/// <summary> /// Assign owner role to Blueprint RP (so that we can do deployments) /// </summary> /// <param name="subscriptionId"></param> /// <param name="spnObjectId"></param> protected void AssignOwnerPermission(string subscriptionId, string spnObjectId) { string scope = string.Format(BlueprintConstants.SubscriptionScope, subscriptionId); var filter = new Rest.Azure.OData.ODataQuery<RoleAssignmentFilter>(); filter.SetFilter(a => a.AssignedTo(spnObjectId)); var roleAssignmentList = AuthorizationManagementClient.RoleAssignments.ListForScopeAsync(scope, filter).GetAwaiter().GetResult(); var roleAssignment = roleAssignmentList? .Where(ra => ra.Id.EndsWith(BlueprintConstants.OwnerRoleDefinitionId)) .FirstOrDefault(); if (roleAssignment != null) return; var roleAssignmentParams = new RoleAssignmentProperties( roleDefinitionId: BlueprintConstants.OwnerRoleDefinitionId, principalId: spnObjectId); try { AuthorizationManagementClient.RoleAssignments.CreateAsync(scope: scope, roleAssignmentName: Guid.NewGuid().ToString(), parameters: new RoleAssignmentCreateParameters(roleAssignmentParams)) .GetAwaiter().GetResult(); } catch (Exception ex) { // ignore if it already exists if (ex is CloudException cex && cex.Response.StatusCode != HttpStatusCode.Conflict) { throw; } } }
/// <summary> /// Creates new role assignment. /// </summary> /// <param name="parameters">The create parameters</param> /// <returns>The created role assignment object</returns> public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters) { Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter); string principalIdStr = null; if (principalId == Guid.Empty) { principalIdStr = ActiveDirectoryClient.GetAdfsObjectId(parameters.ADObjectFilter); } else { principalIdStr = principalId.ToString(); } Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue(); string scope = parameters.Scope; string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName) ? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id) : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId); var createProperties = new RoleAssignmentProperties { PrincipalId = principalIdStr, RoleDefinitionId = roleDefinitionId }; var createParameters = new RoleAssignmentCreateParameters(createProperties); RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create( parameters.Scope, roleAssignmentId.ToString(), createParameters); return(assignment.ToPSRoleAssignment(this, ActiveDirectoryClient)); }
/// <summary> /// Creates new role assignment. /// </summary> /// <param name="parameters">The create parameters</param> /// <returns>The created role assignment object</returns> public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters) { Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter); Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue(); string scope = parameters.Scope; ValidateScope(scope); string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName) ? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id) : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId); #if !NETSTANDARD RoleAssignmentCreateParameters createParameters = new RoleAssignmentCreateParameters { Properties = new RoleAssignmentProperties { PrincipalId = principalId, RoleDefinitionId = roleDefinitionId } }; RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(parameters.Scope, roleAssignmentId, createParameters).RoleAssignment; #else var createParameters = new RoleAssignmentProperties { PrincipalId = principalId.ToString(), RoleDefinitionId = roleDefinitionId }; RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create( parameters.Scope, roleAssignmentId.ToString(), createParameters); #endif return(assignment.ToPSRoleAssignment(this, ActiveDirectoryClient)); }
public void CreateRoleAssignment() { client = Client; #region Snippet:CreateRoleAssignment // Replace roleDefinitionId with a role definition Id from the definitions returned from the List the role definitions section above string definitionIdToAssign = roleDefinitionId; // Replace objectId with the service principal object id from the Create/Get credentials section above string servicePrincipalObjectId = objectId; RoleAssignmentProperties properties = new RoleAssignmentProperties(definitionIdToAssign, servicePrincipalObjectId); RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties); Console.WriteLine(createdAssignment.Name); Console.WriteLine(createdAssignment.Properties.PrincipalId); Console.WriteLine(createdAssignment.Properties.RoleDefinitionId); RoleAssignment fetchedAssignment = client.GetRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name); Console.WriteLine(fetchedAssignment.Name); Console.WriteLine(fetchedAssignment.Properties.PrincipalId); Console.WriteLine(fetchedAssignment.Properties.RoleDefinitionId); RoleAssignment deletedAssignment = client.DeleteRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name); Console.WriteLine(deletedAssignment.Name); Console.WriteLine(deletedAssignment.Properties.PrincipalId); Console.WriteLine(deletedAssignment.Properties.RoleDefinitionId); #endregion }
