Log exception for permissions failure

zahalzel · zahalzel · commit 84009ff502a5 · 2022-08-29T12:23:17.000-07:00
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/MicrosoftIdentityPlatform/MicrosoftIdentityPlatformApplicationManager.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/MicrosoftIdentityPlatform/MicrosoftIdentityPlatformApplicationManager.cs
@@ -4,6 +4,7 @@
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
+using System.Text;
 using System.Threading.Tasks;
 using Azure.Core;
 using Microsoft.DotNet.MSIdentity.AuthenticationParameters;
@@ -16,6 +17,8 @@ namespace Microsoft.DotNet.MSIdentity.MicrosoftIdentityPlatformApplication
 {
     public class MicrosoftIdentityPlatformApplicationManager
     {
+        private StringBuilder _output = new StringBuilder();
+
         const string MicrosoftGraphAppId = "00000003-0000-0000-c000-000000000000";
         const string ScopeType = "Scope";
 
@@ -200,6 +203,8 @@ internal async Task<JsonResponse> UpdateApplication(
                 return new JsonResponse(commandName, State.Fail, output: string.Format(Resources.FailedToUpdateAppNull, nameof(ApplicationParameters)));
             }
 
+            StringBuilder output = new StringBuilder();
+
             var graphServiceClient = GetGraphServiceClient(tokenCredential);
 
             var remoteApp = (await graphServiceClient.Applications.Request()
@@ -222,7 +227,7 @@ internal async Task<JsonResponse> UpdateApplication(
                     return new JsonResponse(commandName, State.Fail, output: Resources.FailedToGetServicePrincipal);
                 }
 
-                await AddDownstreamApiPermissions(toolOptions.ApiScopes, graphServiceClient, appUpdates, servicePrincipal);
+                await AddDownstreamApiPermissions(toolOptions.ApiScopes, graphServiceClient, appUpdates, servicePrincipal, output);
                 needsUpdates = true;
             }
 
@@ -235,15 +240,17 @@ internal async Task<JsonResponse> UpdateApplication(
             {
                 // TODO: update other fields, see https://github.com/jmprieur/app-provisonning-tool/issues/10
                 var updatedApp = await graphServiceClient.Applications[remoteApp.Id].Request().UpdateAsync(appUpdates);
-                return new JsonResponse(commandName, State.Success, output: string.Format(Resources.SuccessfullyUpdatedApp, remoteApp.DisplayName, remoteApp.AppId));
+                output.Append(string.Format(Resources.SuccessfullyUpdatedApp, remoteApp.DisplayName));
+                return new JsonResponse(commandName, State.Success, output.ToString(), remoteApp.AppId));
             }
             catch (ServiceException se)
             {
-                return new JsonResponse(commandName, State.Fail, output: se.Error?.Message);
+                output.Append(se.Error?.Message);
+                return new JsonResponse(commandName, State.Fail, output.ToString());
             }
         }
 
-        internal static async Task AddDownstreamApiPermissions(string? apiScopes, GraphServiceClient graphServiceClient, Application appUpdates, ServicePrincipal servicePrincipal)
+        internal static async Task AddDownstreamApiPermissions(string? apiScopes, GraphServiceClient graphServiceClient, Application appUpdates, ServicePrincipal servicePrincipal, StringBuilder output)
         {
             IEnumerable<IGrouping<string, ResourceAndScope>>? scopesPerResource = await AddApiPermissions(
                 apiScopes,
@@ -254,7 +261,8 @@ internal static async Task AddDownstreamApiPermissions(string? apiScopes, GraphS
             await AddAdminConsentToApiPermissions(
                 graphServiceClient,
                 servicePrincipal,
-                scopesPerResource);
+                scopesPerResource,
+                output);
         }
 
