp, existingItem);
Logger.StatusEndSuccess("Succeed");
}
}
}
private async Task EnsureTeamProvisionedAsync(ProjectManifest manifest, Waddle.AdoConnectionFactory factory, Waddle.ProjectService projectService, Tuple <Waddle.Dtos.Project, bool> outcome)
{
var gService = factory.GetGroupService();
var secService = factory.GetSecurityNamespaceService();
var aclService = factory.GetAclListService();
var allUsers = await gService.ListUsersAsync();
foreach (var teamManifest in manifest.Teams)
{
var tc = await projectService.GetTeamsAsync();
var eteam = tc.Value
.FirstOrDefault(tc => tc.Name.Equals(teamManifest.Name,
StringComparison.OrdinalIgnoreCase));
if (eteam == null)
{
Logger.StatusBegin($"Creating team [{teamManifest.Name}]...");
var team = await projectService.CreateTeamAsync(
new Microsoft.TeamFoundation.Core.WebApi.WebApiTeam
{
Name = teamManifest.Name,
Description = teamManifest.Description,
ProjectId = outcome.Item1.Id,
ProjectName = outcome.Item1.Name
},
outcome.Item1.Id);
while (eteam == null)
{
tc = await projectService.GetTeamsAsync();
eteam = tc.Value
.FirstOrDefault(tc => tc.Name.Equals(teamManifest.Name,
StringComparison.OrdinalIgnoreCase));
}
Logger.StatusEndSuccess("Succeed");
}
if (eteam != null && teamManifest.Membership != null &&
(teamManifest.Membership.Groups != null && teamManifest.Membership.Groups.Any()))
{
var teamGroup = await GetGroupByNameAsync(factory, IdentityOrigin.Vsts.ToString(), eteam.Name);
if (teamGroup != null)
{
foreach (var gp in teamManifest.Membership.Groups)
{
var groupObject = await GetGroupByNameAsync(factory, IdentityOrigin.Aad.ToString(), gp.Name, gp.Id);
if (groupObject != null)
{
await gService.AddMemberAsync(eteam.ProjectId, teamGroup.Descriptor, groupObject.Descriptor);
}
}
foreach (var user in teamManifest.Membership.Users)
{
var userInfo = allUsers.Value.FirstOrDefault(u => u.OriginId.Equals(user.Id));
if (userInfo != null)
{
await gService.AddMemberAsync(eteam.ProjectId, teamGroup.Descriptor, userInfo.Descriptor);
}
}
}
}
if (eteam != null &&
teamManifest.Admins != null &&
teamManifest.Admins.Any())
{
var token = $"{eteam.ProjectId}\\{eteam.Id}";
var releaseNamespace = await secService.GetNamespaceAsync(SecurityNamespaceConstants.Identity);
var secNamespaceId = releaseNamespace.NamespaceId;
var aclDictioanry = new Dictionary <string, VstsAcesDictionaryEntry>();
foreach (var adminUserName in teamManifest.Admins)
{
var matches = await gService.GetLegacyIdentitiesByNameAsync(adminUserName.Name);
if (matches != null && matches.Count > 0)
{
var adminUserInfo = matches.Value.First();
aclDictioanry.Add(adminUserInfo.Descriptor, new VstsAcesDictionaryEntry
{
Allow = 31,
Deny = 0,
Descriptor = adminUserInfo.Descriptor
});
}
}
await aclService.SetAclsAsync(secNamespaceId, token, aclDictioanry, false);
}
}
}
