public virtual VaultCreateOrUpdateOperation CreateOrUpdate(string vaultName, VaultCreateOrUpdateParameters parameters, bool waitForCompletion = true, CancellationToken cancellationToken = default) { if (vaultName == null) { throw new ArgumentNullException(nameof(vaultName)); } if (parameters == null) { throw new ArgumentNullException(nameof(parameters)); } using var scope = _clientDiagnostics.CreateScope("VaultCollection.CreateOrUpdate"); scope.Start(); try { var response = _restClient.CreateOrUpdate(Id.ResourceGroupName, vaultName, parameters, cancellationToken); var operation = new VaultCreateOrUpdateOperation(Parent, _clientDiagnostics, Pipeline, _restClient.CreateCreateOrUpdateRequest(Id.ResourceGroupName, vaultName, parameters).Request, response); if (waitForCompletion) { operation.WaitForCompletion(cancellationToken); } return(operation); } catch (Exception e) { scope.Failed(e); throw; } }
public void CreateModel() { #region Snippet:Changelog_CreateModel VaultProperties properties = new VaultProperties(Guid.NewGuid(), new Sku(SkuFamily.A, SkuName.Standard)); VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters(Location.WestUS2, properties); #endregion }
public Response CreateOrUpdate(string resourceGroupName, string vaultName, VaultCreateOrUpdateParameters parameters, CancellationToken cancellationToken = default) { if (resourceGroupName == null) { throw new ArgumentNullException(nameof(resourceGroupName)); } if (vaultName == null) { throw new ArgumentNullException(nameof(vaultName)); } if (parameters == null) { throw new ArgumentNullException(nameof(parameters)); } using var message = CreateCreateOrUpdateRequest(resourceGroupName, vaultName, parameters); _pipeline.Send(message, cancellationToken); switch (message.Response.Status) { case 200: case 201: return(message.Response); default: throw _clientDiagnostics.CreateRequestFailedException(message.Response); } }
public async Task <VaultInner> CreateAsync( IResourceGroup resourceGroup, string keyVaultName, VaultCreateOrUpdateParameters keyVaultParameter, CancellationToken cancellationToken = default ) { try { Log.Information($"Creating Azure KeyVault: {keyVaultName} ..."); var keyVault = await _keyVaultManagementClient .Vaults .CreateOrUpdateAsync( resourceGroup.Name, keyVaultName, keyVaultParameter, cancellationToken ); Log.Information($"Created Azure KeyVault: {keyVaultName}"); return(keyVault); } catch (Exception ex) { Log.Error(ex, $"Failed to create Azure KeyVault: {keyVaultName}"); throw; } }
public async Task KeyVaultManagementVaultTestCompoundIdentityAccessControlPolicy() { AccessPolicy.ApplicationId = Guid.Parse(TestEnvironment.ClientId); VaultProperties.EnableSoftDelete = null; var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties); parameters.Tags.InitializeFrom(Tags); var createVault = await VaultCollection.CreateOrUpdateAsync(true, vaultName : VaultName, parameters : parameters ).ConfigureAwait(false); var vaultResponse = createVault.Value; ValidateVault(vaultResponse.Data, VaultName, ResGroupName, TestEnvironment.SubscriptionId, TenantIdGuid, Location, "A", SkuName.Standard, true, true, true, true, new[] { AccessPolicy }, Tags); // Get var retrievedVault = await VaultCollection.GetAsync(VaultName); ValidateVault(retrievedVault.Value.Data, VaultName, ResGroupName, TestEnvironment.SubscriptionId, TenantIdGuid, Location, "A", SkuName.Standard, true, true, true, true, new[] { AccessPolicy }, Tags); // Delete await retrievedVault.Value.DeleteAsync(true); Assert.ThrowsAsync <RequestFailedException>(async() => { await VaultCollection.GetAsync(VaultName); }); }
public async Task KeyVaultManagementListDeletedVaults() { int n = 3; List <string> resourceIds = new List <string>(); List <string> vaultNameList = new List <string>(); var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties) { Tags = Tags }; for (int i = 0; i < n; i++) { string vaultName = Recording.GenerateAssetName("sdktestvault"); var createdRawVault = await VaultsClient.StartCreateOrUpdateAsync( resourceGroupName : ResGroupName, vaultName : vaultName, parameters : parameters ); var createdVault = (await WaitForCompletionAsync(createdRawVault)).Value; Assert.NotNull(createdVault); Assert.NotNull(createdVault.Id); resourceIds.Add(createdVault.Id); vaultNameList.Add(createdVault.Name); await VaultsClient.DeleteAsync(resourceGroupName : ResGroupName, vaultName : vaultName); var deletedVault = await VaultsClient.GetDeletedAsync(vaultName, Location); deletedVault.Value.IsEqual(createdVault); } var deletedVaults = VaultsClient.ListDeletedAsync(); Assert.NotNull(deletedVaults); await foreach (var v in deletedVaults) { var exists = resourceIds.Remove(v.Properties.VaultId); if (exists) { // Purge vault var purgeOperation = await VaultsClient.StartPurgeDeletedAsync(v.Name, Location); await WaitForCompletionAsync(purgeOperation); Assert.ThrowsAsync <RequestFailedException>(async() => await VaultsClient.GetDeletedAsync(v.Name, Location)); } if (resourceIds.Count == 0) { break; } } Assert.True(resourceIds.Count == 0); }
public async Task <Vault> CreateKeyVaultAsync( Identity.Identity portalIdentity, Identity.Identity ownerIdentity, Guid subscriptionId, string resourceGroupName, string location, string keyVaultName, string environmentName) { await RegisterProvider(subscriptionId, "Microsoft.KeyVault"); var accessToken = await GetAccessToken(); var token = new TokenCredentials(accessToken); var kvClient = new KeyVaultManagementClient(token) { SubscriptionId = subscriptionId.ToString() }; var permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions( secrets: new[] { "get", "list", "set", "delete" }, certificates: new[] { "get", "list", "update", "delete", "create", "import" }); var accessPolicies = new[] { // Portal MSI new AccessPolicyEntry( portalIdentity.TenantId, portalIdentity.ObjectId.ToString(), permissions), // Owner new AccessPolicyEntry( ownerIdentity.TenantId, ownerIdentity.ObjectId.ToString(), permissions) }; // TODO - Make SKU configurable var kvParams = new VaultCreateOrUpdateParameters( location, new VaultProperties( portalIdentity.TenantId, new Microsoft.Azure.Management.KeyVault.Models.Sku(Microsoft.Azure.Management.KeyVault.Models.SkuName.Standard), accessPolicies), GetEnvironmentTags(environmentName)); return(await kvClient.Vaults.CreateOrUpdateAsync( resourceGroupName, keyVaultName, kvParams)); }
