protected override void ProcessRecord()
{
base.ProcessRecord();
try
{
client?.Dispose();
int timeout = GetPreferredTimeout();
WriteDebug($"Cmdlet Timeout : {timeout} milliseconds.");
client = new KmsVaultClient(AuthProvider, new Oci.Common.ClientConfiguration
{
RetryConfiguration = retryConfig,
TimeoutMillis = timeout,
ClientUserAgent = PSUserAgent
});
string region = GetPreferredRegion();
if (region != null)
{
WriteDebug("Choosing Region:" + region);
client.SetRegion(region);
}
if (Endpoint != null)
{
WriteDebug("Choosing Endpoint:" + Endpoint);
client.SetEndpoint(Endpoint);
}
}
catch (Exception ex)
{
TerminatingErrorDuringExecution(ex);
}
}
private static async Task CancelVaultDeletion(KmsVaultClient kmsVaultClient, string vaultId)
{
logger.Info("Cancel Vault Deletion");
CancelVaultDeletionRequest cancelVaultDeletionRequest = new CancelVaultDeletionRequest
{
VaultId = vaultId
};
CancelVaultDeletionResponse cancelVaultDeletionResponse = await kmsVaultClient.CancelVaultDeletion(cancelVaultDeletionRequest);
logger.Info("Deletion cancelled successfully");
}
private static async Task <Vault> GetVault(KmsVaultClient kmsVaultClient, string vaultId)
{
logger.Info("Get Vault");
GetVaultRequest getVaultRequest = new GetVaultRequest
{
VaultId = vaultId
};
GetVaultResponse getVaultResponse = await kmsVaultClient.GetVault(getVaultRequest);
logger.Info($"Retrieved vault: {getVaultResponse.Vault.DisplayName}");
return(getVaultResponse.Vault);
}
private static async Task ListVaults(KmsVaultClient kmsVaultClient, string compartmentId)
{
logger.Info("List Vaults");
ListVaultsRequest listVaultsRequest = new ListVaultsRequest
{
CompartmentId = compartmentId
};
ListVaultsResponse listVaultsResponse = await kmsVaultClient.ListVaults(listVaultsRequest);
logger.Info("Retrieved vaults");
foreach (var response in listVaultsResponse.Items)
{
logger.Info($"Vault: {response.DisplayName}");
}
}
private static async Task ScheduleVaultDeletion(KmsVaultClient kmsVaultClient, string vaultId)
{
logger.Info("Schedule Vault Deletion");
ScheduleVaultDeletionDetails scheduleVaultDeletionDetails = new ScheduleVaultDeletionDetails
{
TimeOfDeletion = null
};
ScheduleVaultDeletionRequest scheduleVaultDeletionRequest = new ScheduleVaultDeletionRequest
{
ScheduleVaultDeletionDetails = scheduleVaultDeletionDetails,
VaultId = vaultId
};
ScheduleVaultDeletionResponse scheduleVaultDeletionResponse = await kmsVaultClient.ScheduleVaultDeletion(scheduleVaultDeletionRequest);
logger.Info("Deletion Scheduled Successfully");
}
private static async Task UpdateVaultResetTags(KmsVaultClient kmsVaultClient, string vaultId)
{
logger.Info($"Updating vault");
Dictionary <string, string> freeformTags = new Dictionary <string, string>();
UpdateVaultDetails updateVaultDetails = new UpdateVaultDetails
{
FreeformTags = freeformTags
};
UpdateVaultRequest updateVaultRequest = new UpdateVaultRequest
{
UpdateVaultDetails = updateVaultDetails,
VaultId = vaultId
};
UpdateVaultResponse updateVaultResponse = await kmsVaultClient.UpdateVault(updateVaultRequest);
logger.Info($"cleared tags for the Vault: {updateVaultResponse.Vault.ToString()}");
}
private static async Task UpdateVault(KmsVaultClient kmsVaultClient, string vaultId)
{
logger.Info($"Updating vault");
Dictionary <string, string> freeformTags = new Dictionary <string, string>()
{
{ "freeformkey1", "freeformvalue1" },
{ "freeformkey2", "freeformvalue2" }
};
UpdateVaultDetails updateVaultDetails = new UpdateVaultDetails
{
FreeformTags = freeformTags,
DisplayName = "updated-vault-display-name"
};
UpdateVaultRequest updateVaultRequest = new UpdateVaultRequest
{
UpdateVaultDetails = updateVaultDetails,
VaultId = vaultId
};
UpdateVaultResponse updateVaultResponse = await kmsVaultClient.UpdateVault(updateVaultRequest);
logger.Info($"added tags for the vault: {updateVaultResponse.Vault.ToString()}");
}
public static async Task MainKeyManagement()
{
logger.Info("Starting example");
var provider = new ConfigFileAuthenticationDetailsProvider("DEFAULT");
var compartmentId = Environment.GetEnvironmentVariable("OCI_COMPARTMENT_ID");
var vaultId = Environment.GetEnvironmentVariable("VAULT_ID");
KmsVaultClient kmsVaultClient = null;
KmsManagementClient kmsManagementClient = null;
KmsCryptoClient kmsCryptoClient = null;
try
{
// Initialize the KMS Clients. KMS has three clients as following:
// * KmsVaultClient: The client for Vault management
// * KmsManagementClient: The client for Key management (ControlPlane)
// * KmsCryptoClient: The client for data encryption and decryption (DataPlane)
kmsVaultClient = new KmsVaultClient(provider);
kmsManagementClient = new KmsManagementClient(provider);
kmsCryptoClient = new KmsCryptoClient(provider);
Vault vault = await GetVault(kmsVaultClient, vaultId);
// The ManagementClient and CryptoClient use Vault specific endpoints; Set them now.
