private object SetKeyVaultAccessPoliciesAsync(OperationRunner context) { AzureClient client = new AzureClient(WizardContext.TokenProvider); client.SetLogger(context.Logger); // TODO: Make sure we get signed in users information Dispatcher.Invoke(new Action(() => { WizardContext.TokenProvider.GetAccessTokenAsync(AzureClient.KeyVaultAudience, Application.Current.MainWindow).Wait(); })); // Deploying user CreateKeyVaultAccessPolicyResponse result = client.CreateKeyVaultAccessPolicyAsync( DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id, DataModel.InstallationConfiguration.Azure.ResourceGroupName, DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName, new CreateKeyVaultAccessPolicyRequest() { Properties = new CreateKeyVaultAccessPolicyRequestProperties() { AccessPolicies = new KeyVaultAccessPolicy[] { new KeyVaultAccessPolicy() { ObjectId = WizardContext.TokenProvider.GetUserId(), TenantId = WizardContext.TokenProvider.GetTenantId(), Permissions = new KeyVaultAccessPolicyPermissions() { Secrets = new string[] { "Get", "List", "Set", "Delete", "Backup", "Restore", "Recover", "Purge" }, Keys = new string[] { "Decrypt", "Encrypt", "UnwrapKey", "WrapKey", "Verify", "Sign", "Get", "List", "Update", "Create", "Import", "Delete", "Backup", "Restore", "Recover", "Purge" }, Certificates = new string[] { "Get", "List", "Delete", "Create", "Import", "Update", "Managecontacts", "Getissuers", "Listissuers", "Setissuers", "Deleteissuers", "Manageissuers", "Recover", "Backup", "Restore", "Purge" }, }, }, }, }, }).Result; if (result == null) { throw new Exception("Could not create access policy for user!"); } // Function app AzureIdentityResourceBase functionApp = client.GetResourceIdentityBaseAsync( DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id, DataModel.InstallationConfiguration.Azure.ResourceGroupName, "Microsoft.Web", null, "sites", DataModel.InstallationConfiguration.Azure.FunctionApp.AppName, "2018-11-01").Result; if (functionApp == null) { throw new Exception("Could not get function app resource!"); } result = client.CreateKeyVaultAccessPolicyAsync( DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id, DataModel.InstallationConfiguration.Azure.ResourceGroupName, DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName, new CreateKeyVaultAccessPolicyRequest() { Properties = new CreateKeyVaultAccessPolicyRequestProperties() { AccessPolicies = new KeyVaultAccessPolicy[] { new KeyVaultAccessPolicy() { ObjectId = functionApp.Identity.PrincipalId, TenantId = WizardContext.TokenProvider.GetTenantId(), Permissions = new KeyVaultAccessPolicyPermissions() { Secrets = new string[] { "Get" }, }, }, }, }, }).Result; if (result == null) { throw new Exception("Could not create access policy for function app!"); } // Process workflow AzureIdentityResourceBase processWorkflow = client.GetResourceIdentityBaseAsync( DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id, DataModel.InstallationConfiguration.Azure.ResourceGroupName, "Microsoft.Logic", null, "workflows", DataModel.InstallationConfiguration.Azure.LogicApps.ProcessWorkflowName).Result; if (processWorkflow == null) { throw new Exception("Could not get process logic app resource!"); } result = client.CreateKeyVaultAccessPolicyAsync( DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id, DataModel.InstallationConfiguration.Azure.ResourceGroupName, DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName, new CreateKeyVaultAccessPolicyRequest() { Properties = new CreateKeyVaultAccessPolicyRequestProperties() { AccessPolicies = new KeyVaultAccessPolicy[] { new KeyVaultAccessPolicy() { ObjectId = processWorkflow.Identity.PrincipalId, TenantId = WizardContext.TokenProvider.GetTenantId(), Permissions = new KeyVaultAccessPolicyPermissions() { Secrets = new string[] { "Get" }, }, }, }, }, }).Result; if (processWorkflow == null) { throw new Exception("Could not create access policy for process logic app!"); } // Request workflow AzureIdentityResourceBase requestWorkflow = client.GetResourceIdentityBaseAsync( DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id, DataModel.InstallationConfiguration.Azure.ResourceGroupName, "Microsoft.Logic", null, "workflows", DataModel.InstallationConfiguration.Azure.LogicApps.RequestWorkflowName).Result; if (requestWorkflow == null) { throw new Exception("Could not get request logic app resource!"); } return(client.CreateKeyVaultAccessPolicyAsync( DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id, DataModel.InstallationConfiguration.Azure.ResourceGroupName, DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName, new CreateKeyVaultAccessPolicyRequest() { Properties = new CreateKeyVaultAccessPolicyRequestProperties() { AccessPolicies = new KeyVaultAccessPolicy[] { new KeyVaultAccessPolicy() { ObjectId = requestWorkflow.Identity.PrincipalId, TenantId = WizardContext.TokenProvider.GetTenantId(), Permissions = new KeyVaultAccessPolicyPermissions() { Secrets = new string[] { "Get" }, }, }, }, }, }).Result); }