public async Task KeyVaultManagementListVaults() { int n = 3; int top = 2; VaultProperties.EnableSoftDelete = null; List <string> resourceIds = new List <string>(); List <string> vaultNameList = new List <string>(); for (int i = 0; i < n; i++) { string vaultName = Recording.GenerateAssetName("sdktestvault"); var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties); parameters.Tags.InitializeFrom(Tags); var createdVault = await VaultsClient.StartCreateOrUpdateAsync( resourceGroupName : ResGroupName, vaultName : vaultName, parameters : parameters ); var vaultResponse = await WaitForCompletionAsync(createdVault); var vaultValue = vaultResponse.Value; Assert.NotNull(vaultValue); Assert.NotNull(vaultValue.Id); resourceIds.Add(vaultValue.Id); vaultNameList.Add(vaultValue.Name); } var vaults = VaultsClient.ListByResourceGroupAsync(ResGroupName, top); await foreach (var v in vaults) { Assert.True(resourceIds.Remove(v.Id)); } Assert.True(resourceIds.Count == 0); var allVaults = VaultsClient.ListAsync(top); Assert.NotNull(vaults); // Delete foreach (var v in vaultNameList) { await VaultsClient.DeleteAsync(resourceGroupName : ResGroupName, vaultName : v); } }
public async Task KeyVaultManagementListDeletedVaults() { int n = 3; List <string> resourceIds = new List <string>(); List <Vault> vaultList = new List <Vault>(); var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties); parameters.Tags.InitializeFrom(Tags); for (int i = 0; i < n; i++) { string vaultName = Recording.GenerateAssetName("sdktestvault"); var createdRawVault = await VaultCollection.CreateOrUpdateAsync(vaultName, parameters).ConfigureAwait(false); var createdVault = createdRawVault.Value; Assert.NotNull(createdVault.Data); Assert.NotNull(createdVault.Data.Id); resourceIds.Add(createdVault.Data.Id); vaultList.Add(createdVault); await createdVault.DeleteAsync().ConfigureAwait(false); var deletedVault = await DeletedVaultCollection.GetAsync(Location).ConfigureAwait(false); Assert.IsTrue(deletedVault.Value.Data.Name.Equals(createdVault.Data.Name)); } var deletedVaults = DeletedVaultCollection.GetAllAsync().ToEnumerableAsync().Result; Assert.NotNull(deletedVaults); foreach (var v in deletedVaults) { var exists = resourceIds.Remove(v.Data.Properties.VaultId); if (exists) { // Purge vault await v.PurgeAsync().ConfigureAwait(false); Assert.ThrowsAsync <RequestFailedException>(async() => await DeletedVaultCollection.GetAsync(Location)); } if (resourceIds.Count == 0) { break; } } Assert.True(resourceIds.Count == 0); }
public async Task NewCode() { #endif ArmClient armClient = new ArmClient(new DefaultAzureCredential()); Subscription subscription = await armClient.GetDefaultSubscriptionAsync(); ResourceGroup resourceGroup = await subscription.GetResourceGroups().GetAsync("myRgName"); VaultCollection vaultCollection = resourceGroup.GetVaults(); VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters(Location.WestUS2, new VaultProperties(Guid.NewGuid(), new Sku(SkuFamily.A, SkuName.Standard))); VaultCreateOrUpdateOperation lro = await vaultCollection.CreateOrUpdateAsync("myVaultName", parameters); Vault vault = lro.Value; #endregion }
public async Task KeyVaultManagementRecoverDeletedVault() { var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties); parameters.Tags.InitializeFrom(Tags); var createdVault = await VaultCollection.CreateOrUpdateAsync(true, VaultName, parameters).ConfigureAwait(false); var vaultValue = createdVault.Value; // Delete await vaultValue.DeleteAsync(true); // Get deleted vault Assert.ThrowsAsync <RequestFailedException>(async() => { await VaultCollection.GetAsync(VaultName); }); parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties); parameters.Tags.InitializeFrom(Tags); // Recover in default mode var recoveredRawVault = await VaultCollection.CreateOrUpdateAsync(true, VaultName, parameters).ConfigureAwait(false); var recoveredVault = recoveredRawVault.Value; Assert.True(recoveredVault.Data.IsEqual(vaultValue.Data)); // Get recovered vault var getResult = await VaultCollection.GetAsync(VaultName); // Delete await getResult.Value.DeleteAsync(true); VaultProperties.CreateMode = CreateMode.Recover; parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties); // Recover in recover mode var recoveredRawVault2 = await VaultCollection.CreateOrUpdateAsync(true, VaultName, parameters).ConfigureAwait(false); var recoveredVault2 = recoveredRawVault.Value; Assert.True(recoveredVault2.Data.IsEqual(vaultValue.Data)); // Get recovered vault getResult = await VaultCollection.GetAsync(VaultName); // Delete await getResult.Value.DeleteAsync(true); }
public async Task KeyVaultManagementListDeletedVaults() { int n = 3; List <string> resourceIds = new List <string>(); List <Vault> vaultList = new List <Vault>(); var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties); parameters.Tags.InitializeFrom(Tags); for (int i = 0; i < n; i++) { string vaultName = Recording.GenerateAssetName("sdktestvault"); var createdRawVault = await VaultCollection.CreateOrUpdateAsync(true, vaultName, parameters).ConfigureAwait(false); var createdVault = createdRawVault.Value; Assert.NotNull(createdVault.Data); Assert.NotNull(createdVault.Data.Id); resourceIds.Add(createdVault.Data.Id); vaultList.Add(createdVault); await createdVault.DeleteAsync(true).ConfigureAwait(false); var deletedVault = await DeletedVaultCollection.GetAsync(Location, vaultName).ConfigureAwait(false); Assert.IsTrue(deletedVault.Value.Data.Name.Equals(createdVault.Data.Name)); } // TODO -- we need to move the GetDeletedVaults method to its collection, and make sure it to return Resources instead of resource data var deletedVaults = Subscription.GetDeletedVaultsAsync().ToEnumerableAsync().Result; Assert.NotNull(deletedVaults); //foreach (var v in deletedVaults) //{ // var exists = resourceIds.Remove(v.Properties.VaultId); // if (exists) // { // // TODO -- fix this // // Purge vault // await v.PurgeAsync().ConfigureAwait(false); // Assert.ThrowsAsync<RequestFailedException>(async () => await DeletedVaultCollection.GetAsync(Location)); // } // if (resourceIds.Count == 0) // break; //} //Assert.True(resourceIds.Count == 0); }