kmsManagementClient.SetEndpoint(vault.ManagementEndpoint);
kmsCryptoClient.SetEndpoint(vault.CryptoEndpoint);
// Vault Operations
await UpdateVaultResetTags(kmsVaultClient, vault.Id);
await UpdateVault(kmsVaultClient, vault.Id);
await ListVaults(kmsVaultClient, compartmentId);
await ScheduleVaultDeletion(kmsVaultClient, vault.Id);
var waiterConfiguration = new WaiterConfiguration
{
MaxAttempts = 10,
GetNextDelayInSeconds = DelayStrategy.GetExponentialDelayInSeconds
};
// After scheduling deletion, the Vault will stay in SCHEDULING_DELETION state shortly and then
// transit to PENDING_DELETION state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for the deletion scheduling to finish");
GetVaultRequest getVaultRequest = new GetVaultRequest
{
VaultId = vault.Id
};
kmsVaultClient.Waiters.ForVault(getVaultRequest, waiterConfiguration, Vault.LifecycleStateEnum.PendingDeletion).Execute();
await CancelVaultDeletion(kmsVaultClient, vault.Id);
// After cancelling deletion, the Vault will stay in CANCELLING_DELETION state shortly and then
// transit to ACTIVE state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for the deletion cancelling to finish");
kmsVaultClient.Waiters.ForVault(getVaultRequest, waiterConfiguration, Vault.LifecycleStateEnum.Active).Execute();
// Management / Key Operations
string keyId = await CreateKey(kmsManagementClient, compartmentId);
// After creating a Key, the Key will stay in CREATING state shortly and then
// transit to ENABLED state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for Key creation to finish");
GetKeyRequest getKeyRequest = new GetKeyRequest
{
KeyId = keyId
};
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
await GetKey(kmsManagementClient, keyId);
await UpdateKeyResetTags(kmsManagementClient, keyId);
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
await UpdateKey(kmsManagementClient, keyId);
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
await ListKeys(kmsManagementClient, compartmentId);
await DisableKey(kmsManagementClient, keyId);
// After disabling a Key, the Key will stay in DISABLING state shortly and then
// transit to DISABLED state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for Key disabling to finish");
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Disabled).Execute();
await EnableKey(kmsManagementClient, keyId);
// After enabling a Key, the Key will stay in ENABLING state shortly and then
// transit to ENABLED state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for Key enabling to finish");
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
await ScheduleKeyDeletion(kmsManagementClient, keyId);
// After scheduling deletion, the Key will stay in SCHEDULING_DELETION state shortly and then
// transit to PENDING_DELETION state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for deletion scheduling to finish");
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.PendingDeletion).Execute();
await CancelKeyDeletion(kmsManagementClient, keyId);
// After cancelling deletion, the Key will stay in CANCELLING_DELETION state shortly and then
// transit to Enabled state. Wait a bit for the transition to happen.
logger.Info("Wait a bit for deletion cancelling to finish");
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
await CreateKeyVersion(kmsManagementClient, keyId);
await ListKeyVersions(kmsManagementClient, keyId);
// Crypto Operations
string cipherText = await Encrypt(kmsCryptoClient, keyId);
await Decrypt(kmsCryptoClient, keyId, cipherText);
await GenerateDataEncryptionKey(kmsCryptoClient, keyId);
kmsManagementClient.Waiters.ForKey(getKeyRequest, waiterConfiguration, Key.LifecycleStateEnum.Enabled).Execute();
}
catch (Exception e)
{
logger.Error($"Failed to perform operations on Vault: {e}");
}
finally
{
if (kmsVaultClient != null)
{
kmsVaultClient.Dispose();
}
if (kmsManagementClient != null)
{
kmsManagementClient.Dispose();
}
if (kmsCryptoClient != null)
{
kmsCryptoClient.Dispose();
}
}
logger.Info("End example");
}
