From 305aa8191bac2b672c7a50ade158a72b554c9063 Mon Sep 17 00:00:00 2001 From: Shubham Agarwal Date: Wed, 30 Dec 2015 15:39:37 -0800 Subject: [PATCH] AD Application command updates --- .../Commands.KeyVault.Test.csproj | 2 +- .../Commands.KeyVault.csproj | 2 +- .../Commands.Resources.Test.csproj | 2 +- .../ScenarioTests/ActiveDirectoryTests.ps1 | 23 + .../TestNewADApplication.json | 411 +++++++++++++++++- .../Commands.Resources.Test/packages.config | 2 +- .../GetAzureADApplicationCommand.cs | 74 ++++ .../Commands.Resources.csproj | 3 +- .../ActiveDirectoryClient.cs | 48 +- .../ActiveDirectoryClientExtensions.cs | 3 + .../Models.ActiveDirectory/PSADApplication.cs | 6 + .../Models.ActiveDirectory/ParameterSet.cs | 8 + .../Properties/Resources.Designer.cs | 18 + .../Properties/Resources.resx | 6 + .../GetAzureRoleDefinitionCommand.cs | 2 +- .../RemoveAzureRoleDefinitionCommand.cs | 2 +- .../Commands.Resources/packages.config | 2 +- 17 files changed, 589 insertions(+), 25 deletions(-) create mode 100644 src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADApplicationCommand.cs diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault.Test/Commands.KeyVault.Test.csproj b/src/ResourceManager/KeyVault/Commands.KeyVault.Test/Commands.KeyVault.Test.csproj index e1ddc3f188f9..14784fac24e9 100644 --- a/src/ResourceManager/KeyVault/Commands.KeyVault.Test/Commands.KeyVault.Test.csproj +++ b/src/ResourceManager/KeyVault/Commands.KeyVault.Test/Commands.KeyVault.Test.csproj @@ -65,7 +65,7 @@ ..\..\..\packages\Microsoft.Azure.Gallery.2.6.2-preview\lib\net40\Microsoft.Azure.Gallery.dll - ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.0-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll + ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.8.0-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll False diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Commands.KeyVault.csproj b/src/ResourceManager/KeyVault/Commands.KeyVault/Commands.KeyVault.csproj index cfc678349ebe..4e693817043d 100644 --- a/src/ResourceManager/KeyVault/Commands.KeyVault/Commands.KeyVault.csproj +++ b/src/ResourceManager/KeyVault/Commands.KeyVault/Commands.KeyVault.csproj @@ -124,7 +124,7 @@ ..\..\..\packages\Microsoft.Azure.Common.2.1.0\lib\net45\Microsoft.Azure.Common.NetFramework.dll - ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.0-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll + ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.8.0-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll False diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj b/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj index 77fb9bb4a395..c5011b403f59 100644 --- a/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj +++ b/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj @@ -62,7 +62,7 @@ False - ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.2-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll + ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.8.0-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll ..\..\..\packages\Microsoft.Azure.Insights.0.7.7-preview\lib\net45\Microsoft.Azure.Insights.dll diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.ps1 b/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.ps1 index 2035a0b2e36b..d72629f130de 100644 --- a/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.ps1 +++ b/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.ps1 @@ -467,6 +467,29 @@ function Test-NewADApplication # Assert Assert-NotNull $application + + # Get Application by ApplicationObjectId + $app1 = Get-AzureRmADApplication -ApplicationObjectId $application.ApplicationObjectId + Assert-NotNull $app1 + Assert-AreEqual $app1.Count 1 + + # Get Application by ApplicationId + $app1 = Get-AzureRmADApplication -ApplicationId $application.ApplicationId + Assert-NotNull $app1 + Assert-AreEqual $app1.Count 1 + + # Get Application by IdentifierUri + $app1 = Get-AzureRmADApplication -IdentifierUri $application.IdentifierUris[0] + Assert-NotNull $app1 + Assert-AreEqual $app1.Count 1 + + # Get Application by DisplayName + $app1 = Get-AzureRmADApplication -DisplayNameStartWith $application.DisplayName + Assert-NotNull $app1 + Assert-True { $app1.Count -ge 1} + + # Delete + Remove-AzureRmADApplication -ApplicationObjectId $application.ApplicationObjectId -Force } <# diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.ActiveDirectoryTests/TestNewADApplication.json b/src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.ActiveDirectoryTests/TestNewADApplication.json index c99afebb30f3..8f56819b1391 100644 --- a/src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.ActiveDirectoryTests/TestNewADApplication.json +++ b/src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.ActiveDirectoryTests/TestNewADApplication.json @@ -1,9 +1,10 @@ { "Entries": [ { - "RequestUri": "/2ee94052-bf34-4e83-aa6f-f82125c65d74/applications?api-version=1.42-previewInternal", + "RequestUri": "/1273adef-00a3-4086-a51a-dbcce1857d36/applications?api-version=1.42-previewInternal", + "EncodedRequestUri": "LzEyNzNhZGVmLTAwYTMtNDA4Ni1hNTFhLWRiY2NlMTg1N2QzNi9hcHBsaWNhdGlvbnM/YXBpLXZlcnNpb249MS40Mi1wcmV2aWV3SW50ZXJuYWw=", "RequestMethod": "POST", - "RequestBody": "{\r\n \"availableToOtherTenants\": false,\r\n \"displayName\": \"onesdk6351\",\r\n \"homepage\": \"http://onesdk6351.com\",\r\n \"identifierUris\": [\r\n \"http://onesdk6351\"\r\n ]\r\n}", + "RequestBody": "{\r\n \"availableToOtherTenants\": false,\r\n \"displayName\": \"onesdk9338\",\r\n \"homepage\": \"http://onesdk9338.com\",\r\n \"identifierUris\": [\r\n \"http://onesdk9338\"\r\n ]\r\n}", "RequestHeaders": { "Content-Type": [ "application/json; charset=utf-8" @@ -15,7 +16,7 @@ "Microsoft.Azure.Graph.RBAC.GraphRbacManagementClient/1.0.0.0" ] }, - "ResponseBody": "{\r\n \"odata.metadata\": \"https://graph.windows.net/2ee94052-bf34-4e83-aa6f-f82125c65d74/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.Application/@Element\",\r\n \"odata.type\": \"Microsoft.WindowsAzure.ActiveDirectory.Application\",\r\n \"objectType\": \"Application\",\r\n \"objectId\": \"4b8f5079-5762-4faf-bf6b-8125e8742bb1\",\r\n \"softDeletionTimestamp\": null,\r\n \"appId\": \"73ff49c3-28b2-4cc9-91e8-b23bc430cb07\",\r\n \"appMetadata\": null,\r\n \"appPermissions\": [\r\n {\r\n \"claimValue\": \"user_impersonation\",\r\n \"description\": \"Allow the application to access onesdk6351 on behalf of the signed-in user.\",\r\n \"directAccessGrantTypes\": [],\r\n \"displayName\": \"Access onesdk6351\",\r\n \"impersonationAccessGrantTypes\": [\r\n {\r\n \"impersonated\": \"User\",\r\n \"impersonator\": \"Application\"\r\n }\r\n ],\r\n \"isDisabled\": false,\r\n \"origin\": \"Application\",\r\n \"permissionId\": \"66ae29da-d9c1-4d94-9d96-cf8ec8dc72f6\",\r\n \"resourceScopeType\": \"Personal\",\r\n \"userConsentDescription\": \"Allow the application to access onesdk6351 on your behalf.\",\r\n \"userConsentDisplayName\": \"Access onesdk6351\",\r\n \"lang\": null\r\n }\r\n ],\r\n \"availableToOtherTenants\": false,\r\n \"displayName\": \"onesdk6351\",\r\n \"errorUrl\": null,\r\n \"homepage\": \"http://onesdk6351.com\",\r\n \"identifierUris\": [\r\n \"http://onesdk6351\"\r\n ],\r\n \"keyCredentials\": [],\r\n \"knownClientApplications\": [],\r\n \"logoutUrl\": null,\r\n \"passwordCredentials\": [],\r\n \"oAuth2AllowImplicitFlow\": false,\r\n \"oAuth2AllowUrlPathMatching\": false,\r\n \"oAuth2RequirePostResponse\": false,\r\n \"publicClient\": null,\r\n \"replyUrls\": [],\r\n \"requiredResourceAccess\": [],\r\n \"resourceApplicationSet\": null,\r\n \"samlMetadataUrl\": null,\r\n \"webApi\": null,\r\n \"webApp\": null\r\n}", + "ResponseBody": "{\r\n \"odata.metadata\": \"https://graph.windows.net/1273adef-00a3-4086-a51a-dbcce1857d36/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.Application/@Element\",\r\n \"odata.type\": \"Microsoft.WindowsAzure.ActiveDirectory.Application\",\r\n \"objectType\": \"Application\",\r\n \"objectId\": \"fa770d9d-16b7-4af0-bfd5-4e1e98a85b26\",\r\n \"softDeletionTimestamp\": null,\r\n \"appId\": \"32519538-2452-4062-836c-bc4d1b4cf55a\",\r\n \"appMetadata\": null,\r\n \"appPermissions\": [\r\n {\r\n \"claimValue\": \"user_impersonation\",\r\n \"description\": \"Allow the application to access onesdk9338 on behalf of the signed-in user.\",\r\n \"directAccessGrantTypes\": [],\r\n \"displayName\": \"Access onesdk9338\",\r\n \"impersonationAccessGrantTypes\": [\r\n {\r\n \"impersonated\": \"User\",\r\n \"impersonator\": \"Application\"\r\n }\r\n ],\r\n \"isDisabled\": false,\r\n \"origin\": \"Application\",\r\n \"permissionId\": \"66d30801-e09b-48d9-a543-b01da6cf6fbe\",\r\n \"resourceScopeType\": \"Personal\",\r\n \"userConsentDescription\": \"Allow the application to access onesdk9338 on your behalf.\",\r\n \"userConsentDisplayName\": \"Access onesdk9338\",\r\n \"lang\": null\r\n }\r\n ],\r\n \"availableToOtherTenants\": false,\r\n \"displayName\": \"onesdk9338\",\r\n \"errorUrl\": null,\r\n \"homepage\": \"http://onesdk9338.com\",\r\n \"identifierUris\": [\r\n \"http://onesdk9338\"\r\n ],\r\n \"keyCredentials\": [],\r\n \"knownClientApplications\": [],\r\n \"logoutUrl\": null,\r\n \"passwordCredentials\": [],\r\n \"oAuth2AllowImplicitFlow\": false,\r\n \"oAuth2AllowUrlPathMatching\": false,\r\n \"oAuth2RequirePostResponse\": false,\r\n \"publicClient\": null,\r\n \"replyUrls\": [],\r\n \"requiredResourceAccess\": [],\r\n \"resourceApplicationSet\": null,\r\n \"samlMetadataUrl\": null,\r\n \"webApi\": null,\r\n \"webApp\": null\r\n}", "ResponseHeaders": { "Content-Length": [ "1459" @@ -30,22 +31,101 @@ "no-cache" ], "ocp-aad-diagnostics-server-name": [ - "BiT8NvCsG9CzGn9Igt/qjpr0fipwFVWZyElqjCPNVoQ=" + "30icSeY/bVr9Xoytdat1AuqgYDoWTl+qNMdr2ZkR20g=" ], "request-id": [ - "bebd5feb-df9e-49b6-b2b5-2f2716b5dec8" + "032e96f8-f12d-4591-83e6-2bf5d76c6550" ], "client-request-id": [ - "e2f35b0d-f65c-4918-8102-f5f3cb084f02" + "6bc47594-59b7-4aa5-9c40-bb6fd9c05496" + ], + "x-ms-dirapi-data-contract-version": [ + "1.42-previewInternal" ], "x-ms-gateway-rewrite": [ "false" ], + "ocp-aad-session-key": [ + "CWT4R2bLTBmDyoTgEXqVCI4M5oNpgslFCriW9gkqplcNWtFUeJhbp5dzJCQZ1mUGlZSPhdxIpwDHA8BwcRZGqYqpCFcsap6Y4KZNklCteYHIEakNNJOQvJoXMvPjblA56rEZhL44mZVnKYN3zX78xIlBdrcJan16h9oDMwTF6OBq611Ze7MNnwHtcRX_PT94qV8WjPGCx4ICRaUWW5IgXg.KPfhZAHZ4mtBaJD8udWqjTglKNvjBkGB-MGxkk7WQQ0" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "DataServiceVersion": [ + "3.0;" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "Access-Control-Allow-Origin": [ + "*" + ], + "Duration": [ + "10544426" + ], + "Cache-Control": [ + "no-cache" + ], + "Location": [ + "https://graph.windows.net/1273adef-00a3-4086-a51a-dbcce1857d36/directoryObjects/fa770d9d-16b7-4af0-bfd5-4e1e98a85b26/Microsoft.WindowsAzure.ActiveDirectory.Application" + ], + "Server": [ + "Microsoft-IIS/8.5" + ], + "X-AspNet-Version": [ + "4.0.30319" + ], + "X-Powered-By": [ + "ASP.NET", + "ASP.NET" + ], + "Date": [ + "Wed, 30 Dec 2015 20:42:30 GMT" + ] + }, + "StatusCode": 201 + }, + { + "RequestUri": "/1273adef-00a3-4086-a51a-dbcce1857d36/applications/fa770d9d-16b7-4af0-bfd5-4e1e98a85b26?api-version=1.42-previewInternal", + "EncodedRequestUri": "LzEyNzNhZGVmLTAwYTMtNDA4Ni1hNTFhLWRiY2NlMTg1N2QzNi9hcHBsaWNhdGlvbnMvZmE3NzBkOWQtMTZiNy00YWYwLWJmZDUtNGUxZTk4YTg1YjI2P2FwaS12ZXJzaW9uPTEuNDItcHJldmlld0ludGVybmFs", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "Microsoft.Azure.Graph.RBAC.GraphRbacManagementClient/1.0.0.0" + ] + }, + "ResponseBody": "{\r\n \"odata.metadata\": \"https://graph.windows.net/1273adef-00a3-4086-a51a-dbcce1857d36/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.Application/@Element\",\r\n \"odata.type\": \"Microsoft.WindowsAzure.ActiveDirectory.Application\",\r\n \"objectType\": \"Application\",\r\n \"objectId\": \"fa770d9d-16b7-4af0-bfd5-4e1e98a85b26\",\r\n \"softDeletionTimestamp\": null,\r\n \"appId\": \"32519538-2452-4062-836c-bc4d1b4cf55a\",\r\n \"appMetadata\": null,\r\n \"appPermissions\": [\r\n {\r\n \"claimValue\": \"user_impersonation\",\r\n \"description\": \"Allow the application to access onesdk9338 on behalf of the signed-in user.\",\r\n \"directAccessGrantTypes\": [],\r\n \"displayName\": \"Access onesdk9338\",\r\n \"impersonationAccessGrantTypes\": [\r\n {\r\n \"impersonated\": \"User\",\r\n \"impersonator\": \"Application\"\r\n }\r\n ],\r\n \"isDisabled\": false,\r\n \"origin\": \"Application\",\r\n \"permissionId\": \"66d30801-e09b-48d9-a543-b01da6cf6fbe\",\r\n \"resourceScopeType\": \"Personal\",\r\n \"userConsentDescription\": \"Allow the application to access onesdk9338 on your behalf.\",\r\n \"userConsentDisplayName\": \"Access onesdk9338\",\r\n \"lang\": null\r\n }\r\n ],\r\n \"availableToOtherTenants\": false,\r\n \"displayName\": \"onesdk9338\",\r\n \"errorUrl\": null,\r\n \"homepage\": \"http://onesdk9338.com\",\r\n \"identifierUris\": [\r\n \"http://onesdk9338\"\r\n ],\r\n \"keyCredentials\": [],\r\n \"knownClientApplications\": [],\r\n \"logoutUrl\": null,\r\n \"passwordCredentials\": [],\r\n \"oAuth2AllowImplicitFlow\": false,\r\n \"oAuth2AllowUrlPathMatching\": false,\r\n \"oAuth2RequirePostResponse\": false,\r\n \"publicClient\": null,\r\n \"replyUrls\": [],\r\n \"requiredResourceAccess\": [],\r\n \"resourceApplicationSet\": null,\r\n \"samlMetadataUrl\": null,\r\n \"webApi\": null,\r\n \"webApp\": null\r\n}", + "ResponseHeaders": { + "Content-Length": [ + "1459" + ], + "Content-Type": [ + "application/json; odata=minimalmetadata; streaming=true; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Pragma": [ + "no-cache" + ], + "ocp-aad-diagnostics-server-name": [ + "i4Cjy0Rm3dU5EwgdJFsHVUFiI7cBL4KFGb+3zXKTCts=" + ], + "request-id": [ + "917913d8-ae2e-4eaa-87e9-8a9b81108034" + ], + "client-request-id": [ + "a709331b-b1ae-4636-b95b-9984bccd85b6" + ], "x-ms-dirapi-data-contract-version": [ "1.42-previewInternal" ], + "x-ms-gateway-rewrite": [ + "false" + ], "ocp-aad-session-key": [ - "IzQzYKBbYVcYWaBftvlJF_u0vJ63PZ18_G48o5PM2Hk6uvQ3m_GUPz_o0ySH7OnxBVF4C0KM9j7SgBABcb5OJQXSCVoAQaXfW5O2PKYwq5MIY-Pf7KvmLg-PcyiTYa-6_a1oYbNJvaTzfOAkK_K-Vw.OtZnZsOKJz8UPqG00VUB8CyDPGmmgL7-PrPJpr1Lgqo" + "c074G2akUmIDE2cNzgdgKEnuTUMRJUVgXiL-7VU3gQjRYjnuNk3QNXQvyJZp2o_bUQ0fv4YLuFoH1aotkFGb4Jkb5FEAK3QqrjaUisjGQrgPyXW0Up7uyIH8q28VLIhiltmanyfV6aThOSmay3QgbqPl-l8EQd_O9knFqFvg7BE8eZ71sUAsQVyEaV8vwIpF-DHwiRRTmCINXm0-RibzSQ.DpPkUi9gF9iXOVoimueK7gK3trDyB5TWWPoW1-BVvDY" ], "X-Content-Type-Options": [ "nosniff" @@ -56,11 +136,90 @@ "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" ], + "Access-Control-Allow-Origin": [ + "*" + ], + "Duration": [ + "1060007" + ], "Cache-Control": [ "no-cache" ], - "Location": [ - "https://graph.windows.net/2ee94052-bf34-4e83-aa6f-f82125c65d74/directoryObjects/4b8f5079-5762-4faf-bf6b-8125e8742bb1/Microsoft.WindowsAzure.ActiveDirectory.Application" + "Server": [ + "Microsoft-IIS/8.5" + ], + "X-AspNet-Version": [ + "4.0.30319" + ], + "X-Powered-By": [ + "ASP.NET", + "ASP.NET" + ], + "Date": [ + "Wed, 30 Dec 2015 20:42:30 GMT" + ] + }, + "StatusCode": 200 + }, + { + "RequestUri": "/1273adef-00a3-4086-a51a-dbcce1857d36/applications?api-version=1.42-previewInternal&$filter=appId%20eq%20guid'32519538-2452-4062-836c-bc4d1b4cf55a'", + "EncodedRequestUri": "LzEyNzNhZGVmLTAwYTMtNDA4Ni1hNTFhLWRiY2NlMTg1N2QzNi9hcHBsaWNhdGlvbnM/YXBpLXZlcnNpb249MS40Mi1wcmV2aWV3SW50ZXJuYWwmJGZpbHRlcj1hcHBJZCUyMGVxJTIwZ3VpZCczMjUxOTUzOC0yNDUyLTQwNjItODM2Yy1iYzRkMWI0Y2Y1NWEn", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "Microsoft.Azure.Graph.RBAC.GraphRbacManagementClient/1.0.0.0" + ] + }, + "ResponseBody": "{\r\n \"odata.metadata\": \"https://graph.windows.net/1273adef-00a3-4086-a51a-dbcce1857d36/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.Application\",\r\n \"value\": [\r\n {\r\n \"odata.type\": \"Microsoft.WindowsAzure.ActiveDirectory.Application\",\r\n \"objectType\": \"Application\",\r\n \"objectId\": \"fa770d9d-16b7-4af0-bfd5-4e1e98a85b26\",\r\n \"softDeletionTimestamp\": null,\r\n \"appId\": \"32519538-2452-4062-836c-bc4d1b4cf55a\",\r\n \"appMetadata\": null,\r\n \"appPermissions\": [\r\n {\r\n \"claimValue\": \"user_impersonation\",\r\n \"description\": \"Allow the application to access onesdk9338 on behalf of the signed-in user.