public virtual VaultCreateOrUpdateOperation CreateOrUpdate(string vaultName, VaultCreateOrUpdateParameters parameters, bool waitForCompletion = true, CancellationToken cancellationToken = default)
{
if (vaultName == null)
{
throw new ArgumentNullException(nameof(vaultName));
}
if (parameters == null)
{
throw new ArgumentNullException(nameof(parameters));
}
using var scope = _clientDiagnostics.CreateScope("VaultCollection.CreateOrUpdate");
scope.Start();
try
{
var response = _restClient.CreateOrUpdate(Id.ResourceGroupName, vaultName, parameters, cancellationToken);
var operation = new VaultCreateOrUpdateOperation(Parent, _clientDiagnostics, Pipeline, _restClient.CreateCreateOrUpdateRequest(Id.ResourceGroupName, vaultName, parameters).Request, response);
if (waitForCompletion)
{
operation.WaitForCompletion(cancellationToken);
}
return(operation);
}
catch (Exception e)
{
scope.Failed(e);
throw;
}
}
public void CreateModel()
{
#region Snippet:Changelog_CreateModel
VaultProperties properties = new VaultProperties(Guid.NewGuid(), new Sku(SkuFamily.A, SkuName.Standard));
VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters(Location.WestUS2, properties);
#endregion
}
public Response CreateOrUpdate(string resourceGroupName, string vaultName, VaultCreateOrUpdateParameters parameters, CancellationToken cancellationToken = default)
{
if (resourceGroupName == null)
{
throw new ArgumentNullException(nameof(resourceGroupName));
}
if (vaultName == null)
{
throw new ArgumentNullException(nameof(vaultName));
}
if (parameters == null)
{
throw new ArgumentNullException(nameof(parameters));
}
using var message = CreateCreateOrUpdateRequest(resourceGroupName, vaultName, parameters);
_pipeline.Send(message, cancellationToken);
switch (message.Response.Status)
{
case 200:
case 201:
return(message.Response);
default:
throw _clientDiagnostics.CreateRequestFailedException(message.Response);
}
}
public async Task <VaultInner> CreateAsync(
IResourceGroup resourceGroup,
string keyVaultName,
VaultCreateOrUpdateParameters keyVaultParameter,
CancellationToken cancellationToken = default
)
{
try {
Log.Information($"Creating Azure KeyVault: {keyVaultName} ...");
var keyVault = await _keyVaultManagementClient
.Vaults
.CreateOrUpdateAsync(
resourceGroup.Name,
keyVaultName,
keyVaultParameter,
cancellationToken
);
Log.Information($"Created Azure KeyVault: {keyVaultName}");
return(keyVault);
}
catch (Exception ex) {
Log.Error(ex, $"Failed to create Azure KeyVault: {keyVaultName}");
throw;
}
}
public async Task KeyVaultManagementVaultTestCompoundIdentityAccessControlPolicy()
{
AccessPolicy.ApplicationId = Guid.Parse(TestEnvironment.ClientId);
VaultProperties.EnableSoftDelete = null;
var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties);
parameters.Tags.InitializeFrom(Tags);
var createVault = await VaultCollection.CreateOrUpdateAsync(true,
vaultName : VaultName,
parameters : parameters
).ConfigureAwait(false);
var vaultResponse = createVault.Value;
ValidateVault(vaultResponse.Data,
VaultName,
ResGroupName,
TestEnvironment.SubscriptionId,
TenantIdGuid,
Location,
"A",
SkuName.Standard,
true,
true,
true,
true,
new[] { AccessPolicy },
Tags);
// Get
var retrievedVault = await VaultCollection.GetAsync(VaultName);
ValidateVault(retrievedVault.Value.Data,
VaultName,
ResGroupName,
TestEnvironment.SubscriptionId,
TenantIdGuid,
Location,
"A",
SkuName.Standard,
true,
true,
true,
true,
new[] { AccessPolicy },
Tags);
// Delete
await retrievedVault.Value.DeleteAsync(true);
Assert.ThrowsAsync <RequestFailedException>(async() =>
{
await VaultCollection.GetAsync(VaultName);
});
}
public async Task KeyVaultManagementListDeletedVaults()
{
int n = 3;
List <string> resourceIds = new List <string>();
List <string> vaultNameList = new List <string>();
var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties)
{
Tags = Tags
};
for (int i = 0; i < n; i++)
{
string vaultName = Recording.GenerateAssetName("sdktestvault");
var createdRawVault = await VaultsClient.StartCreateOrUpdateAsync(
resourceGroupName : ResGroupName,
vaultName : vaultName,
parameters : parameters
);
var createdVault = (await WaitForCompletionAsync(createdRawVault)).Value;
Assert.NotNull(createdVault);
Assert.NotNull(createdVault.Id);
