/// <summary>
/// Ensures the service principal.
/// </summary>
/// <returns>PSADServicePrincipal.</returns>
public PSADServicePrincipal EnsureServicePrincipal()
{
string applicationId = CurrentApplicationId.ToString();
string appObjectId = ActiveDirectoryClient.GetServicePrincipalsIdByAppId(CurrentApplicationId);
PSADServicePrincipal servicePrincipal = ActiveDirectoryClient.GetServicePrincipalByObjectId(appObjectId);
if (servicePrincipal == null)
{
VerboseLogger.Invoke(StorageSyncResources.CreateServicePrincipalMessage);
// Create an application and get the applicationId
var passwordCredential = new PSADPasswordCredential()
{
StartDate = DateTime.Now,
EndDate = DateTime.Now.AddYears(1),
KeyId = Guid.NewGuid(),
Password = SecureStringExtensions.ConvertToString(Guid.NewGuid().ToString().ConvertToSecureString())
};
var createParameters = new CreatePSServicePrincipalParameters
{
ApplicationId = CurrentApplicationId,
AccountEnabled = bool.TrueString,
PasswordCredentials = new PSADPasswordCredential[]
{
passwordCredential
}
};
servicePrincipal = ActiveDirectoryClient.CreateServicePrincipal(createParameters);
}
return(servicePrincipal);
}
/// <summary>
/// Ensures the service principal.
/// </summary>
/// <returns>PSADServicePrincipal.</returns>
public PSADServicePrincipal EnsureServicePrincipal()
{
string applicationId = KailaniAppId.ToString();
var servicePrincipals = ActiveDirectoryClient.FilterServicePrincipals(new ODataQuery <ServicePrincipal>(s => s.AppId == applicationId));
PSADServicePrincipal servicePrincipal = servicePrincipals.FirstOrDefault();
if (servicePrincipal == null)
{
VerboseLogger.Invoke(StorageSyncResources.CreateServicePrincipalMessage);
// Create an application and get the applicationId
var passwordCredential = new PSADPasswordCredential()
{
StartDate = DateTime.Now,
EndDate = DateTime.Now.AddYears(1),
KeyId = Guid.NewGuid(),
Password = SecureStringExtensions.ConvertToString(Guid.NewGuid().ToString().ConvertToSecureString())
};
var createParameters = new CreatePSServicePrincipalParameters
{
ApplicationId = KailaniAppId,
AccountEnabled = true,
PasswordCredentials = new PSADPasswordCredential[]
{
passwordCredential
}
};
servicePrincipal = ActiveDirectoryClient.CreateServicePrincipal(createParameters);
}
return(servicePrincipal);
}
/// <summary>
/// Ensures the role assignment.
/// </summary>
/// <param name="serverPrincipal">The server principal.</param>
/// <param name="storageAccountSubscriptionId">The storage account subscription identifier.</param>
/// <param name="storageAccountResourceId">The storage account resource identifier.</param>
/// <returns>RoleAssignment.</returns>
public RoleAssignment EnsureRoleAssignment(MicrosoftGraphServicePrincipal serverPrincipal, string storageAccountSubscriptionId, string storageAccountResourceId)
{
string currentSubscriptionId = AuthorizationManagementClient.SubscriptionId;
bool hasMismatchSubscription = currentSubscriptionId != storageAccountSubscriptionId;
try
{
if (hasMismatchSubscription)
{
AuthorizationManagementClient.SubscriptionId = storageAccountSubscriptionId;
}
var resourceIdentifier = new ResourceIdentifier(storageAccountResourceId);
string roleDefinitionScope = "/";
RoleDefinition roleDefinition = AuthorizationManagementClient.RoleDefinitions.Get(roleDefinitionScope, BuiltInRoleDefinitionId);
var serverPrincipalId = serverPrincipal.Id.ToString();
var roleAssignments = AuthorizationManagementClient.RoleAssignments
.ListForResource(
resourceIdentifier.ResourceGroupName,
ResourceIdentifier.GetProviderFromResourceType(resourceIdentifier.ResourceType),
resourceIdentifier.ParentResource ?? "/",
ResourceIdentifier.GetTypeFromResourceType(resourceIdentifier.ResourceType),
resourceIdentifier.ResourceName,
odataQuery: new ODataQuery <RoleAssignmentFilter>(f => f.AssignedTo(serverPrincipalId)));
var roleAssignmentScope = storageAccountResourceId;
Guid roleAssignmentId = StorageSyncResourceManager.GetGuid();
RoleAssignment roleAssignment = roleAssignments.FirstOrDefault();
if (roleAssignment == null)
{
VerboseLogger.Invoke(StorageSyncResources.CreateRoleAssignmentMessage);
var createParameters = new RoleAssignmentCreateParameters
{
Properties = new RoleAssignmentProperties
{
PrincipalId = serverPrincipalId,
RoleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(resourceIdentifier.Subscription, BuiltInRoleDefinitionId)
}
};
roleAssignment = AuthorizationManagementClient.RoleAssignments.Create(roleAssignmentScope, roleAssignmentId.ToString(), createParameters);
StorageSyncResourceManager.Wait();
}
return(roleAssignment);
}
finally
{
if (hasMismatchSubscription)
{
AuthorizationManagementClient.SubscriptionId = currentSubscriptionId;
}
}
}
internal static void VerboseLog(string msg)
{
VerboseLogger?.Invoke(msg);
}