public async Task CreateRoleAssignmentAsync()
{
// Replace client with the Instrumented Client.
client = Client;
List <KeyVaultRoleDefinition> definitions = await client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
_roleDefinitionId = definitions.FirstOrDefault(d => d.RoleName == RoleName).Id;
// Replace roleDefinitionId with a role definition Id from the definitions returned from GetRoleDefinitionsAsync.
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id.
string servicePrincipalObjectId = _objectId;
#region Snippet:CreateRoleAssignmentAsync
//@@string definitionIdToAssign = "<roleDefinitionId>";
//@@string servicePrincipalObjectId = "<objectId>";
//@@KeyVaultRoleAssignment createdAssignment = await client.CreateRoleAssignmentAsync(RoleAssignmentScope.Global, definitionIdToAssign, servicePrincipalObjectId);
/*@@*/ KeyVaultRoleAssignment createdAssignment = await client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId, _roleAssignmentId).ConfigureAwait(false);
#endregion
#region Snippet:GetRoleAssignmentAsync
KeyVaultRoleAssignment fetchedAssignment = await client.GetRoleAssignmentAsync(KeyVaultRoleScope.Global, createdAssignment.Name);
#endregion
#region Snippet:DeleteRoleAssignmentAsync
KeyVaultRoleAssignment deletedAssignment = await client.DeleteRoleAssignmentAsync(KeyVaultRoleScope.Global, createdAssignment.Name);
#endregion
}
public void CreateRoleAssignment()
{
// Replace client with the Instrumented Client.
client = Client;
List <KeyVaultRoleDefinition> definitions = client.GetRoleDefinitions(KeyVaultRoleScope.Global).ToList();
_roleDefinitionId = definitions.First(d => d.RoleName == RoleName).Id;
// Replace roleDefinitionId with a role definition Id from the definitions returned from GetRoleAssignments.
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id.
string servicePrincipalObjectId = _objectId;
#region Snippet:CreateRoleAssignment
#if SNIPPET
string definitionIdToAssign = "<roleDefinitionId>";
string servicePrincipalObjectId = "<objectId>";
KeyVaultRoleAssignment createdAssignment = client.CreateRoleAssignment(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId);
#else
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment createdAssignment = client.CreateRoleAssignment(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId, roleAssignmentName);
#endif
#endregion
#region Snippet:GetRoleAssignment
KeyVaultRoleAssignment fetchedAssignment = client.GetRoleAssignment(KeyVaultRoleScope.Global, createdAssignment.Name);
#endregion
#region Snippet:DeleteRoleAssignment
client.DeleteRoleAssignment(KeyVaultRoleScope.Global, createdAssignment.Name);
#endregion
}
public void CreateRoleAssignment()
{
// Replace client with the Instrumented Client.
client = Client;
List <KeyVaultRoleDefinition> definitions = client.GetRoleDefinitions(KeyVaultRoleScope.Global).ToList();
_roleDefinitionId = definitions.FirstOrDefault(d => d.RoleName == RoleName).Id;
// Replace roleDefinitionId with a role definition Id from the definitions returned from GetRoleAssignments.
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id.
string servicePrincipalObjectId = _objectId;
#region Snippet:CreateRoleAssignment
//@@string definitionIdToAssign = "<roleDefinitionId>";
//@@string servicePrincipalObjectId = "<objectId>";
KeyVaultRoleAssignmentProperties properties = new KeyVaultRoleAssignmentProperties(definitionIdToAssign, servicePrincipalObjectId);
//@@RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties);
/*@@*/ KeyVaultRoleAssignment createdAssignment = client.CreateRoleAssignment(KeyVaultRoleScope.Global, properties, _roleAssignmentId);
#endregion
#region Snippet:GetRoleAssignment
KeyVaultRoleAssignment fetchedAssignment = client.GetRoleAssignment(KeyVaultRoleScope.Global, createdAssignment.Name);
#endregion
#region Snippet:DeleteRoleAssignment
KeyVaultRoleAssignment deletedAssignment = client.DeleteRoleAssignment(KeyVaultRoleScope.Global, createdAssignment.Name);
#endregion
}
public PSKeyVaultRoleAssignment(KeyVaultRoleAssignment roleAssignment, string hsmName)
{
Id = roleAssignment.Id;
Name = roleAssignment.Name;
Type = roleAssignment.Type;
Scope = roleAssignment.Properties.Scope?.ToString();
RoleDefinitionId = roleAssignment.Properties.RoleDefinitionId;
PrincipalId = roleAssignment.Properties.PrincipalId;
HsmName = hsmName;
}
public async Task DeleteRoleAssignment()
{
List <KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
KeyVaultRoleDefinition definitionToAssign = definitions.First(d => d.RoleName.Contains(RoleName));
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment assignment = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, roleAssignmentName).ConfigureAwait(false);
await Client.DeleteRoleAssignmentAsync(KeyVaultRoleScope.Global, assignment.Name).ConfigureAwait(false);
}
public async Task CreateRoleAssignmentAsync()
{
// Replace client with the Instrumented Client.
