public/Workspace/Get-FabricWorkspaceRoleAssignment.ps1
|
<#
.SYNOPSIS Retrieves role assignments for a specified Fabric workspace. .DESCRIPTION The `Get-FabricWorkspaceRoleAssignments` function fetches the role assignments associated with a Fabric workspace by making a GET request to the API. If `WorkspaceRoleAssignmentId` is provided, it retrieves the specific role assignment. .PARAMETER WorkspaceId The unique identifier of the workspace to fetch role assignments for. .PARAMETER WorkspaceRoleAssignmentId (Optional) The unique identifier of a specific role assignment to retrieve. .EXAMPLE Get-FabricWorkspaceRoleAssignments -WorkspaceId "workspace123" Fetches all role assignments for the workspace with the ID "workspace123". .EXAMPLE Get-FabricWorkspaceRoleAssignments -WorkspaceId "workspace123" -WorkspaceRoleAssignmentId "role123" Fetches the role assignment with the ID "role123" for the workspace "workspace123". .NOTES - Requires `$FabricConfig` global configuration, including `BaseUrl` and `FabricHeaders`. - Calls `Test-TokenExpired` to ensure token validity before making the API request. Author: Tiago Balabuch #> function Get-FabricWorkspaceRoleAssignment { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string]$WorkspaceId, [Parameter(Mandatory = $false)] [ValidateNotNullOrEmpty()] [string]$WorkspaceRoleAssignmentId ) try { # Step 1: Ensure token validity Write-Message -Message "Validating token..." -Level Debug Test-TokenExpired Write-Message -Message "Token validation completed." -Level Debug # Step 3: Initialize variables $continuationToken = $null $workspaceRoles = @() if (-not ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GetName().Name -eq "System.Web" })) { Add-Type -AssemblyName System.Web } # Step 4: Loop to retrieve all capacities with continuation token Write-Message -Message "Loop started to get continuation token" -Level Debug $baseApiEndpointUrl = "{0}/workspaces/{1}/roleAssignments" -f $FabricConfig.BaseUrl, $WorkspaceId do { # Step 5: Construct the API URL $apiEndpointUrl = $baseApiEndpointUrl if ($null -ne $continuationToken) { # URL-encode the continuation token $encodedToken = [System.Web.HttpUtility]::UrlEncode($continuationToken) $apiEndpointUrl = "{0}?continuationToken={1}" -f $apiEndpointUrl, $encodedToken } Write-Message -Message "API Endpoint: $apiEndpointUrl" -Level Debug # Step 6: Make the API request $response = Invoke-RestMethod ` -Headers $FabricConfig.FabricHeaders ` -Uri $apiEndpointUrl ` -Method Get ` -ErrorAction Stop ` -SkipHttpErrorCheck ` -ResponseHeadersVariable "responseHeader" ` -StatusCodeVariable "statusCode" # Step 7: Validate the response code if ($statusCode -ne 200) { Write-Message -Message "Unexpected response code: $statusCode from the API." -Level Error Write-Message -Message "Error: $($response.message)" -Level Error Write-Message -Message "Error Details: $($response.moreDetails)" -Level Error Write-Message "Error Code: $($response.errorCode)" -Level Error return $null } # Step 8: Add data to the list if ($null -ne $response) { Write-Message -Message "Adding data to the list" -Level Debug $workspaceRoles += $response.value # Update the continuation token if present if ($response.PSObject.Properties.Match("continuationToken")) { Write-Message -Message "Updating the continuation token" -Level Debug $continuationToken = $response.continuationToken Write-Message -Message "Continuation token: $continuationToken" -Level Debug } else { Write-Message -Message "Updating the continuation token to null" -Level Debug $continuationToken = $null } } else { Write-Message -Message "No data received from the API." -Level Warning break } } while ($null -ne $continuationToken) Write-Message -Message "Loop finished and all data added to the list" -Level Debug # Step 8: Filter results based on provided parameters $roleAssignments = if ($WorkspaceRoleAssignmentId) { $workspaceRoles | Where-Object { $_.Id -eq $WorkspaceRoleAssignmentId } } else { $workspaceRoles } # Step 9: Handle results if ($roleAssignments) { Write-Message -Message "Found $($roleAssignments.Count) role assignments for WorkspaceId '$WorkspaceId'." -Level Debug # Transform data into custom objects $results = foreach ($obj in $roleAssignments) { [PSCustomObject]@{ ID = $obj.id PrincipalId = $obj.principal.id DisplayName = $obj.principal.displayName Type = $obj.principal.type UserPrincipalName = $obj.principal.userDetails.userPrincipalName aadAppId = $obj.principal.servicePrincipalDetails.aadAppId Role = $obj.role } } return $results } else { if ($WorkspaceRoleAssignmentId) { Write-Message -Message "No role assignment found with ID '$WorkspaceRoleAssignmentId' for WorkspaceId '$WorkspaceId'." -Level Warning } else { Write-Message -Message "No role assignments found for WorkspaceId '$WorkspaceId'." -Level Warning } return @() } } catch { # Step 10: Capture and log error details $errorDetails = $_.Exception.Message Write-Message -Message "Failed to retrieve role assignments for WorkspaceId '$WorkspaceId'. Error: $errorDetails" -Level Error } } |