public void GlacierGetVaultAccessPolicy()
{
#region to--get-the-access-policy-set-on-the-vault-1481936004590
var response = client.GetVaultAccessPolicy(new GetVaultAccessPolicyRequest
{
AccountId = "-",
VaultName = "example-vault"
});
VaultAccessPolicy policy = response.Policy;
#endregion
}
public static bool IsEqual(this IList <VaultAccessPolicy> expected, IList <VaultAccessPolicy> actual)
{
if (expected == null && actual == null)
{
return(true);
}
if (expected == null || actual == null)
{
return(false);
}
if (expected.Count != actual.Count)
{
return(false);
}
VaultAccessPolicy[] expectedCopy = new VaultAccessPolicy[expected.Count];
expected.CopyTo(expectedCopy, 0);
foreach (VaultAccessPolicy a in actual)
{
var match = expectedCopy.Where(e =>
e.TenantId == a.TenantId &&
e.ObjectId == a.ObjectId &&
e.ApplicationId == a.ApplicationId &&
((a.Permissions.Secrets == null && e.Permissions.Secrets == null) ||
Enumerable.SequenceEqual(a.Permissions.Secrets, e.Permissions.Secrets)) &&
((a.Permissions.Keys == null && e.Permissions.Keys == null) ||
Enumerable.SequenceEqual(a.Permissions.Keys, e.Permissions.Keys)) &&
((a.Permissions.Certificates == null && e.Permissions.Certificates == null) ||
Enumerable.SequenceEqual(a.Permissions.Certificates, e.Permissions.Certificates)) &&
((a.Permissions.Storage == null && e.Permissions.Storage == null) ||
Enumerable.SequenceEqual(a.Permissions.Storage, e.Permissions.Storage))
).FirstOrDefault();
if (match == null)
{
return(false);
}
expectedCopy = expectedCopy.Where(e => e != match).ToArray();
}
if (expectedCopy.Length > 0)
{
return(false);
}
return(true);
}
public async Task CreateOrUpdate()
{
#region Snippet:Managing_KeyVaults_CreateAVault
VaultCollection vaultCollection = resourceGroup.GetVaults();
string vaultName = "myVault";
Guid tenantIdGuid = new Guid("Your tenantId");
string objectId = "Your Object Id";
IdentityAccessPermissions permissions = new IdentityAccessPermissions
{
Keys = { new KeyPermission("all") },
Secrets = { new SecretPermission("all") },
Certificates = { new CertificatePermission("all") },
Storage = { new StoragePermission("all") },
};
VaultAccessPolicy AccessPolicy = new VaultAccessPolicy(tenantIdGuid, objectId, permissions);
VaultProperties VaultProperties = new VaultProperties(tenantIdGuid, new KeyVaultSku(KeyVaultSkuFamily.A, KeyVaultSkuName.Standard));
VaultProperties.EnabledForDeployment = true;
VaultProperties.EnabledForDiskEncryption = true;
VaultProperties.EnabledForTemplateDeployment = true;
VaultProperties.EnableSoftDelete = true;
VaultProperties.VaultUri = new Uri("http://vaulturi.com");
VaultProperties.NetworkRuleSet = new VaultNetworkRuleSet()
{
Bypass = "******",
DefaultAction = "Allow",
IPRules =
{
new VaultIPRule("1.2.3.4/32"),
new VaultIPRule("1.0.0.0/25")
}
};
VaultProperties.AccessPolicies.Add(AccessPolicy);
VaultCreateOrUpdateContent parameters = new VaultCreateOrUpdateContent(AzureLocation.WestUS, VaultProperties);
var rawVault = await vaultCollection.CreateOrUpdateAsync(WaitUntil.Started, vaultName, parameters).ConfigureAwait(false);
VaultResource vault = await rawVault.WaitForCompletionAsync();
#endregion
}
protected async Task Initialize()
{
Location = AzureLocation.CanadaCentral;
Client = GetArmClient();
Subscription = await Client.GetDefaultSubscriptionAsync();
DeletedVaultCollection = Subscription.GetDeletedVaults();
if (Mode == RecordedTestMode.Playback)
{
this.ObjectId = Recording.GetVariable(ObjectIdKey, string.Empty);
}
else if (Mode == RecordedTestMode.Record)
{
// Get ObjectId of Service Principal
// [warning] Microsoft.Graph required corresponding api permission, Please make sure the service has these two api permissions as follows.