public async Task CreateKeyVaultDisableSoftDelete() { this.AccessPolicy.ApplicationId = Guid.Parse(TestEnvironment.ClientId); this.VaultProperties.EnableSoftDelete = false; var parameters = new VaultCreateOrUpdateParameters("westeurope", VaultProperties); parameters.Tags.InitializeFrom(Tags); var vault = await VaultCollection.CreateOrUpdateAsync(VaultName, parameters).ConfigureAwait(false); var vaultValue = vault.Value; Assert.False(vaultValue.Data.Properties.EnableSoftDelete); await vaultValue.DeleteAsync(); }
public async Task NewCode() { #region Snippet:Changelog_NewCode ArmClient armClient = new ArmClient(new DefaultAzureCredential()); SubscriptionResource subscription = await armClient.GetDefaultSubscriptionAsync(); ResourceGroupResource resourceGroup = await subscription.GetResourceGroups().GetAsync("myRgName"); VaultCollection vaultCollection = resourceGroup.GetVaults(); VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters(AzureLocation.WestUS2, new VaultProperties(Guid.NewGuid(), new KeyVaultSku(KeyVaultSkuFamily.A, KeyVaultSkuName.Standard))); ArmOperation <VaultResource> lro = await vaultCollection.CreateOrUpdateAsync(WaitUntil.Completed, "myVaultName", parameters); VaultResource vault = lro.Value; #endregion }
public async Task KeyVaultManagementListVaults() { int n = 3; int top = 2; VaultProperties.EnableSoftDelete = null; List <string> resourceIds = new List <string>(); List <Vault> vaultList = new List <Vault>(); for (int i = 0; i < n; i++) { string vaultName = Recording.GenerateAssetName("sdktest-vault-"); var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties); parameters.Tags.InitializeFrom(Tags); var createdVault = await VaultCollection.CreateOrUpdateAsync(true, vaultName, parameters).ConfigureAwait(false); var vaultValue = createdVault.Value; Assert.NotNull(vaultValue); Assert.NotNull(vaultValue.Id); resourceIds.Add(vaultValue.Id); vaultList.Add(vaultValue); } var vaults = VaultCollection.GetAllAsync(top); await foreach (var v in vaults) { Assert.True(resourceIds.Remove(v.Id)); } Assert.True(resourceIds.Count == 0); var allVaults = VaultCollection.GetAllAsync(top); Assert.NotNull(vaults); // Delete foreach (var item in vaultList) { await item.DeleteAsync(true); } }
/// <summary> /// Set vault permissions to some resource by its object id. /// </summary> /// <param name="vault"></param> /// <param name="resourceGroupName"></param> /// <param name="objectId"></param> /// <param name="permissions"></param> /// <returns></returns> public Vault SetVaultPermissions(Vault vault, string resourceGroupName, string objectId, Permissions permissions) { vault.Properties.AccessPolicies.Add( new AccessPolicyEntry { TenantId = Guid.Parse(commonData.TenantId), ObjectId = objectId, Permissions = permissions } ); var updateParams = new VaultCreateOrUpdateParameters { Location = vault.Location, Properties = vault.Properties }; return(keyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupName, vault.Name, updateParams)); }
public async Task CreateOrUpdate() { #region Snippet:Managing_KeyVaults_CreateAVault VaultCollection vaultCollection = resourceGroup.GetVaults(); string vaultName = "myVault"; Guid tenantIdGuid = new Guid("Your tenantId"); string objectId = "Your Object Id"; Permissions permissions = new Permissions { Keys = { new KeyPermissions("all") }, Secrets = { new SecretPermissions("all") }, Certificates = { new CertificatePermissions("all") }, Storage = { new StoragePermissions("all") }, }; AccessPolicyEntry AccessPolicy = new AccessPolicyEntry(tenantIdGuid, objectId, permissions); VaultProperties VaultProperties = new VaultProperties(tenantIdGuid, new Models.Sku(SkuFamily.A, SkuName.Standard)); VaultProperties.EnabledForDeployment = true; VaultProperties.EnabledForDiskEncryption = true; VaultProperties.EnabledForTemplateDeployment = true; VaultProperties.EnableSoftDelete = true; VaultProperties.VaultUri = ""; VaultProperties.NetworkAcls = new NetworkRuleSet() { Bypass = "******", DefaultAction = "Allow", IpRules = { new IPRule("1.2.3.4/32"), new IPRule("1.0.0.0/25") } }; VaultProperties.AccessPolicies.Add(AccessPolicy); VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters(Location.WestUS, VaultProperties); var rawVault = await vaultCollection.CreateOrUpdateAsync(vaultName, parameters).ConfigureAwait(false); Vault vault = await rawVault.WaitForCompletionAsync(); #endregion }
/// <summary> /// Create key vault. /// </summary> /// <param name="resourceGroupName"></param> /// <param name="vaultName"></param> /// <param name="region"></param> /// <param name="sku"></param> /// <param name="permissions"></param> /// <param name="enabledForDeployment"></param> /// <param name="enabledForDiskEncryption"></param> /// <param name="enabledForTemplateDeployment"></param> /// <param name="enableSoftDelete"></param> /// <returns></returns> public Vault CreateVault( string resourceGroupName, string vaultName, string region, SkuName sku = SkuName.Premium, Permissions permissions = null, bool?enabledForDeployment = true, bool?enabledForDiskEncryption = true, bool?enabledForTemplateDeployment = true, bool?enableSoftDelete = null) { var accessPolicies = new List <AccessPolicyEntry>() { new AccessPolicyEntry { TenantId = Guid.Parse(commonData.TenantId), ObjectId = commonData.ClientObjectId, Permissions = permissions ?? DefaultPermissions } }; var properties = new VaultProperties { TenantId = Guid.Parse(commonData.TenantId), Sku = new Sku { Name = sku }, AccessPolicies = accessPolicies, EnabledForDeployment = enabledForDeployment, EnabledForDiskEncryption = enabledForDiskEncryption, EnabledForTemplateDeployment = enabledForTemplateDeployment, EnableSoftDelete = enableSoftDelete }; var parameters = new VaultCreateOrUpdateParameters { Location = region, Properties = properties }; return(keyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupName, vaultName, parameters)); }
