/// <summary> /// Specifies that applications running on an Azure service with this identity requires /// the access role with scope of access limited to an ARM resource. /// </summary> /// <param name="resourceId">scope of the access represented in ARM resource ID format.</param> /// <param name="role">Access role to assigned to the virtual machine.</param> /// <return>RoleAssignmentHelper.</return> public RoleAssignmentHelper WithAccessTo(string resourceId, BuiltInRole role) { string key = resourceId.ToLower() + "_" + role.ToString().ToLower(); if (!this.rolesToAssign.ContainsKey(key)) { this.rolesToAssign.Add(key, new System.Tuple <string, BuiltInRole>(resourceId, role)); } return(this); }
/// <summary> /// Creates RBAC role assignments for the service principal exposed by IdProvider. /// </summary> /// <param name="cancellationToken"></param> /// <returns>The task with value as list of created role assignments</returns> private async Task <List <Microsoft.Azure.Management.Graph.RBAC.Fluent.IRoleAssignment> > CreateRbacRoleAssignmentsAsync(CancellationToken cancellationToken = default(CancellationToken)) { List <IRoleAssignment> roleAssignments = new List <IRoleAssignment>(); if (!this.rolesToAssign.Any() && !this.roleDefinitionsToAssign.Any()) { return(roleAssignments); } else if (this.idProvider.PrincipalId == null) { return(roleAssignments); } else { try { ResolveCurrentResourceGroupScope(); var roleAssignments1 = await Task.WhenAll(rolesToAssign.Values.Select(async(scopeAndRole) => { BuiltInRole role = scopeAndRole.Item2; string scope = scopeAndRole.Item1; return(await CreateRbacRoleAssignmentIfNotExistsAsync(role.ToString(), scope, true, cancellationToken)); })); roleAssignments.AddRange(roleAssignments1); var roleAssignments2 = await Task.WhenAll(roleDefinitionsToAssign.Values.Select(async(scopeAndRole) => { string roleDefinition = scopeAndRole.Item2; string scope = scopeAndRole.Item1; return(await CreateRbacRoleAssignmentIfNotExistsAsync(roleDefinition, scope, false, cancellationToken)); })); roleAssignments.AddRange(roleAssignments2); return(roleAssignments.FindAll(roleAssignment => roleAssignment != null)); } finally { this.rolesToAssign.Clear(); this.roleDefinitionsToAssign.Clear(); } } }