\",\r\n \"directAccessGrantTypes\": [],\r\n \"displayName\": \"Access onesdk9338\",\r\n \"impersonationAccessGrantTypes\": [\r\n {\r\n \"impersonated\": \"User\",\r\n \"impersonator\": \"Application\"\r\n }\r\n ],\r\n \"isDisabled\": false,\r\n \"origin\": \"Application\",\r\n \"permissionId\": \"66d30801-e09b-48d9-a543-b01da6cf6fbe\",\r\n \"resourceScopeType\": \"Personal\",\r\n \"userConsentDescription\": \"Allow the application to access onesdk9338 on your behalf.\",\r\n \"userConsentDisplayName\": \"Access onesdk9338\",\r\n \"lang\": null\r\n }\r\n ],\r\n \"availableToOtherTenants\": false,\r\n \"displayName\": \"onesdk9338\",\r\n \"errorUrl\": null,\r\n \"homepage\": \"http://onesdk9338.com\",\r\n \"identifierUris\": [\r\n \"http://onesdk9338\"\r\n ],\r\n \"keyCredentials\": [],\r\n \"knownClientApplications\": [],\r\n \"logoutUrl\": null,\r\n \"passwordCredentials\": [],\r\n \"oAuth2AllowImplicitFlow\": false,\r\n \"oAuth2AllowUrlPathMatching\": false,\r\n \"oAuth2RequirePostResponse\": false,\r\n \"publicClient\": null,\r\n \"replyUrls\": [],\r\n \"requiredResourceAccess\": [],\r\n \"resourceApplicationSet\": null,\r\n \"samlMetadataUrl\": null,\r\n \"webApi\": null,\r\n \"webApp\": null\r\n }\r\n ]\r\n}", + "ResponseHeaders": { + "Content-Length": [ + "1462" + ], + "Content-Type": [ + "application/json; odata=minimalmetadata; streaming=true; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Pragma": [ + "no-cache" + ], + "ocp-aad-diagnostics-server-name": [ + "i4Cjy0Rm3dU5EwgdJFsHVUFiI7cBL4KFGb+3zXKTCts=" + ], + "request-id": [ + "bdb5ee76-d069-4886-a655-9d43576de85e" + ], + "client-request-id": [ + "ef32d8e7-05fa-4eb6-aa6d-aa568f6eaa6c" + ], + "x-ms-dirapi-data-contract-version": [ + "1.42-previewInternal" + ], + "x-ms-gateway-rewrite": [ + "false" + ], + "ocp-aad-session-key": [ + "3o1vbQhXEluSqT6erLgQfvRigROrA0W4dkNW70HoAOZFiME6W_3KaU4H-EwhWS8XqR4D6gg4dOu4YcPok5_o2h-7ubYL5OfAp1A_B0GhSJpSEZUMUxfauseME8hLFucP.RSoN8p75W_amh8UwJAOmfxWOcxZ11yYP4qTBcZYDAOE" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "DataServiceVersion": [ + "3.0;" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "Access-Control-Allow-Origin": [ + "*" + ], + "Duration": [ + "946175" + ], + "Cache-Control": [ + "no-cache" ], "Server": [ "Microsoft-IIS/8.5" @@ -73,20 +232,242 @@ "ASP.NET" ], "Date": [ - "Thu, 08 Jan 2015 01:15:23 GMT" + "Wed, 30 Dec 2015 20:42:31 GMT" ] }, - "StatusCode": 201 + "StatusCode": 200 + }, + { + "RequestUri": "/1273adef-00a3-4086-a51a-dbcce1857d36/applications?api-version=1.42-previewInternal&$filter=identifierUris/any(s:s%20eq%20'http:%2F%2Fonesdk9338')", + "EncodedRequestUri": "LzEyNzNhZGVmLTAwYTMtNDA4Ni1hNTFhLWRiY2NlMTg1N2QzNi9hcHBsaWNhdGlvbnM/YXBpLXZlcnNpb249MS40Mi1wcmV2aWV3SW50ZXJuYWwmJGZpbHRlcj1pZGVudGlmaWVyVXJpcy9hbnkoczpzJTIwZXElMjAnaHR0cCUzQSUyRiUyRm9uZXNkazkzMzgnKQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "Microsoft.Azure.Graph.RBAC.GraphRbacManagementClient/1.0.0.0" + ] + }, + "ResponseBody": "{\r\n \"odata.metadata\": \"https://graph.windows.net/1273adef-00a3-4086-a51a-dbcce1857d36/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.Application\",\r\n \"value\": [\r\n {\r\n \"odata.type\": \"Microsoft.WindowsAzure.ActiveDirectory.Application\",\r\n \"objectType\": \"Application\",\r\n \"objectId\": \"fa770d9d-16b7-4af0-bfd5-4e1e98a85b26\",\r\n \"softDeletionTimestamp\": null,\r\n \"appId\": \"32519538-2452-4062-836c-bc4d1b4cf55a\",\r\n \"appMetadata\": null,\r\n \"appPermissions\": [\r\n {\r\n \"claimValue\": \"user_impersonation\",\r\n \"description\": \"Allow the application to access onesdk9338 on behalf of the signed-in user.\",\r\n \"directAccessGrantTypes\": [],\r\n \"displayName\": \"Access onesdk9338\",\r\n \"impersonationAccessGrantTypes\": [\r\n {\r\n \"impersonated\": \"User\",\r\n \"impersonator\": \"Application\"\r\n }\r\n ],\r\n \"isDisabled\": false,\r\n \"origin\": \"Application\",\r\n \"permissionId\": \"66d30801-e09b-48d9-a543-b01da6cf6fbe\",\r\n \"resourceScopeType\": \"Personal\",\r\n \"userConsentDescription\": \"Allow the application to access onesdk9338 on your behalf.