Azure.ResourceManager.Authorization を使えばできた。
リソースの共同作成者を割り当ててみたサンプル。
using Azure; using Azure.Core; using Azure.Identity; using Azure.ResourceManager; using Azure.ResourceManager.Authorization; using Azure.ResourceManager.Authorization.Models; using Azure.ResourceManager.Sql; var armClient = new ArmClient(new DefaultAzureCredential()); var sqlServerResourceId = SqlServerResource.CreateResourceIdentifier( subscriptionId: "your subscription id", resourceGroupName: "your resource group name", serverName: "your server name"); var servicePrincipalId = new Guid("your service principal id"); await AssignContributorRoleAsync( armClient: armClient, resourceIdentifier: sqlServerResourceId, principalId: servicePrincipalId); async static ValueTask AssignContributorRoleAsync(ArmClient armClient, ResourceIdentifier resourceIdentifier, Guid principalId) { // 「共同作成者」のロール ID const string ContributorRoleId = "b24988ac-6180-42a0-ab88-20f7382dd24c"; await AssignRoleAsync( armClient: armClient, principalId: principalId, roleAssignmentName: ContributorRoleId, scope: resourceIdentifier.ToString()); } async static ValueTask<RoleAssignmentResource> AssignRoleAsync(ArmClient armClient, Guid principalId, string roleAssignmentName, string scope) { var roleAssignmentResourceId = RoleAssignmentResource.CreateResourceIdentifier( scope: scope, roleAssignmentName: roleAssignmentName); var roleAssignmentResource = armClient.GetRoleAssignmentResource(roleAssignmentResourceId); var content = new RoleAssignmentCreateOrUpdateContent( roleDefinitionId: roleAssignmentResource.Id, principalId: principalId) { PrincipalType = RoleManagementPrincipalType.ServicePrincipal, }; var armOperation = await roleAssignmentResource.UpdateAsync( waitUntil: WaitUntil.Completed, content: content); var response = await armOperation.WaitForCompletionAsync(); return response.Value; }
