feat: Add Create-AzApiManagementUser script (#316)

pim-simons · web-flow · commit 8d9d6fdf96d6 · 2022-08-17T13:53:42.000+02:00
Co-authored-by: Pim Simons &lt;pim.simons@codit.eu&gt;
diff --git a/docs/preview/02-Features/powershell/azure-api-management.md b/docs/preview/02-Features/powershell/azure-api-management.md
@@ -10,6 +10,7 @@ This module provides the following capabilities:
   - [Installation](#installation)
   - [Backing up an API Management service](#backing-up-an-api-management-service)
   - [Creating a new API operation in the Azure API Management instance](#creating-a-new-api-operation-in-the-azure-api-management-instance)
+  - [Creating a new user in an Azure API Management service](#creating-a-new-user-in-an-azure-api-management-service)
   - [Importing a policy to an API in the Azure API Management instance](#importing-a-policy-to-an-api-in-the-azure-api-management-instance)
   - [Importing a policy to an operation in the Azure API Management instance](#importing-a-policy-to-an-operation-in-the-azure-api-management-instance)
   - [Removing all Azure API Management defaults from the instance](#removing-all-azure-api-management-defaults-from-the-instance)
@@ -86,6 +87,77 @@ PS> Create-AzApiManagementApiOperation -ResourceGroupName $ResourceGroup -Servic
 # New API operation '$OperationName' on API Management instance was added.
 ```	
 
+## Creating a new user in an Azure API Management service
+
+Signup or invite a new user in an existing API in Azure API Management.
+
+| Parameter           | Mandatory | Description                                                                                                                                                         |
+| ------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `ResourceGroupName` | yes       | The resource group containing the Azure API Management instance                                                                                                     |
+| `ServiceName`       | yes       | The name of the Azure API Management instance located in Azure                                                                                                      |
+| `FirstName`         | yes       | The first name of the user that is to be created                                                                                                                    |
+| `LastName`          | yes       | The last name of the user that is to be created                                                                                                                     |
+| `MailAddress`       | yes       | The email address of the user that is to be created                                                                                                                 |
+| `UserId`            | no        | The UserId that will be used to create the user                                                                                                                     |
+| `Password`          | no        | The password that the user will be able to login with                                                                                                               |
+| `Note`              | no        | A note that will be added to the user                                                                                                                               |
+| `SendNotification`  | no        | Wether or not a notification will be sent to the email address of the user                                                                                          |
+| `ConfirmationType`  | no        | The confirmation type that will be used when creating the user, this can be `invite` (default) or `signup`                                                          |
+| `ApiVersion`        | no        | The version of the management API to be used.  (default: `2021-08-01`)                                                                                              |
+| `SubscriptionId`    | no        | The Id of the subscription containing the Azure API Management instance. When not provided, it will be retrieved from the current context (Get-AzContext).          |
+| `AccessToken`       | no        | The access token to be used to add the user to the Azure API Management instance. When not provided, it will be retrieved from the current context (Get-AzContext). |
+
+**Example**
+
+Invite a new user in an existing API in Azure API Management.
+
+```powershell
+PS> Create-AzApiManagementUser -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress
+# Attempting to invite $FirstName $LastName ($MailAddress)
+# Invitation has been sent to FirstName $LastName ($MailAddress)
+```
+
+Invite a new user in an existing API in Azure API Management and specify a UserId.
+
+```powershell
+PS> Create-AzApiManagementUser -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -UserId $UserId
+# Attempting to invite $FirstName $LastName ($MailAddress)
+# Invitation has been sent to FirstName $LastName ($MailAddress)
+```
+
+Invite a new user in an existing API in Azure API Management and include a note.
+
+```powershell
+PS> Create-AzApiManagementUser -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -Note $Note
+# Attempting to invite $FirstName $LastName ($MailAddress)
+# Invitation has been sent to FirstName $LastName ($MailAddress)
+```
+
+Invite a new user in an existing API in Azure API Management and send a notification.
+
+```powershell
+PS> Create-AzApiManagementUser -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -SendNotification
+# Attempting to invite $FirstName $LastName ($MailAddress)
+# Invitation has been sent to FirstName $LastName ($MailAddress)
+```
+
+Signup a new user in an existing API in Azure API Management.
+
+```powershell
+PS> Create-AzApiManagementUser -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -ConfirmationType signup
+# Attempting to create account for FirstName $LastName ($MailAddress)
+# Account has been created for FirstName $LastName ($MailAddress)
+# Since no password was provided, one has been generated. Please advise the user to change this password the first time logging in
+```
+
+Signup a new user in an existing API in Azure API Management and specify a password.
