private EnvironmentRoleAssignments GetEnvironmentRolesForPortalRole(PortalRole userRole) { EnvironmentRoleAssignments roleAssignments = null; switch (userRole) { case PortalRole.Reader: roleAssignments = EnvironmentReaderRoles; break; case PortalRole.PoolManager: roleAssignments = EnvironmentPoolManagerRoles; break; case PortalRole.Owner: roleAssignments = EnvironmentOwnerRoles; break; } if (roleAssignments == null) { throw new Exception($"No role assignments configured for role {userRole}"); } return(roleAssignments); }
private async Task AssignRolesToUser(Guid objectId, RenderingEnvironment environment, EnvironmentRoleAssignments roleAssignments) { var identity = new Identity.Identity { ObjectId = objectId }; // Assign RG permissions // We want to give the correct permissions to the environment RG, // but we also need to give Reader permissions to the other RGs so // we can query cost information. // ResourceId => RoleName var resourceIdsToRoles = environment.ExtractResourceGroupNames().ToDictionary( rgName => $"/subscriptions/{environment.SubscriptionId}/resourceGroups/{rgName}", rgName => rgName == environment.ResourceGroupName ? roleAssignments.EnvironmentResourceGroupRole : "Reader"); // Add the explicit resource roles resourceIdsToRoles[environment.BatchAccount.ResourceId] = roleAssignments.BatchRole; resourceIdsToRoles[environment.StorageAccount.ResourceId] = roleAssignments.StorageRole; resourceIdsToRoles[environment.KeyVault.ResourceId] = roleAssignments.KeyVaultRole; resourceIdsToRoles[environment.ApplicationInsightsAccount.ResourceId] = roleAssignments.ApplicationInsightsRole; resourceIdsToRoles[environment.Subnet.VnetResourceId] = roleAssignments.VNetRole; await Task.WhenAll(resourceIdsToRoles.Select( kvp => _azureResourceProvider.AssignRoleToIdentityAsync( environment.SubscriptionId, kvp.Key, // ResourceId/scope kvp.Value, // Role identity))); }
public async Task AssignRoleToUser(RenderingEnvironment environment, Guid objectId, PortalRole userRole) { EnvironmentRoleAssignments roleAssignments = GetEnvironmentRolesForPortalRole(userRole); await AssignRolesToUser(objectId, environment, roleAssignments); }