From 9db104971879b3ef87ff78c1a30b2da51dc86462 Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 18 Apr 2024 08:26:54 +0200 Subject: [PATCH] #76 ifs instead of mini-ifs --- SCEPman/Private/permissions.ps1 | 22 ++++++++++++++----- .../Public/Complete-SCEPmanInstallation.ps1 | 4 +++- SCEPman/Public/New-SCEPmanClone.ps1 | 4 ++-- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/SCEPman/Private/permissions.ps1 b/SCEPman/Private/permissions.ps1 index efc5837..4c47a5a 100644 --- a/SCEPman/Private/permissions.ps1 +++ b/SCEPman/Private/permissions.ps1 @@ -36,18 +36,24 @@ function SetManagedIdentityPermissions($principalId, $resourcePermissions, $Grap ForEach($resourcePermission in $resourcePermissions) { if($alreadyAssignedPermissions -contains $resourcePermission.appRoleId) { Write-Verbose "Permission is already there (ResourceID $($resourcePermission.resourceId), AppRoleId $($resourcePermission.appRoleId))" - $permissionLevelReached = $resourcePermission.permissionLevel -gt $permissionLevelReached ? $resourcePermission.permissionLevel : $permissionLevelReached + if ($resourcePermission.permissionLevel -gt $permissionLevelReached) { + $permissionLevelReached = $resourcePermission.permissionLevel + } } else { Write-Verbose "Assigning new permission (ResourceID $($resourcePermission.resourceId), AppRoleId $($resourcePermission.appRoleId))" $bodyToAddPermission = "{'principalId': '$principalId','resourceId': '$($resourcePermission.resourceId)','appRoleId':'$($resourcePermission.appRoleId)'}" $azCommand = "az rest --method post --uri '$graphEndpointForAppRoleAssignments' --body `"$bodyToAddPermission`" --headers 'Content-Type=application/json'" if ($SkipAppRoleAssignments) { Write-Warning "Skipping app role assignment (please execute manually): $azCommand" - $permissionLevelFail = $resourcePermission.permissionLevel -lt $permissionLevelFail ? $resourcePermission.permissionLevel : $permissionLevelFail + if ($resourcePermission.permissionLevel -lt $permissionLevelFail) { + $permissionLevelFail = $resourcePermission.permissionLevel + } } else { try { $null = ExecuteAzCommandRobustly -azCommand $azCommand -principalId $principalId -appRoleId $resourcePermission.appRoleId -GraphBaseUri $GraphBaseUri - $permissionLevelReached = $resourcePermission.permissionLevel -gt $permissionLevelReached ? $resourcePermission.permissionLevel : $permissionLevelReached + if ($resourcePermission.permissionLevel -gt $permissionLevelReached) { + $permissionLevelReached = $resourcePermission.permissionLevel + } } catch { $exceptionMessage = $_.ToString() @@ -57,7 +63,9 @@ function SetManagedIdentityPermissions($principalId, $resourcePermissions, $Grap Write-Error "Couldn't assign permission of permission level 0" throw $_ } else { - $permissionLevelFail = $resourcePermission.permissionLevel -lt $permissionLevelFail ? $resourcePermission.permissionLevel : $permissionLevelFail + if ($resourcePermission.permissionLevel -lt $permissionLevelFail) { + $permissionLevelFail = $resourcePermission.permissionLevel + } } } else { throw $_ @@ -67,7 +75,11 @@ function SetManagedIdentityPermissions($principalId, $resourcePermissions, $Grap } } - return $permissionLevelReached -gt $permissionLevelFail ? ($permissionLevelFail - 1) : $permissionLevelReached + if ($permissionLevelReached -ge $permissionLevelFail) { + return $permissionLevelFail - 1 + } else { + return $permissionLevelReached + } } function GetSCEPmanResourcePermissions() { diff --git a/SCEPman/Public/Complete-SCEPmanInstallation.ps1 b/SCEPman/Public/Complete-SCEPmanInstallation.ps1 index 28889f3..249ff8c 100644 --- a/SCEPman/Public/Complete-SCEPmanInstallation.ps1 +++ b/SCEPman/Public/Complete-SCEPmanInstallation.ps1 @@ -203,7 +203,9 @@ function Complete-SCEPmanInstallation ForEach($tempServicePrincipal in $serviceprincipalOfScDeploymentSlots) { Write-Verbose "Setting SCEPman permissions to Service Principal with id $tempServicePrincipal" $permissionLevelReached = SetManagedIdentityPermissions -principalId $tempServicePrincipal -resourcePermissions $resourcePermissionsForSCEPman -GraphBaseUri $GraphBaseUri -SkipAppRoleAssignments $SkipAppRoleAssignments - $permissionLevelScepman = $permissionLevelReached -lt $permissionLevelScepman ? $permissionLevelReached : $permissionLevelScepman + if ($permissionLevelReached -lt $permissionLevelScepman) { + $permissionLevelScepman = $permissionLevelReached + } Write-Verbose "Reaching permission level $permissionLevelReached for this deployment slot" } Write-Information "SCEPman's permission level is $permissionLevelScepman" diff --git a/SCEPman/Public/New-SCEPmanClone.ps1 b/SCEPman/Public/New-SCEPmanClone.ps1 index abf6f60..9bda868 100644 --- a/SCEPman/Public/New-SCEPmanClone.ps1 +++ b/SCEPman/Public/New-SCEPmanClone.ps1 @@ -130,9 +130,9 @@ function New-SCEPmanClone $DelayForSecurityPrincipals = 3000 Write-Verbose "Waiting for $DelayForSecurityPrincipals milliseconds until the Security Principals are available" Start-Sleep -Milliseconds $DelayForSecurityPrincipals - $null = SetManagedIdentityPermissions -principalId $serviceprincipalsc.principalId -resourcePermissions $resourcePermissionsForSCEPman -GraphBaseUri $GraphBaseUri + $permissionLevelScepman = SetManagedIdentityPermissions -principalId $serviceprincipalsc.principalId -resourcePermissions $resourcePermissionsForSCEPman -GraphBaseUri $GraphBaseUri - MarkDeploymentSlotAsConfigured -SCEPmanAppServiceName $TargetAppServiceName -SCEPmanResourceGroup $TargetResourceGroup + MarkDeploymentSlotAsConfigured -SCEPmanAppServiceName $TargetAppServiceName -SCEPmanResourceGroup $TargetResourceGroup -PermissionLevel $permissionLevelScepman Write-Information "Copying app settings from source App Service to target" SetAppSettings -AppServiceName $TargetAppServiceName -resourceGroup $TargetResourceGroup -Settings $SCEPmanSourceSettings.settings