public async Task CreateKeyVaultDisableSoftDelete() { this.AccessPolicy.ApplicationId = Guid.Parse(TestEnvironment.ClientId); this.VaultProperties.EnableSoftDelete = false; var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties); parameters.Tags.InitializeFrom(Tags); var vault = await VaultsClient.StartCreateOrUpdateAsync( resourceGroupName : this.ResGroupName, vaultName : this.VaultName, parameters : parameters ); var vaultValue = await WaitForCompletionAsync(vault); Assert.False(vaultValue.Value.Properties.EnableSoftDelete); await VaultsClient.DeleteAsync(ResGroupName, VaultName); }
///GENMHASH:0202A00A1DCF248D2647DBDBEF2CA865:4B81B6736F1A9E225E6208032B876D9A public async override Task <Microsoft.Azure.Management.KeyVault.Fluent.IVault> CreateResourceAsync(CancellationToken cancellationToken = default(CancellationToken)) { await PopulateAccessPolicies(cancellationToken); VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters() { Location = RegionName, Properties = Inner.Properties, Tags = Inner.Tags }; parameters.Properties.AccessPolicies = new List <AccessPolicyEntry>(); foreach (var accessPolicy in accessPolicies) { parameters.Properties.AccessPolicies.Add(accessPolicy.Inner); } var inner = await Manager.Inner.Vaults.CreateOrUpdateAsync(ResourceGroupName, Name, parameters, cancellationToken); SetInner(inner); return(this); }
protected Vault CreateKeyVault(string clusterName, string vaultName, string vaultLocation, string resouceGroupName) { var userObjectId = string.Empty; AccessPolicyEntry accessPolicy = null; try { userObjectId = GetCurrentUserObjectId(); } catch (Exception e) { WriteWarning(e.Message); } if (!string.IsNullOrWhiteSpace(userObjectId)) { accessPolicy = new AccessPolicyEntry() { TenantId = GetTenantId(DefaultContext), ObjectId = userObjectId, Permissions = new Permissions { Keys = DefaultPermissionsToKeys, Secrets = DefaultPermissionsToSecrets, Certificates = DefaultPermissionsToCertificates } }; } var keyVaultParameter = new VaultCreateOrUpdateParameters() { Location = vaultLocation, Properties = new VaultProperties { Sku = new Management.KeyVault.Models.Sku { Name = SkuName.Standard, }, EnabledForDeployment = true, TenantId = GetTenantId(DefaultContext), VaultUri = string.Empty, AccessPolicies = accessPolicy == null ? new AccessPolicyEntry[] { } : new[] { accessPolicy } }, Tags = new Dictionary <string, string>() { { "clusterName", clusterName }, { "resourceType", Constants.ServieFabricTag } } }; var vault = KeyVaultManageClient.Vaults.CreateOrUpdate( resouceGroupName, vaultName, keyVaultParameter); System.Threading.Thread.Sleep(TimeSpan.FromSeconds(NewCreatedKeyVaultWaitTimeInSec)); if (accessPolicy == null) { WriteWarning(ServiceFabricProperties.Resources.VaultCreatedWithOutAccessPolicy); } return(vault); }
public static async Task <Vault> CreateKeyVaults(VaultsOperations vaults, string vaultName, VaultCreateOrUpdateParameters vaultCreateOrUpdateParameters) { var result = await(await vaults .StartCreateOrUpdateAsync(rgName, vaultName, vaultCreateOrUpdateParameters)).WaitForCompletionAsync(); Console.WriteLine("KeyVault created for: " + result.Value.Id); return(result.Value); }
static async Task Main(string[] args) { string subscriptionId = Environment.GetEnvironmentVariable("AZURE_SUBSCRIPTION_ID"); Guid tenantId = new Guid(Environment.GetEnvironmentVariable("AZURE_TENANT_ID")); string objectId = Environment.GetEnvironmentVariable("AZURE_OBJECT_ID"); string location = "eastus2"; var credential = new DefaultAzureCredential(); var resourceClient = new ResourcesManagementClient(subscriptionId, credential); var resourceGroups = resourceClient.ResourceGroups; var keyVaultManagementClient = new KeyVaultManagementClient(subscriptionId, credential); var vaults = keyVaultManagementClient.Vaults; // Create Resource Group Console.WriteLine("Creating Resource Group: " + rgName); var resourceGroup = new ResourceGroup(location); await resourceGroups.CreateOrUpdateAsync(rgName, resourceGroup); Console.WriteLine("Created Resource Group: " + rgName); // Prepare creatable KeyVaults var creatableKeyVaults = new Dictionary <string, VaultCreateOrUpdateParameters> { }; for (int i = 1; i <= 10; i++) { string vaultName = "sdk-perf-vault" + i; var vaultProperties = new VaultProperties(tenantId, new Azure.ResourceManager.KeyVault.Models.Sku(SkuName.Standard)) { AccessPolicies = new[] { new AccessPolicyEntry(tenantId, objectId, new Permissions()) } }; var vaultParameters = new VaultCreateOrUpdateParameters(location, vaultProperties); creatableKeyVaults.Add(vaultName, vaultParameters); } // Create KeyVaults var t1 = DateTimeOffset.Now.UtcDateTime; Console.WriteLine("Creating the KeyVaults"); List <Task> TaskList = new List <Task>(); foreach (var item in creatableKeyVaults) { Task task = CreateKeyVaults(vaults, item.Key, item.Value); TaskList.Add(task); } await Task.WhenAll(TaskList.ToArray()); var t2 = DateTimeOffset.Now.UtcDateTime; Console.WriteLine("Created KeyVaults"); Console.WriteLine($"KeyVaults create: took {(t2 - t1).TotalSeconds } seconds to create 10 KeyVaults !!"); // List Console.WriteLine("Listing the KeyVaults 100 times"); t1 = DateTimeOffset.Now.UtcDateTime; List <Task> TaskList2 = new List <Task>(); for (int i = 0; i < 100; i++) { Task task = ListVault(vaults); TaskList2.Add(task); } await Task.WhenAll(TaskList2.ToArray()); t2 = DateTimeOffset.Now.UtcDateTime; Console.WriteLine($"KeyVaults list: took {(t2 - t1).TotalMilliseconds } milliseconds to list 10 KeyVaults 100 times !!"); // Delete ResourceGroup Console.WriteLine("Deleting Resource Group: " + rgName); await(await resourceGroups.StartDeleteAsync(rgName)).WaitForCompletionAsync(); Console.WriteLine("Deleted Resource Group: " + rgName); }
