/// <summary> /// Creates or updates a role definition. /// </summary> /// <param name="roleDefinitionDescription">The description for the role definition.</param> /// <param name="permissions">The permissions granted by the role definition when assigned to a principal.</param> /// <param name="roleScope">The scope of the <see cref="KeyVaultRoleDefinition"/> to create. The default value is <see cref="KeyVaultRoleScope.Global"/>.</param> /// <param name="roleDefinitionName">Optional name used to create the role definition. A new <see cref="Guid"/> will be generated if not specified.</param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns> public virtual Response <KeyVaultRoleDefinition> CreateOrUpdateRoleDefinition(string roleDefinitionDescription, KeyVaultPermission permissions, KeyVaultRoleScope roleScope = default, Guid?roleDefinitionName = null, CancellationToken cancellationToken = default) { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateOrUpdateRoleDefinition)}"); scope.Start(); try { var name = (roleDefinitionName ?? Guid.NewGuid()).ToString(); var properties = new RoleDefinitionProperties() { Description = roleDefinitionDescription, RoleName = name, RoleType = KeyVaultRoleType.CustomRole }; properties.AssignableScopes.Add(roleScope); properties.Permissions.Add(permissions); var parameters = new RoleDefinitionCreateParameters(properties); return(_definitionsRestClient.CreateOrUpdate( vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope == default ? roleScope.ToString() : KeyVaultRoleScope.Global.ToString(), roleDefinitionName: name, parameters: parameters, cancellationToken: cancellationToken)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary> /// Get role definition by name (GUID). /// </summary> /// <param name='roleDefinitionName'> /// Required. Role definition name (GUID). /// </param> /// <param name='cancellationToken'> /// Cancellation token. /// </param> /// <returns> /// Role definition get operation result. /// </returns> public async Task <RoleDefinitionGetResult> GetAsync(Guid roleDefinitionName, CancellationToken cancellationToken) { // Validate // Tracing bool shouldTrace = CloudContext.Configuration.Tracing.IsEnabled; string invocationId = null; if (shouldTrace) { invocationId = Tracing.NextInvocationId.ToString(); Dictionary <string, object> tracingParameters = new Dictionary <string, object>(); tracingParameters.Add("roleDefinitionName", roleDefinitionName); Tracing.Enter(invocationId, this, "GetAsync", tracingParameters); } // Construct URL string url = "/subscriptions/" + (this.Client.Credentials.SubscriptionId != null ? this.Client.Credentials.SubscriptionId.Trim() : "") + "/providers/Microsoft.Authorization/roleDefinitions/" + roleDefinitionName + "?"; url = url + "api-version=2014-07-01-preview"; string baseUrl = this.Client.BaseUri.AbsoluteUri; // Trim '/' character from the end of baseUrl and beginning of url. if (baseUrl[baseUrl.Length - 1] == '/') { baseUrl = baseUrl.Substring(0, baseUrl.Length - 1); } if (url[0] == '/') { url = url.Substring(1); } url = baseUrl + "/" + url; url = url.Replace(" ", "%20"); // Create HTTP transport objects HttpRequestMessage httpRequest = null; try { httpRequest = new HttpRequestMessage(); httpRequest.Method = HttpMethod.Get; httpRequest.RequestUri = new Uri(url); // Set Headers httpRequest.Headers.Add("x-ms-version", "2014-07-01-preview"); // Set Credentials cancellationToken.ThrowIfCancellationRequested(); await this.Client.Credentials.ProcessHttpRequestAsync(httpRequest, cancellationToken).ConfigureAwait(false); // Send Request HttpResponseMessage httpResponse = null; try { if (shouldTrace) { Tracing.SendRequest(invocationId, httpRequest); } cancellationToken.ThrowIfCancellationRequested(); httpResponse = await this.Client.HttpClient.SendAsync(httpRequest, cancellationToken).ConfigureAwait(false); if (shouldTrace) { Tracing.ReceiveResponse(invocationId, httpResponse); } HttpStatusCode statusCode = httpResponse.StatusCode; if (statusCode != HttpStatusCode.OK) { cancellationToken.ThrowIfCancellationRequested(); CloudException ex = CloudException.Create(httpRequest, null, httpResponse, await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false)); if (shouldTrace) { Tracing.Error(invocationId, ex); } throw ex; } // Create Result RoleDefinitionGetResult result = null; // Deserialize Response cancellationToken.ThrowIfCancellationRequested(); string responseContent = await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false); result = new RoleDefinitionGetResult(); JToken responseDoc = null; if (string.IsNullOrEmpty(responseContent) == false) { responseDoc = JToken.Parse(responseContent); } if (responseDoc != null && responseDoc.Type != JTokenType.Null) { RoleDefinition roleDefinitionInstance = new RoleDefinition(); result.RoleDefinition = roleDefinitionInstance; JToken idValue = responseDoc["id"]; if (idValue != null && idValue.Type != JTokenType.Null) { string idInstance = ((string)idValue); roleDefinitionInstance.Id = idInstance; } JToken nameValue = responseDoc["name"]; if (nameValue != null && nameValue.Type != JTokenType.Null) { Guid nameInstance = Guid.Parse(((string)nameValue)); roleDefinitionInstance.Name = nameInstance; } JToken typeValue = responseDoc["type"]; if (typeValue != null && typeValue.Type != JTokenType.Null) { string typeInstance = ((string)typeValue); roleDefinitionInstance.Type = typeInstance; } JToken propertiesValue = responseDoc["properties"]; if (propertiesValue != null && propertiesValue.Type != JTokenType.Null) { RoleDefinitionProperties propertiesInstance = new RoleDefinitionProperties(); roleDefinitionInstance.Properties = propertiesInstance; JToken roleNameValue = propertiesValue["roleName"]; if (roleNameValue != null && roleNameValue.Type != JTokenType.Null) { string roleNameInstance = ((string)roleNameValue); propertiesInstance.RoleName = roleNameInstance; } JToken descriptionValue = propertiesValue["description"]; if (descriptionValue != null && descriptionValue.Type != JTokenType.Null) { string descriptionInstance = ((string)descriptionValue); propertiesInstance.Description = descriptionInstance; } JToken scopeValue = propertiesValue["scope"]; if (scopeValue != null && scopeValue.Type != JTokenType.Null) { string scopeInstance = ((string)scopeValue); propertiesInstance.Scope = scopeInstance; } JToken typeValue2 = propertiesValue["type"]; if (typeValue2 != null && typeValue2.Type != JTokenType.Null) { string typeInstance2 = ((string)typeValue2); propertiesInstance.Type = typeInstance2; } JToken permissionsArray = propertiesValue["permissions"]; if (permissionsArray != null && permissionsArray.Type != JTokenType.Null) { foreach (JToken permissionsValue in ((JArray)permissionsArray)) { Permission permissionInstance = new Permission(); propertiesInstance.Permissions.Add(permissionInstance); JToken actionsArray = permissionsValue["actions"]; if (actionsArray != null && actionsArray.Type != JTokenType.Null) { foreach (JToken actionsValue in ((JArray)actionsArray)) { permissionInstance.Actions.Add(((string)actionsValue)); } } JToken notActionsArray = permissionsValue["notActions"]; if (notActionsArray != null && notActionsArray.Type != JTokenType.Null) { foreach (JToken notActionsValue in ((JArray)notActionsArray)) { permissionInstance.NotActions.Add(((string)notActionsValue)); } } } } } } result.StatusCode = statusCode; if (httpResponse.Headers.Contains("x-ms-request-id")) { result.RequestId = httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault(); } if (shouldTrace) { Tracing.Exit(invocationId, result); } return(result); } finally { if (httpResponse != null) { httpResponse.Dispose(); } } } finally { if (httpRequest != null) { httpRequest.Dispose(); } } }