resourceIds.Add(createdVault.Id);
vaultNameList.Add(createdVault.Name);
await VaultsClient.DeleteAsync(resourceGroupName : ResGroupName, vaultName : vaultName);
var deletedVault = await VaultsClient.GetDeletedAsync(vaultName, Location);
deletedVault.Value.IsEqual(createdVault);
}
var deletedVaults = VaultsClient.ListDeletedAsync();
Assert.NotNull(deletedVaults);
await foreach (var v in deletedVaults)
{
var exists = resourceIds.Remove(v.Properties.VaultId);
if (exists)
{
// Purge vault
var purgeOperation = await VaultsClient.StartPurgeDeletedAsync(v.Name, Location);
await WaitForCompletionAsync(purgeOperation);
Assert.ThrowsAsync <RequestFailedException>(async() => await VaultsClient.GetDeletedAsync(v.Name, Location));
}
if (resourceIds.Count == 0)
{
break;
}
}
Assert.True(resourceIds.Count == 0);
}
public async Task <Vault> CreateKeyVaultAsync(
Identity.Identity portalIdentity,
Identity.Identity ownerIdentity,
Guid subscriptionId,
string resourceGroupName,
string location,
string keyVaultName,
string environmentName)
{
await RegisterProvider(subscriptionId, "Microsoft.KeyVault");
var accessToken = await GetAccessToken();
var token = new TokenCredentials(accessToken);
var kvClient = new KeyVaultManagementClient(token)
{
SubscriptionId = subscriptionId.ToString()
};
var permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions(
secrets: new[] { "get", "list", "set", "delete" },
certificates: new[] { "get", "list", "update", "delete", "create", "import" });
var accessPolicies = new[]
{
// Portal MSI
new AccessPolicyEntry(
portalIdentity.TenantId,
portalIdentity.ObjectId.ToString(),
permissions),
// Owner
new AccessPolicyEntry(
ownerIdentity.TenantId,
ownerIdentity.ObjectId.ToString(),
permissions)
};
// TODO - Make SKU configurable
var kvParams = new VaultCreateOrUpdateParameters(
location,
new VaultProperties(
portalIdentity.TenantId,
new Microsoft.Azure.Management.KeyVault.Models.Sku(Microsoft.Azure.Management.KeyVault.Models.SkuName.Standard), accessPolicies),
GetEnvironmentTags(environmentName));
return(await kvClient.Vaults.CreateOrUpdateAsync(
resourceGroupName,
keyVaultName,
kvParams));
}
public async Task KeyVaultManagementListVaults()
{
int n = 3;
int top = 2;
VaultProperties.EnableSoftDelete = null;
List <string> resourceIds = new List <string>();
List <string> vaultNameList = new List <string>();
for (int i = 0; i < n; i++)
{
string vaultName = Recording.GenerateAssetName("sdktestvault");
var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties);
parameters.Tags.InitializeFrom(Tags);
var createdVault = await VaultsClient.StartCreateOrUpdateAsync(
resourceGroupName : ResGroupName,
vaultName : vaultName,
parameters : parameters
);
var vaultResponse = await WaitForCompletionAsync(createdVault);
var vaultValue = vaultResponse.Value;
Assert.NotNull(vaultValue);
Assert.NotNull(vaultValue.Id);
resourceIds.Add(vaultValue.Id);
vaultNameList.Add(vaultValue.Name);
}
var vaults = VaultsClient.ListByResourceGroupAsync(ResGroupName, top);
await foreach (var v in vaults)
{
Assert.True(resourceIds.Remove(v.Id));
}
Assert.True(resourceIds.Count == 0);
var allVaults = VaultsClient.ListAsync(top);
Assert.NotNull(vaults);
// Delete
foreach (var v in vaultNameList)
{
await VaultsClient.DeleteAsync(resourceGroupName : ResGroupName, vaultName : v);
}
}
public async Task KeyVaultManagementListDeletedVaults()
{
int n = 3;
List <string> resourceIds = new List <string>();
List <Vault> vaultList = new List <Vault>();
var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties);
parameters.Tags.InitializeFrom(Tags);
for (int i = 0; i < n; i++)
{
string vaultName = Recording.GenerateAssetName("sdktestvault");
var createdRawVault = await VaultCollection.CreateOrUpdateAsync(vaultName, parameters).ConfigureAwait(false);
var createdVault = createdRawVault.Value;
Assert.NotNull(createdVault.Data);
Assert.NotNull(createdVault.Data.Id);
resourceIds.Add(createdVault.Data.Id);
vaultList.Add(createdVault);
await createdVault.DeleteAsync().ConfigureAwait(false);
var deletedVault = await DeletedVaultCollection.GetAsync(Location).ConfigureAwait(false);
Assert.IsTrue(deletedVault.Value.Data.Name.Equals(createdVault.Data.Name));
}
var deletedVaults = DeletedVaultCollection.GetAllAsync().ToEnumerableAsync().Result;
