Merge pull request Azure#6528 from praries880/6356_fix

fix for issue Azure#6356

Author: praries880

src/Common/Commands.Common.Authentication.Abstractions/Settings/AuthenticationFactorySettings.cs

@@ -22,6 +22,8 @@ namespace Microsoft.Azure.Commands.Common.Authentication.Abstractions
     /// </summary>
     public class AuthenticationFactorySettings : IExtensibleSettings
     {
+        public const string CommonAdTenant = "Common";
+
         /// <summary>
         /// The default token cache used for the authentication factory
         /// </summary>

src/ResourceManager/Aks/Commands.Aks/AzureRM.Aks.psd1

@@ -51,7 +51,7 @@ CLRVersion = '4.0'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = '.\YamlDotNet.dll',

src/ResourceManager/AnalysisServices/Commands.AnalysisServices.Dataplane/Azure.AnalysisServices.psd1

@@ -48,7 +48,7 @@ CLRVersion='4.0'
 ProcessorArchitecture = 'None'
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = @()

src/ResourceManager/AnalysisServices/Commands.AnalysisServices/AzureRM.AnalysisServices.psd1

@@ -51,7 +51,7 @@ CLRVersion = '4.0'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = '.\Microsoft.Azure.Management.Analysis.dll'

src/ResourceManager/ApiManagement/Commands.ApiManagement/AzureRM.ApiManagement.psd1

@@ -51,7 +51,7 @@ CLRVersion = '4.0'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = '.\AutoMapper.dll', 

src/ResourceManager/ApplicationInsights/Commands.ApplicationInsights/AzureRM.ApplicationInsights.psd1

@@ -51,7 +51,7 @@ CLRVersion = '4.0'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = '.\Microsoft.Azure.Management.ApplicationInsights.dll'

src/ResourceManager/Automation/Commands.Automation/AzureRM.Automation.psd1

@@ -51,7 +51,7 @@ CLRVersion = '4.0'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = '.\Microsoft.Azure.Management.Automation.dll'

src/ResourceManager/AzureBackup/Commands.AzureBackup/AzureRM.Backup.psd1

@@ -51,7 +51,7 @@ CLRVersion = '4.0'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = '.\Microsoft.Azure.Management.BackupServicesManagement.dll', 

src/ResourceManager/AzureBatch/Commands.Batch/AzureRM.Batch.psd1

@@ -51,7 +51,7 @@ CLRVersion = '4.0'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = '.\Microsoft.Azure.Batch.dll', 

src/ResourceManager/Billing/Commands.Billing/AzureRM.Billing.psd1

@@ -51,7 +51,7 @@ CLRVersion = '4.0'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = '.\Microsoft.Azure.Management.Billing.dll'

src/ResourceManager/Cdn/Commands.Cdn/AzureRM.Cdn.psd1

@@ -51,7 +51,7 @@ CLRVersion = '4.0'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = '.\Microsoft.Azure.Management.Cdn.dll'

src/ResourceManager/CognitiveServices/Commands.Management.CognitiveServices/AzureRM.CognitiveServices.psd1

@@ -51,7 +51,7 @@ CLRVersion = '4.0'
 # ProcessorArchitecture = ''
 
 # Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.1'; })
+RequiredModules = @(@{ModuleName = 'AzureRM.Profile'; ModuleVersion = '5.3.2'; })
 
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = '.\Microsoft.Azure.Management.CognitiveServices.dll'

src/ResourceManager/Common/Commands.ResourceManager.Common/AzureRMCmdlet.cs

@@ -17,13 +17,17 @@
 using Microsoft.Azure.Commands.Common.Authentication.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.Properties;
 using Microsoft.Azure.Management.Internal.Resources;
+using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
 using Microsoft.Rest;
 using Microsoft.WindowsAzure.Commands.Common;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using System;
+using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
 using System.Management.Automation;
+using System.Security.Authentication;
+using System.Text;
 
 namespace Microsoft.Azure.Commands.ResourceManager.Common
 {
@@ -35,6 +39,11 @@ public abstract class AzureRMCmdlet : AzurePSCmdlet
         protected ServiceClientTracingInterceptor _serviceClientTracingInterceptor;
         IAzureContextContainer _profile;
 
+        public const int MAX_NUMBER_OF_TOKENS_ALLOWED_IN_AUX_HEADER = 3;
+        public const string AUX_HEADER_NAME = "x-ms-authorization-auxiliary";
+        public const string AUX_TOKEN_PREFIX = "Bearer";
+        public const string AUX_TOKEN_APPEND_CHAR = ";";
+
         /// <summary>
         /// Creates new instance from AzureRMCmdlet and add the RPRegistration handler.
         /// </summary>
@@ -68,6 +77,82 @@ public IAzureContextContainer DefaultProfile
             }
         }
 
