-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAccessPackagePolicyCreateIfNotExist.cs
More file actions
143 lines (135 loc) · 6.49 KB
/
AccessPackagePolicyCreateIfNotExist.cs
File metadata and controls
143 lines (135 loc) · 6.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
using Microsoft.Graph;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace ap_cli
{
partial class Program
{
static async Task AccessPackagePolicyCreateIfNotExist(GraphServiceClient graphServiceClient, string accessPackageId, string accessPackageDisplayName, string approverGroupId)
{
var accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy
{
DisplayName = String.Format("{0} Assignment Policy", accessPackageDisplayName),
Description = "policy for assignment",
AllowedTargetScope = AllowedTargetScope.AllConfiguredConnectedOrganizationUsers,
SpecificAllowedTargets = new List<SubjectSet>()
{
},
Expiration = new ExpirationPattern
{
EndDateTime = null,
Duration = null,
Type = ExpirationPatternType.NoExpiration
},
RequestorSettings = new AccessPackageAssignmentRequestorSettings
{
EnableTargetsToSelfAddAccess = false,
EnableTargetsToSelfUpdateAccess = false,
EnableTargetsToSelfRemoveAccess = false,
AllowCustomAssignmentSchedule = true,
EnableOnBehalfRequestorsToAddAccess = false,
EnableOnBehalfRequestorsToUpdateAccess = false,
EnableOnBehalfRequestorsToRemoveAccess = false,
OnBehalfRequestors = new List<SubjectSet>()
{
}
},
RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
{
IsApprovalRequiredForAdd = true,
IsApprovalRequiredForUpdate = false,
Stages = new List<AccessPackageApprovalStage>()
{new AccessPackageApprovalStage
{
DurationBeforeAutomaticDenial = new Duration(new TimeSpan(5,0,0,0)),
DurationBeforeEscalation = new Duration(new TimeSpan(3,0,0,0)),
IsApproverJustificationRequired = true,
IsEscalationEnabled = true,
EscalationApprovers = new List<SubjectSet>()
{
new GroupMembers()
{
GroupId = approverGroupId
}
},
FallbackEscalationApprovers = new List<SubjectSet>(),
PrimaryApprovers = new List<SubjectSet>(),
FallbackPrimaryApprovers = new List<SubjectSet>()
{
new GroupMembers()
{
GroupId = approverGroupId
}
}
}
}
},
ReviewSettings = new AccessPackageAssignmentReviewSettings
{
IsEnabled = true, // Does not enable the policy
ExpirationBehavior = AccessReviewExpirationBehavior.KeepAccess,
IsRecommendationEnabled = true,
IsReviewerJustificationRequired = true,
IsSelfReview = false,
PrimaryReviewers = new List<SubjectSet>()
{
new GroupMembers()
{
GroupId = approverGroupId
}
},
Schedule = new EntitlementManagementSchedule
{
StartDateTime = DateTime.Now,
Expiration = new ExpirationPattern
{
Duration = new Duration("P14D"),
Type = ExpirationPatternType.AfterDuration
},
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.AbsoluteMonthly,
Interval = 1
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
StartDate = new Date(DateTime.Now.Year, DateTime.Now.Month, DateTime.Now.Day)
}
}
}
},
AccessPackage = new AccessPackage
{
Id = accessPackageId
}
};
var accessPackageAssignmentPolicyList = await GetAccessPackageAssignmentPolicyList(graphServiceClient);
AccessPackageAssignmentPolicy assignmentPolicy = accessPackageAssignmentPolicyList.FirstOrDefault<AccessPackageAssignmentPolicy>(x => x.DisplayName == accessPackageAssignmentPolicy.DisplayName);
if (assignmentPolicy is null)
{
AccessPackageAssignmentPolicy accessPackageAssignmentPolicyResult = await graphServiceClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies
.Request()
.AddAsync(accessPackageAssignmentPolicy);
// Requires Beta API update to set accessRequests = true
Console.WriteLine(string.Format("{0} access package assignment policy created.", accessPackageAssignmentPolicyResult.DisplayName));
}
else
{
throw new Exception(string.Format("ERROR: '{0}' access package assignment policy already exists.", accessPackageAssignmentPolicy.DisplayName));
}
}
private static async Task<IEntitlementManagementAssignmentPoliciesCollectionPage> GetAccessPackageAssignmentPolicyList(GraphServiceClient graphServiceClient)
{
var accessPackagesPolicies = await graphServiceClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies
.Request()
.GetAsync();
return accessPackagesPolicies;
}
}
}