public async Task <VaultModel> CreateVaultForUserAsync(string objectId, string upn, string displayName) { // Get the service principal id for this application since we'll need it var spId = await graphHttpService.GetValue <string>($"/servicePrincipalsByAppId/{azureAdOptions.ClientId}/objectId?api-version=1.6"); var parameters = new VaultCreateOrUpdateParameters() { Location = applicationConfiguration.Location, Properties = new VaultProperties() { TenantId = tenantId, Sku = new Sku(SkuName.Premium), AccessPolicies = new List <AccessPolicyEntry> { // Grant this application admin permissions on the management plane to deal with keys and certificates new AccessPolicyEntry { ObjectId = spId, TenantId = tenantId, Permissions = new Permissions { Keys = new List <string> { "Backup", "Create", "Delete", "Get", "Import", "List", "Restore", "Update", "Recover" }, Certificates = new List <string> { "Get", "List", "Update", "Create", "Import", "Delete", "ManageContacts", "ManageIssuers", "GetIssuers", "ListIssuers", "SetIssuers", "DeleteIssuers", "Backup", "Restore", "Recover" } } }, // Grant the current user the management plane access for use in the portal/powershell for // manual tasks new AccessPolicyEntry { ObjectId = userId, TenantId = tenantId, Permissions = new Permissions { Keys = new List <string> { "Backup", "Create", "Delete", "Get", "Import", "List", "Restore", "Update", "Recover" }, Certificates = new List <string> { "Get", "List", "Update", "Create", "Import", "Delete", "ManageContacts", "ManageIssuers", "GetIssuers", "ListIssuers", "SetIssuers", "DeleteIssuers", "Backup", "Restore", "Recover" } } }, // Needs Keys: Get + Sign, Certificates: Get new AccessPolicyEntry { TenantId = tenantId, ObjectId = objectId, ApplicationId = clientId, Permissions = new Permissions { Keys = new List <string> { "Get", "Sign", }, Certificates = new List <string> { "Get" } } } } }, Tags = new Dictionary <string, string> { { "userName", upn }, { "displayName", displayName } }, }; // for the vault name, we get up to 24 characters, so use the following: // upn up to the @ then a dash then fill with a guid truncated var vaultName = $"{upn.Substring(0, upn.IndexOf('@'))}-{Guid.NewGuid().ToString("N")}"; // Truncate to 24 chars vaultName = vaultName.Substring(0, 24); // Create uses an OBO so that this only works if the user has contributer+ access to the resource group using (var client = new KeyVaultManagementClient(new AutoRestCredential <KeyVaultManagementClient>(GetOboToken))) { client.SubscriptionId = adminConfig.SubscriptionId; var vault = await client.Vaults.CreateOrUpdateAsync(resourceGroup, vaultName, parameters).ConfigureAwait(false); return(ToVaultModel(vault)); } }
public virtual async Task <ArmOperation <VaultResource> > CreateOrUpdateAsync(WaitUntil waitUntil, string vaultName, VaultCreateOrUpdateParameters parameters, CancellationToken cancellationToken = default) { Argument.AssertNotNullOrEmpty(vaultName, nameof(vaultName)); Argument.AssertNotNull(parameters, nameof(parameters)); using var scope = _vaultClientDiagnostics.CreateScope("VaultCollection.CreateOrUpdate"); scope.Start(); try { var response = await _vaultRestClient.CreateOrUpdateAsync(Id.SubscriptionId, Id.ResourceGroupName, vaultName, parameters, cancellationToken).ConfigureAwait(false); var operation = new KeyVaultArmOperation <VaultResource>(new VaultOperationSource(Client), _vaultClientDiagnostics, Pipeline, _vaultRestClient.CreateCreateOrUpdateRequest(Id.SubscriptionId, Id.ResourceGroupName, vaultName, parameters).Request, response, OperationFinalStateVia.Location); if (waitUntil == WaitUntil.Completed) { await operation.WaitForCompletionAsync(cancellationToken).ConfigureAwait(false); } return(operation); } catch (Exception e) { scope.Failed(e); throw; } }
public async Task KeyVaultManagementVaultCreateUpdateDelete() { VaultProperties.EnableSoftDelete = null; var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties); parameters.Tags.InitializeFrom(Tags); var rawVault = await VaultCollection.CreateOrUpdateAsync(true, VaultName, parameters).ConfigureAwait(false); var createdVault = rawVault.Value.Data; ValidateVault(createdVault, VaultName, ResGroupName, TestEnvironment.SubscriptionId, TenantIdGuid, Location, "A", SkuName.Standard, true, true, true, true, // enableSoftDelete defaults to true new[] { AccessPolicy }, VaultProperties.NetworkAcls, Tags); //Update AccessPolicy.Permissions.Secrets.Clear(); AccessPolicy.Permissions.Secrets.Add(SecretPermissions.Get); AccessPolicy.Permissions.Secrets.Add(SecretPermissions.Set); (AccessPolicy.Permissions.Keys as ChangeTrackingList <KeyPermissions>).Reset(); AccessPolicy.Permissions.Storage.Clear(); AccessPolicy.Permissions.Storage.Add(StoragePermissions.Get); AccessPolicy.Permissions.Storage.Add(StoragePermissions.Regeneratekey); createdVault.Properties.AccessPolicies.Clear(); createdVault.Properties.AccessPolicies.Add(AccessPolicy); createdVault.Properties.Sku.Name = SkuName.Premium; parameters = new VaultCreateOrUpdateParameters(Location, createdVault.Properties); parameters.Tags.InitializeFrom(Tags); var rawUpdateVault = await VaultCollection.CreateOrUpdateAsync(true, VaultName, parameters).ConfigureAwait(false); var updateVault = rawUpdateVault.Value.Data; ValidateVault(updateVault, VaultName, ResGroupName, TestEnvironment.SubscriptionId, TenantIdGuid, Location, "A", SkuName.Premium, true, true, true, true, new[] { AccessPolicy }, VaultProperties.NetworkAcls, Tags); var rawRetrievedVault = await VaultCollection.GetAsync(VaultName); var retrievedVault = rawRetrievedVault.Value.Data; ValidateVault(retrievedVault, VaultName, ResGroupName, TestEnvironment.SubscriptionId, TenantIdGuid, Location, "A", SkuName.Premium, true, true, true, true, new[] { AccessPolicy }, VaultProperties.NetworkAcls, Tags); // Delete var deleteVault = await rawRetrievedVault.Value.DeleteAsync(true); Assert.ThrowsAsync <RequestFailedException>(async() => { await VaultCollection.GetAsync(VaultName); }); }
