public async Task <string> DeleteCustomRoleOnSubscription(string subscriptionId, string roleId)
{
var requestUrl = $"{Config.AzureResourceManagerUrl}/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/{roleId}?api-version={apiVersion}";
var response = await ArmHttpClient.Delete(requestUrl);
return(response);
}
public async Task <string> GetRoleByName(string subscriptionId, string resourceGroup, string roleName)
{
var requestUrl = $"{Config.AzureResourceManagerUrl}/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Authorization/roleDefinitions?api-version={apiVersion}&$filter=roleName%20eq%20'{roleName}'";
var response = await ArmHttpClient.Get(requestUrl);
return(response);
}
public static async Task <string> GetAuditLogs(string subscriptionId, string correlationId)
{
const string apiVersion = "2014-04-01";
var timestamp = DateTime.Now.Subtract(TimeSpan.FromDays(30)).ToString("yyyy-MM-ddT00:00:00Z");
var requestUrl = $"{Config.AzureResourceManagerUrl}/subscriptions/{subscriptionId}/providers/microsoft.insights/eventtypes/management/values?api-version={apiVersion}&$filter=eventTimestamp ge '{timestamp}' and correlationId eq '{correlationId}'";
var response = await ArmHttpClient.Get(requestUrl);
return(response);
}
public async Task <string> UpdateAscContributorRoleOnSubscription(string subscriptionId, dynamic role)
{
var roleId = role.name;
role.properties.assignableScopes.Add($"/subscriptions/{subscriptionId}");
var requestBody = role.ToString();
var requestUrl = $"{Config.AzureResourceManagerUrl}/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/{roleId}?api-version={apiVersion}";
var response = await ArmHttpClient.Put(requestUrl, requestBody);
return(response);
}
public async Task <string> GetRoleAssignmentsForAscContributor(string subscriptionId)
{
var ascContributorRole = await this.GetAscContributorRole(subscriptionId);
var requestUrl = $"{Config.AzureResourceManagerUrl}/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleAssignments?api-version={apiVersion}&filter=atScope()";
var response = await ArmHttpClient.Get(requestUrl);
dynamic roleAssignments = JObject.Parse(response);
var items = roleAssignments.value as IEnumerable <dynamic>;
var ascRoleAssignments = items.Where(x => x.properties.roleDefinitionId == ascContributorRole.id).ToList();
return(ascRoleAssignments.ToJArray().ToString());
}
public async Task <string> CreateAscContributorRoleOnResourceGroup(string subscriptionId, string resourceGroup)
{
var newRoleId = Guid.NewGuid().ToString();
var requestUrl = $"{Config.AzureResourceManagerUrl}/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Authorization/roleDefinitions/{newRoleId}?api-version={apiVersion}";// 2016-02-01";
// Modify the "assignableScopes" in the base template
var ascContributorJson = File.ReadAllText(HttpContext.Current.Server.MapPath("~/json/asc-contributor.json"));
dynamic role = JObject.Parse(ascContributorJson);
role.properties.assignableScopes = new JArray() as dynamic;
role.properties.assignableScopes.Add($"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}");
var requestBody = role.ToString();
var response = await ArmHttpClient.Put(requestUrl, requestBody);
return(response);
}
public async Task <string> GrantRoleOnResourceGroup(string subscriptionId, string resourceGroup, string roleId, string objectId)
{
var newRoleAssignmentId = Guid.NewGuid().ToString();
var requestUrl = $"{Config.AzureResourceManagerUrl}/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.authorization/roleassignments/{newRoleAssignmentId}?api-version={Config.ARMAuthorizationRoleAssignmentsAPIVersion}";
var requestBody = new
{
properties = new
{
roleDefinitionId = roleId,
principalId = objectId
}
};
var requestJson = JsonConvert.SerializeObject(requestBody);
var json = await ArmHttpClient.Put(requestUrl, requestJson);
return(json);
}
public async Task <string> DeletePolicyAssignment(string subscriptionId, string policyAssignmentName)
{
var requestUrl = $"{Config.AzureResourceManagerUrl}/subscriptions/{subscriptionId}/providers/Microsoft.authorization/policyassignments/{policyAssignmentName}?api-version={policyApiVersion}";
return(await ArmHttpClient.Delete(requestUrl));
}
public async Task <string> SavePolicy(string subscriptionId, string definitionName, object policy)
{
var requestUrl = $"{Config.AzureResourceManagerUrl}/subscriptions/{subscriptionId}/providers/Microsoft.authorization/policydefinitions/{definitionName}?api-version={policyApiVersion}";
return(await ArmHttpClient.Put(requestUrl, policy));
}
public async Task <string> GetPolicies(string subscriptionId)
{
var requestUrl = $"{Config.AzureResourceManagerUrl}/subscriptions/{subscriptionId}/providers/Microsoft.authorization/policydefinitions?api-version={policyApiVersion}";
return(await ArmHttpClient.Get(requestUrl));
}