+
+```powershell
+PS> Create-AzApiManagementUser -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -Password $Password -ConfirmationType signup
+# Attempting to create account for FirstName $LastName ($MailAddress)
+# Account has been created for FirstName $LastName ($MailAddress)
+```
+
 ## Importing a policy to a product in the Azure API Management instance
 
 Imports a policy from a file to a product in Azure API Management.
diff --git a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psd1 b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psd1
diff --git a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1 b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1
@@ -106,6 +106,77 @@ function Create-AzApiManagementApiOperation {
 
 Export-ModuleMember -Function Create-AzApiManagementApiOperation
 
+<#
+ .Synopsis
+  Creates a user in Azure API Management.
+
+ .Description
+  Signup or invite a new user in an existing API in Azure API Management.
+
+ .Parameter ResourceGroupName
+  The resource group containing the API Management service.
+
+ .Parameter ServiceName
+  The name of the API Management service located in Azure.
+
+ .Parameter FirstName
+  The first name of the user.
+
+ .Parameter LastName
+  The last name of the user.
+
+ .Parameter MailAddress
+  The e-mail address of the user.
+
+ .Parameter UserId
+  [Optional] The UserId the user should get in API Management.
+
+ .Parameter Password
+  [Optional] The password for the user.
+
+ .Parameter Note
+  [Optional] The note that should be added to the user in API Management.
+
+ .Parameter SendNotification
+  [Optional] Whether or not to send a notification to the user. 
+
+ .Parameter ConfirmationType
+  [Optional] The confirmation type to use when creating the user, this can be set to 'invite' or 'signup'.
+
+ .Parameter ApiVersion
+  [Optional] The version of the api to be used.
+
+ .Parameter SubscriptionId
+  [Optional] The Id of the subscription containing the Azure API Management service. When not provided, it will be retrieved from the current context (Get-AzContext).
+
+ .Parameter AccessToken
+  [Optional] The access token to be used. When not provided, it will be retrieved from the current context (Get-AzContext).
+#>
+function Create-AzApiManagementUser {
+    param(
+        [string][Parameter(Mandatory = $true)] $ResourceGroupName = $(throw "Resource group name is required"),
+        [string][parameter(Mandatory = $true)] $ServiceName = $(throw "API management service name is required"),
+        [string][parameter(Mandatory = $true)] $FirstName = $(throw "The first name of the user is required"),
+        [string][parameter(Mandatory = $true)] $LastName = $(throw "The last name of the user is required"),
+        [string][parameter(Mandatory = $true)] $MailAddress = $(throw "The mail-address of the user is required"),
+        [string][parameter(Mandatory = $false)] $UserId = $($MailAddress -replace '\W', '-'),
+        [string][parameter(Mandatory = $false)] $Password,
+        [string][parameter(Mandatory = $false)] $Note,
+        [switch][parameter(Mandatory = $false)] $SendNotification = $false,
+        [string][parameter(Mandatory = $false)][ValidateSet('invite', 'signup')] $ConfirmationType = "invite",
+        [string][parameter(Mandatory = $false)] $ApiVersion = "2021-08-01",
+        [string][parameter(Mandatory = $false)] $SubscriptionId,
+        [string][parameter(Mandatory = $false)] $AccessToken
+    )
+    if ($SendNotification) {
+        . $PSScriptRoot\Scripts\Create-AzApiManagementUser.ps1 -ResourceGroupName $ResourceGroupName -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -UserId $UserId -Password $Password -Note $Note -ConfirmationType $ConfirmationType -ApiVersion $ApiVersion -SubscriptionId $SubscriptionId -AccessToken $AccessToken -SendNotification
+    } else {
+        . $PSScriptRoot\Scripts\Create-AzApiManagementUser.ps1 -ResourceGroupName $ResourceGroupName -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -UserId $UserId -Password $Password -Note $Note -ConfirmationType $ConfirmationType -ApiVersion $ApiVersion -SubscriptionId $SubscriptionId -AccessToken $AccessToken
+    }
+}
+
+Export-ModuleMember -Function Create-AzApiManagementUser
+
 <#
  .Synopsis
   Import a policy to a product in Azure API Management.