Assert.NotNull(deletedVaults);
foreach (var v in deletedVaults)
{
var exists = resourceIds.Remove(v.Data.Properties.VaultId);
if (exists)
{
// Purge vault
await v.PurgeAsync().ConfigureAwait(false);
Assert.ThrowsAsync <RequestFailedException>(async() => await DeletedVaultCollection.GetAsync(Location));
}
if (resourceIds.Count == 0)
{
break;
}
}
Assert.True(resourceIds.Count == 0);
}
public async Task NewCode()
{
#endif
ArmClient armClient = new ArmClient(new DefaultAzureCredential());
Subscription subscription = await armClient.GetDefaultSubscriptionAsync();
ResourceGroup resourceGroup = await subscription.GetResourceGroups().GetAsync("myRgName");
VaultCollection vaultCollection = resourceGroup.GetVaults();
VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters(Location.WestUS2, new VaultProperties(Guid.NewGuid(), new Sku(SkuFamily.A, SkuName.Standard)));
VaultCreateOrUpdateOperation lro = await vaultCollection.CreateOrUpdateAsync("myVaultName", parameters);
Vault vault = lro.Value;
#endregion
}
public async Task KeyVaultManagementRecoverDeletedVault()
{
var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties);
parameters.Tags.InitializeFrom(Tags);
var createdVault = await VaultCollection.CreateOrUpdateAsync(true, VaultName, parameters).ConfigureAwait(false);
var vaultValue = createdVault.Value;
// Delete
await vaultValue.DeleteAsync(true);
// Get deleted vault
Assert.ThrowsAsync <RequestFailedException>(async() =>
{
await VaultCollection.GetAsync(VaultName);
});
parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties);
parameters.Tags.InitializeFrom(Tags);
// Recover in default mode
var recoveredRawVault = await VaultCollection.CreateOrUpdateAsync(true, VaultName, parameters).ConfigureAwait(false);
var recoveredVault = recoveredRawVault.Value;
Assert.True(recoveredVault.Data.IsEqual(vaultValue.Data));
// Get recovered vault
var getResult = await VaultCollection.GetAsync(VaultName);
// Delete
await getResult.Value.DeleteAsync(true);
VaultProperties.CreateMode = CreateMode.Recover;
parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties);
// Recover in recover mode
var recoveredRawVault2 = await VaultCollection.CreateOrUpdateAsync(true, VaultName, parameters).ConfigureAwait(false);
var recoveredVault2 = recoveredRawVault.Value;
Assert.True(recoveredVault2.Data.IsEqual(vaultValue.Data));
// Get recovered vault
getResult = await VaultCollection.GetAsync(VaultName);
// Delete
await getResult.Value.DeleteAsync(true);
}
public async Task KeyVaultManagementListDeletedVaults()
{
int n = 3;
List <string> resourceIds = new List <string>();
List <Vault> vaultList = new List <Vault>();
var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties);
parameters.Tags.InitializeFrom(Tags);
for (int i = 0; i < n; i++)
{
string vaultName = Recording.GenerateAssetName("sdktestvault");
var createdRawVault = await VaultCollection.CreateOrUpdateAsync(true, vaultName, parameters).ConfigureAwait(false);
var createdVault = createdRawVault.Value;
Assert.NotNull(createdVault.Data);
Assert.NotNull(createdVault.Data.Id);
resourceIds.Add(createdVault.Data.Id);
vaultList.Add(createdVault);
await createdVault.DeleteAsync(true).ConfigureAwait(false);
var deletedVault = await DeletedVaultCollection.GetAsync(Location, vaultName).ConfigureAwait(false);
Assert.IsTrue(deletedVault.Value.Data.Name.Equals(createdVault.Data.Name));
}
// TODO -- we need to move the GetDeletedVaults method to its collection, and make sure it to return Resources instead of resource data
var deletedVaults = Subscription.GetDeletedVaultsAsync().ToEnumerableAsync().Result;
Assert.NotNull(deletedVaults);
//foreach (var v in deletedVaults)
//{
// var exists = resourceIds.Remove(v.Properties.VaultId);
// if (exists)
// {
// // TODO -- fix this
// // Purge vault
// await v.PurgeAsync().ConfigureAwait(false);
// Assert.ThrowsAsync<RequestFailedException>(async () => await DeletedVaultCollection.GetAsync(Location));
// }
// if (resourceIds.Count == 0)
// break;
//}
//Assert.True(resourceIds.Count == 0);
}
public async Task CreateKeyVaultDisableSoftDelete()
{
this.AccessPolicy.ApplicationId = Guid.Parse(TestEnvironment.ClientId);
this.VaultProperties.EnableSoftDelete = false;
