/// <summary>
/// Assign owner role to Blueprint RP (so that we can do deployments)
/// </summary>
/// <param name="subscriptionId"></param>
/// <param name="spnObjectId"></param>
protected void AssignOwnerPermission(string subscriptionId, string spnObjectId)
{
string scope = string.Format(BlueprintConstants.SubscriptionScope, subscriptionId);
var filter = new Rest.Azure.OData.ODataQuery<RoleAssignmentFilter>();
filter.SetFilter(a => a.AssignedTo(spnObjectId));
var roleAssignmentList = AuthorizationManagementClient.RoleAssignments.ListForScopeAsync(scope, filter).GetAwaiter().GetResult();
var roleAssignment = roleAssignmentList?
.Where(ra => ra.Id.EndsWith(BlueprintConstants.OwnerRoleDefinitionId))
.FirstOrDefault();
if (roleAssignment != null) return;
var roleAssignmentParams = new RoleAssignmentProperties(
roleDefinitionId: BlueprintConstants.OwnerRoleDefinitionId, principalId: spnObjectId);
try
{
AuthorizationManagementClient.RoleAssignments.CreateAsync(scope: scope,
roleAssignmentName: Guid.NewGuid().ToString(),
parameters: new RoleAssignmentCreateParameters(roleAssignmentParams))
.GetAwaiter().GetResult();
}
catch (Exception ex)
{
// ignore if it already exists
if (ex is CloudException cex && cex.Response.StatusCode != HttpStatusCode.Conflict)
{
throw;
}
}
}
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters)
{
Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
string principalIdStr = null;
if (principalId == Guid.Empty)
{
principalIdStr = ActiveDirectoryClient.GetAdfsObjectId(parameters.ADObjectFilter);
}
else
{
principalIdStr = principalId.ToString();
}
Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
string scope = parameters.Scope;
string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id)
: AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId);
var createProperties = new RoleAssignmentProperties
{
PrincipalId = principalIdStr,
RoleDefinitionId = roleDefinitionId
};
var createParameters = new RoleAssignmentCreateParameters(createProperties);
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
parameters.Scope, roleAssignmentId.ToString(), createParameters);
return(assignment.ToPSRoleAssignment(this, ActiveDirectoryClient));
}
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters)
{
Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
string scope = parameters.Scope;
ValidateScope(scope);
string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id)
: AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId);
#if !NETSTANDARD
RoleAssignmentCreateParameters createParameters = new RoleAssignmentCreateParameters
{
Properties = new RoleAssignmentProperties
{
PrincipalId = principalId,
RoleDefinitionId = roleDefinitionId
}
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(parameters.Scope, roleAssignmentId, createParameters).RoleAssignment;
#else
var createParameters = new RoleAssignmentProperties
{
PrincipalId = principalId.ToString(),
RoleDefinitionId = roleDefinitionId
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
parameters.Scope,
roleAssignmentId.ToString(), createParameters);
#endif
return(assignment.ToPSRoleAssignment(this, ActiveDirectoryClient));
}
public void CreateRoleAssignment()
{
client = Client;
#region Snippet:CreateRoleAssignment
// Replace roleDefinitionId with a role definition Id from the definitions returned from the List the role definitions section above
string definitionIdToAssign = roleDefinitionId;
// Replace objectId with the service principal object id from the Create/Get credentials section above
string servicePrincipalObjectId = objectId;
RoleAssignmentProperties properties = new RoleAssignmentProperties(definitionIdToAssign, servicePrincipalObjectId);
RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties);
Console.WriteLine(createdAssignment.Name);
Console.WriteLine(createdAssignment.Properties.PrincipalId);
Console.WriteLine(createdAssignment.Properties.RoleDefinitionId);
RoleAssignment fetchedAssignment = client.GetRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name);
Console.WriteLine(fetchedAssignment.Name);
Console.WriteLine(fetchedAssignment.Properties.PrincipalId);
Console.WriteLine(fetchedAssignment.Properties.RoleDefinitionId);
RoleAssignment deletedAssignment = client.DeleteRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name);
Console.WriteLine(deletedAssignment.Name);
Console.WriteLine(deletedAssignment.Properties.PrincipalId);
Console.WriteLine(deletedAssignment.Properties.RoleDefinitionId);
#endregion
}
public void CreateRoleAssignment()
{
// Replace client with the Instrumented Client.
client = Client;
List <RoleDefinition> definitions = client.GetRoleDefinitions(RoleAssignmentScope.Global).ToList();
_roleDefinitionId = definitions.FirstOrDefault(d => d.RoleName == RoleName).Id;
// Replace roleDefinitionId with a role definition Id from the definitions returned from GetRoleAssignments.
