/// <summary> /// Ensures the role assignment. /// </summary> /// <param name="serverPrincipal">The server principal.</param> /// <param name="storageAccountSubscriptionId">The storage account subscription identifier.</param> /// <param name="storageAccountResourceId">The storage account resource identifier.</param> /// <returns>RoleAssignment.</returns> public RoleAssignment EnsureRoleAssignment(MicrosoftGraphServicePrincipal serverPrincipal, string storageAccountSubscriptionId, string storageAccountResourceId) { string currentSubscriptionId = AuthorizationManagementClient.SubscriptionId; bool hasMismatchSubscription = currentSubscriptionId != storageAccountSubscriptionId; try { if (hasMismatchSubscription) { AuthorizationManagementClient.SubscriptionId = storageAccountSubscriptionId; } var resourceIdentifier = new ResourceIdentifier(storageAccountResourceId); string roleDefinitionScope = "/"; RoleDefinition roleDefinition = AuthorizationManagementClient.RoleDefinitions.Get(roleDefinitionScope, BuiltInRoleDefinitionId); var serverPrincipalId = serverPrincipal.Id.ToString(); var roleAssignments = AuthorizationManagementClient.RoleAssignments .ListForResource( resourceIdentifier.ResourceGroupName, ResourceIdentifier.GetProviderFromResourceType(resourceIdentifier.ResourceType), resourceIdentifier.ParentResource ?? "/", ResourceIdentifier.GetTypeFromResourceType(resourceIdentifier.ResourceType), resourceIdentifier.ResourceName, odataQuery: new ODataQuery <RoleAssignmentFilter>(f => f.AssignedTo(serverPrincipalId))); var roleAssignmentScope = storageAccountResourceId; Guid roleAssignmentId = StorageSyncResourceManager.GetGuid(); RoleAssignment roleAssignment = roleAssignments.FirstOrDefault(); if (roleAssignment == null) { VerboseLogger.Invoke(StorageSyncResources.CreateRoleAssignmentMessage); var createParameters = new RoleAssignmentCreateParameters { Properties = new RoleAssignmentProperties { PrincipalId = serverPrincipalId, RoleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(resourceIdentifier.Subscription, BuiltInRoleDefinitionId) } }; roleAssignment = AuthorizationManagementClient.RoleAssignments.Create(roleAssignmentScope, roleAssignmentId.ToString(), createParameters); StorageSyncResourceManager.Wait(); } return(roleAssignment); } finally { if (hasMismatchSubscription) { AuthorizationManagementClient.SubscriptionId = currentSubscriptionId; } } }
/// <summary> /// Initializes a new instance of the <see cref="StorageSyncClientWrapper" /> class. /// </summary> /// <param name="context">The context.</param> /// <param name="activeDirectoryClient">The active directory client.</param> public StorageSyncClientWrapper(IAzureContext context, MicrosoftGraphClient microsoftGraphClient) : this(AzureSession.Instance.ClientFactory.CreateArmClient <StorageSyncManagementClient>(context, AzureEnvironment.Endpoint.ResourceManager), AzureSession.Instance.ClientFactory.CreateArmClient <AuthorizationManagementClient>(context, AzureEnvironment.Endpoint.ResourceManager), AzureSession.Instance.ClientFactory.CreateArmClient <ResourceManagementClient>(context, AzureEnvironment.Endpoint.ResourceManager)) { MicrosoftGraphClient = microsoftGraphClient; if (AzureSession.Instance.TryGetComponent(StorageSyncConstants.StorageSyncResourceManager, out IStorageSyncResourceManager storageSyncResourceManager)) { StorageSyncResourceManager = storageSyncResourceManager; } else { StorageSyncResourceManager = new StorageSyncResourceManager(); } }