var parameters = new VaultCreateOrUpdateParameters("westeurope", VaultProperties);
parameters.Tags.InitializeFrom(Tags);
var vault = await VaultCollection.CreateOrUpdateAsync(VaultName, parameters).ConfigureAwait(false);
var vaultValue = vault.Value;
Assert.False(vaultValue.Data.Properties.EnableSoftDelete);
await vaultValue.DeleteAsync();
}
public async Task NewCode()
{
#region Snippet:Changelog_NewCode
ArmClient armClient = new ArmClient(new DefaultAzureCredential());
SubscriptionResource subscription = await armClient.GetDefaultSubscriptionAsync();
ResourceGroupResource resourceGroup = await subscription.GetResourceGroups().GetAsync("myRgName");
VaultCollection vaultCollection = resourceGroup.GetVaults();
VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters(AzureLocation.WestUS2, new VaultProperties(Guid.NewGuid(), new KeyVaultSku(KeyVaultSkuFamily.A, KeyVaultSkuName.Standard)));
ArmOperation <VaultResource> lro = await vaultCollection.CreateOrUpdateAsync(WaitUntil.Completed, "myVaultName", parameters);
VaultResource vault = lro.Value;
#endregion
}
public async Task KeyVaultManagementListVaults()
{
int n = 3;
int top = 2;
VaultProperties.EnableSoftDelete = null;
List <string> resourceIds = new List <string>();
List <Vault> vaultList = new List <Vault>();
for (int i = 0; i < n; i++)
{
string vaultName = Recording.GenerateAssetName("sdktest-vault-");
var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties);
parameters.Tags.InitializeFrom(Tags);
var createdVault = await VaultCollection.CreateOrUpdateAsync(true, vaultName, parameters).ConfigureAwait(false);
var vaultValue = createdVault.Value;
Assert.NotNull(vaultValue);
Assert.NotNull(vaultValue.Id);
resourceIds.Add(vaultValue.Id);
vaultList.Add(vaultValue);
}
var vaults = VaultCollection.GetAllAsync(top);
await foreach (var v in vaults)
{
Assert.True(resourceIds.Remove(v.Id));
}
Assert.True(resourceIds.Count == 0);
var allVaults = VaultCollection.GetAllAsync(top);
Assert.NotNull(vaults);
// Delete
foreach (var item in vaultList)
{
await item.DeleteAsync(true);
}
}
/// <summary>
/// Set vault permissions to some resource by its object id.
/// </summary>
/// <param name="vault"></param>
/// <param name="resourceGroupName"></param>
/// <param name="objectId"></param>
/// <param name="permissions"></param>
/// <returns></returns>
public Vault SetVaultPermissions(Vault vault, string resourceGroupName, string objectId, Permissions permissions)
{
vault.Properties.AccessPolicies.Add(
new AccessPolicyEntry
{
TenantId = Guid.Parse(commonData.TenantId),
ObjectId = objectId,
Permissions = permissions
}
);
var updateParams = new VaultCreateOrUpdateParameters
{
Location = vault.Location,
Properties = vault.Properties
};
return(keyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupName, vault.Name, updateParams));
}
public async Task CreateOrUpdate()
{
#region Snippet:Managing_KeyVaults_CreateAVault
VaultCollection vaultCollection = resourceGroup.GetVaults();
string vaultName = "myVault";
Guid tenantIdGuid = new Guid("Your tenantId");
string objectId = "Your Object Id";
Permissions permissions = new Permissions
{
Keys = { new KeyPermissions("all") },
Secrets = { new SecretPermissions("all") },
Certificates = { new CertificatePermissions("all") },
Storage = { new StoragePermissions("all") },
};
AccessPolicyEntry AccessPolicy = new AccessPolicyEntry(tenantIdGuid, objectId, permissions);
VaultProperties VaultProperties = new VaultProperties(tenantIdGuid, new Models.Sku(SkuFamily.A, SkuName.Standard));
VaultProperties.EnabledForDeployment = true;
VaultProperties.EnabledForDiskEncryption = true;
VaultProperties.EnabledForTemplateDeployment = true;
VaultProperties.EnableSoftDelete = true;
VaultProperties.VaultUri = "";
VaultProperties.NetworkAcls = new NetworkRuleSet()
{
Bypass = "******",
DefaultAction = "Allow",
IpRules =
{
new IPRule("1.2.3.4/32"),
new IPRule("1.0.0.0/25")
}
};
VaultProperties.AccessPolicies.Add(AccessPolicy);
VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters(Location.WestUS, VaultProperties);
var rawVault = await vaultCollection.CreateOrUpdateAsync(vaultName, parameters).ConfigureAwait(false);
Vault vault = await rawVault.WaitForCompletionAsync();
#endregion
}
/// <summary>
/// Create key vault.
