public async Task SetServicePrincipalPermission(AutomationAccountInfo account, Guid principalId) { var uri = $"subscriptions/{account.SubscriptionId.ToString()}/resourceGroups/{account.ResourceGroupName}/providers/Microsoft.Automation/automationAccounts/{account.AutomationAccountName}/providers/Microsoft.Authorization/roleDefinitions?$filter=roleName eq 'Automation Operator'"; var role = (await GetListAsync<RoleDefinition>(account.TenantId, "2015-07-01", uri)).FirstOrDefault(); uri = $"subscriptions/{account.SubscriptionId.ToString()}/resourceGroups/{account.ResourceGroupName}/providers/Microsoft.Automation/automationAccounts/{account.AutomationAccountName}/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '{principalId.ToString()}'"; var existing = await GetListAsync<RoleAsignment>(account.TenantId, "2015-07-01", uri); if (existing.FirstOrDefault(x => x.Properties.RoleDefinitionId == role.Id) == null) { var assignment = new RoleAsignment(); assignment.Properties.PrincipalId = principalId; assignment.Properties.RoleDefinitionId = role.Id; uri = $"subscriptions/{account.SubscriptionId.ToString()}/resourceGroups/{account.ResourceGroupName}/providers/Microsoft.Automation/automationAccounts/{account.AutomationAccountName}/providers/Microsoft.Authorization/roleAssignments/{Guid.NewGuid()}"; await SendAsync(account.TenantId, "2015-07-01", uri, RestSharp.Method.PUT, assignment); } }
public async Task<bool> Connect(AutomationAccountInfo accountInfo, TimeSpan credValidity) { try { ProgressStatus = "Configuring..."; var mp = AssureConfigManagementPack(); var client = new GraphClient(accountInfo.TenantId); client.AuthorizationCodeRequired += client_AuthorizationCodeRequired; ProgressStatus = "Configuring service principal..."; var app = await AssureAzureAdAppAndPrincipal(client, accountInfo.TenantId); if (app == null) return false; await RenewServiceCredential(client, mp, app, credValidity); ProgressStatus = "Setting service principal permissions..."; var principal = await client.GetServicePrincipalAsync(app.AppId); await _configClient.SetServicePrincipalPermission(accountInfo, principal.ObjectId); ProgressStatus = "Saving changes..."; Settings.TenantId = accountInfo.TenantId; Settings.SubscriptionId = accountInfo.SubscriptionId; Settings.ResourceGroupName = accountInfo.ResourceGroupName; Settings.AutomationAccountName = accountInfo.AutomationAccountName; if (string.IsNullOrEmpty(Settings.DefaultRunOn)) Settings.DefaultRunOn = "Azure"; //EnableWorkflows(); CommitSettings(); return true; } catch (Exception e) { ShowError(e); return false; } }