private object DeployStorageAccessPoliciesAsync(OperationRunner context)
{
AzureClient client = new AzureClient(WizardContext.TokenProvider);
client.SetLogger(context.Logger);
// Create shared access signatures
StorageAccountResource result = client.GetResourceAsync <StorageAccountResource>(
DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id,
DataModel.InstallationConfiguration.Azure.ResourceGroupName,
"Microsoft.Storage",
null,
"storageAccounts",
DataModel.InstallationConfiguration.Azure.StorageAccount.StorageAccountName,
"2019-04-01").Result;
if (result == null)
{
throw new Exception("Could not acquire storage account!");
}
ListKeysResponse accessKeys = client.InvokeResourceAction2Async <ListKeysResponse>(
result.Id,
"listkeys",
string.Empty,
"2019-04-01").Result;
if (accessKeys == null ||
accessKeys.Keys.Count() == 0)
{
throw new Exception("Could not acquire storage account access key!");
}
NetworkCredential accessKey = new NetworkCredential(string.Empty, accessKeys.Keys[0].Value);
DataModel.InstallationConfiguration.Azure.StorageAccount.FullAccessPolicyId = Convert.ToBase64String(
Encoding.UTF8.GetBytes(
Guid.NewGuid().ToString()));
DataModel.InstallationConfiguration.Azure.StorageAccount.ReadAccessPolicyId = Convert.ToBase64String(
Encoding.UTF8.GetBytes(
Guid.NewGuid().ToString()));
string accessPolicy = client.CreateBlobStoredAccessPolicyAsync(
DataModel.InstallationConfiguration.Azure.StorageAccount.StorageAccountName,
StorageAccountConfiguration.RecordingsContainerName,
new SignedIdentifiers()
{
SignedIdentifier = new SignedIdentifier[]
{
new SignedIdentifier()
{
Id = DataModel.InstallationConfiguration.Azure.StorageAccount.FullAccessPolicyId,
AccessPolicy = new AccessPolicy()
{
Start = DateTime.UtcNow.ToString("o"),
Expiry = DateTime.UtcNow.AddYears(1).ToString("o"),
Permission = "rwd",
},
},
new SignedIdentifier()
{
Id = DataModel.InstallationConfiguration.Azure.StorageAccount.ReadAccessPolicyId,
AccessPolicy = new AccessPolicy()
{
Start = DateTime.UtcNow.ToString("o"),
Expiry = DateTime.UtcNow.AddYears(1).ToString("o"),
Permission = "r",
},
},
},
}).Result;
if (accessPolicy == null)
{
throw new Exception("Could not create stored access policies on Azure Blob container!");
}
string fullSharedAccessSignature = client.CreateSharedAccessSignature(
DataModel.InstallationConfiguration.Azure.StorageAccount.StorageAccountName,
StorageAccountConfiguration.RecordingsContainerName,
accessKey,
DataModel.InstallationConfiguration.Azure.StorageAccount.FullAccessPolicyId,
new SharedAccessBlobPolicy());
if (fullSharedAccessSignature.StartsWith("?"))
{
fullSharedAccessSignature = fullSharedAccessSignature.Substring(1);
}
AzureKeyVaultSecret fullAccessSecret = client.UpdateKeyVaultSecretAsync(
DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName,
DataModel.InstallationConfiguration.Azure.KeyVault.StorageAccessKeySecretName,
new NetworkCredential("full", fullSharedAccessSignature)).Result;
string readSharedAccessSignature = client.CreateSharedAccessSignature(
DataModel.InstallationConfiguration.Azure.StorageAccount.StorageAccountName,
StorageAccountConfiguration.RecordingsContainerName,
accessKey,
DataModel.InstallationConfiguration.Azure.StorageAccount.ReadAccessPolicyId,
new SharedAccessBlobPolicy());
if (readSharedAccessSignature.StartsWith("?"))
{
readSharedAccessSignature = readSharedAccessSignature.Substring(1);
}
AzureKeyVaultSecret readAccessSecret = client.UpdateKeyVaultSecretAsync(
DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName,
DataModel.InstallationConfiguration.Azure.KeyVault.StorageReadAccessKeySecretName,
new NetworkCredential("read", readSharedAccessSignature)).Result;
return(null);
}
