initial commit

.github/scripts/cd/Add-ManagedIdentityRole.ps1

@@ -0,0 +1,25 @@
+#-----------------------------------------------------------------------
+# Add-RoleToManagedIdentity [ObjectId [<String>]] [ApplicationId [<String>]] [Permission [<String>]] 
+#
+# Example: .\Add-RoleToManagedIdentity -ObjectId 00000000-0000-0000-0000-000000000000 -ApplicationId 00000000-0000-0000-0000-000000000000
+#                   -Permission User.Read.All
+#
+# The app IDs of the Microsoft APIs are the same in all tenants:
+#   Microsoft Graph: 00000003-0000-0000-c000-000000000000
+#   SharePoint Online: 00000003-0000-0ff1-ce00-000000000000
+#-----------------------------------------------------------------------
+
+# ***
+# *** Parameters
+# ***
+[Cmdletbinding()]
+Param(
+    [Parameter(Mandatory = $true)][string]$ObjectId=$(throw 'ObjectId is a required parameter. (Your Managed Identity Object Id to get new roles)'),
+    [Parameter(Mandatory = $true)][string]$ApplicationId=$(throw 'ApplicationId is a required parameter. (The Application Id of the resource to access)'),
+    [Parameter(Mandatory = $true)][string]$Permission=$(throw 'Permission is a required parameter. (I.e. "User.Read.All", "User.Invite.All", "GroupMember.ReadWrite.All")')
+)
+
+Connect-AzureAD
+$app = Get-AzureADServicePrincipal -Filter "AppId eq '$ApplicationId'"
+$role = $app.AppRoles | where Value -Like $Permission | Select-Object -First 1
+New-AzureADServiceAppRoleAssignment -Id $role.Id -ObjectId $ObjectId -PrincipalId $ObjectId -ResourceId $app.ObjectId

.github/scripts/cd/Get-ManagedIdentityRole.ps1

@@ -0,0 +1,29 @@
+#-----------------------------------------------------------------------
+# Get-ManagedIdentityRole [ObjectId [<String>]] [ApplicationId [<String>]]
+#
+# Example: .\Get-ManagedIdentityRole -ObjectId 00000000-0000-0000-0000-000000000000 -ApplicationId 00000000-0000-0000-0000-000000000000
+#
+# The app IDs of the Microsoft APIs are the same in all tenants:
+#   Microsoft Graph: 00000003-0000-0000-c000-000000000000
+#   SharePoint Online: 00000003-0000-0ff1-ce00-000000000000
+#-----------------------------------------------------------------------
+
+# ***
+# *** Parameters
+# ***
+[Cmdletbinding()]
+Param(
+    [Parameter(Mandatory = $true)][string]$ObjectId=$(throw 'ObjectId is a required parameter. (Your Managed Identity Object Id to get new roles)'),
+    [Parameter(Mandatory = $true)][string]$ApplicationId=$(throw 'ApplicationId is a required parameter. (The Application Id of the resource to access)')
+)
+
+Connect-AzureAD
+
+$app = Get-AzureADServicePrincipal -Filter "AppId eq '$ApplicationId'"
+
+$appRoles = Get-AzureADServiceAppRoleAssignment -ObjectId $app.ObjectId | where PrincipalId -eq $ObjectId
+
+foreach ($appRole in $appRoles) {
+    $role = $app.AppRoles | where Id -eq $appRole.Id | Select-Object -First 1
+    write-host $role.Value
+}