public void CreateRoleAssignment() { // Replace client with the Instrumented Client. client = Client; List <RoleDefinition> definitions = client.GetRoleDefinitions(RoleAssignmentScope.Global).ToList(); _roleDefinitionId = definitions.FirstOrDefault(d => d.RoleName == RoleName).Id; // Replace roleDefinitionId with a role definition Id from the definitions returned from GetRoleAssignments. string definitionIdToAssign = _roleDefinitionId; // Replace objectId with the service principal object id. string servicePrincipalObjectId = _objectId; #region Snippet:CreateRoleAssignment //@@string definitionIdToAssign = "<roleDefinitionId>"; //@@string servicePrincipalObjectId = "<objectId>"; RoleAssignmentProperties properties = new RoleAssignmentProperties(definitionIdToAssign, servicePrincipalObjectId); //@@RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties); /*@@*/ RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties, _roleAssignmentId); #endregion #region Snippet:GetRoleAssignment RoleAssignment fetchedAssignment = client.GetRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name); #endregion #region Snippet:DeleteRoleAssignment RoleAssignment deletedAssignment = client.DeleteRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name); #endregion }
public void RoleAssignmentByIdTests() { using (MockContext context = MockContext.Start(this.GetType().FullName)) { var client = testContext.GetAuthorizationManagementClient(context); Assert.NotNull(client); Assert.NotNull(client.HttpClient); var principalId = testContext.Users.ElementAt(4); var scope = "subscriptions/" + client.SubscriptionId; var roleDefinition = client.RoleDefinitions.List(scope, null).ElementAt(1); var newRoleAssignment = new RoleAssignmentProperties() { RoleDefinitionId = roleDefinition.Id, PrincipalId = principalId.ToString() }; var assignmentName = GetValueFromTestContext(Guid.NewGuid, Guid.Parse, "AssignmentName"); var assignmentId = string.Format( "{0}/providers/Microsoft.Authorization/roleAssignments/{1}", scope, assignmentName); // Create var createResult = client.RoleAssignments.CreateById(assignmentId, newRoleAssignment); Assert.NotNull(createResult); Assert.NotNull(createResult.Id); Assert.NotNull(createResult.Name); Assert.Equal(createResult.Name, assignmentName.ToString()); // Get var getResult = client.RoleAssignments.GetById(assignmentId); Assert.NotNull(getResult); Assert.Equal(createResult.Id, getResult.Id); Assert.Equal(createResult.Name, getResult.Name); //Delete var deleteResult = client.RoleAssignments.DeleteById(assignmentId); Assert.NotNull(deleteResult); var allRoleAssignments = client.RoleAssignments.List(null); var createdAssignment = allRoleAssignments.FirstOrDefault( a => a.Name == assignmentName.ToString()); Assert.Null(createdAssignment); } }
public void RoleAssignmentsListGetTests() { using (MockContext context = MockContext.Start(this.GetType().FullName)) { var client = testContext.GetAuthorizationManagementClient(context); Assert.NotNull(client); Assert.NotNull(client.HttpClient); var assignmentName = GetValueFromTestContext(Guid.NewGuid, Guid.Parse, "AssignmentName"); var scope = "subscriptions/" + client.SubscriptionId; var principalId = testContext.Users.ElementAt(5); Assert.NotNull(client); Assert.NotNull(client.HttpClient); var roleDefinition = client.RoleDefinitions.List(scope, null).Where(r => r.Properties.Type == "BuiltInRole").Last(); var newRoleAssignment = new RoleAssignmentProperties() { RoleDefinitionId = roleDefinition.Id, PrincipalId = principalId.ToString() }; var createResult = client.RoleAssignments.Create(scope, assignmentName.ToString(), newRoleAssignment); Assert.NotNull(createResult); var allRoleAssignments = client.RoleAssignments.List(null); Assert.NotNull(allRoleAssignments); foreach (var assignment in allRoleAssignments) { var singleAssignment = client.RoleAssignments.Get(assignment.Properties.Scope, assignment.Name); Assert.NotNull(singleAssignment); Assert.NotNull(singleAssignment.Id); Assert.NotNull(singleAssignment.Name); Assert.NotNull(singleAssignment.Type); Assert.NotNull(singleAssignment.Properties); Assert.NotNull(singleAssignment.Properties.PrincipalId); Assert.NotNull(singleAssignment.Properties.RoleDefinitionId); Assert.NotNull(singleAssignment.Properties.Scope); } var deleteResult = client.RoleAssignments.Delete(scope, assignmentName.ToString()); Assert.NotNull(deleteResult); } }
