/// <summary>
/// Creates or updates a role definition.
/// </summary>
/// <param name="roleDefinitionDescription">The description for the role definition.</param>
/// <param name="permissions">The permissions granted by the role definition when assigned to a principal.</param>
/// <param name="roleScope">The scope of the <see cref="KeyVaultRoleDefinition"/> to create. The default value is <see cref="KeyVaultRoleScope.Global"/>.</param>
/// <param name="roleDefinitionName">Optional name used to create the role definition. A new <see cref="Guid"/> will be generated if not specified.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns>
public virtual Response <KeyVaultRoleDefinition> CreateOrUpdateRoleDefinition(string roleDefinitionDescription, KeyVaultPermission permissions, KeyVaultRoleScope roleScope = default, Guid?roleDefinitionName = null, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateOrUpdateRoleDefinition)}");
scope.Start();
try
{
var name = (roleDefinitionName ?? Guid.NewGuid()).ToString();
var properties = new RoleDefinitionProperties()
{
Description = roleDefinitionDescription,
RoleName = name,
RoleType = KeyVaultRoleType.CustomRole
};
properties.AssignableScopes.Add(roleScope);
properties.Permissions.Add(permissions);
var parameters = new RoleDefinitionCreateParameters(properties);
return(_definitionsRestClient.CreateOrUpdate(
vaultBaseUrl: VaultUri.AbsoluteUri,
scope: roleScope == default ? roleScope.ToString() : KeyVaultRoleScope.Global.ToString(),
roleDefinitionName: name,
parameters: parameters,
cancellationToken: cancellationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Get role definition by name (GUID).
/// </summary>
/// <param name='roleDefinitionName'>
/// Required. Role definition name (GUID).
/// </param>
/// <param name='cancellationToken'>
/// Cancellation token.
/// </param>
/// <returns>
/// Role definition get operation result.
/// </returns>
public async Task <RoleDefinitionGetResult> GetAsync(Guid roleDefinitionName, CancellationToken cancellationToken)
{
// Validate
// Tracing
bool shouldTrace = CloudContext.Configuration.Tracing.IsEnabled;
string invocationId = null;
if (shouldTrace)
{
invocationId = Tracing.NextInvocationId.ToString();
Dictionary <string, object> tracingParameters = new Dictionary <string, object>();
tracingParameters.Add("roleDefinitionName", roleDefinitionName);
Tracing.Enter(invocationId, this, "GetAsync", tracingParameters);
}
// Construct URL
string url = "/subscriptions/" + (this.Client.Credentials.SubscriptionId != null ? this.Client.Credentials.SubscriptionId.Trim() : "") + "/providers/Microsoft.Authorization/roleDefinitions/" + roleDefinitionName + "?";
url = url + "api-version=2014-07-01-preview";
string baseUrl = this.Client.BaseUri.AbsoluteUri;
// Trim '/' character from the end of baseUrl and beginning of url.
if (baseUrl[baseUrl.Length - 1] == '/')
{
baseUrl = baseUrl.Substring(0, baseUrl.Length - 1);
}
if (url[0] == '/')
{
url = url.Substring(1);
}
url = baseUrl + "/" + url;
url = url.Replace(" ", "%20");
// Create HTTP transport objects
HttpRequestMessage httpRequest = null;
try
{
httpRequest = new HttpRequestMessage();
httpRequest.Method = HttpMethod.Get;
httpRequest.RequestUri = new Uri(url);
// Set Headers
httpRequest.Headers.Add("x-ms-version", "2014-07-01-preview");
// Set Credentials
cancellationToken.ThrowIfCancellationRequested();
await this.Client.Credentials.ProcessHttpRequestAsync(httpRequest, cancellationToken).ConfigureAwait(false);
// Send Request
HttpResponseMessage httpResponse = null;
try
{
if (shouldTrace)
{
Tracing.SendRequest(invocationId, httpRequest);
}
cancellationToken.ThrowIfCancellationRequested();
httpResponse = await this.Client.HttpClient.SendAsync(httpRequest, cancellationToken).ConfigureAwait(false);
if (shouldTrace)
{