// 1. ServicePrincipalEndpoint.Read.All(TYPE-Application) 2.ServicePrincipalEndpoint.ReadWrite.All(TYPE-Application)
var scopes = new[] { "https://graph.microsoft.com/.default" };
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
var clientSecretCredential = new ClientSecretCredential(TestEnvironment.TenantId, TestEnvironment.ClientId, TestEnvironment.ClientSecret, options);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var response = await graphClient.ServicePrincipals.Request().GetAsync();
var result = response.CurrentPage.Where(i => i.AppId == TestEnvironment.ClientId).FirstOrDefault();
this.ObjectId = result.Id;
Recording.GetVariable(ObjectIdKey, this.ObjectId);
}
ResGroupName = Recording.GenerateAssetName("sdktestrg-kv-");
ArmOperation <ResourceGroupResource> rgResponse = await Subscription.GetResourceGroups().CreateOrUpdateAsync(WaitUntil.Completed, ResGroupName, new ResourceGroupData(Location)).ConfigureAwait(false);
ResourceGroupResource = rgResponse.Value;
VaultCollection = ResourceGroupResource.GetVaults();
VaultName = Recording.GenerateAssetName("sdktest-vault-");
MHSMName = Recording.GenerateAssetName("sdktest-mhsm-");
TenantIdGuid = new Guid(TestEnvironment.TenantId);
Tags = new Dictionary <string, string> {
{ "tag1", "value1" }, { "tag2", "value2" }, { "tag3", "value3" }
};
IdentityAccessPermissions permissions = new IdentityAccessPermissions
{
Keys = { new KeyPermission("all") },
Secrets = { new SecretPermission("all") },
Certificates = { new CertificatePermission("all") },
Storage = { new StoragePermission("all") },
};
AccessPolicy = new VaultAccessPolicy(TenantIdGuid, ObjectId, permissions);
VaultProperties = new VaultProperties(TenantIdGuid, new KeyVaultSku(KeyVaultSkuFamily.A, KeyVaultSkuName.Standard));
VaultProperties.EnabledForDeployment = true;
VaultProperties.EnabledForDiskEncryption = true;
VaultProperties.EnabledForTemplateDeployment = true;
VaultProperties.EnableSoftDelete = true;
VaultProperties.SoftDeleteRetentionInDays = DefSoftDeleteRetentionInDays;
VaultProperties.VaultUri = new Uri("http://vaulturi.com");
VaultProperties.NetworkRuleSet = new VaultNetworkRuleSet()
{
Bypass = "******",
DefaultAction = "Allow",
IPRules =
{
new VaultIPRule("1.2.3.4/32"),
new VaultIPRule("1.0.0.0/25")
}
};
VaultProperties.AccessPolicies.Add(AccessPolicy);
ManagedHsmCollection = ResourceGroupResource.GetManagedHsms();
ManagedHsmProperties = new ManagedHsmProperties();
ManagedHsmProperties.InitialAdminObjectIds.Add(ObjectId);
ManagedHsmProperties.CreateMode = ManagedHsmCreateMode.Default;
ManagedHsmProperties.EnableSoftDelete = true;
ManagedHsmProperties.SoftDeleteRetentionInDays = DefSoftDeleteRetentionInDays;
ManagedHsmProperties.EnablePurgeProtection = false;
ManagedHsmProperties.NetworkRuleSet = new ManagedHsmNetworkRuleSet()
{
Bypass = "******",
DefaultAction = "Deny" //Property properties.networkAcls.ipRules is not supported currently and must be set to null.
};
ManagedHsmProperties.PublicNetworkAccess = PublicNetworkAccess.Disabled;
ManagedHsmProperties.TenantId = TenantIdGuid;
}