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id.
string servicePrincipalObjectId = _objectId;
#region Snippet:CreateRoleAssignment
//@@string definitionIdToAssign = "<roleDefinitionId>";
//@@string servicePrincipalObjectId = "<objectId>";
RoleAssignmentProperties properties = new RoleAssignmentProperties(definitionIdToAssign, servicePrincipalObjectId);
//@@RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties);
/*@@*/ RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties, _roleAssignmentId);
#endregion
#region Snippet:GetRoleAssignment
RoleAssignment fetchedAssignment = client.GetRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name);
#endregion
#region Snippet:DeleteRoleAssignment
RoleAssignment deletedAssignment = client.DeleteRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name);
#endregion
}
public void RoleAssignmentByIdTests()
{
using (MockContext context = MockContext.Start(this.GetType().FullName))
{
var client = testContext.GetAuthorizationManagementClient(context);
Assert.NotNull(client);
Assert.NotNull(client.HttpClient);
var principalId = testContext.Users.ElementAt(4);
var scope = "subscriptions/" + client.SubscriptionId;
var roleDefinition = client.RoleDefinitions.List(scope, null).ElementAt(1);
var newRoleAssignment = new RoleAssignmentProperties()
{
RoleDefinitionId = roleDefinition.Id,
PrincipalId = principalId.ToString()
};
var assignmentName = GetValueFromTestContext(Guid.NewGuid, Guid.Parse, "AssignmentName");
var assignmentId = string.Format(
"{0}/providers/Microsoft.Authorization/roleAssignments/{1}",
scope,
assignmentName);
// Create
var createResult = client.RoleAssignments.CreateById(assignmentId, newRoleAssignment);
Assert.NotNull(createResult);
Assert.NotNull(createResult.Id);
Assert.NotNull(createResult.Name);
Assert.Equal(createResult.Name, assignmentName.ToString());
// Get
var getResult = client.RoleAssignments.GetById(assignmentId);
Assert.NotNull(getResult);
Assert.Equal(createResult.Id, getResult.Id);
Assert.Equal(createResult.Name, getResult.Name);
//Delete
var deleteResult = client.RoleAssignments.DeleteById(assignmentId);
Assert.NotNull(deleteResult);
var allRoleAssignments = client.RoleAssignments.List(null);
var createdAssignment = allRoleAssignments.FirstOrDefault(
a => a.Name == assignmentName.ToString());
Assert.Null(createdAssignment);
}
}
public void RoleAssignmentsListGetTests()
{
using (MockContext context = MockContext.Start(this.GetType().FullName))
{
var client = testContext.GetAuthorizationManagementClient(context);
Assert.NotNull(client);
Assert.NotNull(client.HttpClient);
var assignmentName = GetValueFromTestContext(Guid.NewGuid, Guid.Parse, "AssignmentName");
var scope = "subscriptions/" + client.SubscriptionId;
var principalId = testContext.Users.ElementAt(5);
Assert.NotNull(client);
Assert.NotNull(client.HttpClient);
var roleDefinition = client.RoleDefinitions.List(scope, null).Where(r => r.Properties.Type == "BuiltInRole").Last();
var newRoleAssignment = new RoleAssignmentProperties()
{
RoleDefinitionId = roleDefinition.Id,
PrincipalId = principalId.ToString()
};
var createResult = client.RoleAssignments.Create(scope, assignmentName.ToString(), newRoleAssignment);
Assert.NotNull(createResult);
var allRoleAssignments = client.RoleAssignments.List(null);
Assert.NotNull(allRoleAssignments);
foreach (var assignment in allRoleAssignments)
{
var singleAssignment = client.RoleAssignments.Get(assignment.Properties.Scope, assignment.Name);
