private object DeployStorageAccessPoliciesAsync(OperationRunner context) { AzureClient client = new AzureClient(WizardContext.TokenProvider); client.SetLogger(context.Logger); // Create shared access signatures StorageAccountResource result = client.GetResourceAsync <StorageAccountResource>( DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id, DataModel.InstallationConfiguration.Azure.ResourceGroupName, "Microsoft.Storage", null, "storageAccounts", DataModel.InstallationConfiguration.Azure.StorageAccount.StorageAccountName, "2019-04-01").Result; if (result == null) { throw new Exception("Could not acquire storage account!"); } ListKeysResponse accessKeys = client.InvokeResourceAction2Async <ListKeysResponse>( result.Id, "listkeys", string.Empty, "2019-04-01").Result; if (accessKeys == null || accessKeys.Keys.Count() == 0) { throw new Exception("Could not acquire storage account access key!"); } NetworkCredential accessKey = new NetworkCredential(string.Empty, accessKeys.Keys[0].Value); DataModel.InstallationConfiguration.Azure.StorageAccount.FullAccessPolicyId = Convert.ToBase64String( Encoding.UTF8.GetBytes( Guid.NewGuid().ToString())); DataModel.InstallationConfiguration.Azure.StorageAccount.ReadAccessPolicyId = Convert.ToBase64String( Encoding.UTF8.GetBytes( Guid.NewGuid().ToString())); string accessPolicy = client.CreateBlobStoredAccessPolicyAsync( DataModel.InstallationConfiguration.Azure.StorageAccount.StorageAccountName, StorageAccountConfiguration.RecordingsContainerName, new SignedIdentifiers() { SignedIdentifier = new SignedIdentifier[] { new SignedIdentifier() { Id = DataModel.InstallationConfiguration.Azure.StorageAccount.FullAccessPolicyId, AccessPolicy = new AccessPolicy() { Start = DateTime.UtcNow.ToString("o"), Expiry = DateTime.UtcNow.AddYears(1).ToString("o"), Permission = "rwd", }, }, new SignedIdentifier() { Id = DataModel.InstallationConfiguration.Azure.StorageAccount.ReadAccessPolicyId, AccessPolicy = new AccessPolicy() { Start = DateTime.UtcNow.ToString("o"), Expiry = DateTime.UtcNow.AddYears(1).ToString("o"), Permission = "r", }, }, }, }).Result; if (accessPolicy == null) { throw new Exception("Could not create stored access policies on Azure Blob container!"); } string fullSharedAccessSignature = client.CreateSharedAccessSignature( DataModel.InstallationConfiguration.Azure.StorageAccount.StorageAccountName, StorageAccountConfiguration.RecordingsContainerName, accessKey, DataModel.InstallationConfiguration.Azure.StorageAccount.FullAccessPolicyId, new SharedAccessBlobPolicy()); if (fullSharedAccessSignature.StartsWith("?")) { fullSharedAccessSignature = fullSharedAccessSignature.Substring(1); } AzureKeyVaultSecret fullAccessSecret = client.UpdateKeyVaultSecretAsync( DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName, DataModel.InstallationConfiguration.Azure.KeyVault.StorageAccessKeySecretName, new NetworkCredential("full", fullSharedAccessSignature)).Result; string readSharedAccessSignature = client.CreateSharedAccessSignature( DataModel.InstallationConfiguration.Azure.StorageAccount.StorageAccountName, StorageAccountConfiguration.RecordingsContainerName, accessKey, DataModel.InstallationConfiguration.Azure.StorageAccount.ReadAccessPolicyId, new SharedAccessBlobPolicy()); if (readSharedAccessSignature.StartsWith("?")) { readSharedAccessSignature = readSharedAccessSignature.Substring(1); } AzureKeyVaultSecret readAccessSecret = client.UpdateKeyVaultSecretAsync( DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName, DataModel.InstallationConfiguration.Azure.KeyVault.StorageReadAccessKeySecretName, new NetworkCredential("read", readSharedAccessSignature)).Result; return(null); }