public void RoleAssignmentListByFilterTest() { using (MockContext context = MockContext.Start(this.GetType().FullName)) { var client = testContext.GetAuthorizationManagementClient(context); Assert.NotNull(client); Assert.NotNull(client.HttpClient); // Read/write the PrincipalId from Testcontext to enable Playback mode test execution var principalId = GetValueFromTestContext(() => testContext.Users.ElementAt(1), Guid.Parse, "PrincipalId").ToString(); var scope = "subscriptions/" + client.SubscriptionId; var roleDefinition = client.RoleDefinitions.List(scope).First(); for (int i = 0; i < testContext.Users.Count; i++) { var pId = testContext.Users.ElementAt(i); var newRoleAssignment = new RoleAssignmentProperties() { RoleDefinitionId = roleDefinition.Id, PrincipalId = pId.ToString() }; var assignmentName = GetValueFromTestContext(Guid.NewGuid, Guid.Parse, "AssignmentName_" + i); var createResult = client.RoleAssignments.Create(scope, assignmentName.ToString(), newRoleAssignment); } var allRoleAssignments = client.RoleAssignments .List(new ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == principalId)); Assert.NotNull(allRoleAssignments); foreach (var assignment in allRoleAssignments) { Assert.NotNull(assignment); Assert.NotNull(assignment.Id); Assert.NotNull(assignment.Name); Assert.NotNull(assignment.Type); Assert.NotNull(assignment.Properties); Assert.NotNull(assignment.Properties.PrincipalId); Assert.NotNull(assignment.Properties.RoleDefinitionId); Assert.NotNull(assignment.Properties.Scope); Assert.Equal(principalId.ToString(), assignment.Properties.PrincipalId); } } }
public async Task CreateRoleAssignment() { List <RoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(RoleAssignmentScope.Global).ToEnumerableAsync().ConfigureAwait(false); var definitionToAssign = definitions.FirstOrDefault(d => d.RoleName == roleName); var properties = new RoleAssignmentProperties(definitionToAssign.Id, TestEnvironment.ClientObjectId); RoleAssignment result = await Client.CreateRoleAssignmentAsync(RoleAssignmentScope.Global, properties, roleAssignmentId).ConfigureAwait(false); RegisterForCleanup(result); Assert.That(result.Id, Is.Not.Null); Assert.That(result.Name, Is.Not.Null); Assert.That(result.Type, Is.Not.Null); Assert.That(result.Properties.PrincipalId, Is.EqualTo(properties.PrincipalId)); Assert.That(result.Properties.RoleDefinitionId, Is.EqualTo(properties.RoleDefinitionId)); }
public async Task CreateRoleAssignmentAsync() { // Replace client with the Instrumented Client. client = Client; List <RoleDefinition> definitions = await client.GetRoleDefinitionsAsync(RoleAssignmentScope.Global).ToEnumerableAsync().ConfigureAwait(false); _roleDefinitionId = definitions.FirstOrDefault(d => d.RoleName == RoleName).Id; // Replace roleDefinitionId with a role definition Id from the definitions returned from GetRoleDefinitionsAsync. string definitionIdToAssign = _roleDefinitionId; // Replace objectId with the service principal object id. string servicePrincipalObjectId = _objectId; #region Snippet:CreateRoleAssignmentKeysScope //@@string definitionIdToAssign = "<roleDefinitionId>"; //@@string servicePrincipalObjectId = "<objectId>"; RoleAssignmentProperties properties = new RoleAssignmentProperties(definitionIdToAssign, servicePrincipalObjectId); //@@RoleAssignment keysScopedAssignment = await client.CreateRoleAssignmentAsync(RoleAssignmentScope.Global, properties); /*@@*/ RoleAssignment keysScopedAssignment = await client.CreateRoleAssignmentAsync(RoleAssignmentScope.Keys, properties, _roleAssignmentId).ConfigureAwait(false); #endregion RegisterForCleanup(keysScopedAssignment); var keyClient = KeyClient; List <KeyProperties> keyProperties = await keyClient.GetPropertiesOfKeysAsync().ToEnumerableAsync().ConfigureAwait(false); string keyName = keyProperties.First().Name; #region Snippet:CreateRoleAssignmentKeyScope //@@string keyName = "<your-key-name>"; KeyVaultKey key = await keyClient.GetKeyAsync(keyName); //@@RoleAssignment keyScopedAssignment = await client.CreateRoleAssignmentAsync(new RoleAssignmentScope(key.Id), properties); /*@@*/ RoleAssignment keyScopedAssignment = await client.CreateRoleAssignmentAsync(new RoleAssignmentScope(key.Id), properties, _roleAssignmentId).ConfigureAwait(false); #endregion RegisterForCleanup(keyScopedAssignment); }