Assert.NotNull(singleAssignment);
Assert.NotNull(singleAssignment.Id);
Assert.NotNull(singleAssignment.Name);
Assert.NotNull(singleAssignment.Type);
Assert.NotNull(singleAssignment.Properties);
Assert.NotNull(singleAssignment.Properties.PrincipalId);
Assert.NotNull(singleAssignment.Properties.RoleDefinitionId);
Assert.NotNull(singleAssignment.Properties.Scope);
}
var deleteResult = client.RoleAssignments.Delete(scope, assignmentName.ToString());
Assert.NotNull(deleteResult);
}
}
public void RoleAssignmentListByFilterTest()
{
using (MockContext context = MockContext.Start(this.GetType().FullName))
{
var client = testContext.GetAuthorizationManagementClient(context);
Assert.NotNull(client);
Assert.NotNull(client.HttpClient);
// Read/write the PrincipalId from Testcontext to enable Playback mode test execution
var principalId = GetValueFromTestContext(() => testContext.Users.ElementAt(1), Guid.Parse, "PrincipalId").ToString();
var scope = "subscriptions/" + client.SubscriptionId;
var roleDefinition = client.RoleDefinitions.List(scope).First();
for (int i = 0; i < testContext.Users.Count; i++)
{
var pId = testContext.Users.ElementAt(i);
var newRoleAssignment = new RoleAssignmentProperties()
{
RoleDefinitionId = roleDefinition.Id,
PrincipalId = pId.ToString()
};
var assignmentName = GetValueFromTestContext(Guid.NewGuid, Guid.Parse, "AssignmentName_" + i);
var createResult = client.RoleAssignments.Create(scope, assignmentName.ToString(), newRoleAssignment);
}
var allRoleAssignments = client.RoleAssignments
.List(new ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == principalId));
Assert.NotNull(allRoleAssignments);
foreach (var assignment in allRoleAssignments)
{
Assert.NotNull(assignment);
Assert.NotNull(assignment.Id);
Assert.NotNull(assignment.Name);
Assert.NotNull(assignment.Type);
Assert.NotNull(assignment.Properties);
Assert.NotNull(assignment.Properties.PrincipalId);
Assert.NotNull(assignment.Properties.RoleDefinitionId);
Assert.NotNull(assignment.Properties.Scope);
Assert.Equal(principalId.ToString(), assignment.Properties.PrincipalId);
}
}
}
public async Task CreateRoleAssignment()
{
List <RoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(RoleAssignmentScope.Global).ToEnumerableAsync().ConfigureAwait(false);
var definitionToAssign = definitions.FirstOrDefault(d => d.RoleName == roleName);
var properties = new RoleAssignmentProperties(definitionToAssign.Id, TestEnvironment.ClientObjectId);
RoleAssignment result = await Client.CreateRoleAssignmentAsync(RoleAssignmentScope.Global, properties, roleAssignmentId).ConfigureAwait(false);
RegisterForCleanup(result);
Assert.That(result.Id, Is.Not.Null);
Assert.That(result.Name, Is.Not.Null);
Assert.That(result.Type, Is.Not.Null);
Assert.That(result.Properties.PrincipalId, Is.EqualTo(properties.PrincipalId));
Assert.That(result.Properties.RoleDefinitionId, Is.EqualTo(properties.RoleDefinitionId));
}
public async Task CreateRoleAssignmentAsync()
{
// Replace client with the Instrumented Client.
client = Client;
List <RoleDefinition> definitions = await client.GetRoleDefinitionsAsync(RoleAssignmentScope.Global).ToEnumerableAsync().ConfigureAwait(false);
_roleDefinitionId = definitions.FirstOrDefault(d => d.RoleName == RoleName).Id;
// Replace roleDefinitionId with a role definition Id from the definitions returned from GetRoleDefinitionsAsync.
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id.
