/// <summary>
        /// Creates or updates a role definition.
        /// </summary>
        /// <param name="roleDefinitionDescription">The description for the role definition.</param>
        /// <param name="permissions">The permissions granted by the role definition when assigned to a principal.</param>
        /// <param name="roleScope">The scope of the <see cref="KeyVaultRoleDefinition"/> to create. The default value is <see cref="KeyVaultRoleScope.Global"/>.</param>
        /// <param name="roleDefinitionName">Optional name used to create the role definition. A new <see cref="Guid"/> will be generated if not specified.</param>
        /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
        /// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns>
        public virtual Response <KeyVaultRoleDefinition> CreateOrUpdateRoleDefinition(string roleDefinitionDescription, KeyVaultPermission permissions, KeyVaultRoleScope roleScope = default, Guid?roleDefinitionName = null, CancellationToken cancellationToken = default)
        {
            using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateOrUpdateRoleDefinition)}");
            scope.Start();
            try
            {
                var name       = (roleDefinitionName ?? Guid.NewGuid()).ToString();
                var properties = new RoleDefinitionProperties()
                {
                    Description = roleDefinitionDescription,
                    RoleName    = name,
                    RoleType    = KeyVaultRoleType.CustomRole
                };
                properties.AssignableScopes.Add(roleScope);
                properties.Permissions.Add(permissions);

                var parameters = new RoleDefinitionCreateParameters(properties);

                return(_definitionsRestClient.CreateOrUpdate(
                           vaultBaseUrl: VaultUri.AbsoluteUri,
                           scope: roleScope == default ? roleScope.ToString() : KeyVaultRoleScope.Global.ToString(),
                           roleDefinitionName: name,
                           parameters: parameters,
                           cancellationToken: cancellationToken));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }
예제 #2
0
        internal static KeyVaultRoleDefinition DeserializeKeyVaultRoleDefinition(JsonElement element)
        {
            Optional <string> id          = default;
            Optional <string> name        = default;
            Optional <string> type        = default;
            Optional <string> roleName    = default;
            Optional <string> description = default;
            Optional <string> type0       = default;
            Optional <IList <KeyVaultPermission> > permissions      = default;
            Optional <IList <string> >             assignableScopes = default;

            foreach (var property in element.EnumerateObject())
            {
                if (property.NameEquals("id"))
                {
                    id = property.Value.GetString();
                    continue;
                }
                if (property.NameEquals("name"))
                {
                    name = property.Value.GetString();
                    continue;
                }
                if (property.NameEquals("type"))
                {
                    type = property.Value.GetString();
                    continue;
                }
                if (property.NameEquals("properties"))
                {
                    if (property.Value.ValueKind == JsonValueKind.Null)
                    {
                        property.ThrowNonNullablePropertyIsNull();
                        continue;
                    }
                    foreach (var property0 in property.Value.EnumerateObject())
                    {
                        if (property0.NameEquals("roleName"))
                        {
                            roleName = property0.Value.GetString();
                            continue;
                        }
                        if (property0.NameEquals("description"))
                        {
                            description = property0.Value.GetString();
                            continue;
                        }
                        if (property0.NameEquals("type"))
                        {
                            type0 = property0.Value.GetString();
                            continue;
                        }
                        if (property0.NameEquals("permissions"))
                        {
                            if (property0.Value.ValueKind == JsonValueKind.Null)
                            {
                                property0.ThrowNonNullablePropertyIsNull();
                                continue;
                            }
                            List <KeyVaultPermission> array = new List <KeyVaultPermission>();
                            foreach (var item in property0.Value.EnumerateArray())
                            {
                                array.Add(KeyVaultPermission.DeserializeKeyVaultPermission(item));
                            }
                            permissions = array;
                            continue;
                        }
                        if (property0.NameEquals("assignableScopes"))
                        {
                            if (property0.Value.ValueKind == JsonValueKind.Null)
                            {
                                property0.ThrowNonNullablePropertyIsNull();
                                continue;
                            }
                            List <string> array = new List <string>();
                            foreach (var item in property0.Value.EnumerateArray())
                            {
                                array.Add(item.GetString());
                            }
                            assignableScopes = array;
                            continue;
                        }
                    }
                    continue;
                }
            }
            return(new KeyVaultRoleDefinition(id.Value, name.Value, type.Value, roleName.Value, description.Value, type0.Value, Optional.ToList(permissions), Optional.ToList(assignableScopes)));
        }