Skip to content

Authorization: Add role assignment paging for list calls #1185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 29, 2015
Merged

Authorization: Add role assignment paging for list calls #1185

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fecca97
Authorization: Add paging for role assignment list/get calls
namratab Oct 27, 2015
c249497
Merge branch 'dev' of github.com:Azure/azure-powershell into Paging
namratab Oct 27, 2015
9c22291
Fix bad merge
namratab Oct 27, 2015
ddf6bb0
Merge branch 'dev' of github.com:Azure/azure-powershell into Paging
namratab Oct 28, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
<HintPath>..\..\..\packages\Microsoft.Azure.KeyVault.Core.1.0.0\lib\net40\Microsoft.Azure.KeyVault.Core.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Azure.Management.Authorization">
<HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.1.0.1\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
<HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.1.0.2\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Azure.ResourceManager, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
Expand Down Expand Up @@ -551,4 +551,4 @@
<ItemGroup />
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Import Project="..\..\..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets" Condition="Exists('..\..\..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets')" />
</Project>
</Project>
2 changes: 1 addition & 1 deletion src/ResourceManager/Resources/Commands.Resources.Test/packages.config
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<package id="Microsoft.Azure.Graph.RBAC" version="1.7.2-preview" targetFramework="net45" />
<package id="Microsoft.Azure.Insights" version="0.7.7-preview" targetFramework="net45" />
<package id="Microsoft.Azure.KeyVault.Core" version="1.0.0" targetFramework="net45" />
<package id="Microsoft.Azure.Management.Authorization" version="1.0.0" targetFramework="net45" />
<package id="Microsoft.Azure.Management.Authorization" version="1.0.2" targetFramework="net45" />
<package id="Microsoft.Azure.Management.Resources" version="2.18.7-preview" targetFramework="net45" />
<package id="Microsoft.Azure.Test.Framework" version="1.0.5715.36130-prerelease" targetFramework="net45" />
<package id="Microsoft.Azure.Test.HttpRecorder" version="1.0.5715.36130-prerelease" targetFramework="net45" />
Expand Down
3 changes: 1 addition & 2 deletions src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,7 @@
<HintPath>..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.2-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Azure.Management.Authorization">
<HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.1.0.1\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
<Private>True</Private>
<HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.1.0.2\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Azure.ResourceManager, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
Expand Down
47 changes: 35 additions & 12 deletions src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,11 +187,17 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions
parameters.PrincipalId = string.IsNullOrEmpty(options.ADObjectFilter.Id) ? adObject.Id : Guid.Parse(options.ADObjectFilter.Id);
}

result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)
.RoleAssignments
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
var tempResult = AuthorizationManagementClient.RoleAssignments.List(parameters);
result.AddRange(tempResult.RoleAssignments.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));

while (!string.IsNullOrWhiteSpace(tempResult.NextLink))
{
tempResult = AuthorizationManagementClient.RoleAssignments.ListNext(tempResult.NextLink);
result.AddRange(tempResult.RoleAssignments.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
}

// Filter out by scope
if (!string.IsNullOrEmpty(options.Scope))
{
Expand All @@ -203,17 +209,31 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions
// Filter by scope and above directly
parameters.AtScope = true;

result.AddRange(AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, parameters)
.RoleAssignments
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
var tempResult = AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, parameters);
result.AddRange(tempResult.RoleAssignments.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));

while (!string.IsNullOrWhiteSpace(tempResult.NextLink))
{
tempResult = AuthorizationManagementClient.RoleAssignments.ListForScopeNext(tempResult.NextLink);
result.AddRange(tempResult.RoleAssignments.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
}
}
else
{
result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)
.RoleAssignments
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
var tempResult = AuthorizationManagementClient.RoleAssignments.List(parameters);
result.AddRange(tempResult.RoleAssignments
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));

while (!string.IsNullOrWhiteSpace(tempResult.NextLink))
{
tempResult = AuthorizationManagementClient.RoleAssignments.ListNext(tempResult.NextLink);
result.AddRange(tempResult.RoleAssignments
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
}
}

if (!string.IsNullOrEmpty(options.RoleDefinitionName))
Expand Down Expand Up @@ -252,12 +272,14 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions
/// Deletes a role assignments based on the used options.
/// </summary>
/// <param name="options">The role assignment filtering options</param>
/// <param name="subscriptionId">Current subscription id</param>
/// <returns>The deleted role assignments</returns>
public IEnumerable<PSRoleAssignment> RemoveRoleAssignment(FilterRoleAssignmentsOptions options, string subscriptionId)
{
// Match role assignments at exact scope. Ideally, atmost 1 roleAssignment should match the criteria
// but an edge case can have multiple role assignments to the same role or multiple role assignments to different roles, with same name.
IEnumerable<PSRoleAssignment> roleAssignments = FilterRoleAssignments(options, subscriptionId)
// The FilterRoleAssignments takes care of paging internally
IEnumerable<PSRoleAssignment> roleAssignments = FilterRoleAssignments(options, currentSubscription: subscriptionId)
.Where(ra => ra.Scope == options.Scope.TrimEnd('/'));

if (roleAssignments == null || !roleAssignments.Any())
Expand Down Expand Up @@ -307,7 +329,8 @@ public PSRoleDefinition GetRoleRoleDefinition(string name)
/// <summary>
/// Deletes a role definition based on the id.
/// </summary>
/// <param name="id">The role definition id.</param>
/// <param name="roleDefinitionId">The role definition id to delete</param>
/// <param name="subscriptionId">Current subscription id</param>
/// <returns>The deleted role definition.</returns>
public PSRoleDefinition RemoveRoleDefinition(Guid roleDefinitionId, string subscriptionId)
{
Expand Down
2 changes: 1 addition & 1 deletion src/ResourceManager/Resources/Commands.Resources/packages.config
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<package id="Microsoft.Azure.Common.Dependencies" version="1.0.0" targetFramework="net45" />
<package id="Microsoft.Azure.Gallery" version="2.6.2-preview" targetFramework="net45" />
<package id="Microsoft.Azure.Graph.RBAC" version="1.7.2-preview" targetFramework="net45" />
<package id="Microsoft.Azure.Management.Authorization" version="1.0.1" targetFramework="net45" />
<package id="Microsoft.Azure.Management.Authorization" version="1.0.2" targetFramework="net45" />
<package id="Microsoft.Azure.Management.Resources" version="2.18.11-preview" targetFramework="net45" />
<package id="Microsoft.Bcl" version="1.1.10" targetFramework="net45" />
<package id="Microsoft.Bcl.Async" version="1.0.168" targetFramework="net45" />
Expand Down