public async Task RegisterApplicationsAsync(
string applicationName,
DirectoryObject owner,
IEnumerable <string> tags = null,
CancellationToken cancellationToken = default
)
{
tags ??= new List <string>();
var serviceApplicationName = applicationName + "-service";
var clientApplicationName = applicationName + "-client";
var aksApplicationName = applicationName + "-aks";
// Service Application /////////////////////////////////////////////
// Register service application
_serviceApplication = await RegisterServiceApplicationAsync(
serviceApplicationName,
owner,
tags,
cancellationToken
);
// Find service principal for service application
_serviceApplicationSP = await _msGraphServiceClient
.GetApplicationServicePrincipalAsync(_serviceApplication, cancellationToken);
// Add current user or service principal as app owner for service
// application, if it is not owner already.
await _msGraphServiceClient
.AddAsApplicationOwnerAsync(
_serviceApplication,
owner,
cancellationToken
);
// Client Application //////////////////////////////////////////////
// Register client application
_clientApplication = await RegisterClientApplicationAsync(
_serviceApplication,
clientApplicationName,
tags,
cancellationToken
);
// Find service principal for client application
_clientApplicationSP = await _msGraphServiceClient
.GetApplicationServicePrincipalAsync(_clientApplication, cancellationToken);
// Add current user or service principal as app owner for client
// application, if it is not owner already.
await _msGraphServiceClient
.AddAsApplicationOwnerAsync(
_clientApplication,
owner,
cancellationToken
);
// Update service application to include client application as knownClientApplications
_serviceApplication = await _msGraphServiceClient
.AddAsKnownClientApplicationAsync(
_serviceApplication,
_clientApplication,
cancellationToken
);
// Grant admin consent for service application "user_impersonation" API permissions of client application
// Grant admin consent for Microsoft Graph "User.Read" API permissions of client application
await _msGraphServiceClient
.GrantAdminConsentToClientApplicationAsync(
_serviceApplicationSP,
_clientApplicationSP,
cancellationToken
);
// App Registration for AKS ////////////////////////////////////////
// Register aks application
var registrationResult = await RegisterAKSApplicationAsync(
aksApplicationName,
tags,
cancellationToken
);
_aksApplication = registrationResult.Item1;
_aksApplicationPasswordCredentialRbacSecret = registrationResult.Item2;
// Find service principal for aks application
_aksApplicationSP = await _msGraphServiceClient
.GetApplicationServicePrincipalAsync(_aksApplication, cancellationToken);
// Add current user or service principal as app owner for aks
// application, if it is not owner already.
await _msGraphServiceClient
.AddAsApplicationOwnerAsync(
_aksApplication,
owner,
cancellationToken
);
}
public async Task RegisterApplicationsAsync(
CancellationToken cancellationToken = default
)
{
// Service Application /////////////////////////////////////////////
// Register service application
Log.Information("Creating service application registration...");
_serviceApplication = await _msGraphServiceClient
.RegisterServiceApplicationAsync(
_servicesApplicationName,
_defaultTagsList,
cancellationToken
);
// Find service principal for service application
_serviceApplicationSP = await _msGraphServiceClient
.GetServicePrincipalAsync(_serviceApplication, cancellationToken);
// Try to add current user as app owner for service application, if it is not owner already
await _msGraphServiceClient
.AddMeAsApplicationOwnerAsync(_serviceApplication, cancellationToken);
// Client Application //////////////////////////////////////////////
// Register client application
Log.Information("Creating client application registration...");
_clientApplication = await _msGraphServiceClient
.RegisterClientApplicationAsync(
_serviceApplication,
_clientsApplicationName,
_defaultTagsList,
cancellationToken
);
// Find service principal for client application
_clientApplicationSP = await _msGraphServiceClient
.GetServicePrincipalAsync(_clientApplication, cancellationToken);
// Try to add current user as app owner for client application, if it is not owner already
await _msGraphServiceClient
.AddMeAsApplicationOwnerAsync(_clientApplication, cancellationToken);
// Update service application to include client applicatoin as knownClientApplications
_serviceApplication = await _msGraphServiceClient
.AddAsKnownClientApplicationAsync(
_serviceApplication,
_clientApplication,
cancellationToken
);
// Grant admin consent for service application "user_impersonation" API permissions of client applicatoin
// Grant admin consent for Microsoft Graph "User.Read" API permissions of client applicatoin
await _msGraphServiceClient
.GrantAdminConsentToClientApplicationAsync(
_serviceApplicationSP,
_clientApplicationSP,
cancellationToken
);
// App Registration for AKS ////////////////////////////////////////
// Register aks application
Log.Information("Creating AKS application registration...");
var registrationResult = await _msGraphServiceClient
.RegisterAKSApplicationAsync(
_aksApplicationName,
_defaultTagsList,
cancellationToken
);
_aksApplication = registrationResult.Item1;
_aksApplicationPasswordCredentialRbacSecret = registrationResult.Item2;
// Find service principal for aks application
_aksApplicationSP = await _msGraphServiceClient
.GetServicePrincipalAsync(_aksApplication, cancellationToken);
// Try to add current user as app owner for aks application, if it is not owner already
await _msGraphServiceClient
.AddMeAsApplicationOwnerAsync(_aksApplication, cancellationToken);
}