Ejemplo n.º 1
0
        private EnvironmentRoleAssignments GetEnvironmentRolesForPortalRole(PortalRole userRole)
        {
            EnvironmentRoleAssignments roleAssignments = null;

            switch (userRole)
            {
            case PortalRole.Reader:
                roleAssignments = EnvironmentReaderRoles;
                break;

            case PortalRole.PoolManager:
                roleAssignments = EnvironmentPoolManagerRoles;
                break;

            case PortalRole.Owner:
                roleAssignments = EnvironmentOwnerRoles;
                break;
            }

            if (roleAssignments == null)
            {
                throw new Exception($"No role assignments configured for role {userRole}");
            }

            return(roleAssignments);
        }
Ejemplo n.º 2
0
        private async Task AssignRolesToUser(Guid objectId, RenderingEnvironment environment, EnvironmentRoleAssignments roleAssignments)
        {
            var identity = new Identity.Identity {
                ObjectId = objectId
            };

            // Assign RG permissions
            // We want to give the correct permissions to the environment RG,
            // but we also need to give Reader permissions to the other RGs so
            // we can query cost information.

            // ResourceId => RoleName
            var resourceIdsToRoles = environment.ExtractResourceGroupNames().ToDictionary(
                rgName => $"/subscriptions/{environment.SubscriptionId}/resourceGroups/{rgName}",
                rgName => rgName == environment.ResourceGroupName ? roleAssignments.EnvironmentResourceGroupRole : "Reader");

            // Add the explicit resource roles
            resourceIdsToRoles[environment.BatchAccount.ResourceId]               = roleAssignments.BatchRole;
            resourceIdsToRoles[environment.StorageAccount.ResourceId]             = roleAssignments.StorageRole;
            resourceIdsToRoles[environment.KeyVault.ResourceId]                   = roleAssignments.KeyVaultRole;
            resourceIdsToRoles[environment.ApplicationInsightsAccount.ResourceId] = roleAssignments.ApplicationInsightsRole;
            resourceIdsToRoles[environment.Subnet.VnetResourceId]                 = roleAssignments.VNetRole;

            await Task.WhenAll(resourceIdsToRoles.Select(
                                   kvp => _azureResourceProvider.AssignRoleToIdentityAsync(
                                       environment.SubscriptionId,
                                       kvp.Key,   // ResourceId/scope
                                       kvp.Value, // Role
                                       identity)));
        }
Ejemplo n.º 3
0
        public async Task AssignRoleToUser(RenderingEnvironment environment, Guid objectId, PortalRole userRole)
        {
            EnvironmentRoleAssignments roleAssignments = GetEnvironmentRolesForPortalRole(userRole);

            await AssignRolesToUser(objectId, environment, roleAssignments);
        }