Exemple #1
0
        internal static KeyVaultRoleAssignmentPropertiesWithScope DeserializeKeyVaultRoleAssignmentPropertiesWithScope(JsonElement element)
        {
            Optional <KeyVaultRoleScope> scope            = default;
            Optional <string>            roleDefinitionId = default;
            Optional <string>            principalId      = default;

            foreach (var property in element.EnumerateObject())
            {
                if (property.NameEquals("scope"))
                {
                    if (property.Value.ValueKind == JsonValueKind.Null)
                    {
                        property.ThrowNonNullablePropertyIsNull();
                        continue;
                    }
                    scope = new KeyVaultRoleScope(property.Value.GetString());
                    continue;
                }
                if (property.NameEquals("roleDefinitionId"))
                {
                    roleDefinitionId = property.Value.GetString();
                    continue;
                }
                if (property.NameEquals("principalId"))
                {
                    principalId = property.Value.GetString();
                    continue;
                }
            }
            return(new KeyVaultRoleAssignmentPropertiesWithScope(Optional.ToNullable(scope), roleDefinitionId.Value, principalId.Value));
        }
 /// <summary>
 /// Get all role definitions that are applicable at scope and above.
 /// </summary>
 /// <param name="roleScope"> The scope of the role assignments. </param>
 /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
 /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
 /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> is null.</exception>
 public virtual Pageable <KeyVaultRoleDefinition> GetRoleDefinitions(KeyVaultRoleScope roleScope, CancellationToken cancellationToken = default)
 {
     return(PageableHelpers.CreateEnumerable(_ =>
     {
         using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleDefinitions)}");
         scope.Start();
         try
         {
             var response = _definitionsRestClient.List(vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken);
             return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse());
         }
         catch (Exception ex)
         {
             scope.Failed(ex);
             throw;
         }
     }, (nextLink, _) =>
     {
         using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleDefinitions)}");
         scope.Start();
         try
         {
             var response = _definitionsRestClient.ListNextPage(nextLink: nextLink, vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken);
             return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse());
         }
         catch (Exception ex)
         {
             scope.Failed(ex);
             throw;
         }
     }));
 }
Exemple #3
0
        /// <summary>
        /// Initializes a new instance of the <see cref="CreateOrUpdateRoleDefinitionOptions"/> class using a generated role definition name.
        /// </summary>
        /// <param name="roleScope">The <see cref="KeyVaultRoleScope"/> to which the definition applies.</param>
        /// <param name="roleDefinitionName">The unique role definition name. If the named role definition is already defined it will be updated.</param>
        public CreateOrUpdateRoleDefinitionOptions(KeyVaultRoleScope roleScope, Guid roleDefinitionName)
        {
            RoleScope          = roleScope;
            RoleDefinitionName = roleDefinitionName;