.github/scripts/cd/Remove-ManagedIdentityRole.ps1

@@ -0,0 +1,30 @@
+#-----------------------------------------------------------------------
+# Remove-ManagedIdentityRole [ObjectId [<String>]] [ApplicationId [<String>]] [Permission [<String>]] 
+#
+# Example: .\Remove-ManagedIdentityRole -ObjectId 00000000-0000-0000-0000-000000000000 -ApplicationId 00000000-0000-0000-0000-000000000000
+#                   -Permission User.Read.All
+#
+# The app IDs of the Microsoft APIs are the same in all tenants:
+#   Microsoft Graph: 00000003-0000-0000-c000-000000000000
+#   SharePoint Online: 00000003-0000-0ff1-ce00-000000000000
+#-----------------------------------------------------------------------
+
+# ***
+# *** Parameters
+# ***
+[Cmdletbinding()]
+Param(
+    [Parameter(Mandatory = $true)][string]$ObjectId=$(throw 'ObjectId is a required parameter. (Your Managed Identity Object Id to get new roles)'),
+    [Parameter(Mandatory = $true)][string]$ApplicationId=$(throw 'ApplicationId is a required parameter. (The Application Id of the resource to access)'),
+    [Parameter(Mandatory = $true)][string]$Permission=$(throw 'Permission is a required parameter. (I.e. "User.Read.All", "User.Invite.All", "GroupMember.ReadWrite.All")')
+)
+
+Connect-AzureAD
+$app = Get-AzureADServicePrincipal -Filter "AppId eq '$ApplicationId'"
+$appRoles = Get-AzureADServiceAppRoleAssignment -ObjectId $app.ObjectId | where PrincipalId -eq $ObjectId
+foreach ($appRole in $appRoles) {
+    $role = $app.AppRoles | where Id -eq $appRole.Id | Select-Object -First 1
+    if ($Permission.Contains($role.Value)) {
+        Remove-AzureADServiceAppRoleAssignment -ObjectId $app.ObjectId -AppRoleAssignmentId $appRole.ObjectId
+    }    
+}

.github/scripts/ci/Set-Version.ps1

@@ -0,0 +1,86 @@
+#-----------------------------------------------------------------------
+# Set-Version [-Path [<String>]] [-VersionToReplace [<String>]]  [-Type [<String>]] 
+#
+# Example: .\Set-Version -Path \\source\path -Major 1
+#-----------------------------------------------------------------------
+
+# ***
+# *** Parameters
+# ***
+param
+(
+	[Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)]
+    [string] $Path=$(throw '-Path is a required parameter. i.e. $(Build.SourcesDirectory)'),
+	[Version] $VersionToReplace='1.0.0',
+	[String] $Major='-1',
+	[String] $Minor='-1',
+	[String] $Revision='-1',
+	[String] $Build='-1',
+	[String] $Patch='-1',
+	[String] $PreRelease='-1',
+	[String] $CommitHash='-1'
+)
+
+# ***
+# *** Initialize
+# ***
+if ($IsWindows) { Set-ExecutionPolicy Unrestricted -Scope Process -Force }
+$VerbosePreference = 'SilentlyContinue' #'Continue'
+if ($MyInvocation.MyCommand -and $MyInvocation.MyCommand.Path) {
+	[String]$ThisScript = $MyInvocation.MyCommand.Path
+	[String]$ThisDir = Split-Path $ThisScript
+	[DateTime]$Now = Get-Date
+	Write-Debug "*****************************"
+	Write-Debug "*** Starting: $ThisScript on $Now"
+	Write-Debug "*****************************"
+	# Imports
+	Import-Module "$ThisDir/../System.psm1"
+} else {
+	Write-Verbose "No script file context detected. Skipping module import."
+}
+
+# ***
+# *** Validate and cleanse
+# ***
+If($IsWindows){
+	$Path = Set-Unc -Path $Path
+}
+
+# ***
+# *** Locals
+# ***
+
+# ***
+# *** Execute
+# ***
+$Major = $Major.Replace('-1', $VersionToReplace.ToString().Substring(0,1)) # Static 1, 2, 3
+$Minor = $Minor.Replace('-1', (Get-Date -UFormat '%Y').ToString().Substring(2,2)) # Year YYYY 2023
+$Revision = $Revision.Replace('-1', (Get-Date -UFormat '%j').ToString()) # DayOfYear D[DD]1-365
+$Build = $Build.Replace('-1', (Get-Date -UFormat '%H%M').ToString()) # HrMin 1937
+$Patch = $Patch.Replace('-1', (Get-Date -UFormat '%m').ToString()) # Month mm
+$PreRelease = $PreRelease.Replace('-1', '') # -alpha
+$CommitHash = $CommitHash.Replace('-1', '') # +204ff0a
+
+
+# Version Formats
+$FileVersion = "$Major.$Minor.$Revision.$Build" # Ref: https://learn.microsoft.com/en-us/dotnet/standard/library-guidance/versioning
+$AssemblyVersion = "$Major.$Minor.0.0"
+$InformationalVersion = "$Major.$Minor.$Revision$PreRelease$CommitHash"
+$SemanticVersion = "$Major.$Minor.$Patch$PreRelease"
+Write-Debug "FileVersion: $FileVersion SemanticVersion: $SemanticVersion AssemblyVersion: $AssemblyVersion InformationalVersion: $InformationalVersion"
+
+# Package.json version
+Update-LineByContains -Path $Path -Contains 'version' -Line """version"": ""$FileVersion""," -Include package.json
+# OpenApiConfigurationOptions.cs version
+Update-LineByContains -Path $Path -Contains 'Version' -Line "Version = ""$AssemblyVersion""," -Include OpenApiConfigurationOptions.cs
+# *.csproj C# Project files
+Update-ContentsByTag -Path $Path -Value $FileVersion -Open '<Version>' -Close '</Version>' -Include *.csproj
+# *.nuspec NuGet packages
+Update-ContentsByTag -Path $Path -Value $SemanticVersion -Open '<version>' -Close '</version>' -Include *.nuspec
+# Assembly.cs C# assembly manifest
+Update-LineByContains -Path $Path -Contains "FileVersion(" -Line "[assembly: FileVersion(""$FileVersion"")]" -Include AssemblyInfo.cs
+Update-LineByContains -Path $Path -Contains "AssemblyVersion(" -Line "[assembly: AssemblyVersion(""$AssemblyVersion"")]" -Include AssemblyInfo.cs
+# *.vsixmanifest VSIX Visual Studio Templates
+Update-TextByContains -Path $Path -Contains "<Identity Id" -Old $VersionToReplace -New $FileVersion -Include *.vsixmanifest
+
+Write-Output $FileVersion