/// </summary>
/// <param name="resourceGroupName"></param>
/// <param name="vaultName"></param>
/// <param name="region"></param>
/// <param name="sku"></param>
/// <param name="permissions"></param>
/// <param name="enabledForDeployment"></param>
/// <param name="enabledForDiskEncryption"></param>
/// <param name="enabledForTemplateDeployment"></param>
/// <param name="enableSoftDelete"></param>
/// <returns></returns>
public Vault CreateVault(
string resourceGroupName,
string vaultName,
string region,
SkuName sku = SkuName.Premium,
Permissions permissions = null,
bool?enabledForDeployment = true,
bool?enabledForDiskEncryption = true,
bool?enabledForTemplateDeployment = true,
bool?enableSoftDelete = null)
{
var accessPolicies = new List <AccessPolicyEntry>()
{
new AccessPolicyEntry
{
TenantId = Guid.Parse(commonData.TenantId),
ObjectId = commonData.ClientObjectId,
Permissions = permissions ?? DefaultPermissions
}
};
var properties = new VaultProperties
{
TenantId = Guid.Parse(commonData.TenantId),
Sku = new Sku
{
Name = sku
},
AccessPolicies = accessPolicies,
EnabledForDeployment = enabledForDeployment,
EnabledForDiskEncryption = enabledForDiskEncryption,
EnabledForTemplateDeployment = enabledForTemplateDeployment,
EnableSoftDelete = enableSoftDelete
};
var parameters = new VaultCreateOrUpdateParameters
{
Location = region,
Properties = properties
};
return(keyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupName, vaultName, parameters));
}
public async Task CreateKeyVaultDisableSoftDelete()
{
this.AccessPolicy.ApplicationId = Guid.Parse(TestEnvironment.ClientId);
this.VaultProperties.EnableSoftDelete = false;
var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties);
parameters.Tags.InitializeFrom(Tags);
var vault = await VaultsClient.StartCreateOrUpdateAsync(
resourceGroupName : this.ResGroupName,
vaultName : this.VaultName,
parameters : parameters
);
var vaultValue = await WaitForCompletionAsync(vault);
Assert.False(vaultValue.Value.Properties.EnableSoftDelete);
await VaultsClient.DeleteAsync(ResGroupName, VaultName);
}
///GENMHASH:0202A00A1DCF248D2647DBDBEF2CA865:4B81B6736F1A9E225E6208032B876D9A
public async override Task <Microsoft.Azure.Management.KeyVault.Fluent.IVault> CreateResourceAsync(CancellationToken cancellationToken = default(CancellationToken))
{
await PopulateAccessPolicies(cancellationToken);
VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters()
{
Location = RegionName,
Properties = Inner.Properties,
Tags = Inner.Tags
};
parameters.Properties.AccessPolicies = new List <AccessPolicyEntry>();
foreach (var accessPolicy in accessPolicies)
{
parameters.Properties.AccessPolicies.Add(accessPolicy.Inner);
}
var inner = await Manager.Inner.Vaults.CreateOrUpdateAsync(ResourceGroupName, Name, parameters, cancellationToken);
SetInner(inner);
return(this);
}
protected Vault CreateKeyVault(string clusterName, string vaultName, string vaultLocation, string resouceGroupName)
{
var userObjectId = string.Empty;
AccessPolicyEntry accessPolicy = null;
try
{
userObjectId = GetCurrentUserObjectId();
}
catch (Exception e)
{
WriteWarning(e.Message);
}
if (!string.IsNullOrWhiteSpace(userObjectId))
{
accessPolicy = new AccessPolicyEntry()
{
TenantId = GetTenantId(DefaultContext),
ObjectId = userObjectId,
Permissions = new Permissions
{
Keys = DefaultPermissionsToKeys,
Secrets = DefaultPermissionsToSecrets,
Certificates = DefaultPermissionsToCertificates
}
};
}
var keyVaultParameter = new VaultCreateOrUpdateParameters()
{
Location = vaultLocation,
Properties = new VaultProperties
{
Sku = new Management.KeyVault.Models.Sku
{
Name = SkuName.Standard,
},
EnabledForDeployment = true,
TenantId = GetTenantId(DefaultContext),
VaultUri = string.Empty,
AccessPolicies = accessPolicy == null ?