string servicePrincipalObjectId = _objectId;
#region Snippet:CreateRoleAssignmentKeysScope
//@@string definitionIdToAssign = "<roleDefinitionId>";
//@@string servicePrincipalObjectId = "<objectId>";
RoleAssignmentProperties properties = new RoleAssignmentProperties(definitionIdToAssign, servicePrincipalObjectId);
//@@RoleAssignment keysScopedAssignment = await client.CreateRoleAssignmentAsync(RoleAssignmentScope.Global, properties);
/*@@*/ RoleAssignment keysScopedAssignment = await client.CreateRoleAssignmentAsync(RoleAssignmentScope.Keys, properties, _roleAssignmentId).ConfigureAwait(false);
#endregion
RegisterForCleanup(keysScopedAssignment);
var keyClient = KeyClient;
List <KeyProperties> keyProperties = await keyClient.GetPropertiesOfKeysAsync().ToEnumerableAsync().ConfigureAwait(false);
string keyName = keyProperties.First().Name;
#region Snippet:CreateRoleAssignmentKeyScope
//@@string keyName = "<your-key-name>";
KeyVaultKey key = await keyClient.GetKeyAsync(keyName);
//@@RoleAssignment keyScopedAssignment = await client.CreateRoleAssignmentAsync(new RoleAssignmentScope(key.Id), properties);
/*@@*/ RoleAssignment keyScopedAssignment = await client.CreateRoleAssignmentAsync(new RoleAssignmentScope(key.Id), properties, _roleAssignmentId).ConfigureAwait(false);
#endregion
RegisterForCleanup(keyScopedAssignment);
}
public async Task CreateRoleAssignment()
{
client = Client;
List <RoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(RoleAssignmentScope.Global).ToEnumerableAsync().ConfigureAwait(false);
_roleDefinitionId = definitions.FirstOrDefault(d => d.RoleName == RoleName).Id;
// Replace roleDefinitionId with a role definition Id from the definitions returned from the List the role definitions section above
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id from the Create/Get credentials section above
string servicePrincipalObjectId = _objectId;
#region Snippet:ReadmeCreateRoleAssignment
// Replace <roleDefinitionId> with a role definition Id from the definitions returned from the List the role definitions section above
//@@string definitionIdToAssign = "<roleDefinitionId>";
// Replace <objectId> with the service principal object id from the Create/Get credentials section above
//@@string servicePrincipalObjectId = "<objectId>";
RoleAssignmentProperties properties = new RoleAssignmentProperties(definitionIdToAssign, servicePrincipalObjectId);
//@@RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties);
/*@@*/ RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties, _roleAssignmentId);
Console.WriteLine(createdAssignment.Name);
Console.WriteLine(createdAssignment.Properties.PrincipalId);
Console.WriteLine(createdAssignment.Properties.RoleDefinitionId);
RoleAssignment fetchedAssignment = client.GetRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name);
Console.WriteLine(fetchedAssignment.Name);
Console.WriteLine(fetchedAssignment.Properties.PrincipalId);
Console.WriteLine(fetchedAssignment.Properties.RoleDefinitionId);
RoleAssignment deletedAssignment = client.DeleteRoleAssignment(RoleAssignmentScope.Global, createdAssignment.Name);
Console.WriteLine(deletedAssignment.Name);
Console.WriteLine(deletedAssignment.Properties.PrincipalId);
Console.WriteLine(deletedAssignment.Properties.RoleDefinitionId);
#endregion
}
public void RoleAssignmentsCreateDeleteTests()
{
using (MockContext context = MockContext.Start(this.GetType().FullName))
{
var client = testContext.GetAuthorizationManagementClient(context);
var assignmentName = GetValueFromTestContext(Guid.NewGuid, Guid.Parse, "AssignmentName");
var scope = "subscriptions/" + client.SubscriptionId;
var principalId = testContext.Users.ElementAt(3);
Assert.NotNull(client);
Assert.NotNull(client.HttpClient);
var roleDefinition = client.RoleDefinitions.List(scope).Last();
var newRoleAssignment = new RoleAssignmentProperties()
{
RoleDefinitionId = roleDefinition.Id,
PrincipalId = principalId.ToString()
};
var createResult = client.RoleAssignments.Create(scope, assignmentName.ToString(), newRoleAssignment);
Assert.NotNull(createResult);
var deleteResult = client.RoleAssignments.Delete(scope, assignmentName.ToString());
Assert.NotNull(deleteResult);
var deletedRoleAssignment = deleteResult;
Assert.NotNull(deletedRoleAssignment);
Assert.Equal(deletedRoleAssignment.Id, createResult.Id);
var allRoleAssignments = client.RoleAssignments.List(null);
var createdAssignment = allRoleAssignments.FirstOrDefault(
a => a.Name == assignmentName.ToString());
Assert.Null(createdAssignment);
}
}
static async Task CreateOrUpdateResourceGroup(IServicePrincipal serverApplication)
{
Console.WriteLine("Add or update Key Vault Resource Group (required once)? [y/N] to continue: ");
var key = Console.ReadLine()
.ToUpperInvariant()
.Trim();
if (key != "Y")
