/// <summary>
/// Creates a new role definition.
/// </summary>
/// <param name="roleDefinition">The role definition to create.</param>
/// <returns>The created role definition.</returns>
public PSRoleDefinition CreateRoleDefinition(PSRoleDefinition roleDefinition)
{
ValidateRoleDefinition(roleDefinition);
Guid newRoleDefinitionId = RoleDefinitionNames.Count == 0 ? Guid.NewGuid() : RoleDefinitionNames.Dequeue();
return(this.CreateOrUpdateRoleDefinition(newRoleDefinitionId, roleDefinition));
}
public PSRoleDefinition CreateRoleDefinition(PSRoleDefinition roleDefinition)
{
AuthorizationClient.ValidateRoleDefinition(roleDefinition);
Guid newRoleDefinitionId = RoleDefinitionNames.Count == 0 ? Guid.NewGuid() : RoleDefinitionNames.Dequeue();
RoleDefinitionCreateOrUpdateParameters parameters = new RoleDefinitionCreateOrUpdateParameters()
{
RoleDefinition = new RoleDefinition()
{
Name = newRoleDefinitionId,
Properties = new RoleDefinitionProperties()
{
AssignableScopes = roleDefinition.AssignableScopes,
Description = roleDefinition.Description,
Permissions = new List <Permission>()
{
new Permission()
{
Actions = roleDefinition.Actions,
NotActions = roleDefinition.NotActions
}
},
RoleName = roleDefinition.Name,
Type = "CustomRole"
}
}
};
PSRoleDefinition roleDef = null;
try
{
roleDef = AuthorizationManagementClient.RoleDefinitions.CreateOrUpdate(newRoleDefinitionId, roleDefinition.AssignableScopes.First(), parameters).RoleDefinition.ToPSRoleDefinition();
}
catch (CloudException ce)
{
if (ce.Response.StatusCode == HttpStatusCode.Unauthorized && ce.Error.Code.Equals("TenantNotAllowed", StringComparison.InvariantCultureIgnoreCase))
{
throw new InvalidOperationException("The tenant is not currently authorized to create Custom role definition. Please refer to http://aka.ms/customrolespreview for more details");
}
throw;
}
return(roleDef);
}
