/// <summary> /// Ensures the role assignment. /// </summary> /// <param name="serverPrincipal">The server principal.</param> /// <param name="storageAccountSubscriptionId">The storage account subscription identifier.</param> /// <param name="storageAccountResourceId">The storage account resource identifier.</param> /// <returns>RoleAssignment.</returns> public RoleAssignment EnsureRoleAssignment(MicrosoftGraphServicePrincipal serverPrincipal, string storageAccountSubscriptionId, string storageAccountResourceId) { string currentSubscriptionId = AuthorizationManagementClient.SubscriptionId; bool hasMismatchSubscription = currentSubscriptionId != storageAccountSubscriptionId; try { if (hasMismatchSubscription) { AuthorizationManagementClient.SubscriptionId = storageAccountSubscriptionId; } var resourceIdentifier = new ResourceIdentifier(storageAccountResourceId); string roleDefinitionScope = "/"; RoleDefinition roleDefinition = AuthorizationManagementClient.RoleDefinitions.Get(roleDefinitionScope, BuiltInRoleDefinitionId); var serverPrincipalId = serverPrincipal.Id.ToString(); var roleAssignments = AuthorizationManagementClient.RoleAssignments .ListForResource( resourceIdentifier.ResourceGroupName, ResourceIdentifier.GetProviderFromResourceType(resourceIdentifier.ResourceType), resourceIdentifier.ParentResource ?? "/", ResourceIdentifier.GetTypeFromResourceType(resourceIdentifier.ResourceType), resourceIdentifier.ResourceName, odataQuery: new ODataQuery <RoleAssignmentFilter>(f => f.AssignedTo(serverPrincipalId))); var roleAssignmentScope = storageAccountResourceId; Guid roleAssignmentId = StorageSyncResourceManager.GetGuid(); RoleAssignment roleAssignment = roleAssignments.FirstOrDefault(); if (roleAssignment == null) { VerboseLogger.Invoke(StorageSyncResources.CreateRoleAssignmentMessage); var createParameters = new RoleAssignmentCreateParameters { Properties = new RoleAssignmentProperties { PrincipalId = serverPrincipalId, RoleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(resourceIdentifier.Subscription, BuiltInRoleDefinitionId) } }; roleAssignment = AuthorizationManagementClient.RoleAssignments.Create(roleAssignmentScope, roleAssignmentId.ToString(), createParameters); StorageSyncResourceManager.Wait(); } return(roleAssignment); } finally { if (hasMismatchSubscription) { AuthorizationManagementClient.SubscriptionId = currentSubscriptionId; } } }
protected bool ValidateAndExtractName(string resourceId, out string resourceGroupName, out string resourceName) { ResourceIdentifier resourceIdentifier = new ResourceIdentifier(resourceId); // validate the resource provider type if (string.Equals(ResourceProviderName, ResourceIdentifier.GetProviderFromResourceType(resourceIdentifier.ResourceType), System.StringComparison.InvariantCultureIgnoreCase) && string.Equals(ResourceTypeName, ResourceIdentifier.GetTypeFromResourceType(resourceIdentifier.ResourceType), System.StringComparison.InvariantCultureIgnoreCase)) { resourceGroupName = resourceIdentifier.ResourceGroupName; resourceName = resourceIdentifier.ResourceName; return(true); } resourceGroupName = null; resourceName = null; return(false); }