public async Task CreateRoleAssignment() { client = Client; List <RoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(RoleAssignmentScope.Global).ToEnumerableAsync().ConfigureAwait(false); _roleDefinitionId = definitions.FirstOrDefault(d => d.RoleName == RoleName).Id; // Replace roleDefinitionId with a role definition Id from the definitions returned from the List the role definitions section above string definitionIdToAssign = _roleDefinitionId; // Replace objectId with the service principal object id from the Create/Get credentials section above string servicePrincipalObjectId = _objectId; #region Snippet:ReadmeCreateRoleAssignment // Replace <roleDefinitionId> with a role definition Id from the definitions returned from the List the role definitions section above //@@string definitionIdToAssign = "<roleDefinitionId>"; // Replace <objectId> with the service principal object id from the Create/Get credentials section above //@@string servicePrincipalObjectId = "<objectId>"; RoleAssignmentProperties properties = new RoleAssignmentProperties(definitionIdToAssign, servicePrincipalObjectId); //@@RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties); /*@@*/ RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties, _roleAssignmentId); Console.WriteLine(createdAssignment.Name); Console.WriteLine(createdAssignment.Properties.PrincipalId); Console.WriteLine(createdAssignment.Properties.RoleDefinitionId); RoleAssignment fetchedAssignment = client.GetRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name); Console.WriteLine(fetchedAssignment.Name); Console.WriteLine(fetchedAssignment.Properties.PrincipalId); Console.WriteLine(fetchedAssignment.Properties.RoleDefinitionId); RoleAssignment deletedAssignment = client.DeleteRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name); Console.WriteLine(deletedAssignment.Name); Console.WriteLine(deletedAssignment.Properties.PrincipalId); Console.WriteLine(deletedAssignment.Properties.RoleDefinitionId); #endregion }
public void RoleAssignmentsCreateDeleteTests() { using (MockContext context = MockContext.Start(this.GetType().FullName)) { var client = testContext.GetAuthorizationManagementClient(context); var assignmentName = GetValueFromTestContext(Guid.NewGuid, Guid.Parse, "AssignmentName"); var scope = "subscriptions/" + client.SubscriptionId; var principalId = testContext.Users.ElementAt(3); Assert.NotNull(client); Assert.NotNull(client.HttpClient); var roleDefinition = client.RoleDefinitions.List(scope).Last(); var newRoleAssignment = new RoleAssignmentProperties() { RoleDefinitionId = roleDefinition.Id, PrincipalId = principalId.ToString() }; var createResult = client.RoleAssignments.Create(scope, assignmentName.ToString(), newRoleAssignment); Assert.NotNull(createResult); var deleteResult = client.RoleAssignments.Delete(scope, assignmentName.ToString()); Assert.NotNull(deleteResult); var deletedRoleAssignment = deleteResult; Assert.NotNull(deletedRoleAssignment); Assert.Equal(deletedRoleAssignment.Id, createResult.Id); var allRoleAssignments = client.RoleAssignments.List(null); var createdAssignment = allRoleAssignments.FirstOrDefault( a => a.Name == assignmentName.ToString()); Assert.Null(createdAssignment); } }
static async Task CreateOrUpdateResourceGroup(IServicePrincipal serverApplication) { Console.WriteLine("Add or update Key Vault Resource Group (required once)? [y/N] to continue: "); var key = Console.ReadLine() .ToUpperInvariant() .Trim(); if (key != "Y") { return; } Console.Write("SubscriptionId: "); var subscriptionId = Console.ReadLine(); Console.Write("Resource Group Name (blank for default 'SignService-KeyVaults'): "); var name = Console.ReadLine(); if (string.IsNullOrWhiteSpace(name)) { name = "SignService-KeyVaults"; } Console.WriteLine("Location (eastus, westus, etc): "); var location = Console.ReadLine(); var accessToken = await authContext.AcquireTokenSilentAsync(azureRmResourceId, clientId); var rgc = new ResourceManagementClient(new TokenCredentials(accessToken.AccessToken)) { SubscriptionId = subscriptionId, BaseUri = new