new AccessPolicyEntry[] { } :
new[] { accessPolicy }
},
Tags = new Dictionary <string, string>()
{
{ "clusterName", clusterName },
{ "resourceType", Constants.ServieFabricTag }
}
};
var vault = KeyVaultManageClient.Vaults.CreateOrUpdate(
resouceGroupName,
vaultName,
keyVaultParameter);
System.Threading.Thread.Sleep(TimeSpan.FromSeconds(NewCreatedKeyVaultWaitTimeInSec));
if (accessPolicy == null)
{
WriteWarning(ServiceFabricProperties.Resources.VaultCreatedWithOutAccessPolicy);
}
return(vault);
}
public static async Task <Vault> CreateKeyVaults(VaultsOperations vaults, string vaultName, VaultCreateOrUpdateParameters vaultCreateOrUpdateParameters)
{
var result = await(await vaults
.StartCreateOrUpdateAsync(rgName, vaultName, vaultCreateOrUpdateParameters)).WaitForCompletionAsync();
Console.WriteLine("KeyVault created for: " + result.Value.Id);
return(result.Value);
}
static async Task Main(string[] args)
{
string subscriptionId = Environment.GetEnvironmentVariable("AZURE_SUBSCRIPTION_ID");
Guid tenantId = new Guid(Environment.GetEnvironmentVariable("AZURE_TENANT_ID"));
string objectId = Environment.GetEnvironmentVariable("AZURE_OBJECT_ID");
string location = "eastus2";
var credential = new DefaultAzureCredential();
var resourceClient = new ResourcesManagementClient(subscriptionId, credential);
var resourceGroups = resourceClient.ResourceGroups;
var keyVaultManagementClient = new KeyVaultManagementClient(subscriptionId, credential);
var vaults = keyVaultManagementClient.Vaults;
// Create Resource Group
Console.WriteLine("Creating Resource Group: " + rgName);
var resourceGroup = new ResourceGroup(location);
await resourceGroups.CreateOrUpdateAsync(rgName, resourceGroup);
Console.WriteLine("Created Resource Group: " + rgName);
// Prepare creatable KeyVaults
var creatableKeyVaults = new Dictionary <string, VaultCreateOrUpdateParameters> {
};
for (int i = 1; i <= 10; i++)
{
string vaultName = "sdk-perf-vault" + i;
var vaultProperties = new VaultProperties(tenantId, new Azure.ResourceManager.KeyVault.Models.Sku(SkuName.Standard))
{
AccessPolicies = new[] { new AccessPolicyEntry(tenantId, objectId, new Permissions()) }
};
var vaultParameters = new VaultCreateOrUpdateParameters(location, vaultProperties);
creatableKeyVaults.Add(vaultName, vaultParameters);
}
// Create KeyVaults
var t1 = DateTimeOffset.Now.UtcDateTime;
Console.WriteLine("Creating the KeyVaults");
List <Task> TaskList = new List <Task>();
foreach (var item in creatableKeyVaults)
{
Task task = CreateKeyVaults(vaults, item.Key, item.Value);
TaskList.Add(task);
}
await Task.WhenAll(TaskList.ToArray());
var t2 = DateTimeOffset.Now.UtcDateTime;
Console.WriteLine("Created KeyVaults");
Console.WriteLine($"KeyVaults create: took {(t2 - t1).TotalSeconds } seconds to create 10 KeyVaults !!");
// List
Console.WriteLine("Listing the KeyVaults 100 times");
t1 = DateTimeOffset.Now.UtcDateTime;
List <Task> TaskList2 = new List <Task>();
for (int i = 0; i < 100; i++)
{
Task task = ListVault(vaults);
TaskList2.Add(task);
}
await Task.WhenAll(TaskList2.ToArray());
t2 = DateTimeOffset.Now.UtcDateTime;
Console.WriteLine($"KeyVaults list: took {(t2 - t1).TotalMilliseconds } milliseconds to list 10 KeyVaults 100 times !!");
// Delete ResourceGroup
Console.WriteLine("Deleting Resource Group: " + rgName);
await(await resourceGroups.StartDeleteAsync(rgName)).WaitForCompletionAsync();
Console.WriteLine("Deleted Resource Group: " + rgName);
}
public async Task <VaultModel> CreateVaultForUserAsync(string objectId, string upn, string displayName)
{
// Get the service principal id for this application since we'll need it
var spId = await graphHttpService.GetValue <string>($"/servicePrincipalsByAppId/{azureAdOptions.ClientId}/objectId?api-version=1.6");
var parameters = new VaultCreateOrUpdateParameters()
{
Location = applicationConfiguration.Location,
Properties = new VaultProperties()
{
TenantId = tenantId,
Sku = new Sku(SkuName.Premium),
AccessPolicies = new List <AccessPolicyEntry>
{
// Grant this application admin permissions on the management plane to deal with keys and certificates
new AccessPolicyEntry
{
ObjectId = spId,
TenantId = tenantId,
Permissions = new Permissions
{
Keys = new List <string>
{
"Backup",
"Create",
"Delete",
"Get",
"Import",
"List",
"Restore",
"Update",
"Recover"
},
Certificates = new List <string>
{
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Backup",
"Restore",
"Recover"
}
}
},
// Grant the current user the management plane access for use in the portal/powershell for
// manual tasks