Tracing.ReceiveResponse(invocationId, httpResponse);
}
HttpStatusCode statusCode = httpResponse.StatusCode;
if (statusCode != HttpStatusCode.OK)
{
cancellationToken.ThrowIfCancellationRequested();
CloudException ex = CloudException.Create(httpRequest, null, httpResponse, await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false));
if (shouldTrace)
{
Tracing.Error(invocationId, ex);
}
throw ex;
}
// Create Result
RoleDefinitionGetResult result = null;
// Deserialize Response
cancellationToken.ThrowIfCancellationRequested();
string responseContent = await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
result = new RoleDefinitionGetResult();
JToken responseDoc = null;
if (string.IsNullOrEmpty(responseContent) == false)
{
responseDoc = JToken.Parse(responseContent);
}
if (responseDoc != null && responseDoc.Type != JTokenType.Null)
{
RoleDefinition roleDefinitionInstance = new RoleDefinition();
result.RoleDefinition = roleDefinitionInstance;
JToken idValue = responseDoc["id"];
if (idValue != null && idValue.Type != JTokenType.Null)
{
string idInstance = ((string)idValue);
roleDefinitionInstance.Id = idInstance;
}
JToken nameValue = responseDoc["name"];
if (nameValue != null && nameValue.Type != JTokenType.Null)
{
Guid nameInstance = Guid.Parse(((string)nameValue));
roleDefinitionInstance.Name = nameInstance;
}
JToken typeValue = responseDoc["type"];
if (typeValue != null && typeValue.Type != JTokenType.Null)
{
string typeInstance = ((string)typeValue);
roleDefinitionInstance.Type = typeInstance;
}
JToken propertiesValue = responseDoc["properties"];
if (propertiesValue != null && propertiesValue.Type != JTokenType.Null)
{
RoleDefinitionProperties propertiesInstance = new RoleDefinitionProperties();
roleDefinitionInstance.Properties = propertiesInstance;
JToken roleNameValue = propertiesValue["roleName"];
if (roleNameValue != null && roleNameValue.Type != JTokenType.Null)
{
string roleNameInstance = ((string)roleNameValue);
propertiesInstance.RoleName = roleNameInstance;
}
JToken descriptionValue = propertiesValue["description"];
if (descriptionValue != null && descriptionValue.Type != JTokenType.Null)
{
string descriptionInstance = ((string)descriptionValue);
propertiesInstance.Description = descriptionInstance;
}
JToken scopeValue = propertiesValue["scope"];
if (scopeValue != null && scopeValue.Type != JTokenType.Null)
{
string scopeInstance = ((string)scopeValue);
propertiesInstance.Scope = scopeInstance;
}
JToken typeValue2 = propertiesValue["type"];
if (typeValue2 != null && typeValue2.Type != JTokenType.Null)
{
string typeInstance2 = ((string)typeValue2);
propertiesInstance.Type = typeInstance2;
}
JToken permissionsArray = propertiesValue["permissions"];
if (permissionsArray != null && permissionsArray.Type != JTokenType.Null)
{
foreach (JToken permissionsValue in ((JArray)permissionsArray))
{
Permission permissionInstance = new Permission();
propertiesInstance.Permissions.Add(permissionInstance);
JToken actionsArray = permissionsValue["actions"];
if (actionsArray != null && actionsArray.Type != JTokenType.Null)
{
foreach (JToken actionsValue in ((JArray)actionsArray))
{
permissionInstance.Actions.Add(((string)actionsValue));
}
}
JToken notActionsArray = permissionsValue["notActions"];
if (notActionsArray != null && notActionsArray.Type != JTokenType.Null)
{
foreach (JToken notActionsValue in ((JArray)notActionsArray))
{
permissionInstance.NotActions.Add(((string)notActionsValue));
}
}
}
}
}
}
result.StatusCode = statusCode;
if (httpResponse.Headers.Contains("x-ms-request-id"))
{
result.RequestId = httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault();
}
if (shouldTrace)
{
Tracing.Exit(invocationId, result);
}
return(result);
}
finally
{
if (httpResponse != null)
{
httpResponse.Dispose();
}
}
}
finally
{
if (httpRequest != null)
{
httpRequest.Dispose();
}
}
}
