/// <summary>
/// Creates or updates a role definition.
/// </summary>
/// <param name="roleDefinitionDescription">The description for the role definition.</param>
/// <param name="permissions">The permissions granted by the role definition when assigned to a principal.</param>
/// <param name="roleScope">The scope of the <see cref="KeyVaultRoleDefinition"/> to create. The default value is <see cref="KeyVaultRoleScope.Global"/>.</param>
/// <param name="roleDefinitionName">Optional name used to create the role definition. A new <see cref="Guid"/> will be generated if not specified.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns>
public virtual Response <KeyVaultRoleDefinition> CreateOrUpdateRoleDefinition(string roleDefinitionDescription, KeyVaultPermission permissions, KeyVaultRoleScope roleScope = default, Guid?roleDefinitionName = null, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateOrUpdateRoleDefinition)}");
scope.Start();
try
{
var name = (roleDefinitionName ?? Guid.NewGuid()).ToString();
var properties = new RoleDefinitionProperties()
{
Description = roleDefinitionDescription,
RoleName = name,
RoleType = KeyVaultRoleType.CustomRole
};
properties.AssignableScopes.Add(roleScope);
properties.Permissions.Add(permissions);
var parameters = new RoleDefinitionCreateParameters(properties);
return(_definitionsRestClient.CreateOrUpdate(
vaultBaseUrl: VaultUri.AbsoluteUri,
scope: roleScope == default ? roleScope.ToString() : KeyVaultRoleScope.Global.ToString(),
roleDefinitionName: name,
parameters: parameters,
cancellationToken: cancellationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
internal static KeyVaultRoleDefinition DeserializeKeyVaultRoleDefinition(JsonElement element)
{
Optional <string> id = default;
Optional <string> name = default;
Optional <string> type = default;
Optional <string> roleName = default;
Optional <string> description = default;
Optional <string> type0 = default;
Optional <IList <KeyVaultPermission> > permissions = default;
Optional <IList <string> > assignableScopes = default;
foreach (var property in element.EnumerateObject())
{
if (property.NameEquals("id"))
{
id = property.Value.GetString();
continue;
}
if (property.NameEquals("name"))
{
name = property.Value.GetString();
continue;
}
if (property.NameEquals("type"))
{
type = property.Value.GetString();
continue;
}
if (property.NameEquals("properties"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
foreach (var property0 in property.Value.EnumerateObject())
{
if (property0.NameEquals("roleName"))
{
roleName = property0.Value.GetString();
continue;
}
if (property0.NameEquals("description"))
{
description = property0.Value.GetString();
continue;
}
if (property0.NameEquals("type"))
{
type0 = property0.Value.GetString();
continue;
}
if (property0.NameEquals("permissions"))
{
if (property0.Value.ValueKind == JsonValueKind.Null)
{
property0.ThrowNonNullablePropertyIsNull();
continue;
}
List <KeyVaultPermission> array = new List <KeyVaultPermission>();
foreach (var item in property0.Value.EnumerateArray())
{
array.Add(KeyVaultPermission.DeserializeKeyVaultPermission(item));
}
permissions = array;
continue;
}
if (property0.NameEquals("assignableScopes"))
{
if (property0.Value.ValueKind == JsonValueKind.Null)
{
property0.ThrowNonNullablePropertyIsNull();
continue;
}
List <string> array = new List <string>();
foreach (var item in property0.Value.EnumerateArray())
{
array.Add(item.GetString());
}
assignableScopes = array;
continue;
}
}
continue;
}
}
return(new KeyVaultRoleDefinition(id.Value, name.Value, type.Value, roleName.Value, description.Value, type0.Value, Optional.ToList(permissions), Optional.ToList(assignableScopes)));
}