new AccessPolicyEntry
{
ObjectId = userId,
TenantId = tenantId,
Permissions = new Permissions
{
Keys = new List <string>
{
"Backup",
"Create",
"Delete",
"Get",
"Import",
"List",
"Restore",
"Update",
"Recover"
},
Certificates = new List <string>
{
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Backup",
"Restore",
"Recover"
}
}
},
// Needs Keys: Get + Sign, Certificates: Get
new AccessPolicyEntry
{
TenantId = tenantId,
ObjectId = objectId,
ApplicationId = clientId,
Permissions = new Permissions
{
Keys = new List <string>
{
"Get",
"Sign",
},
Certificates = new List <string>
{
"Get"
}
}
}
}
},
Tags = new Dictionary <string, string>
{
{ "userName", upn },
{ "displayName", displayName }
},
};
// for the vault name, we get up to 24 characters, so use the following:
// upn up to the @ then a dash then fill with a guid truncated
var vaultName = $"{upn.Substring(0, upn.IndexOf('@'))}-{Guid.NewGuid().ToString("N")}";
// Truncate to 24 chars
vaultName = vaultName.Substring(0, 24);
// Create uses an OBO so that this only works if the user has contributer+ access to the resource group
using (var client = new KeyVaultManagementClient(new AutoRestCredential <KeyVaultManagementClient>(GetOboToken)))
{
client.SubscriptionId = adminConfig.SubscriptionId;
var vault = await client.Vaults.CreateOrUpdateAsync(resourceGroup, vaultName, parameters).ConfigureAwait(false);
return(ToVaultModel(vault));
}
}
public virtual async Task <ArmOperation <VaultResource> > CreateOrUpdateAsync(WaitUntil waitUntil, string vaultName, VaultCreateOrUpdateParameters parameters, CancellationToken cancellationToken = default)
{
Argument.AssertNotNullOrEmpty(vaultName, nameof(vaultName));
Argument.AssertNotNull(parameters, nameof(parameters));
using var scope = _vaultClientDiagnostics.CreateScope("VaultCollection.CreateOrUpdate");
scope.Start();
try
{
var response = await _vaultRestClient.CreateOrUpdateAsync(Id.SubscriptionId, Id.ResourceGroupName, vaultName, parameters, cancellationToken).ConfigureAwait(false);
var operation = new KeyVaultArmOperation <VaultResource>(new VaultOperationSource(Client), _vaultClientDiagnostics, Pipeline, _vaultRestClient.CreateCreateOrUpdateRequest(Id.SubscriptionId, Id.ResourceGroupName, vaultName, parameters).Request, response, OperationFinalStateVia.Location);
if (waitUntil == WaitUntil.Completed)
{
await operation.WaitForCompletionAsync(cancellationToken).ConfigureAwait(false);
}
return(operation);
}
catch (Exception e)
{
scope.Failed(e);
throw;
}
}
public async Task KeyVaultManagementVaultCreateUpdateDelete()
{
VaultProperties.EnableSoftDelete = null;
var parameters = new VaultCreateOrUpdateParameters(Location, VaultProperties);
parameters.Tags.InitializeFrom(Tags);
var rawVault = await VaultCollection.CreateOrUpdateAsync(true, VaultName, parameters).ConfigureAwait(false);
var createdVault = rawVault.Value.Data;
ValidateVault(createdVault,
VaultName,
ResGroupName,
TestEnvironment.SubscriptionId,
TenantIdGuid,
Location,
"A",
SkuName.Standard,
true,
true,
true,
true, // enableSoftDelete defaults to true
new[] { AccessPolicy },
VaultProperties.NetworkAcls,
Tags);
//Update
AccessPolicy.Permissions.Secrets.Clear();
AccessPolicy.Permissions.Secrets.Add(SecretPermissions.Get);
AccessPolicy.Permissions.Secrets.Add(SecretPermissions.Set);
(AccessPolicy.Permissions.Keys as ChangeTrackingList <KeyPermissions>).Reset();
AccessPolicy.Permissions.Storage.Clear();
AccessPolicy.Permissions.Storage.Add(StoragePermissions.Get);
AccessPolicy.Permissions.Storage.Add(StoragePermissions.Regeneratekey);
createdVault.Properties.AccessPolicies.Clear();
createdVault.Properties.AccessPolicies.Add(AccessPolicy);
createdVault.Properties.Sku.Name = SkuName.Premium;
parameters = new VaultCreateOrUpdateParameters(Location, createdVault.Properties);
parameters.Tags.InitializeFrom(Tags);
var rawUpdateVault = await VaultCollection.CreateOrUpdateAsync(true, VaultName, parameters).ConfigureAwait(false);
var updateVault = rawUpdateVault.Value.Data;
ValidateVault(updateVault,
VaultName,
ResGroupName,
TestEnvironment.SubscriptionId,
TenantIdGuid,
Location,
"A",
SkuName.Premium,
true,
true,
true,
true,
new[] { AccessPolicy },
VaultProperties.NetworkAcls,
Tags);
var rawRetrievedVault = await VaultCollection.GetAsync(VaultName);
var retrievedVault = rawRetrievedVault.Value.Data;
ValidateVault(retrievedVault,
VaultName,
ResGroupName,
TestEnvironment.SubscriptionId,
TenantIdGuid,
Location,
"A",
SkuName.Premium,
true,
true,
true,
true,
new[] { AccessPolicy },
VaultProperties.NetworkAcls,