            Permissions      = new List <KeyVaultPermission>();
            AssignableScopes = new List <KeyVaultRoleScope>();
        }
Exemple #4
0
 /// <summary>
 /// Deletes a role definition.
 /// </summary>
 /// <param name="roleScope"></param>
 /// <param name="roleDefinitionName"></param>
 /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
 /// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns>
 public virtual Response DeleteRoleDefinition(KeyVaultRoleScope roleScope, Guid roleDefinitionName, CancellationToken cancellationToken = default)
 {
     using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(DeleteRoleDefinition)}");
     scope.Start();
     try
     {
         return(_definitionsRestClient.Delete(vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), roleDefinitionName: roleDefinitionName.ToString(), cancellationToken));
     }
     catch (Exception ex)
     {
         scope.Failed(ex);
         throw;
     }
 }
Exemple #5
0
 /// <summary>
 /// Delete the specified role assignment.
 /// </summary>
 /// <param name="roleScope"> The scope of the role assignment. </param>
 /// <param name="roleAssignmentName"> The name of the role assignment to get. </param>
 /// <param name="cancellationToken"> The cancellation token to use. </param>
 /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
 /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="roleAssignmentName"/> is null.</exception>
 public virtual Response <KeyVaultRoleAssignment> DeleteRoleAssignment(KeyVaultRoleScope roleScope, string roleAssignmentName, CancellationToken cancellationToken = default)
 {
     using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(DeleteRoleAssignment)}");
     scope.Start();
     try
     {
         return(_assignmentsRestClient.Delete(VaultUri.AbsoluteUri, roleScope.ToString(), roleAssignmentName, cancellationToken));
     }
     catch (Exception ex)
     {
         scope.Failed(ex);
         throw;
     }
 }
Exemple #6
0
 /// <summary>
 /// Creates a <see cref="KeyVaultRoleAssignment"/>.
 /// </summary>
 /// <param name="roleScope"> The scope of the role assignment to create. </param>
 /// <param name="properties"> Properties for the role assignment. </param>
 /// <param name="name">Optional name used to create the role assignment. A new <see cref="Guid"/> will be generated if not specified.</param>
 /// <param name="cancellationToken"> The cancellation token to use. </param>
 /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
 /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="properties"/> is null.</exception>
 public virtual Response <KeyVaultRoleAssignment> CreateRoleAssignment(KeyVaultRoleScope roleScope, KeyVaultRoleAssignmentProperties properties, Guid?name = null, CancellationToken cancellationToken = default)
 {
     using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}");
     scope.Start();
     try
     {
         var _name = (name ?? Guid.NewGuid()).ToString();
         return(_assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken));
     }
     catch (Exception ex)
     {
         scope.Failed(ex);
         throw;
     }
 }
Exemple #7
0
        /// <summary>
        /// Delete the specified role assignment.
        /// </summary>
        /// <param name="roleScope"> The scope of the role assignment. </param>
        /// <param name="roleAssignmentName"> The name of the role assignment to get. </param>
        /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
        /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
        /// <exception cref="ArgumentNullException"><paramref name="roleAssignmentName"/> is null.</exception>
        /// <exception cref="ArgumentException"><paramref name="roleAssignmentName"/> is empty.</exception>
        /// <returns>A <see cref="Task{TResult}"/> containing the result of the asynchronous operation.</returns>
        public virtual async Task <Response> DeleteRoleAssignmentAsync(KeyVaultRoleScope roleScope, string roleAssignmentName, CancellationToken cancellationToken = default)
        {
            Argument.AssertNotNullOrEmpty(roleAssignmentName, nameof(roleAssignmentName));

            using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(DeleteRoleAssignment)}");
            scope.Start();
            try
            {
                return(await _assignmentsRestClient.DeleteAsync(VaultUri.AbsoluteUri, roleScope.ToString(), roleAssignmentName, cancellationToken)
                       .ConfigureAwait(false));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }
        /// <summary>
        /// Creates a <see cref="KeyVaultRoleAssignment"/>.
        /// </summary>
        /// <param name="roleScope">The scope of the role assignment to create.</param>
        /// <param name="roleDefinitionId">The role definition ID used in the role assignment.</param>
        /// <param name="principalId">The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.</param>
        /// <param name="roleAssignmentName">Optional name used to create the role assignment. A new <see cref="Guid"/> will be generated if not specified.</param>
        /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
        /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
        /// <exception cref="ArgumentNullException"><paramref name="roleDefinitionId"/> or <paramref name="principalId"/> is null.</exception>
        /// <exception cref="ArgumentException"><paramref name="roleDefinitionId"/> or <paramref name="principalId"/> is empty.</exception>
        /// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns>
        public virtual Response <KeyVaultRoleAssignment> CreateRoleAssignment(KeyVaultRoleScope roleScope, string roleDefinitionId, string principalId, Guid?roleAssignmentName = null, CancellationToken cancellationToken = default)
        {
            Argument.AssertNotNullOrEmpty(roleDefinitionId, nameof(roleDefinitionId));
            Argument.AssertNotNullOrEmpty(principalId, nameof(principalId));

            using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}");
            scope.Start();
            try
            {
                var _name      = (roleAssignmentName ?? Guid.NewGuid()).ToString();
                var properties = new KeyVaultRoleAssignmentProperties(roleDefinitionId, principalId);