{
return;
}
Console.Write("SubscriptionId: ");
var subscriptionId = Console.ReadLine();
Console.Write("Resource Group Name (blank for default 'SignService-KeyVaults'): ");
var name = Console.ReadLine();
if (string.IsNullOrWhiteSpace(name))
{
name = "SignService-KeyVaults";
}
Console.WriteLine("Location (eastus, westus, etc): ");
var location = Console.ReadLine();
var accessToken = await authContext.AcquireTokenSilentAsync(azureRmResourceId, clientId);
var rgc = new ResourceManagementClient(new TokenCredentials(accessToken.AccessToken))
{
SubscriptionId = subscriptionId,
BaseUri = new Uri(configuration["AzureRM:Instance"])
};
var rg = new ResourceGroup(location, name: name);
rg = await rgc.ResourceGroups.CreateOrUpdateAsync(name, rg);
var ac = new AuthorizationManagementClient(new TokenCredentials(accessToken.AccessToken))
{
SubscriptionId = subscriptionId,
BaseUri = new Uri(configuration["AzureRM:Instance"])
};
// See if the resource group has the reader role
// Get the reader role
var roleFilter = new ODataQuery <RoleDefinitionFilter>(f => f.RoleName == "Reader");
var roleDefinitions = await ac.RoleDefinitions.ListAsync(rg.Id, roleFilter);
var roleDefinition = roleDefinitions.First();
var roleId = roleDefinition.Id;
var spid = serverApplication.ObjectId;
var raps = await ac.RoleAssignments.ListForScopeAsync(rg.Id, new ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == spid));
if (raps.All(ra => ra.Properties.RoleDefinitionId != roleId))
{
// none found, add one
var rap = new RoleAssignmentProperties
{
PrincipalId = spid,
RoleDefinitionId = roleId
};
var ra = await ac.RoleAssignments.CreateAsync(rg.Id, Guid.NewGuid().ToString(), rap);
}
}
/// <summary>
/// Create role assignment by Id.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='roleAssignmentId'>
/// Role assignment Id
/// </param>
/// <param name='properties'>
/// Gets or sets role assignment properties.
/// </param>
public static RoleAssignment CreateById(this IRoleAssignmentsOperations operations, string roleAssignmentId, RoleAssignmentProperties properties = default(RoleAssignmentProperties))
{
return(Task.Factory.StartNew(s => ((IRoleAssignmentsOperations)s).CreateByIdAsync(roleAssignmentId, properties), operations, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default).Unwrap().GetAwaiter().GetResult());
}
/// <summary>
/// Creates a <see cref="RoleAssignment"/>.
/// </summary>
/// <param name="roleScope"> The scope of the role assignment to create. </param>
/// <param name="properties"> Properties for the role assignment. </param>
/// <param name="name">The name used to create the role assignment.</param>
/// <param name="cancellationToken"> The cancellation token to use. </param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="properties"/> is null.</exception>
public virtual async Task <Response <RoleAssignment> > CreateRoleAssignmentAsync(RoleAssignmentScope roleScope, RoleAssignmentProperties properties, Guid name = default, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}");
scope.Start();
try
{
var _name = name == default ? Guid.NewGuid().ToString() : name.ToString();
return(await _assignmentsRestClient.CreateAsync(VaultUri.AbsoluteUri, roleScope.ToString(), _name, properties, cancellationToken)
.ConfigureAwait(false));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Create role assignment by Id.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='roleAssignmentId'>
/// Role assignment Id
/// </param>
/// <param name='properties'>
/// Gets or sets role assignment properties.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <RoleAssignment> CreateByIdAsync(this IRoleAssignmentsOperations operations, string roleAssignmentId, RoleAssignmentProperties properties = default(RoleAssignmentProperties), CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.CreateByIdWithHttpMessagesAsync(roleAssignmentId, properties, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
/// <summary>
/// Creates a <see cref="RoleAssignment"/>.
/// </summary>
/// <param name="roleScope"> The scope of the role assignment to create. </param>
/// <param name="properties"> Properties for the role assignment. </param>
/// <param name="name">The Name used to create the role assignment.</param>
/// <param name="cancellationToken"> The cancellation token to use. </param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="properties"/> is null.</exception>
public virtual Response <RoleAssignment> CreateRoleAssignment(RoleAssignmentScope roleScope, RoleAssignmentProperties properties, Guid name = default, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}");
scope.Start();
try
{
var _name = name == default ? Guid.NewGuid().ToString() : name.ToString();
return(_assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