client = Client;
List <KeyVaultRoleDefinition> definitions = await client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
_roleDefinitionId = definitions.First(d => d.RoleName == RoleName).Id;
// Replace roleDefinitionId with a role definition Id from the definitions returned from GetRoleDefinitionsAsync.
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id.
string servicePrincipalObjectId = _objectId;
#region Snippet:CreateRoleAssignmentKeysScope
#if SNIPPET
string definitionIdToAssign = "<roleDefinitionId>";
string servicePrincipalObjectId = "<objectId>";
KeyVaultRoleAssignment keysScopedAssignment = await client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId);
#else
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment keysScopedAssignment = await client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Keys, definitionIdToAssign, servicePrincipalObjectId, roleAssignmentName).ConfigureAwait(false);
#endif
#endregion
RegisterForCleanup(keysScopedAssignment);
// Make sure we have a key to secure.
KeyClient keyClient = KeyClient;
KeyVaultKey createdKey = await keyClient.CreateKeyAsync(Recording.GenerateId(), KeyType.Oct);
string keyName = createdKey.Name;
RegisterKeyForCleanup(keyName);
#region Snippet:CreateRoleAssignmentKeyScope
#if SNIPPET
string keyName = "<your-key-name>";
#endif
KeyVaultKey key = await keyClient.GetKeyAsync(keyName);
#if SNIPPET
KeyVaultRoleAssignment keyScopedAssignment = await client.CreateRoleAssignmentAsync(new KeyVaultRoleScope(key.Id), definitionIdToAssign, servicePrincipalObjectId);
#else
KeyVaultRoleAssignment keyScopedAssignment = await client.CreateRoleAssignmentAsync(new KeyVaultRoleScope(key.Id), definitionIdToAssign, servicePrincipalObjectId, roleAssignmentName).ConfigureAwait(false);
#endif
#endregion
RegisterForCleanup(keyScopedAssignment);
}
public void RoleAssignmentNotFound()
{
client = Client;
#region Snippet:RoleAssignmentNotFound
try
{
KeyVaultRoleAssignment roleAssignment = client.GetRoleAssignment(KeyVaultRoleScope.Global, "example-name");
}
catch (RequestFailedException ex)
{
Console.WriteLine(ex.ToString());
}
#endregion
}
public async Task CreateRoleAssignment()
{
List <KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
var definitionToAssign = definitions.FirstOrDefault(d => d.RoleName.Contains(RoleName));
KeyVaultRoleAssignment result = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, _roleAssignmentId).ConfigureAwait(false);
RegisterForCleanup(result);
Assert.That(result.Id, Is.Not.Null);
Assert.That(result.Name, Is.Not.Null);
Assert.That(result.Type, Is.Not.Null);
Assert.That(result.Properties.PrincipalId, Is.EqualTo(TestEnvironment.ClientObjectId));
Assert.That(result.Properties.RoleDefinitionId, Is.EqualTo(definitionToAssign.Id));
}
public async Task DeleteRoleAssignment()
{
List <KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
var definitionToAssign = definitions.FirstOrDefault(d => d.RoleName.Contains(RoleName));
var properties = new KeyVaultRoleAssignmentProperties(definitionToAssign.Id, TestEnvironment.ClientObjectId);
KeyVaultRoleAssignment assignment = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, properties, _roleAssignmentId).ConfigureAwait(false);
KeyVaultRoleAssignment result = await Client.DeleteRoleAssignmentAsync(KeyVaultRoleScope.Global, assignment.Name).ConfigureAwait(false);
Assert.That(result.Id, Is.EqualTo(assignment.Id));
Assert.That(result.Name, Is.EqualTo(assignment.Name));
Assert.That(result.Type, Is.EqualTo(assignment.Type));
Assert.That(result.Properties.PrincipalId, Is.EqualTo(assignment.Properties.PrincipalId));
Assert.That(result.Properties.RoleDefinitionId, Is.EqualTo(assignment.Properties.RoleDefinitionId));
Assert.That(result.Properties.Scope, Is.EqualTo(assignment.Properties.Scope));
}
public void CreateRoleAssignment()
{
client = Client;
Pageable <KeyVaultRoleDefinition> allDefinitions = client.GetRoleDefinitions(KeyVaultRoleScope.Global);
_roleDefinitionId = allDefinitions.FirstOrDefault(d => d.RoleName == RoleName).Id;
// Replace roleDefinitionId with a role definition Id from the definitions returned from the List the role definitions section above
