public async Task GetRoleDefinition() { var description = Recording.GenerateAlphaNumericId("role"); Guid name = Recording.Random.NewGuid(); CreateOrUpdateRoleDefinitionOptions options = new(KeyVaultRoleScope.Global, name) { Description = description, Permissions = { new() { DataActions = { KeyVaultDataAction.BackupHsmKeys, } } } }; KeyVaultRoleDefinition createdDefinition = await Client.CreateOrUpdateRoleDefinitionAsync(options); RegisterForCleanup(createdDefinition); KeyVaultRoleDefinition fetchedRoleDefinition = await Client.GetRoleDefinitionAsync(KeyVaultRoleScope.Global, name); Assert.That(fetchedRoleDefinition.AssignableScopes, Is.EqualTo(new[] { KeyVaultRoleScope.Global })); Assert.That(fetchedRoleDefinition.Description, Is.EqualTo(description)); Assert.That(fetchedRoleDefinition.Name, Is.EqualTo(name.ToString())); Assert.That(fetchedRoleDefinition.Permissions.First().DataActions, Is.EquivalentTo(options.Permissions[0].DataActions)); Assert.That(fetchedRoleDefinition.Type, Is.EqualTo(KeyVaultRoleDefinitionType.MicrosoftAuthorizationRoleDefinitions)); }
public async Task DeleteRoleDefinition() { var description = Recording.GenerateAlphaNumericId("role"); Guid name = Recording.Random.NewGuid(); CreateOrUpdateRoleDefinitionOptions options = new(KeyVaultRoleScope.Global, name) { Description = description, Permissions = { new() { DataActions = { KeyVaultDataAction.BackupHsmKeys, } } } }; KeyVaultRoleDefinition createdDefinition = await Client.CreateOrUpdateRoleDefinitionAsync(options); await Client.DeleteRoleDefinitionAsync(KeyVaultRoleScope.Global, name); List <KeyVaultRoleDefinition> results = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false); Assert.That(!results.Any(r => r.Name.ToString().Equals(name.ToString()))); }
public async Task CreateOrUpdateRoleDefinition() { var description = Recording.GenerateAlphaNumericId("role"); var name = Recording.Random.NewGuid(); var originalPermissions = new KeyVaultPermission(); originalPermissions.DataActions.Add(KeyVaultDataAction.BackupHsmKeys); KeyVaultRoleDefinition createdDefinition = await Client.CreateOrUpdateRoleDefinitionAsync(description, originalPermissions, KeyVaultRoleScope.Global, name); RegisterForCleanup(createdDefinition); Assert.That(createdDefinition.AssignableScopes, Is.EqualTo(new[] { KeyVaultRoleScope.Global })); Assert.That(createdDefinition.Description, Is.EqualTo(description)); Assert.That(createdDefinition.Name, Is.EqualTo(name.ToString())); Assert.That(createdDefinition.Permissions.First().DataActions, Is.EquivalentTo(originalPermissions.DataActions)); Assert.That(createdDefinition.Type, Is.EqualTo(KeyVaultRoleDefinitionType.MicrosoftAuthorizationRoleDefinitions)); var updatedpermissions = new KeyVaultPermission(); updatedpermissions.DataActions.Add(KeyVaultDataAction.CreateHsmKey); updatedpermissions.DataActions.Add(KeyVaultDataAction.DownloadHsmSecurityDomain); KeyVaultRoleDefinition updatedDefinition = await Client.CreateOrUpdateRoleDefinitionAsync(description, updatedpermissions, KeyVaultRoleScope.Global, name); Assert.That(updatedDefinition.AssignableScopes, Is.EqualTo(new[] { KeyVaultRoleScope.Global })); Assert.That(updatedDefinition.Description, Is.EqualTo(description)); Assert.That(updatedDefinition.Name, Is.EqualTo(name.ToString())); Assert.That(updatedDefinition.Permissions.First().DataActions, Is.EquivalentTo(updatedpermissions.DataActions)); Assert.That(updatedDefinition.Type, Is.EqualTo(KeyVaultRoleDefinitionType.MicrosoftAuthorizationRoleDefinitions)); }
public async Task DeleteRoleAssignment() { List <KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false); KeyVaultRoleDefinition definitionToAssign = definitions.First(d => d.RoleName.Contains(RoleName)); Guid roleAssignmentName = Recording.Random.NewGuid(); KeyVaultRoleAssignment assignment = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, roleAssignmentName).ConfigureAwait(false); await Client.DeleteRoleAssignmentAsync(KeyVaultRoleScope.Global, assignment.Name).ConfigureAwait(false); }
public PSKeyVaultRoleDefinition(KeyVaultRoleDefinition roleDefinition) { Id = roleDefinition.Id; Name = roleDefinition.Name; Type = roleDefinition.Type; RoleName = roleDefinition.RoleName; Description = roleDefinition.Description; RoleType = roleDefinition.RoleType; AssignableScopes = roleDefinition.AssignableScopes.ToArray(); Permissions = roleDefinition.Permissions.Select(permission => new PSKeyVaultPermission(permission)).ToArray(); }
public async Task CreateRoleAssignment() { List <KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false); KeyVaultRoleDefinition definitionToAssign = definitions.First(d => d.RoleName.Contains(RoleName)); Guid roleAssignmentName = Recording.Random.NewGuid(); KeyVaultRoleAssignment result = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, roleAssignmentName).ConfigureAwait(false); RegisterForCleanup(result); Assert.That(result.Id, Is.Not.Null); Assert.That(result.Name, Is.Not.Null); Assert.That(result.Type, Is.Not.Null); Assert.That(result.Properties.PrincipalId, Is.EqualTo(TestEnvironment.ClientObjectId)); Assert.That(result.Properties.RoleDefinitionId, Is.EqualTo(definitionToAssign.Id)); }