                return(_assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }
 /// <summary>0
 /// Gets the <see cref="KeyVaultRoleAssignment"/>s for a scope.
 /// </summary>
 /// <param name="roleScope"> The scope of the role assignments. </param>
 /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
 /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
 /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> is null.</exception>
 public virtual AsyncPageable <KeyVaultRoleAssignment> GetRoleAssignmentsAsync(KeyVaultRoleScope roleScope, CancellationToken cancellationToken = default)
 {
     return(PageableHelpers.CreateAsyncEnumerable(async _ =>
     {
         using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleAssignments)}");
         scope.Start();
         try
         {
             var response = await _assignmentsRestClient.ListForScopeAsync(vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken)
                            .ConfigureAwait(false);
             return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse());
         }
         catch (Exception ex)
         {
             scope.Failed(ex);
             throw;
         }
     }, async(nextLink, _) =>
     {
         using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleAssignments)}");
         scope.Start();
         try
         {
             var response = await _assignmentsRestClient.ListForScopeNextPageAsync(nextLink: nextLink, vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken)
                            .ConfigureAwait(false);
             return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse());
         }
         catch (Exception ex)
         {
             scope.Failed(ex);
             throw;
         }
     }));
 }
        /// <summary>
        /// Creates or updates a role definition.
        /// </summary>
        /// <param name="roleDefinitionDescription">The description for the role definition.</param>
        /// <param name="permissions">The permissions granted by the role definition when assigned to a principal.</param>
        /// <param name="roleScope">The scope of the <see cref="KeyVaultRoleDefinition"/> to create. The default value is <see cref="KeyVaultRoleScope.Global"/>.</param>
        /// <param name="roleDefinitionName">Optional name used to create the role definition. A new <see cref="Guid"/> will be generated if not specified.</param>
        /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
        /// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns>
        public virtual Response <KeyVaultRoleDefinition> CreateOrUpdateRoleDefinition(string roleDefinitionDescription, KeyVaultPermission permissions, KeyVaultRoleScope roleScope = default, Guid?roleDefinitionName = null, CancellationToken cancellationToken = default)
        {
            using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateOrUpdateRoleDefinition)}");
            scope.Start();
            try
            {
                var name       = (roleDefinitionName ?? Guid.NewGuid()).ToString();
                var properties = new RoleDefinitionProperties()
                {
                    Description = roleDefinitionDescription,
                    RoleName    = name,
                    RoleType    = KeyVaultRoleType.CustomRole
                };
                properties.AssignableScopes.Add(roleScope);
                properties.Permissions.Add(permissions);

                var parameters = new RoleDefinitionCreateParameters(properties);

                return(_definitionsRestClient.CreateOrUpdate(
                           vaultBaseUrl: VaultUri.AbsoluteUri,
                           scope: roleScope == default ? roleScope.ToString() : KeyVaultRoleScope.Global.ToString(),
                           roleDefinitionName: name,
                           parameters: parameters,
                           cancellationToken: cancellationToken));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }
 /// <summary>
 /// Get a specific role definition.
 /// </summary>
 /// <param name="roleDefinitionName">The role definition name.</param>
 /// <param name="roleScope"> The scope of the role definition. </param>
 /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
 /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
 /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> is null.</exception>
 public virtual async Task <Response <KeyVaultRoleDefinition> > GetRoleDefinitionAsync(Guid roleDefinitionName, KeyVaultRoleScope roleScope, CancellationToken cancellationToken = default)
 {
     using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleDefinition)}");
     scope.Start();
     try
     {
         return(await _definitionsRestClient.GetAsync(vaultBaseUrl : VaultUri.AbsoluteUri, scope : roleScope.ToString(), roleDefinitionName : roleDefinitionName.ToString(), cancellationToken : cancellationToken).ConfigureAwait(false));
     }
     catch (Exception ex)
     {
         scope.Failed(ex);
         throw;
     }
 }
Exemple #12
0
 /// <summary>
 /// Creates or updates a role definition. If the named role definition is already defined it will be updated.
 /// </summary>
 /// <param name="roleScope">The <see cref="KeyVaultRoleScope"/> to which the definition applies.</param>
 /// <param name="roleDefinitionName">The unique role definition name. If null a unique role definition name will be generated.</param>
 /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
 /// <returns>A <see cref="Task{TResult}"/> representing the result of the asynchronous operation.</returns>
 public virtual Response <KeyVaultRoleDefinition> CreateOrUpdateRoleDefinition(KeyVaultRoleScope roleScope, Guid?roleDefinitionName = null, CancellationToken cancellationToken = default) =>
 CreateOrUpdateRoleDefinition(new CreateOrUpdateRoleDefinitionOptions(roleScope, roleDefinitionName ?? Guid.NewGuid()), cancellationToken);
Exemple #13
0
 /// <summary>
 /// Initializes a new instance of the <see cref="CreateOrUpdateRoleDefinitionOptions"/> class using a generated role definition name.
 /// </summary>
 /// <param name="roleScope">The <see cref="KeyVaultRoleScope"/> to which the definition applies.</param>
 public CreateOrUpdateRoleDefinitionOptions(KeyVaultRoleScope roleScope)
     : this(roleScope, Guid.NewGuid())
 {
 }