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id from the Create/Get credentials section above
string servicePrincipalObjectId = _objectId;
#region Snippet:ReadmeCreateRoleAssignment
#if SNIPPET
// Replace <roleDefinitionId> with a role definition Id from the definitions returned from the List the role definitions section above
string definitionIdToAssign = "<roleDefinitionId>";
// Replace <objectId> with the service principal object id from the Create/Get credentials section above
string servicePrincipalObjectId = "<objectId>";
RoleAssignment createdAssignment = client.CreateRoleAssignment(RoleAssignmentScope.Global, properties);
#else
KeyVaultRoleAssignment createdAssignment = client.CreateRoleAssignment(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId, _roleAssignmentId);
#endif
Console.WriteLine(createdAssignment.Name);
Console.WriteLine(createdAssignment.Properties.PrincipalId);
Console.WriteLine(createdAssignment.Properties.RoleDefinitionId);
KeyVaultRoleAssignment fetchedAssignment = client.GetRoleAssignment(KeyVaultRoleScope.Global, createdAssignment.Name);
Console.WriteLine(fetchedAssignment.Name);
Console.WriteLine(fetchedAssignment.Properties.PrincipalId);
Console.WriteLine(fetchedAssignment.Properties.RoleDefinitionId);
KeyVaultRoleAssignment deletedAssignment = client.DeleteRoleAssignment(KeyVaultRoleScope.Global, createdAssignment.Name);
Console.WriteLine(deletedAssignment.Name);
Console.WriteLine(deletedAssignment.Properties.PrincipalId);
Console.WriteLine(deletedAssignment.Properties.RoleDefinitionId);
#endregion
}
public async Task CreateRoleAssignmentAsync()
{
// Replace client with the Instrumented Client.
client = Client;
List <KeyVaultRoleDefinition> definitions = await client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
_roleDefinitionId = definitions.FirstOrDefault(d => d.RoleName == RoleName).Id;
// Replace roleDefinitionId with a role definition Id from the definitions returned from GetRoleDefinitionsAsync.
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id.
string servicePrincipalObjectId = _objectId;
#region Snippet:CreateRoleAssignmentKeysScope
//@@string definitionIdToAssign = "<roleDefinitionId>";
//@@string servicePrincipalObjectId = "<objectId>";
KeyVaultRoleAssignmentProperties properties = new KeyVaultRoleAssignmentProperties(definitionIdToAssign, servicePrincipalObjectId);
//@@RoleAssignment keysScopedAssignment = await client.CreateRoleAssignmentAsync(RoleAssignmentScope.Global, properties);
/*@@*/ KeyVaultRoleAssignment keysScopedAssignment = await client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Keys, properties, _roleAssignmentId).ConfigureAwait(false);
#endregion
RegisterForCleanup(keysScopedAssignment);
KeyClient keyClient = KeyClient;
List <KeyProperties> keyProperties = await keyClient.GetPropertiesOfKeysAsync().ToEnumerableAsync().ConfigureAwait(false);
string keyName = keyProperties.First().Name;
#region Snippet:CreateRoleAssignmentKeyScope
//@@string keyName = "<your-key-name>";
KeyVaultKey key = await keyClient.GetKeyAsync(keyName);
//@@RoleAssignment keyScopedAssignment = await client.CreateRoleAssignmentAsync(new RoleAssignmentScope(key.Id), properties);
/*@@*/ KeyVaultRoleAssignment keyScopedAssignment = await client.CreateRoleAssignmentAsync(new KeyVaultRoleScope(key.Id), properties, _roleAssignmentId).ConfigureAwait(false);
#endregion
RegisterForCleanup(keyScopedAssignment);
}
public async Task GetRoleAssignment()
{
List <KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
KeyVaultRoleDefinition definitionToAssign = definitions.First(d => d.RoleName.Contains(RoleName));
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment assignment = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, roleAssignmentName).ConfigureAwait(false);
RegisterForCleanup(assignment);
KeyVaultRoleAssignment result = await Client.GetRoleAssignmentAsync(KeyVaultRoleScope.Global, assignment.Name).ConfigureAwait(false);
Assert.That(result.Id, Is.EqualTo(assignment.Id));
Assert.That(result.Name, Is.EqualTo(assignment.Name));
Assert.That(result.Type, Is.EqualTo(assignment.Type));
Assert.That(result.Properties.PrincipalId, Is.EqualTo(assignment.Properties.PrincipalId));