\",\r\n \"userConsentDisplayName\": \"Access onesdk9338\",\r\n \"lang\": null\r\n }\r\n ],\r\n \"availableToOtherTenants\": false,\r\n \"displayName\": \"onesdk9338\",\r\n \"errorUrl\": null,\r\n \"homepage\": \"http://onesdk9338.com\",\r\n \"identifierUris\": [\r\n \"http://onesdk9338\"\r\n ],\r\n \"keyCredentials\": [],\r\n \"knownClientApplications\": [],\r\n \"logoutUrl\": null,\r\n \"passwordCredentials\": [],\r\n \"oAuth2AllowImplicitFlow\": false,\r\n \"oAuth2AllowUrlPathMatching\": false,\r\n \"oAuth2RequirePostResponse\": false,\r\n \"publicClient\": null,\r\n \"replyUrls\": [],\r\n \"requiredResourceAccess\": [],\r\n \"resourceApplicationSet\": null,\r\n \"samlMetadataUrl\": null,\r\n \"webApi\": null,\r\n \"webApp\": null\r\n }\r\n ]\r\n}", + "ResponseHeaders": { + "Content-Length": [ + "1462" + ], + "Content-Type": [ + "application/json; odata=minimalmetadata; streaming=true; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Pragma": [ + "no-cache" + ], + "ocp-aad-diagnostics-server-name": [ + "dS62cdS3jxXz9WV41FbNbdFCgD8BZkeQdpb/3DuhgUM=" + ], + "request-id": [ + "3d3054db-3506-4b3c-9773-2a22e2db3d98" + ], + "client-request-id": [ + "248702da-01c9-4ea3-923b-52eeac149720" + ], + "x-ms-dirapi-data-contract-version": [ + "1.42-previewInternal" + ], + "x-ms-gateway-rewrite": [ + "false" + ], + "ocp-aad-session-key": [ + "1Axo6bGgO7ihVKFfvWjmdg0cEm_Cjp40qjo3N5fWVqn2AMy1cxaU5zycd9LlO9hsooPOI5loVQ04DPtqanQkO69V55izXBbPEIR8KNnYf-F0CrGju_Mlys9xm_kkyfNx3gXlikAAFAow4DUB10jIgyo9ugj6EzJmxEkf7z2QMR_Z1-OvX0dnN8Nk8BBx1Ic-mkKGMe1EYETQxdDrHIH9yw.Bl8acijR9LJud3ibaFOTcAcdkN3-f4RGFeXgtSzQZlU" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "DataServiceVersion": [ + "3.0;" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "Access-Control-Allow-Origin": [ + "*" + ], + "Duration": [ + "1013030" + ], + "Cache-Control": [ + "no-cache" + ], + "Server": [ + "Microsoft-IIS/8.5" + ], + "X-AspNet-Version": [ + "4.0.30319" + ], + "X-Powered-By": [ + "ASP.NET", + "ASP.NET" + ], + "Date": [ + "Wed, 30 Dec 2015 20:42:31 GMT" + ] + }, + "StatusCode": 200 + }, + { + "RequestUri": "/1273adef-00a3-4086-a51a-dbcce1857d36/applications?api-version=1.42-previewInternal&$filter=startswith(displayName,'onesdk9338')", + "EncodedRequestUri": "LzEyNzNhZGVmLTAwYTMtNDA4Ni1hNTFhLWRiY2NlMTg1N2QzNi9hcHBsaWNhdGlvbnM/YXBpLXZlcnNpb249MS40Mi1wcmV2aWV3SW50ZXJuYWwmJGZpbHRlcj1zdGFydHN3aXRoKGRpc3BsYXlOYW1lLCdvbmVzZGs5MzM4Jyk=", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "Microsoft.Azure.Graph.RBAC.GraphRbacManagementClient/1.0.0.0" + ] + }, + "ResponseBody": "{\r\n \"odata.metadata\": \"https://graph.windows.net/1273adef-00a3-4086-a51a-dbcce1857d36/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.Application\",\r\n \"value\": [\r\n {\r\n \"odata.type\": \"Microsoft.WindowsAzure.ActiveDirectory.Application\",\r\n \"objectType\": \"Application\",\r\n \"objectId\": \"fa770d9d-16b7-4af0-bfd5-4e1e98a85b26\",\r\n \"softDeletionTimestamp\": null,\r\n \"appId\": \"32519538-2452-4062-836c-bc4d1b4cf55a\",\r\n \"appMetadata\": null,\r\n \"appPermissions\": [\r\n {\r\n \"claimValue\": \"user_impersonation\",\r\n \"description\": \"Allow the application to access onesdk9338 on behalf of the signed-in user.\",\r\n \"directAccessGrantTypes\": [],\r\n \"displayName\": \"Access onesdk9338\",\r\n \"impersonationAccessGrantTypes\": [\r\n {\r\n \"impersonated\": \"User\",\r\n \"impersonator\": \"Application\"\r\n }\r\n ],\r\n \"isDisabled\": false,\r\n \"origin\": \"Application\",\r\n \"permissionId\": \"66d30801-e09b-48d9-a543-b01da6cf6fbe\",\r\n \"resourceScopeType\": \"Personal\",\r\n \"userConsentDescription\": \"Allow the application to access onesdk9338 on your behalf.\",\r\n \"userConsentDisplayName\": \"Access onesdk9338\",\r\n \"lang\": null\r\n }\r\n ],\r\n \"availableToOtherTenants\": false,\r\n \"displayName\": \"onesdk9338\",\r\n \"errorUrl\": null,\r\n \"homepage\": \"http://onesdk9338.com\",\r\n \"identifierUris\": [\r\n \"http://onesdk9338\"\r\n ],\r\n \"keyCredentials\": [],\r\n \"knownClientApplications\": [],\r\n \"logoutUrl\": null,\r\n \"passwordCredentials\": [],\r\n \"oAuth2AllowImplicitFlow\": false,\r\n \"oAuth2AllowUrlPathMatching\": false,\r\n \"oAuth2RequirePostResponse\": false,\r\n \"publicClient\": null,\r\n \"replyUrls\": [],\r\n \"requiredResourceAccess\": [],\r\n \"resourceApplicationSet\": null,\r\n \"samlMetadataUrl\": null,\r\n \"webApi\": null,\r\n \"webApp\": null\r\n }\r\n ]\r\n}", + "ResponseHeaders": { + "Content-Length": [ + "1462" + ], + "Content-Type": [ + "application/json; odata=minimalmetadata; streaming=true; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Pragma": [ + "no-cache" + ], + "ocp-aad-diagnostics-server-name": [ + "i4Cjy0Rm3dU5EwgdJFsHVUFiI7cBL4KFGb+3zXKTCts=" + ], + "request-id": [ + "df5325da-4705-42f4-87a3-48961ca990fa" + ], + "client-request-id": [ + "a6b34b99-7b59-453b-80f0-2e6a0b4e3204" + ], + "x-ms-dirapi-data-contract-version": [ + "1.42-previewInternal" + ], + "x-ms-gateway-rewrite": [ + "false" + ], + "ocp-aad-session-key": [ + "vl0Qz-inJNL8pVfF3NSuQCojK-ErqJp3hRgGcABysYy9lLEzVfMx97AeH3IAqx3K-shpch4Xwo1CCTNVINcBCihVolfo724GyfS-55kkzgNXDpVWf2gO9z88fuhK-T9HoyjR1ZCkF4JAuBpyECits0ixoZphVVsk1eOqM_91LJqI_aJfyww1KBSASRbMfjLUd_0jlbj1dXpzBOG-uJc9Jw.xtUBqyvxMaZ-s-GlWr9H3zxidC8_n9H6Cf81s8-Q50g" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "DataServiceVersion": [ + "3.0;" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "Access-Control-Allow-Origin": [ + "*" + ], + "Duration": [ + "866550" + ], + "Cache-Control": [ + "no-cache" + ], + "Server": [ + "Microsoft-IIS/8.5" + ], + "X-AspNet-Version": [ + "4.0.30319" + ], + "X-Powered-By": [ + "ASP.NET", + "ASP.NET" + ], + "Date": [ + "Wed, 30 Dec 2015 20:42:31 GMT" + ] + }, + "StatusCode": 200 + }, + { + "RequestUri": "/1273adef-00a3-4086-a51a-dbcce1857d36/applications/fa770d9d-16b7-4af0-bfd5-4e1e98a85b26?api-version=1.42-previewInternal", + "EncodedRequestUri": "LzEyNzNhZGVmLTAwYTMtNDA4Ni1hNTFhLWRiY2NlMTg1N2QzNi9hcHBsaWNhdGlvbnMvZmE3NzBkOWQtMTZiNy00YWYwLWJmZDUtNGUxZTk4YTg1YjI2P2FwaS12ZXJzaW9uPTEuNDItcHJldmlld0ludGVybmFs", + "RequestMethod": "DELETE", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "Microsoft.Azure.Graph.RBAC.GraphRbacManagementClient/1.0.0.0" + ] + }, + "ResponseBody": "", + "ResponseHeaders": { + "Expires": [ + "-1" + ], + "Pragma": [ + "no-cache" + ], + "ocp-aad-diagnostics-server-name": [ + "i4Cjy0Rm3dU5EwgdJFsHVUFiI7cBL4KFGb+3zXKTCts=" + ], + "request-id": [ + "1efc2ed0-15e7-4e1a-980f-d62486599671" + ], + "client-request-id": [ + "9d5fd9ec-aa9a-45b9-9f29-6766b93d6e17" + ], + "x-ms-dirapi-data-contract-version": [ + "1.42-previewInternal" + ], + "x-ms-gateway-rewrite": [ + "false" + ], + "ocp-aad-session-key": [ + "QPw7Fuc55hyQM9VqNUSouSvvYxgmPzX-xv0sMt29Lil1zjbFYNI9dsqMyo4NxXH6y4KhIPeGaxND9k1XYugVoJccLE15dPToceeS4oCSP0vyYXO-sFPjnw0_MyGL3z-bxj0KEO-BqquWexY-xiC27_RPgcu_lmnfpkZF7Dw4lzYL3EOf8o5c7bU-JeudGRZQsEGXQ_SJdI_T3oU7H7b3Ng.59BGd0afhEgYNaESHJ2gxbaHntI87bYylUyP718WxMw" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "DataServiceVersion": [ + "1.0;" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "Access-Control-Allow-Origin": [ + "*" + ], + "Duration": [ + "13855585" + ], + "Cache-Control": [ + "no-cache" + ], + "Server": [ + "Microsoft-IIS/8.5" + ], + "X-AspNet-Version": [ + "4.0.30319" + ], + "X-Powered-By": [ + "ASP.NET", + "ASP.NET" + ], + "Date": [ + "Wed, 30 Dec 2015 20:42:32 GMT" + ] + }, + "StatusCode": 204 } ], "Names": { "Test-NewADApplication": [ - "onesdk6351" + "onesdk9338" ] }, "Variables": { - "SubscriptionId": "da6dbdd6-591f-40df-8315-7aa26807e713", - "TenantId": "2ee94052-bf34-4e83-aa6f-f82125c65d74", - "Domain": "soochi.onmicrosoft.com" + "SubscriptionId": "4004a9fd-d58e-48dc-aeb2-4a4aec58606f", + "TenantId": "1273adef-00a3-4086-a51a-dbcce1857d36", + "Domain": "rbacCliTest.onmicrosoft.com" } } \ No newline at end of file diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/packages.config b/src/ResourceManager/Resources/Commands.Resources.Test/packages.config index aab08d6d2eb7..49a6c8511232 100644 --- a/src/ResourceManager/Resources/Commands.Resources.Test/packages.config +++ b/src/ResourceManager/Resources/Commands.Resources.Test/packages.config @@ -5,7 +5,7 @@ - + diff --git a/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADApplicationCommand.cs b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADApplicationCommand.cs new file mode 100644 index 000000000000..7cb4808fadb8 --- /dev/null +++ b/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/GetAzureADApplicationCommand.cs @@ -0,0 +1,74 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.ActiveDirectory.Models; +using Microsoft.Azure.Commands.Resources.Models.ActiveDirectory; +using System.Collections.Generic; +using System.Management.Automation; +using System; +using ProjectResources = Microsoft.Azure.Commands.Resources.Properties.Resources; +using Microsoft.WindowsAzure.Commands.Common; +using Microsoft.Azure.Graph.RBAC.Models; + +namespace Microsoft.Azure.Commands.ActiveDirectory +{ + /// + /// Gets the AD application. + /// + [Cmdlet(VerbsCommon.Get, "AzureRmADApplication", DefaultParameterSetName = ParameterSet.Empty), OutputType(typeof(List))] + public class GetAzureADApplicationCommand : ActiveDirectoryBaseCmdlet + { + [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ApplicationObjectId, HelpMessage = "The application object id.")] + [ValidateGuidNotEmpty] + public Guid ApplicationObjectId { get; set; } + + [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ApplicationId, HelpMessage = "The application id.")] + [ValidateGuidNotEmpty] + public Guid ApplicationId { get; set; } + + [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ApplicationDisplayName, HelpMessage = "The display name.")] + [ValidateNotNullOrEmpty] + public string DisplayNameStartWith { get; set; } + + [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ApplicationIdentifierUri, HelpMessage = "The identifierUri of the application.")] + [ValidateNotNullOrEmpty] + public string IdentifierUri { get; set; } + + public override void ExecuteCmdlet() + { + if (ApplicationObjectId != Guid.Empty) + { + WriteObject(ActiveDirectoryClient.GetApplication(ApplicationObjectId.ToString())); + } + else + { + ApplicationFilterParameters parameters = new ApplicationFilterParameters(); + if (ApplicationId != Guid.Empty) + { + parameters.AppId = ApplicationId; + } + else if (!string.IsNullOrEmpty(DisplayNameStartWith)) + { + parameters.DisplayNameStartsWith = DisplayNameStartWith; + } + else if (!string.IsNullOrEmpty(IdentifierUri)) + { + parameters.IdentifierUri = IdentifierUri; + } + + WriteObject(ActiveDirectoryClient.GetApplicationWithFilters(parameters), enumerateCollection: true); + } + } + } +} diff --git a/src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj b/src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj index 810abcc5467e..4d285b4cecf0 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj +++ b/src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj @@ -66,7 +66,7 @@ False - ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.2-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll + ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.8.0-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll ..\..\..\packages\Microsoft.Azure.Management.Authorization.2.0.0\lib\net40\Microsoft.Azure.Management.Authorization.dll @@ -133,6 +133,7 @@ + diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs index dc69d74e3ea7..dd867a36a313 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs +++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs @@ -12,6 +12,7 @@ // limitations under the License. // ---------------------------------------------------------------------------------- +using Hyak.Common; using Microsoft.Azure.Common.Authentication; using Microsoft.Azure.Common.Authentication.Models; using Microsoft.Azure.Graph.RBAC; @@ -20,6 +21,7 @@ using System.Collections.Generic; using System.Diagnostics; using System.Linq; +using System.Net; using ProjectResources = Microsoft.Azure.Commands.Resources.Properties.Resources; namespace Microsoft.Azure.Commands.Resources.Models.ActiveDirectory @@ -371,7 +373,23 @@ public PSADApplication CreateApplication(CreatePSApplicationParameters createPar KeyCredentials = keyCredentials }; - return GraphClient.Application.Create(graphParameters).Application.ToPSADApplication(); + try + { + return GraphClient.Application.Create(graphParameters).Application.ToPSADApplication(); + } + catch (CloudException ce) + { + if (ce.Response.StatusCode == HttpStatusCode.Forbidden) + { + GetCurrentUserResult currentUser = GraphClient.Objects.GetCurrentUser(); + if (currentUser.AADObject != null && string.Equals(currentUser.AADObject.UserType, "Guest", StringComparison.InvariantCultureIgnoreCase)) + { + throw new InvalidOperationException(ProjectResources.CreateApplicationNotAllowedGuestUser); + } + } + + throw; + } } public void RemoveApplication(string applicationObjectId) @@ -379,6 +397,16 @@ public void RemoveApplication(string applicationObjectId) GraphClient.Application.Delete(applicationObjectId.ToString()); } + public PSADApplication GetApplication(string applicationObjectId) + { + return GraphClient.Application.Get(applicationObjectId.ToString()).Application.ToPSADApplication(); + } + + public IEnumerable GetApplicationWithFilters(ApplicationFilterParameters parameters) + { + return GraphClient.Application.List(parameters).Applications.Select(a => a.ToPSADApplication()); + } + public PSADServicePrincipal CreateServicePrincipal(CreatePSServicePrincipalParameters createParameters) { ServicePrincipalCreateParameters graphParameters = new ServicePrincipalCreateParameters @@ -387,7 +415,23 @@ public PSADServicePrincipal CreateServicePrincipal(CreatePSServicePrincipalParam AccountEnabled = createParameters.AccountEnabled }; - return GraphClient.ServicePrincipal.Create(graphParameters).ServicePrincipal.ToPSADServicePrincipal(); + try + { + return GraphClient.ServicePrincipal.Create(graphParameters).ServicePrincipal.ToPSADServicePrincipal(); + } + catch (CloudException ce) + { + if (ce.Response.StatusCode == HttpStatusCode.Forbidden) + { + GetCurrentUserResult currentUser = GraphClient.Objects.GetCurrentUser(); + if (currentUser.AADObject != null && string.Equals(currentUser.AADObject.UserType, "Guest", StringComparison.InvariantCultureIgnoreCase)) + { + throw new InvalidOperationException(ProjectResources.CreateServicePrincipalNotAllowedGuestUser); + } + } + + throw; + } } public PSADServicePrincipal RemoveServicePrincipal(string objectId) diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs index cafbb1e26476..dd97ca11cf24 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs +++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs @@ -140,6 +140,9 @@ public static PSADApplication ToPSADApplication(this Application application) ApplicationObjectId = Guid.Parse(application.ObjectId), Type = application.ObjectType, ApplicationId = Guid.Parse(application.AppId), + IdentifierUris = application.IdentifierUris, + DisplayName= application.DisplayName, + ReplyUrls = application.ReplyUrls, AppPermissions = application.AppPermissions, AvailableToOtherTenants = application.AvailableToOtherTenants }; diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADApplication.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADApplication.cs index 5fcd0ece9261..d6a6a86933e7 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADApplication.cs +++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADApplication.cs @@ -19,6 +19,8 @@ namespace Microsoft.Azure.Commands.Resources.Models.ActiveDirectory { public class PSADApplication { + public string DisplayName { get; set; } + public string Type { get; set; } public Guid ApplicationId { get; set; } @@ -28,5 +30,9 @@ public class PSADApplication public bool AvailableToOtherTenants { get; set; } public IList AppPermissions { get; set; } + + public IList IdentifierUris { get; set; } + + public IList ReplyUrls { get; set; } } } diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs index 2077da7b9734..b03a03151a77 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs +++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs @@ -75,5 +75,13 @@ internal static class ParameterSet public const string RoleIdWithScopeAndObjectId = "RoleIdWithScopeAndObjectIdParameterSet"; public const string RoleDefinitionCustom = "RoleDefinitionCustomParameterSet"; + + public const string ApplicationObjectId = "ApplicationObjectIdParameterSet"; + + public const string ApplicationId = "ApplicationIdParameterSet"; + + public const string ApplicationDisplayName = "ApplicationDisplayNameParameterSet"; + + public const string ApplicationIdentifierUri = "ApplicationIdentifierUriParameterSet"; } } diff --git a/src/ResourceManager/Resources/Commands.Resources/Properties/Resources.Designer.cs b/src/ResourceManager/Resources/Commands.Resources/Properties/Resources.Designer.cs index e9940f6b205b..d9ccbb92a883 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Properties/Resources.Designer.cs +++ b/src/ResourceManager/Resources/Commands.Resources/Properties/Resources.Designer.cs @@ -87,6 +87,24 @@ internal static string CancelResourceGroupDeploymentMessage { } } + /// + /// Looks up a localized string similar to You are a guest user in the directory and are not allowed to create an application. Please contact the administrator of the directory.. + /// + internal static string CreateApplicationNotAllowedGuestUser { + get { + return ResourceManager.GetString("CreateApplicationNotAllowedGuestUser", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to You are a guest user in the directory and are not allowed to create a service principal. Please contact the administrator of the directory.. + /// + internal static string CreateServicePrincipalNotAllowedGuestUser { + get { + return ResourceManager.GetString("CreateServicePrincipalNotAllowedGuestUser", resourceCulture); + } + } + /// /// Looks up a localized string similar to Are you sure you want to delete the deployment '{0}'?. /// diff --git a/src/ResourceManager/Resources/Commands.Resources/Properties/Resources.resx b/src/ResourceManager/Resources/Commands.Resources/Properties/Resources.resx index 920d967b17b3..a3d48fd3243d 100644 --- a/src/ResourceManager/Resources/Commands.Resources/Properties/Resources.resx +++ b/src/ResourceManager/Resources/Commands.Resources/Properties/Resources.resx @@ -339,4 +339,10 @@ Are you sure you want to remove role definition with name '{0}'. + + You are a guest user in the directory and are not allowed to create an application. Please contact the administrator of the directory. + + + You are a guest user in the directory and are not allowed to create a service principal. Please contact the administrator of the directory. + \ No newline at end of file diff --git a/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/GetAzureRoleDefinitionCommand.cs b/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/GetAzureRoleDefinitionCommand.cs index 78e49d94270e..d593bd6a5797 100644 --- a/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/GetAzureRoleDefinitionCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/GetAzureRoleDefinitionCommand.cs @@ -28,7 +28,7 @@ namespace Microsoft.Azure.Commands.Resources [Cmdlet(VerbsCommon.Get, "AzureRmRoleDefinition"), OutputType(typeof(List))] public class GetAzureRoleDefinitionCommand : ResourcesBaseCmdlet { - [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionName, HelpMessage = "Role definition name. For e.g. Reader, Contributor, Virtual Machine Contributor.")] + [Parameter(Position = 0, Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionName, HelpMessage = "Role definition name. For e.g. Reader, Contributor, Virtual Machine Contributor.")] [ValidateNotNullOrEmpty] public string Name { get; set; } diff --git a/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/RemoveAzureRoleDefinitionCommand.cs b/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/RemoveAzureRoleDefinitionCommand.cs index 0d797e52d545..3c667f19fbd1 100644 --- a/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/RemoveAzureRoleDefinitionCommand.cs +++ b/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/RemoveAzureRoleDefinitionCommand.cs @@ -33,7 +33,7 @@ public class RemoveAzureRoleDefinitionCommand : ResourcesBaseCmdlet [ValidateGuidNotEmpty] public Guid Id { get; set; } - [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionName, + [Parameter(Position = 0, Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionName, HelpMessage = "Role definition name. For e.g. Reader, Contributor, Virtual Machine Contributor.")] [ValidateNotNullOrEmpty] public string Name { get; set; } diff --git a/src/ResourceManager/Resources/Commands.Resources/packages.config b/src/ResourceManager/Resources/Commands.Resources/packages.config index ee7a867a3458..c5bc8f711277 100644 --- a/src/ResourceManager/Resources/Commands.Resources/packages.config +++ b/src/ResourceManager/Resources/Commands.Resources/packages.config @@ -5,7 +5,7 @@ - +