+        protected IDictionary<String, List<String>> GetAuxilaryAuthHeaderFromResourceIds(List<String> resourceIds)
+        {
+            IDictionary<String, List<String>> auxHeader = null;
+
+            //Get the subscriptions from the resource Ids
+            var subscriptionIds = resourceIds.Select(rId => (new ResourceIdentifier(rId))?.Subscription)?.Distinct();
+
+            //Checxk if we have access to all the subscriptions
+            var subscriptionList = CheckAccessToSubscriptions(subscriptionIds);
+
+            //get all the non default tenant ids for the subscriptions
+            var nonDeafultTenantIds = subscriptionList?.Select(s => s.GetTenant())?.Distinct()?.Where(t => t != DefaultContext.Tenant.GetId().ToString());
+
+            if ((nonDeafultTenantIds != null) && (nonDeafultTenantIds.Count() > 0))
+            {
+                // WE can only fill in tokens for 3 tennats in the aux header, if tehre are more tenants fail now
+                if (nonDeafultTenantIds.Count() > MAX_NUMBER_OF_TOKENS_ALLOWED_IN_AUX_HEADER)
+                {
+                    throw new ArgumentException("Number of tenants (tenants other than the one in the current context), that the requested resources belongs to, exceeds maximum allowed number of " + MAX_NUMBER_OF_TOKENS_ALLOWED_IN_AUX_HEADER);
+                }
+
+                //get the tokens for each tenant and prepare the string in the following format :
+                //"Header Value :: Bearer <auxiliary token1>;EncryptedBearer <auxiliary token2>; Bearer <auxiliary token3>"
+
+                var tokens = nonDeafultTenantIds.Select(t => (new StringBuilder(AUX_TOKEN_PREFIX).Append(" ").Append(GetTokenForTenant(t)?.AccessToken))?.ToString())?.ConcatStrings(AUX_TOKEN_APPEND_CHAR);
+
+                auxHeader = new Dictionary<String, List<String>>();
+
+                List<string> headerValues = new List<string>(1);
+                headerValues.Add(tokens);
+                auxHeader.Add(AUX_HEADER_NAME, headerValues);
+            }
+
+            return auxHeader;
+        }
+
+        private List<IAzureSubscription> CheckAccessToSubscriptions(IEnumerable<string> subscriptions)
+        {
+            var subscriptionsNotInDefaultProfile = subscriptions.ToList().Except(DefaultProfile.Subscriptions.Select(s => s.GetId().ToString()).ToList());
+
+            List<IAzureSubscription> subscriptionObjects = DefaultProfile.Subscriptions.Where(s => subscriptions.Contains(s.GetId().ToString())).ToList();
+            if (subscriptionsNotInDefaultProfile.Any())
+            {
+                //So we didnt find some subscriptions in the default profile.. 
+                //this does not mean that the user does not have access to the subs, it just menas that the local context did not have them
+                //We gotta now call into the subscription RP and see if the user really does not have access to these subscriptions
+
+                var result = Utilities.SubscriptionAndTenantHelper.GetTenantsForSubscriptions(subscriptionsNotInDefaultProfile.ToList(), DefaultContext);
+
+                if (result.Count < subscriptionsNotInDefaultProfile.Count())
+                {
+                    var subscriptionsNotFoundAtAll = subscriptionsNotInDefaultProfile.ToList().Except(result.Keys);
+                    //Found subscription(s) the user does not have acess to... throw exception
+                    StringBuilder message = new StringBuilder();
+
+                    message.Append(" The user does not have access to the following subscription(s) : ");
+                    subscriptionsNotFoundAtAll.ForEach(s => message.Append(" " + s));
+                    throw new AuthenticationException(message.ToString());
+                }
+                else
+                {
+                    subscriptionObjects.AddRange(result.Values);
+                }
+            }
+
+            return subscriptionObjects;
+        }
+
+
+        private IAccessToken GetTokenForTenant(string tenantId)
+        {
+            return Utilities.SubscriptionAndTenantHelper.AcquireAccessToken(DefaultContext.Account,
+                DefaultContext.Environment,
+                tenantId);
+        }
+
         protected override string DataCollectionWarning
         {
             get

src/ResourceManager/Common/Commands.ResourceManager.Common/Commands.ResourceManager.Common.csproj

@@ -204,6 +204,7 @@
     <Compile Include="Utilities\Models\ResourceIdentifier.cs" />
     <Compile Include="Utilities\ResourceManagementClientExtensions.cs" />
     <Compile Include="Utilities\ResourcesExtensions.cs" />
+    <Compile Include="Utilities\SubscriptionAndTenantHelper.cs" />
     <None Include="MSSharedLibKey.snk" />
     <None Include="packages.config">
       <SubType>Designer</SubType>