Assert.That(result.Properties.RoleDefinitionId, Is.EqualTo(assignment.Properties.RoleDefinitionId));
Assert.That(result.Properties.Scope, Is.EqualTo(assignment.Properties.Scope));
}
public async Task CreateKeyRoleAssignment()
{
List <KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
KeyVaultRoleDefinition definitionToAssign = definitions.First(d => d.RoleName.Contains(RoleName));
string keyName = Recording.GenerateId();
KeyVaultKey key = await KeyClient.CreateOctKeyAsync(new(keyName));
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment result = await Client.CreateRoleAssignmentAsync(new KeyVaultRoleScope(key.Id), definitionToAssign.Id, TestEnvironment.ClientObjectId, roleAssignmentName).ConfigureAwait(false);
RegisterForCleanup(result);
Assert.That(result.Id, Is.Not.Null);
Assert.That(result.Name, Is.Not.Null);
Assert.That(result.Type, Is.Not.Null);
Assert.That(result.Properties.PrincipalId, Is.EqualTo(TestEnvironment.ClientObjectId));
Assert.That(result.Properties.RoleDefinitionId, Is.EqualTo(definitionToAssign.Id));
}
public void CreateRoleAssignment()
{
client = Client;
Pageable <KeyVaultRoleDefinition> allDefinitions = client.GetRoleDefinitions(KeyVaultRoleScope.Global);
_roleDefinitionId = allDefinitions.First(d => d.RoleName == RoleName).Id;
// Replace roleDefinitionId with a role definition Id from the definitions returned from the List the role definitions section above
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id from the Create/Get credentials section above
string servicePrincipalObjectId = _objectId;
#if SNIPPET
// Replace <roleDefinitionId> with a role definition Id from the definitions returned from the List the role definitions section above
string definitionIdToAssign = "<roleDefinitionId>";
// Replace <objectId> with the service principal object id from the Create/Get credentials section above
string servicePrincipalObjectId = "<objectId>";
KeyVaultRoleAssignment createdAssignment = client.CreateRoleAssignment(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId);
#else
Guid roleDefinitionName = Recording.Random.NewGuid();
KeyVaultRoleAssignment createdAssignment = client.CreateRoleAssignment(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId, roleDefinitionName);
#endif
Console.WriteLine(createdAssignment.Name);
Console.WriteLine(createdAssignment.Properties.PrincipalId);
Console.WriteLine(createdAssignment.Properties.RoleDefinitionId);
KeyVaultRoleAssignment fetchedAssignment = client.GetRoleAssignment(KeyVaultRoleScope.Global, createdAssignment.Name);
Console.WriteLine(fetchedAssignment.Name);
Console.WriteLine(fetchedAssignment.Properties.PrincipalId);
Console.WriteLine(fetchedAssignment.Properties.RoleDefinitionId);
client.DeleteRoleAssignment(KeyVaultRoleScope.Global, createdAssignment.Name);
}
public async Task CreateRoleAssignmentAsync()
{
// Replace client with the Instrumented Client.
client = Client;
List <KeyVaultRoleDefinition> definitions = await client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
_roleDefinitionId = definitions.First(d => d.RoleName == RoleName).Id;
#region Snippet:CreateRoleAssignmentAsync
#if SNIPPET
string definitionIdToAssign = "<roleDefinitionId>";
string servicePrincipalObjectId = "<objectId>";
KeyVaultRoleAssignment createdAssignment = await client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId);
#else
// Replace roleDefinitionId with a role definition Id from the definitions returned from GetRoleDefinitionsAsync.
string definitionIdToAssign = _roleDefinitionId;
// Replace objectId with the service principal object id.
string servicePrincipalObjectId = _objectId;
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment createdAssignment = await client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionIdToAssign, servicePrincipalObjectId, roleAssignmentName).ConfigureAwait(false);
#endif
#endregion
#region Snippet:GetRoleAssignmentAsync
KeyVaultRoleAssignment fetchedAssignment = await client.GetRoleAssignmentAsync(KeyVaultRoleScope.Global, createdAssignment.Name);
#endregion
#region Snippet:DeleteRoleAssignmentAsync
await client.DeleteRoleAssignmentAsync(KeyVaultRoleScope.Global, createdAssignment.Name);
#endregion
}