         private static async Task<ServicePrincipal?> GetOrCreateSP(GraphServiceClient graphServiceClient, string? clientId)
@@ -546,7 +554,8 @@ internal static async Task ExposeWebApiScopes(GraphServiceClient graphServiceCli
         private static async Task AddAdminConsentToApiPermissions(
             GraphServiceClient graphServiceClient,
             ServicePrincipal servicePrincipal,
-            IEnumerable<IGrouping<string, ResourceAndScope>>? scopesPerResource)
+            IEnumerable<IGrouping<string, ResourceAndScope>>? scopesPerResource,
+            StringBuilder output)
         {
             // Consent to the scopes
             if (scopesPerResource != null)
@@ -576,7 +585,7 @@ await graphServiceClient.Oauth2PermissionGrants
                     }
                     catch (Microsoft.Graph.ServiceException ex)
                     {
-                        // Permission already exists
+                        output.AppendLine(ex.Message);
                     }
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`using System.Collections.Generic;`
`5`	`5`	`using System.Globalization;`
`6`	`6`	`using System.Linq;`
	`7`	`+using System.Text;`
`7`	`8`	`using System.Threading.Tasks;`
`8`	`9`	`using Azure.Core;`
`9`	`10`	`using Microsoft.DotNet.MSIdentity.AuthenticationParameters;`
`@@ -16,6 +17,8 @@ namespace Microsoft.DotNet.MSIdentity.MicrosoftIdentityPlatformApplication`
`16`	`17`	`{`
`17`	`18`	`public class MicrosoftIdentityPlatformApplicationManager`
`18`	`19`	`{`
	`20`	`+ private StringBuilder _output = new StringBuilder();`
	`21`	`+`
`19`	`22`	`const string MicrosoftGraphAppId = "00000003-0000-0000-c000-000000000000";`
`20`	`23`	`const string ScopeType = "Scope";`
`21`	`24`
`@@ -200,6 +203,8 @@ internal async Task<JsonResponse> UpdateApplication(`
`200`	`203`	`return new JsonResponse(commandName, State.Fail, output: string.Format(Resources.FailedToUpdateAppNull, nameof(ApplicationParameters)));`
`201`	`204`	`}`
`202`	`205`
	`206`	`+ StringBuilder output = new StringBuilder();`
	`207`	`+`
`203`	`208`	`var graphServiceClient = GetGraphServiceClient(tokenCredential);`
`204`	`209`
`205`	`210`	`var remoteApp = (await graphServiceClient.Applications.Request()`
`@@ -222,7 +227,7 @@ internal async Task<JsonResponse> UpdateApplication(`
`222`	`227`	`return new JsonResponse(commandName, State.Fail, output: Resources.FailedToGetServicePrincipal);`
`223`	`228`	`}`
`224`	`229`
`225`		`- await AddDownstreamApiPermissions(toolOptions.ApiScopes, graphServiceClient, appUpdates, servicePrincipal);`
	`230`	`+ await AddDownstreamApiPermissions(toolOptions.ApiScopes, graphServiceClient, appUpdates, servicePrincipal, output);`
`226`	`231`	`needsUpdates = true;`
`227`	`232`	`}`
`228`	`233`
`@@ -235,15 +240,17 @@ internal async Task<JsonResponse> UpdateApplication(`
`235`	`240`	`{`
`236`	`241`	`// TODO: update other fields, see https://github.com/jmprieur/app-provisonning-tool/issues/10`
`237`	`242`	`var updatedApp = await graphServiceClient.Applications[remoteApp.Id].Request().UpdateAsync(appUpdates);`
`238`		`- return new JsonResponse(commandName, State.Success, output: string.Format(Resources.SuccessfullyUpdatedApp, remoteApp.DisplayName, remoteApp.AppId));`
	`243`	`+ output.Append(string.Format(Resources.SuccessfullyUpdatedApp, remoteApp.DisplayName));`
	`244`	`+ return new JsonResponse(commandName, State.Success, output.ToString(), remoteApp.AppId));`
`239`	`245`	`}`
`240`	`246`	`catch (ServiceException se)`
`241`	`247`	`{`
`242`		`- return new JsonResponse(commandName, State.Fail, output: se.Error?.Message);`
	`248`	`+ output.Append(se.Error?.Message);`
	`249`	`+ return new JsonResponse(commandName, State.Fail, output.ToString());`
`243`	`250`	`}`
`244`	`251`	`}`
`245`	`252`
`246`		`- internal static async Task AddDownstreamApiPermissions(string? apiScopes, GraphServiceClient graphServiceClient, Application appUpdates, ServicePrincipal servicePrincipal)`
	`253`	`+ internal static async Task AddDownstreamApiPermissions(string? apiScopes, GraphServiceClient graphServiceClient, Application appUpdates, ServicePrincipal servicePrincipal, StringBuilder output)`
`247`	`254`	`{`
`248`	`255`	`IEnumerable<IGrouping<string, ResourceAndScope>>? scopesPerResource = await AddApiPermissions(`
`249`	`256`	`apiScopes,`
`@@ -254,7 +261,8 @@ internal static async Task AddDownstreamApiPermissions(string? apiScopes, GraphS`
`254`	`261`	`await AddAdminConsentToApiPermissions(`
`255`	`262`	`graphServiceClient,`
`256`	`263`	`servicePrincipal,`
`257`		`- scopesPerResource);`
	`264`	`+ scopesPerResource,`
	`265`	`+ output);`
`258`	`266`	`}`
`259`	`267`
`260`	`268`	`private static async Task<ServicePrincipal?> GetOrCreateSP(GraphServiceClient graphServiceClient, string? clientId)`
`@@ -546,7 +554,8 @@ internal static async Task ExposeWebApiScopes(GraphServiceClient graphServiceCli`
`546`	`554`	`private static async Task AddAdminConsentToApiPermissions(`
`547`	`555`	`GraphServiceClient graphServiceClient,`
`548`	`556`	`ServicePrincipal servicePrincipal,`
`549`		`- IEnumerable<IGrouping<string, ResourceAndScope>>? scopesPerResource)`
	`557`	`+ IEnumerable<IGrouping<string, ResourceAndScope>>? scopesPerResource,`
	`558`	`+ StringBuilder output)`
`550`	`559`	`{`
`551`	`560`	`// Consent to the scopes`
`552`	`561`	`if (scopesPerResource != null)`
`@@ -576,7 +585,7 @@ await graphServiceClient.Oauth2PermissionGrants`
`576`	`585`	`}`
`577`	`586`	`catch (Microsoft.Graph.ServiceException ex)`
`578`	`587`	`{`
`579`		`- // Permission already exists`
	`588`	`+ output.AppendLine(ex.Message);`
`580`	`589`	`}`
`581`	`590`	`}`
`582`	`591`	`}`