.github/scripts/iac/Copy-Custompolicy.ps1

@@ -0,0 +1,85 @@
+#-----------------------------------------------------------------------
+# Copy-CustomPolicy [ClientId [<String>]] [ClientSecret [<String>]] [TenantId [<String>]] 
+#                   [Folder [<String>]] [Files [<String>]]
+#
+# Example: .\Copy-CustomPolicy -ClientId 00000000-0000-0000-0000-000000000000 -ClientSecret xxxxx -TenantId 00000000-0000-0000-0000-000000000000
+#                   -Folder $(System.DefaultWorkingDirectory)/policy/B2CAssets/ 
+#                   -Files "TrustFrameworkBase.xml,TrustFrameworkLocalization.xml,TrustFrameworkExtensions.xml,SignUpOrSignin.xml,ProfileEdit.xml,PasswordReset.xml"
+#-----------------------------------------------------------------------
+
+# ***
+# *** Parameters
+# ***
+[Cmdletbinding()]
+Param(
+    [Parameter(Mandatory = $true)][string]$ClientId,
+    [Parameter(Mandatory = $true)][string]$ClientSecret,
+    [Parameter(Mandatory = $true)][string]$TenantId,
+    [Parameter(Mandatory = $true)][string]$Folder,
+    [Parameter(Mandatory = $true)][string]$Files
+)
+
+try {
+    $body = @{grant_type = "client_credentials"; scope = "https://graph.microsoft.com/.default"; client_id = $ClientId; client_secret = $ClientSecret }
+
+    $response = Invoke-RestMethod -Uri https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token -Method Post -Body $body
+    $token = $response.access_token
+
+    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
+    $headers.Add("Content-Type", 'application/xml')
+    $headers.Add("Authorization", 'Bearer ' + $token)
+
+    # Get the list of files to upload
+    $filesArray = $Files.Split(",")
+
+    Foreach ($file in $filesArray) {
+
+        $filePath = $Folder + $file.Trim()
+
+        # Check if file exists
+        $FileExists = Test-Path -Path $filePath -PathType Leaf
+
+        if ($FileExists) {
+            $policycontent = Get-Content $filePath
+
+            # Optional: Change the content of the policy. For example, replace the tenant-name with your tenant name.
+            # $policycontent = $policycontent.Replace("your-tenant.onmicrosoft.com", "contoso.onmicrosoft.com")     
+
+
+            # Get the policy name from the XML document
+            $match = Select-String -InputObject $policycontent  -Pattern '(?<=\bPolicyId=")[^"]*'
+
+            If ($match.matches.groups.count -ge 1) {
+                $PolicyId = $match.matches.groups[0].value
+
+                Write-Host "Uploading the" $PolicyId "policy..."
+
+                $graphuri = 'https://graph.microsoft.com/beta/trustframework/policies/' + $PolicyId + '/$value'
+                $response = Invoke-RestMethod -Uri $graphuri -Method Put -Body $policycontent -Headers $headers
+
+                Write-Host "Policy" $PolicyId "uploaded successfully."
+            }
+        }
+        else {
+            $warning = "File " + $filePath + " couldn't be not found."
+            Write-Warning -Message $warning
+        }
+    }
+}
+catch {
+    Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
+
+    $_
+
+    $streamReader = [System.IO.StreamReader]::new($_.Exception.Response.GetResponseStream())
+    $streamReader.BaseStream.Position = 0
+    $streamReader.DiscardBufferedData()
+    $errResp = $streamReader.ReadToEnd()
+    $streamReader.Close()
+
+    $ErrResp
+
+    exit 1
+}
+
+exit 0