public virtual VaultsCreateOrUpdateOperation StartCreateOrUpdate(string resourceGroupName, string vaultName, VaultCreateOrUpdateParameters parameters, CancellationToken cancellationToken = default) { if (resourceGroupName == null) { throw new ArgumentNullException(nameof(resourceGroupName)); } if (vaultName == null) { throw new ArgumentNullException(nameof(vaultName)); } if (parameters == null) { throw new ArgumentNullException(nameof(parameters)); } using var scope = _clientDiagnostics.CreateScope("VaultsOperations.StartCreateOrUpdate"); scope.Start(); try { var originalResponse = RestClient.CreateOrUpdate(resourceGroupName, vaultName, parameters, cancellationToken); return(new VaultsCreateOrUpdateOperation(_clientDiagnostics, _pipeline, RestClient.CreateCreateOrUpdateRequest(resourceGroupName, vaultName, parameters).Request, originalResponse)); } catch (Exception e) { scope.Failed(e); throw; } }
public void NamespaceBYOKCreateGetUpdateDelete() { using (MockContext context = MockContext.Start(this.GetType())) { InitializeClients(context); var location = "West US 2"; var resourceGroup = string.Empty; var keyVaultName = "SDKTestingKey1"; var KeyName = "sdktestingkey11"; var KeyName2 = "sdktestingkey12"; var KeyName3 = "sdktestingkey13"; var resourceGroupCluster = EventHubManagementHelper.ResourceGroupCluster; var identityName1 = TestUtilities.GenerateName(EventHubManagementHelper.IdentityPrefix); var identityName2 = TestUtilities.GenerateName(EventHubManagementHelper.IdentityPrefix); if (string.IsNullOrWhiteSpace(resourceGroup)) { resourceGroup = TestUtilities.GenerateName(EventHubManagementHelper.ResourceGroupPrefix); this.ResourceManagementClient.TryRegisterResourceGroup(location, resourceGroup); } var namespaceName = TestUtilities.GenerateName(EventHubManagementHelper.NamespacePrefix); var namespaceName2 = TestUtilities.GenerateName(EventHubManagementHelper.NamespacePrefix); try { var checkNameAvailable = EventHubManagementClient.Namespaces.CheckNameAvailability(namespaceName); //Create Namespace with System Assigned Identity //---------------------------------------------------- var createNamespaceResponse = this.EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName, new EHNamespace() { Location = location, Sku = new Microsoft.Azure.Management.EventHub.Models.Sku { Name = Microsoft.Azure.Management.EventHub.Models.SkuName.Premium, Tier = SkuTier.Premium }, Tags = new Dictionary <string, string>() { { "tag1", "value1" }, { "tag2", "value2" } }, IsAutoInflateEnabled = false, MaximumThroughputUnits = 0, Identity = new Identity() { Type = ManagedServiceIdentityType.SystemAssigned } }); Assert.NotNull(createNamespaceResponse); Assert.Equal(namespaceName, createNamespaceResponse.Name); Assert.False(createNamespaceResponse.IsAutoInflateEnabled); Assert.Equal(0, createNamespaceResponse.MaximumThroughputUnits); Assert.Equal(ManagedServiceIdentityType.SystemAssigned, createNamespaceResponse.Identity.Type); //---------------------------------------------------------------------- TestUtilities.Wait(TimeSpan.FromSeconds(5)); //Remove System Assigned Identity from namespace //----------------------------------------------- createNamespaceResponse.Identity = new Identity() { Type = ManagedServiceIdentityType.None }; createNamespaceResponse = EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName, createNamespaceResponse); Assert.NotNull(createNamespaceResponse); Assert.Equal(namespaceName, createNamespaceResponse.Name); Assert.False(createNamespaceResponse.IsAutoInflateEnabled); Assert.Equal(0, createNamespaceResponse.MaximumThroughputUnits); Assert.Null(createNamespaceResponse.Identity); //------------------------------------------------ //ReEnable System assigned identity and later enable encryption //-------------------------------------------------- createNamespaceResponse.Identity = new Identity() { Type = ManagedServiceIdentityType.SystemAssigned }; createNamespaceResponse = EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName, createNamespaceResponse); Assert.NotNull(createNamespaceResponse); Assert.Equal(namespaceName, createNamespaceResponse.Name); Assert.False(createNamespaceResponse.IsAutoInflateEnabled); Assert.Equal(0, createNamespaceResponse.MaximumThroughputUnits); Assert.Equal(ManagedServiceIdentityType.SystemAssigned, createNamespaceResponse.Identity.Type); //-------------------------------------------------- //Give Key Vault Permissions to namespace to set system assigned encryption //--------------------------------------------------- Microsoft.Azure.Management.KeyVault.Models.VaultCreateOrUpdateParameters vaultparams = new Microsoft.Azure.Management.KeyVault.Models.VaultCreateOrUpdateParameters(); var accesPolicies = new Microsoft.Azure.Management.KeyVault.Models.AccessPolicyEntry() { ObjectId = createNamespaceResponse.Identity.PrincipalId, TenantId = Guid.Parse(createNamespaceResponse.Identity.TenantId), Permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions() { Keys = new List <string> { "get", "wrapKey", "unwrapKey" } } }; Vault getVaultRsponse = KeyVaultManagementClient.Vaults.Get(resourceGroupCluster, keyVaultName); vaultparams = new VaultCreateOrUpdateParameters(getVaultRsponse.Location, getVaultRsponse.Properties); vaultparams.Properties.AccessPolicies.Add(accesPolicies); var updateVault = KeyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupCluster, keyVaultName, vaultparams); TestUtilities.Wait(TimeSpan.FromSeconds(5)); // Encrypt data in Event Hub namespace Customer managed key from keyvault var getNamespaceResponse = EventHubManagementClient.Namespaces.Get(resourceGroup, namespaceName); getNamespaceResponse.Encryption = new Encryption() { KeySource = KeySource.MicrosoftKeyVault, KeyVaultProperties = new[] { new KeyVaultProperties() { KeyName = KeyName, KeyVaultUri = updateVault.Properties.VaultUri, KeyVersion = "" } } }; var updateNamespaceResponse = this.EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName, getNamespaceResponse); Assert.Equal(1, updateNamespaceResponse.Encryption.KeyVaultProperties.Count); Assert.Equal(KeyName, updateNamespaceResponse.Encryption.KeyVaultProperties[0].KeyName); Assert.Equal(updateVault.Properties.VaultUri, updateNamespaceResponse.Encryption.KeyVaultProperties[0].KeyVaultUri + "/"); //------------------------------------------------------------- Vault getVaultRsponse1 = KeyVaultManagementClient.Vaults.Get(resourceGroupCluster, keyVaultName); vaultparams = new VaultCreateOrUpdateParameters(getVaultRsponse.Location, getVaultRsponse.Properties); vaultparams.Properties.AccessPolicies.Remove(accesPolicies); var updateVault1 = KeyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupCluster, keyVaultName, vaultparams); TestUtilities.Wait(TimeSpan.FromSeconds(5)); //Create User Assigned Identities and give permissions to access keyvault //---------------------------------------------------------------- Microsoft.Azure.Management.ManagedServiceIdentity.Models.Identity identity1 = new Microsoft.Azure.Management.ManagedServiceIdentity.Models.Identity() { Location = "westus" }; Microsoft.Azure.Management.ManagedServiceIdentity.Models.Identity identity2 = new Microsoft.Azure.Management.ManagedServiceIdentity.Models.Identity() { Location = "westus" }; var userAssignedIdentity1 = IdentityManagementClient.UserAssignedIdentities.CreateOrUpdate(resourceGroup, identityName1, identity1); var userAssignedIdentity2 = IdentityManagementClient.UserAssignedIdentities.CreateOrUpdate(resourceGroup, identityName2, identity2); var accessPolicies = new Microsoft.Azure.Management.KeyVault.Models.AccessPolicyEntry() { ObjectId = userAssignedIdentity1.PrincipalId.ToString(), TenantId = (Guid)userAssignedIdentity1.TenantId, Permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions() { Keys = new List <string> { "get", "wrapKey", "unwrapKey" } } }; var accessPolicies2 = new Microsoft.Azure.Management.KeyVault.Models.AccessPolicyEntry() { ObjectId = userAssignedIdentity2.PrincipalId.ToString(), TenantId = (Guid)userAssignedIdentity2.TenantId, Permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions() { Keys = new List <string> { "get", "wrapKey", "unwrapKey" } } }; getVaultRsponse = KeyVaultManagementClient.Vaults.Get(resourceGroupCluster, keyVaultName); vaultparams = new VaultCreateOrUpdateParameters(getVaultRsponse.Location, getVaultRsponse.Properties); vaultparams.Properties.AccessPolicies.Add(accessPolicies); vaultparams.Properties.AccessPolicies.Add(accessPolicies2); updateVault = KeyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupCluster, keyVaultName, vaultparams); //-------------------------------------------------------- TestUtilities.Wait(TimeSpan.FromSeconds(5)); //Enable User Assigned Identity Encryption //--------------------------------------------- createNamespaceResponse = this.EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName2, new EHNamespace() { Location = location, Sku = new Microsoft.Azure.Management.EventHub.Models.Sku { Name = Microsoft.Azure.Management.EventHub.Models.SkuName.Premium, Tier = SkuTier.Premium }, Identity = new Identity() { Type = ManagedServiceIdentityType.UserAssigned, UserAssignedIdentities = new Dictionary <string, UserAssignedIdentity>() { { userAssignedIdentity1.Id, new UserAssignedIdentity() }, { userAssignedIdentity2.Id, new UserAssignedIdentity() } }, }, Encryption = new Encryption() { KeySource = KeySource.MicrosoftKeyVault, KeyVaultProperties = new List <KeyVaultProperties> { new KeyVaultProperties() { KeyName = KeyName2, KeyVaultUri = updateVault.Properties.VaultUri, KeyVersion = "", Identity = new UserAssignedIdentityProperties() { UserAssignedIdentity = userAssignedIdentity1.Id } }, new KeyVaultProperties() { KeyName = KeyName3, KeyVaultUri = updateVault.Properties.VaultUri, KeyVersion = "", Identity = new UserAssignedIdentityProperties() { UserAssignedIdentity = userAssignedIdentity1.Id } } } } } ); Assert.Equal(ManagedServiceIdentityType.UserAssigned, createNamespaceResponse.Identity.Type); Assert.Equal(2, createNamespaceResponse.Encryption.KeyVaultProperties.Count); Assert.Equal(KeyName2, createNamespaceResponse.Encryption.KeyVaultProperties[0].KeyName); Assert.Equal(KeyName3, createNamespaceResponse.Encryption.KeyVaultProperties[1].KeyName); Assert.Equal(updateVault.Properties.VaultUri, createNamespaceResponse.Encryption.KeyVaultProperties[0].KeyVaultUri + "/"); Assert.Equal(updateVault.Properties.VaultUri, createNamespaceResponse.Encryption.KeyVaultProperties[1].KeyVaultUri + "/"); Assert.Equal(userAssignedIdentity1.Id, createNamespaceResponse.Encryption.KeyVaultProperties[0].Identity.UserAssignedIdentity); Assert.Equal(userAssignedIdentity1.Id, createNamespaceResponse.Encryption.KeyVaultProperties[1].Identity.UserAssignedIdentity); Assert.Equal(2, createNamespaceResponse.Identity.UserAssignedIdentities.Count); //------------------------------------------------------------------------------------- //Test if identity can be set to System and User assigned. //--------------------------------------------------------------------------------- createNamespaceResponse.Identity.Type = ManagedServiceIdentityType.SystemAssignedUserAssigned; createNamespaceResponse = EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName2, createNamespaceResponse); Assert.Equal(ManagedServiceIdentityType.SystemAssignedUserAssigned, createNamespaceResponse.Identity.Type); Assert.Equal(2, createNamespaceResponse.Encryption.KeyVaultProperties.Count); Assert.Equal(KeyName2, createNamespaceResponse.Encryption.KeyVaultProperties[0].KeyName); Assert.Equal(KeyName3, createNamespaceResponse.Encryption.KeyVaultProperties[1].KeyName); Assert.Equal(updateVault.Properties.VaultUri, createNamespaceResponse.Encryption.KeyVaultProperties[0].KeyVaultUri + "/"); Assert.Equal(updateVault.Properties.VaultUri, createNamespaceResponse.Encryption.KeyVaultProperties[1].KeyVaultUri + "/"); Assert.Equal(userAssignedIdentity1.Id, createNamespaceResponse.Encryption.KeyVaultProperties[0].Identity.UserAssignedIdentity); Assert.Equal(userAssignedIdentity1.Id, createNamespaceResponse.Encryption.KeyVaultProperties[1].Identity.UserAssignedIdentity); Assert.Equal(2, createNamespaceResponse.Identity.UserAssignedIdentities.Count); //---------------------------------------------------------------------------------- } finally { this.EventHubManagementClient.Namespaces.DeleteAsync(resourceGroup, namespaceName, default(CancellationToken)).ConfigureAwait(false); this.EventHubManagementClient.Namespaces.DeleteAsync(resourceGroup, namespaceName2, default(CancellationToken)).ConfigureAwait(false); //Delete Resource Group this.ResourceManagementClient.ResourceGroups.DeleteWithHttpMessagesAsync(resourceGroup, null, default(CancellationToken)).ConfigureAwait(false); Console.WriteLine("End of EH2018 Namespace CRUD IPFilter Rules test"); } } }
