Пример #1
0
        /// <summary>
        /// Ensures the group Exists
        /// </summary>
        /// <param name="groupName"></param>
        private async Task <string> EnsureAzureADGroupExists(string groupName)
        {
            string groupId;

            var client = RestClient
                         .Configure()
                         .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
                         .WithLogLevel(HttpLoggingDelegatingHandler.Level.None)
                         .WithCredentials(_authenticationHelper.GetAzureCrendentials())
                         .Build();

            GraphRbacManager graphRbacManager = new GraphRbacManager(client, _appSettings.TenantId);

            IActiveDirectoryGroup group = await graphRbacManager.Groups.GetByNameAsync(groupName);

            if (group == null)
            {
                GroupCreateParameters parameters = new GroupCreateParameters()
                {
                    DisplayName = groupName, MailNickname = groupName
                };

                ADGroupInner groupInner = await graphRbacManager.Groups.Inner.CreateAsync(parameters);

                groupId = groupInner.ObjectId;
            }
            else
            {
                groupId = group.Id;
            }

            return(groupId);
        }
Пример #2
0
        /// <summary>
        /// Assign the role if it does not exists
        /// </summary>
        /// <param name="resourceGroupId"></param>
        /// <param name="roleId"></param>
        /// <param name="principalId"></param>
        /// <returns></returns>

        public async Task AssignRoles(string resourceGroupId, string roleId, string principalId)
        {
            var authenticated = Azure
                                .Configure()
                                .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
                                .Authenticate(_authenticationHelper.GetAzureCrendentials()).WithSubscription(_appSettings.Subscriptionid);

            string roleDefinitionId = $"/subscriptions/{_appSettings.Subscriptionid}/providers/Microsoft.Authorization/roleDefinitions/{roleId}";

            var roleAssignments = await authenticated.AccessManagement.RoleAssignments.ListByScopeAsync(resourceGroupId);

            if (roleAssignments != null)
            {
                var roleAssignmentsList = roleAssignments.ToList();

                var existingAssignment = roleAssignmentsList.Where(x => (x.PrincipalId.Equals(principalId) && x.RoleDefinitionId.Equals(roleDefinitionId))).FirstOrDefault();

                if (existingAssignment is default(IRoleAssignment))
                {
                    await authenticated.AccessManagement.RoleAssignments
                    .Define(SdkContext.RandomGuid())
                    .ForObjectId(principalId)
                    .WithRoleDefinition(roleDefinitionId)
                    .WithScope(resourceGroupId)
                    .CreateAsync();
                }
            }
        }