Uri(configuration["AzureRM:Instance"]) }; var rg = new ResourceGroup(location, name: name); rg = await rgc.ResourceGroups.CreateOrUpdateAsync(name, rg); var ac = new AuthorizationManagementClient(new TokenCredentials(accessToken.AccessToken)) { SubscriptionId = subscriptionId, BaseUri = new Uri(configuration["AzureRM:Instance"]) }; // See if the resource group has the reader role // Get the reader role var roleFilter = new ODataQuery <RoleDefinitionFilter>(f => f.RoleName == "Reader"); var roleDefinitions = await ac.RoleDefinitions.ListAsync(rg.Id, roleFilter); var roleDefinition = roleDefinitions.First(); var roleId = roleDefinition.Id; var spid = serverApplication.ObjectId; var raps = await ac.RoleAssignments.ListForScopeAsync(rg.Id, new ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == spid)); if (raps.All(ra => ra.Properties.RoleDefinitionId != roleId)) { // none found, add one var rap = new RoleAssignmentProperties { PrincipalId = spid, RoleDefinitionId = roleId }; var ra = await ac.RoleAssignments.CreateAsync(rg.Id, Guid.NewGuid().ToString(), rap); } }
/// <summary> /// Create role assignment by Id. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='roleAssignmentId'> /// Role assignment Id /// </param> /// <param name='properties'> /// Gets or sets role assignment properties. /// </param> public static RoleAssignment CreateById(this IRoleAssignmentsOperations operations, string roleAssignmentId, RoleAssignmentProperties properties = default(RoleAssignmentProperties)) { return(Task.Factory.StartNew(s => ((IRoleAssignmentsOperations)s).CreateByIdAsync(roleAssignmentId, properties), operations, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default).Unwrap().GetAwaiter().GetResult()); }
/// <summary> /// Creates a <see cref="RoleAssignment"/>. /// </summary> /// <param name="roleScope"> The scope of the role assignment to create. </param> /// <param name="properties"> Properties for the role assignment. </param> /// <param name="name">The name used to create the role assignment.</param> /// <param name="cancellationToken"> The cancellation token to use. </param> /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception> /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="properties"/> is null.</exception> public virtual async Task <Response <RoleAssignment> > CreateRoleAssignmentAsync(RoleAssignmentScope roleScope, RoleAssignmentProperties properties, Guid name = default, CancellationToken cancellationToken = default) { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}"); scope.Start(); try { var _name = name == default ? Guid.NewGuid().ToString() : name.ToString(); return(await _assignmentsRestClient.CreateAsync(VaultUri.AbsoluteUri, roleScope.ToString(), _name, properties, cancellationToken) .ConfigureAwait(false)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary> /// Create role assignment by Id. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='roleAssignmentId'> /// Role assignment Id /// </param> /// <param name='properties'> /// Gets or sets role assignment properties. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <RoleAssignment> CreateByIdAsync(this IRoleAssignmentsOperations operations, string roleAssignmentId, RoleAssignmentProperties properties = default(RoleAssignmentProperties), CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.CreateByIdWithHttpMessagesAsync(roleAssignmentId, properties, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
/// <summary> /// Creates a <see cref="RoleAssignment"/>. /// </summary> /// <param name="roleScope"> The scope of the role assignment to create. </param> /// <param name="properties"> Properties for the role assignment. </param> /// <param name="name">The Name used to create the role assignment.</param> /// <param name="cancellationToken"> The cancellation token to use. </param> /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception> /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="properties"/> is null.</exception> public virtual Response <RoleAssignment> CreateRoleAssignment(RoleAssignmentScope roleScope, RoleAssignmentProperties properties, Guid name = default, CancellationToken cancellationToken = default) { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}"); scope.Start(); try { var _name = name == default ? Guid.NewGuid().ToString() : name.ToString(); return(_assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken)); } catch (Exception ex) { scope.Failed(ex); throw; } }