diff --git a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.pssproj b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.pssproj
@@ -33,6 +33,7 @@
     <Compile Include="Arcus.Scripting.ApiManagement.psm1" />
     <Compile Include="Scripts\Backup-AzApiManagementService.ps1" />
     <Compile Include="Scripts\Create-AzApiManagementApiOperation.ps1" />
+    <Compile Include="Scripts\Create-AzApiManagementUser.ps1" />
     <Compile Include="Scripts\Import-AzApiManagementProductPolicy.ps1" />
     <Compile Include="Scripts\Remove-AzApiManagementDefaults.ps1" />
     <Compile Include="Scripts\Import-AzApiManagementApiPolicy.ps1" />
diff --git a/src/Arcus.Scripting.ApiManagement/Scripts/Create-AzApiManagementUser.ps1 b/src/Arcus.Scripting.ApiManagement/Scripts/Create-AzApiManagementUser.ps1
@@ -0,0 +1,85 @@
+param(
+    [string][Parameter(Mandatory = $true)] $ResourceGroupName = $(throw "Resource group name is required"),
+    [string][parameter(Mandatory = $true)] $ServiceName = $(throw "API management service name is required"),
+    [string][parameter(Mandatory = $true)] $FirstName = $(throw "The first name of the user is required"),
+    [string][parameter(Mandatory = $true)] $LastName = $(throw "The last name of the user is required"),
+    [string][parameter(Mandatory = $true)] $MailAddress = $(throw "The mail-address of the user is required"),
+    [string][parameter(Mandatory = $false)] $UserId = $($MailAddress -replace '\W', '-'),
+    [string][parameter(Mandatory = $false)] $Password,
+    [string][parameter(Mandatory = $false)] $Note,
+    [switch][parameter(Mandatory = $false)] $SendNotification = $false,
+    [string][parameter(Mandatory = $false)][ValidateSet('invite', 'signup')] $ConfirmationType = "invite",
+    [string][parameter(Mandatory = $false)] $ApiVersion = "2021-08-01",
+    [string][parameter(Mandatory = $false)] $SubscriptionId,
+    [string][parameter(Mandatory = $false)] $AccessToken
+)
+
+$apimContext = Get-AzApiManagement -ResourceGroupName $ResourceGroupName -Name $ServiceName
+if ($apimContext -eq $null) {
+    throw "Unable to find the Azure API Management Instance $ServiceName in resource group $ResourceGroupName"
+}
+
+if ($SubscriptionId -eq "" -or $AccessToken -eq "") {
+    # Request accessToken in case the script contains no records
+    $token = Get-AzCachedAccessToken
+
+    $AccessToken = $token.AccessToken
+    $SubscriptionId = $token.SubscriptionId
+}
+
+$apimMgmtEndpoint = "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.ApiManagement/service/$ServiceName/users/$($UserId)?notify=$SendNotification&api-version=$ApiVersion"
+$fullUrl = $apimMgmtEndpoint.Replace('{subscriptionId}', $SubscriptionId)
+    
+try
+{
+    if($ConfirmationType -eq 'invite')
+    {
+        Write-Host "Attempting to invite $FirstName $LastName ($mailAddress)"
+    }
+    else
+    {
+        Write-Host "Attempting to create account for $FirstName $LastName ($mailAddress)"
+    }
+
+    $jsonRequest = ConvertTo-Json -Depth 3 @{
+        'properties' = @{
+            'firstName' = $FirstName
+            'lastName' = $LastName
+            'email' = $MailAddress
+            'confirmation' = $ConfirmationType
+            'password' = $Password
+            'note' = $Note
+        }
+    }
+
+    $params = @{
+        Method = 'Put'
+        Headers = @{ 
+	        'authorization'="Bearer $AccessToken"
+        }
+        URI = $fullUrl
+        Body = $jsonRequest
+    }
+
+    $web = Invoke-WebRequest @params -ErrorAction Stop
+   
+    Write-Verbose $web
+
+    if($ConfirmationType -eq 'invite')
+    {
+        Write-Host "Invitation has been sent to $FirstName $LastName ($mailAddress)"
+    }
+    else
+    {
+        Write-Host "Account has been created for $FirstName $LastName ($mailAddress)"
+        if($Password -eq $null -or $Password -eq ""){
+            Write-Host "Since no password was provided, one has been generated. Please advise the user to change this password the first time logging in"
+        }
+    }
+
+    return $UserId
+}
+catch {
+    Write-Host $_
+    throw "Failed to create an account for $FirstName $LastName ($MailAddress) in the APIM instance $ServiceName"
+}
diff --git a/src/Arcus.Scripting.Tests.Unit/Arcus.Scripting.ApiManagement.tests.ps1 b/src/Arcus.Scripting.Tests.Unit/Arcus.Scripting.ApiManagement.tests.ps1
