-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TokenIssuancePolicy #215
Add TokenIssuancePolicy #215
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @kenchan0130, thanks for contributing to this SDK! Overall this is looking great. I have just one comment about a method signature/behavior which is mainly about trying to be consistent between client methods. If you can take a look at this, this should be good to merge. Thanks!
msgraph/serviceprincipals.go
Outdated
@@ -778,3 +778,135 @@ func (c *ServicePrincipalsClient) AssignAppRoleForResource(ctx context.Context, | |||
|
|||
return &appRoleAssignment, status, nil | |||
} | |||
|
|||
// AssignTokenIssuancePolicy assigns tokenIssuancePolicies to a service principal | |||
func (c *ServicePrincipalsClient) AssignTokenIssuancePolicy(ctx context.Context, servicePrincipal *ServicePrincipal) (int, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@manicminer
As you have said in #215 (comment), I have made the interface like AssignClaimsMappingPolicy
.
However, I would like to be sure that my current changes are not a problem for the overall design policy of ServicePrincipalClient
, as it differs from your opinion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kenchan0130 Thanks for updating. As per my earlier comment, I think it would be best to use a function signature like:
func (c *ServicePrincipalsClient) AssignTokenIssuancePolicy(ctx context.Context, servicePrincipalId string, TokenIssuancePolicy) (int, error) {
// ...
}
or, if multiple policies can be assigned in one operation:
func (c *ServicePrincipalsClient) AssignTokenIssuancePolicy(ctx context.Context, servicePrincipalId string, []TokenIssuancePolicy) (int, error) {
// ...
}
The reason we differ from this in the case of Owners
, Members
etc is that these are relational rather than child objects and as such they require the full OData ID to construct a link field. For an example of child objects have a look at the ApplicationsClient{}.AddPassword()
method.
Secondly, for the question of whether this operation should happen for applications or service principals, I note that the docs only seem to cover the /applications/{id}/tokenIssuancePolicies
endpoint - could it be that these are applicable to both /applications/{id}/tokenIssuancePolicies
and /servicePrincipals/{id}/tokenIssuancePolicies
? If so, it would be nice to add methods to both clients here to offers users the choice. But if this is a case of the docs being wrong, I am happy to defer to your experience here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for updating. As per my earlier comment, I think it would be best to use a function signature like
OK, I understand.
I changed interfaces bd28117.
Secondly, for the question of whether this operation should happen for applications or service principals, I note that the docs only seem to cover the
/applications/{id}/tokenIssuancePolicies
endpoint - could it be that these are applicable to both/applications/{id}/tokenIssuancePolicies and /servicePrincipals/{id}/tokenIssuancePolicies
?
I have tried to apply a policy to the application as follows and found that this request results in an error.
curl 'https://graph.microsoft.com/v1.0/applications/a191c3d6-9371-446a-a4aa-647226be2f1b/tokenIssuancePolicies/$ref' \
-H 'Authorization: Bearer xxxxx' \
--data-raw '{"@odata.id":"https://graph.microsoft.com/v1.0/policies/tokenIssuancePolicies/8efb6001-1369-4c68-be2d-04182c8edd76"}'
{
"error": {
"code": "Request_BadRequest",
"message": "Policy operations on v2 application are disabled.",
"innerError": {
"date": "2023-03-02T14:55:42",
"request-id": "3ce11a1a-d63a-4100-9bf8-c83ca1666fbd",
"client-request-id": "663c72ad-ccc3-2eef-38aa-3ea17b11a44b"
}
}
}
Therefore, I chose not to implement it for the application.
The fail in this test does not appear to be related to any change in my code.
|
537c1b1
to
e42673e
Compare
I rebased it to remove the conflict with the main branch. |
This adds initial support for the TokenIssuancePolicy resource. Graph API Reference: https://learn.microsoft.com/en-us/graph/api/resources/tokenissuancepolicy?view=graph-rest-1.0
This adds tokenIssuancePolicy assignment support for Applications and implements Assign, List and Remove. Graph API Reference: https://learn.microsoft.com/en-us/graph/api/application-post-tokenissuancepolicies?view=graph-rest-1.0 https://learn.microsoft.com/en-us/graph/api/application-list-tokenissuancepolicies?view=graph-rest-1.0 https://learn.microsoft.com/en-us/graph/api/application-delete-tokenissuancepolicies?view=graph-rest-1.0
e42673e
to
bd28117
Compare
@manicminer |
@manicminer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kenchan0130 Many thanks for clarifying and updating. Sorry for the delay, this LGTM 🚀
This adds initial support for the TokenIssuancePolicy resource.
Represents the policy to specify the characteristics of SAML tokens issued by Azure AD. You can use token issuance policies to:
I believe it will also be useful for adding resources to azure ad terraform in the future, as it will be used to configure the SAML signature algorithm, etc.
https://learn.microsoft.com/en-us/graph/api/resources/tokenissuancepolicy?view=graph-rest-1.0