public VaultCreateOrUpdateParameters GetCreationParameters( Guid tenantId, IResourceGroup resourceGroup, ServicePrincipal serviceApplicationSP, DirectoryObject owner, IDictionary <string, string> tags = null ) { tags ??= new Dictionary <string, string>(); var keyVaultAccessPolicies = new List <AccessPolicyEntry> { new AccessPolicyEntry { TenantId = tenantId, ObjectId = serviceApplicationSP.Id, Permissions = new Permissions { Secrets = new List <SecretPermissions> { SecretPermissions.Get }, Certificates = new List <CertificatePermissions> { CertificatePermissions.Get, CertificatePermissions.List } } }, new AccessPolicyEntry { TenantId = tenantId, ObjectId = owner.Id, Permissions = new Permissions { Keys = new List <KeyPermissions> { KeyPermissions.Get, KeyPermissions.List, KeyPermissions.Sign }, Secrets = new List <SecretPermissions> { SecretPermissions.Get, SecretPermissions.List, SecretPermissions.Set, SecretPermissions.Delete }, Certificates = new List <CertificatePermissions> { CertificatePermissions.Get, CertificatePermissions.List, CertificatePermissions.Update, CertificatePermissions.Create, CertificatePermissions.Import } } } }; keyVaultAccessPolicies.ElementAt(0).Validate(); keyVaultAccessPolicies.ElementAt(1).Validate(); var keyVaultParameters = new VaultCreateOrUpdateParameters { Location = resourceGroup.RegionName, Tags = tags, Properties = new VaultProperties { EnabledForDeployment = false, EnabledForTemplateDeployment = false, EnabledForDiskEncryption = false, TenantId = tenantId, Sku = new Sku { Name = SkuName.Premium, //Family = "A" }, AccessPolicies = keyVaultAccessPolicies } }; keyVaultParameters.Validate(); return(keyVaultParameters); }
public void NamespaceBYOKCreateGetUpdateDelete() { using (MockContext context = MockContext.Start(this.GetType())) { InitializeClients(context); var location = "West US 2"; var resourceGroup = string.Empty; var resourceGroupCluster = EventHubManagementHelper.ResourceGroupCluster; var testClusterName = "PMTestCluster1"; var keyVaultName = "SDKTestingKey1"; var KeyName = "sdktestingkey11"; if (string.IsNullOrWhiteSpace(resourceGroup)) { resourceGroup = TestUtilities.GenerateName(EventHubManagementHelper.ResourceGroupPrefix); this.ResourceManagementClient.TryRegisterResourceGroup(location, resourceGroup); } var namespaceName = TestUtilities.GenerateName(EventHubManagementHelper.NamespacePrefix); try { Cluster getClusterResponse = EventHubManagementClient.Clusters.Get(resourceGroupCluster, testClusterName); var checkNameAvailable = EventHubManagementClient.Namespaces.CheckNameAvailability(namespaceName); var createNamespaceResponse = this.EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroupCluster, namespaceName, new EHNamespace() { Location = location, Sku = new Microsoft.Azure.Management.EventHub.Models.Sku { Name = Microsoft.Azure.Management.EventHub.Models.SkuName.Standard, Tier = SkuTier.Standard }, Tags = new Dictionary <string, string>() { { "tag1", "value1" }, { "tag2", "value2" } }, IsAutoInflateEnabled = false, MaximumThroughputUnits = 0, ClusterArmId = getClusterResponse.Id, Identity = new Identity() { Type = ManagedServiceIdentityType.SystemAssigned } }); Assert.NotNull(createNamespaceResponse); Assert.Equal(namespaceName, createNamespaceResponse.Name); Assert.Equal(getClusterResponse.Id, createNamespaceResponse.ClusterArmId); Assert.False(createNamespaceResponse.IsAutoInflateEnabled); Assert.Equal(0, createNamespaceResponse.MaximumThroughputUnits); TestUtilities.Wait(TimeSpan.FromSeconds(5)); // Create KeyVault Microsoft.Azure.Management.KeyVault.Models.VaultCreateOrUpdateParameters vaultparams = new Microsoft.Azure.Management.KeyVault.Models.VaultCreateOrUpdateParameters(); var accesPolicies = new Microsoft.Azure.Management.KeyVault.Models.AccessPolicyEntry() { ObjectId = createNamespaceResponse.Identity.PrincipalId, TenantId = Guid.Parse(createNamespaceResponse.Identity.TenantId), Permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions() { Keys = new List <string> { "get", "wrapKey", "unwrapKey" } } }; Vault getVaultRsponse = KeyVaultManagementClient.Vaults.Get(resourceGroupCluster, keyVaultName); vaultparams = new VaultCreateOrUpdateParameters(getVaultRsponse.Location, getVaultRsponse.Properties); vaultparams.Properties.AccessPolicies.Add(accesPolicies); var updateVault = KeyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupCluster, keyVaultName, vaultparams); TestUtilities.Wait(TimeSpan.FromSeconds(5)); // Encrypt data in Event Hub namespace Customer managed key from keyvault var getNamespaceResponse = EventHubManagementClient.Namespaces.Get(resourceGroupCluster, namespaceName); getNamespaceResponse.Encryption = new Encryption() { KeySource = KeySource.MicrosoftKeyVault, KeyVaultProperties = new[] { new KeyVaultProperties() { KeyName = KeyName, KeyVaultUri = updateVault.Properties.VaultUri, KeyVersion = "" } } }; var updateNamespaceResponse = this.EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroupCluster, namespaceName, getNamespaceResponse); Vault getVaultRsponse1 = KeyVaultManagementClient.Vaults.Get(resourceGroupCluster, keyVaultName); vaultparams = new VaultCreateOrUpdateParameters(getVaultRsponse.Location, getVaultRsponse.Properties); vaultparams.Properties.AccessPolicies.Remove(accesPolicies); var updateVault1 = KeyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupCluster, keyVaultName, vaultparams); TestUtilities.Wait(TimeSpan.FromSeconds(5)); //Delete the namesapce within the cluster } finally { //Delete Resource Group this.EventHubManagementClient.Namespaces.DeleteAsync(resourceGroupCluster, namespaceName, default(CancellationToken)).ConfigureAwait(false); Console.WriteLine("End of EH2018 Namespace CRUD IPFilter Rules test"); } } }