private object SetKeyVaultAccessPoliciesAsync(OperationRunner context)
{
AzureClient client = new AzureClient(WizardContext.TokenProvider);
client.SetLogger(context.Logger);
// TODO: Make sure we get signed in users information
Dispatcher.Invoke(new Action(() =>
{
WizardContext.TokenProvider.GetAccessTokenAsync(AzureClient.KeyVaultAudience, Application.Current.MainWindow).Wait();
}));
// Deploying user
CreateKeyVaultAccessPolicyResponse result = client.CreateKeyVaultAccessPolicyAsync(
DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id,
DataModel.InstallationConfiguration.Azure.ResourceGroupName,
DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName,
new CreateKeyVaultAccessPolicyRequest()
{
Properties = new CreateKeyVaultAccessPolicyRequestProperties()
{
AccessPolicies = new KeyVaultAccessPolicy[]
{
new KeyVaultAccessPolicy()
{
ObjectId = WizardContext.TokenProvider.GetUserId(),
TenantId = WizardContext.TokenProvider.GetTenantId(),
Permissions = new KeyVaultAccessPolicyPermissions()
{
Secrets = new string[] { "Get", "List", "Set", "Delete", "Backup", "Restore", "Recover", "Purge" },
Keys = new string[] { "Decrypt", "Encrypt", "UnwrapKey", "WrapKey", "Verify", "Sign", "Get", "List", "Update", "Create", "Import", "Delete", "Backup", "Restore", "Recover", "Purge" },
Certificates = new string[] { "Get", "List", "Delete", "Create", "Import", "Update", "Managecontacts", "Getissuers", "Listissuers", "Setissuers", "Deleteissuers", "Manageissuers", "Recover", "Backup", "Restore", "Purge" },
},
},
},
},
}).Result;
if (result == null)
{
throw new Exception("Could not create access policy for user!");
}
// Function app
AzureIdentityResourceBase functionApp = client.GetResourceIdentityBaseAsync(
DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id,
DataModel.InstallationConfiguration.Azure.ResourceGroupName,
"Microsoft.Web",
null,
"sites",
DataModel.InstallationConfiguration.Azure.FunctionApp.AppName,
"2018-11-01").Result;
if (functionApp == null)
{
throw new Exception("Could not get function app resource!");
}
result = client.CreateKeyVaultAccessPolicyAsync(
DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id,
DataModel.InstallationConfiguration.Azure.ResourceGroupName,
DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName,
new CreateKeyVaultAccessPolicyRequest()
{
Properties = new CreateKeyVaultAccessPolicyRequestProperties()
{
AccessPolicies = new KeyVaultAccessPolicy[]
{
new KeyVaultAccessPolicy()
{
ObjectId = functionApp.Identity.PrincipalId,
TenantId = WizardContext.TokenProvider.GetTenantId(),
Permissions = new KeyVaultAccessPolicyPermissions()
{
Secrets = new string[] { "Get" },
},
},
},
},
}).Result;
if (result == null)
{
throw new Exception("Could not create access policy for function app!");
}
// Process workflow
AzureIdentityResourceBase processWorkflow = client.GetResourceIdentityBaseAsync(
DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id,
DataModel.InstallationConfiguration.Azure.ResourceGroupName,
"Microsoft.Logic",
null,
"workflows",
DataModel.InstallationConfiguration.Azure.LogicApps.ProcessWorkflowName).Result;
if (processWorkflow == null)
{
throw new Exception("Could not get process logic app resource!");
}
result = client.CreateKeyVaultAccessPolicyAsync(
DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id,
DataModel.InstallationConfiguration.Azure.ResourceGroupName,
DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName,
new CreateKeyVaultAccessPolicyRequest()
{
Properties = new CreateKeyVaultAccessPolicyRequestProperties()
{
AccessPolicies = new KeyVaultAccessPolicy[]
{
new KeyVaultAccessPolicy()
{
ObjectId = processWorkflow.Identity.PrincipalId,
TenantId = WizardContext.TokenProvider.GetTenantId(),
Permissions = new KeyVaultAccessPolicyPermissions()
{
Secrets = new string[] { "Get" },
},
},
},
},
}).Result;
if (processWorkflow == null)
{
throw new Exception("Could not create access policy for process logic app!");
}
// Request workflow
AzureIdentityResourceBase requestWorkflow = client.GetResourceIdentityBaseAsync(
DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id,
DataModel.InstallationConfiguration.Azure.ResourceGroupName,
"Microsoft.Logic",
null,
"workflows",
DataModel.InstallationConfiguration.Azure.LogicApps.RequestWorkflowName).Result;
if (requestWorkflow == null)
{
throw new Exception("Could not get request logic app resource!");
}
return(client.CreateKeyVaultAccessPolicyAsync(
DataModel.InstallationConfiguration.Azure.SelectedSubscription.Id,
DataModel.InstallationConfiguration.Azure.ResourceGroupName,
DataModel.InstallationConfiguration.Azure.KeyVault.KeyVaultName,
new CreateKeyVaultAccessPolicyRequest()
{
Properties = new CreateKeyVaultAccessPolicyRequestProperties()
{
AccessPolicies = new KeyVaultAccessPolicy[]
{
new KeyVaultAccessPolicy()
{
ObjectId = requestWorkflow.Identity.PrincipalId,
TenantId = WizardContext.TokenProvider.GetTenantId(),
Permissions = new KeyVaultAccessPolicyPermissions()
{
Secrets = new string[] { "Get" },
},
},
},
},
}).Result);
}