.github/scripts/iac/Install-AzureCli.ps1

@@ -0,0 +1 @@
+Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'

.github/scripts/iac/New-AzServicePrinciple.ps1

@@ -0,0 +1,57 @@
+#-----------------------------------------------------------------------
+# New-AzServicePrinciple [-Name [<String>]] [-TenantId [<Guid>]] [-SubscriptionId [<Guid>]]
+#
+# Example: .\New-AzServicePrinciple -Name -TenantId -SubscriptionId
+# CLI: az ad sp create-for-rbac --name "myApp" --role contributor \
+#        --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} --sdk-auth
+#-----------------------------------------------------------------------
+
+# ***
+# *** Parameters
+# ***
+param
+(
+    [string] $Name=$(throw '-Name is a required parameter. (myco-product-environment)'),
+    [string] $TenantId=$(throw '-TenantId is a required parameter. (00000000-0000-0000-0000-000000000000)'),
+    [string] $SubscriptionId=$(throw '-SubscriptionId is a required parameter. (00000000-0000-0000-0000-000000000000)')
+)
+
+# ***
+# *** Initialize
+# ***
+if ($IsWindows) { Set-ExecutionPolicy Unrestricted -Scope Process -Force }
+$VerbosePreference = 'SilentlyContinue' #'Continue'
+[String]$ThisScript = $MyInvocation.MyCommand.Path
+[String]$ThisDir = Split-Path $ThisScript
+[DateTime]$Now = Get-Date
+Set-Location $ThisDir # Ensure our location is correct, so we can use relative paths
+Write-Host "*****************************"
+Write-Host "*** Starting: $ThisScript on $Now"
+Write-Host "*****************************"
+# Imports
+Import-Module "../System.psm1"
+Install-Module -Name Az.Accounts -AllowClobber -Scope CurrentUser
+Install-Module -Name Az.Resources -AllowClobber -Scope CurrentUser
+
+# ***
+# *** Auth
+# ***
+Write-Host "*** Auth ***"
+Connect-AzAccount -Tenant $TenantId -Subscription $SubscriptionId
+
+$sp = New-AzADServicePrincipal -DisplayName $Name 
+$clientsec = [System.Net.NetworkCredential]::new("", $sp.passwordCredentials.secretText).Password
+$jsonresp = 
+    @{clientId=$sp.appId 
+        clientSecret=$clientsec
+        subscriptionId=$SubscriptionId
+        tenantId=$TenantId
+        activeDirectoryEndpointUrl='https://login.microsoftonline.com'
+        resourceManagerEndpointUrl='https://management.azure.com/'
+        activeDirectoryGraphResourceId='https://graph.windows.net/'
+        sqlManagementEndpointUrl='https://management.core.windows.net:8443/'
+        galleryEndpointUrl='https://gallery.azure.com/'
+        managementEndpointUrl='https://management.core.windows.net/'        
+        }
+$jsonresp | ConvertTo-Json
+