/// <summary>
/// Creates a <see cref="KeyVaultRoleAssignment"/>.
/// </summary>
/// <param name="roleScope">The scope of the role assignment to create.</param>
/// <param name="roleDefinitionId">The role definition ID used in the role assignment.</param>
/// <param name="principalId">The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.</param>
/// <param name="roleAssignmentName">Optional name used to create the role assignment. A new <see cref="Guid"/> will be generated if not specified.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleDefinitionId"/> or <paramref name="principalId"/> is null.</exception>
/// <exception cref="ArgumentException"><paramref name="roleDefinitionId"/> or <paramref name="principalId"/> is empty.</exception>
/// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns>
public virtual Response <KeyVaultRoleAssignment> CreateRoleAssignment(KeyVaultRoleScope roleScope, string roleDefinitionId, string principalId, Guid?roleAssignmentName = null, CancellationToken cancellationToken = default)
{
Argument.AssertNotNullOrEmpty(roleDefinitionId, nameof(roleDefinitionId));
Argument.AssertNotNullOrEmpty(principalId, nameof(principalId));
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}");
scope.Start();
try
{
var _name = (roleAssignmentName ?? Guid.NewGuid()).ToString();
var properties = new KeyVaultRoleAssignmentProperties(roleDefinitionId, principalId);
return(_assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
internal static KeyVaultRoleAssignment DeserializeKeyVaultRoleAssignment(JsonElement element)
{
Optional <string> id = default;
Optional <string> name = default;
Optional <string> type = default;
Optional <KeyVaultRoleAssignmentProperties> properties = default;
foreach (var property in element.EnumerateObject())
{
if (property.NameEquals("id"))
{
id = property.Value.GetString();
continue;
}
if (property.NameEquals("name"))
{
name = property.Value.GetString();
continue;
}
if (property.NameEquals("type"))
{
type = property.Value.GetString();
continue;
}
if (property.NameEquals("properties"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
properties = KeyVaultRoleAssignmentProperties.DeserializeKeyVaultRoleAssignmentProperties(property.Value);
continue;
}
}
return(new KeyVaultRoleAssignment(id.Value, name.Value, type.Value, properties.Value));
}
public static KeyVaultRoleAssignment KeyVaultRoleAssignment(string id = null, string name = null, string type = null, KeyVaultRoleAssignmentProperties properties = null)
{
return(new KeyVaultRoleAssignment(id, name, type, properties));
}
/// <summary>
/// Creates a <see cref="KeyVaultRoleAssignment"/>.
/// </summary>
/// <param name="roleScope"> The scope of the role assignment to create. </param>
/// <param name="properties"> Properties for the role assignment. </param>
/// <param name="name">Optional name used to create the role assignment. A new <see cref="Guid"/> will be generated if not specified.</param>
/// <param name="cancellationToken"> The cancellation token to use. </param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="properties"/> is null.</exception>
public virtual async Task <Response <KeyVaultRoleAssignment> > CreateRoleAssignmentAsync(KeyVaultRoleScope roleScope, KeyVaultRoleAssignmentProperties properties, Guid?name = default, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}");
scope.Start();
try
{
var _name = (name ?? Guid.NewGuid()).ToString();
return(await _assignmentsRestClient.CreateAsync(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken)
.ConfigureAwait(false));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary> /// Initializes a new instance of RoleAssignment. /// </summary> /// <param name="id"> The role assignment ID. </param> /// <param name="name"> The role assignment name. </param> /// <param name="type"> The role assignment type. </param> /// <param name="properties"> Role assignment properties. </param> public static KeyVaultRoleAssignment RoleAssignment(string id, string name, string type, KeyVaultRoleAssignmentProperties properties) => new KeyVaultRoleAssignment(id, name, type, properties);