Tags);
// Delete
var deleteVault = await rawRetrievedVault.Value.DeleteAsync(true);
Assert.ThrowsAsync <RequestFailedException>(async() =>
{
await VaultCollection.GetAsync(VaultName);
});
}
public virtual VaultsCreateOrUpdateOperation StartCreateOrUpdate(string resourceGroupName, string vaultName, VaultCreateOrUpdateParameters parameters, CancellationToken cancellationToken = default)
{
if (resourceGroupName == null)
{
throw new ArgumentNullException(nameof(resourceGroupName));
}
if (vaultName == null)
{
throw new ArgumentNullException(nameof(vaultName));
}
if (parameters == null)
{
throw new ArgumentNullException(nameof(parameters));
}
using var scope = _clientDiagnostics.CreateScope("VaultsOperations.StartCreateOrUpdate");
scope.Start();
try
{
var originalResponse = RestClient.CreateOrUpdate(resourceGroupName, vaultName, parameters, cancellationToken);
return(new VaultsCreateOrUpdateOperation(_clientDiagnostics, _pipeline, RestClient.CreateCreateOrUpdateRequest(resourceGroupName, vaultName, parameters).Request, originalResponse));
}
catch (Exception e)
{
scope.Failed(e);
throw;
}
}
public void NamespaceBYOKCreateGetUpdateDelete()
{
using (MockContext context = MockContext.Start(this.GetType()))
{
InitializeClients(context);
var location = "West US 2";
var resourceGroup = string.Empty;
var keyVaultName = "SDKTestingKey1";
var KeyName = "sdktestingkey11";
var KeyName2 = "sdktestingkey12";
var KeyName3 = "sdktestingkey13";
var resourceGroupCluster = EventHubManagementHelper.ResourceGroupCluster;
var identityName1 = TestUtilities.GenerateName(EventHubManagementHelper.IdentityPrefix);
var identityName2 = TestUtilities.GenerateName(EventHubManagementHelper.IdentityPrefix);
if (string.IsNullOrWhiteSpace(resourceGroup))
{
resourceGroup = TestUtilities.GenerateName(EventHubManagementHelper.ResourceGroupPrefix);
this.ResourceManagementClient.TryRegisterResourceGroup(location, resourceGroup);
}
var namespaceName = TestUtilities.GenerateName(EventHubManagementHelper.NamespacePrefix);
var namespaceName2 = TestUtilities.GenerateName(EventHubManagementHelper.NamespacePrefix);
try
{
var checkNameAvailable = EventHubManagementClient.Namespaces.CheckNameAvailability(namespaceName);
//Create Namespace with System Assigned Identity
//----------------------------------------------------
var createNamespaceResponse = this.EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName,
new EHNamespace()
{
Location = location,
Sku = new Microsoft.Azure.Management.EventHub.Models.Sku
{
Name = Microsoft.Azure.Management.EventHub.Models.SkuName.Premium,
Tier = SkuTier.Premium
},
Tags = new Dictionary <string, string>()
{
{ "tag1", "value1" },
{ "tag2", "value2" }
},
IsAutoInflateEnabled = false,
MaximumThroughputUnits = 0,
Identity = new Identity()
{
Type = ManagedServiceIdentityType.SystemAssigned
}
});
Assert.NotNull(createNamespaceResponse);
Assert.Equal(namespaceName, createNamespaceResponse.Name);
Assert.False(createNamespaceResponse.IsAutoInflateEnabled);
Assert.Equal(0, createNamespaceResponse.MaximumThroughputUnits);
Assert.Equal(ManagedServiceIdentityType.SystemAssigned, createNamespaceResponse.Identity.Type);
//----------------------------------------------------------------------
TestUtilities.Wait(TimeSpan.FromSeconds(5));
//Remove System Assigned Identity from namespace
//-----------------------------------------------
createNamespaceResponse.Identity = new Identity()
{
Type = ManagedServiceIdentityType.None
};
createNamespaceResponse = EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName, createNamespaceResponse);
Assert.NotNull(createNamespaceResponse);
Assert.Equal(namespaceName, createNamespaceResponse.Name);
Assert.False(createNamespaceResponse.IsAutoInflateEnabled);
Assert.Equal(0, createNamespaceResponse.MaximumThroughputUnits);
Assert.Null(createNamespaceResponse.Identity);
//------------------------------------------------
//ReEnable System assigned identity and later enable encryption
//--------------------------------------------------
createNamespaceResponse.Identity = new Identity()
{
Type = ManagedServiceIdentityType.SystemAssigned
};
createNamespaceResponse = EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName, createNamespaceResponse);
Assert.NotNull(createNamespaceResponse);
Assert.Equal(namespaceName, createNamespaceResponse.Name);
Assert.False(createNamespaceResponse.IsAutoInflateEnabled);
Assert.Equal(0, createNamespaceResponse.MaximumThroughputUnits);
Assert.Equal(ManagedServiceIdentityType.SystemAssigned, createNamespaceResponse.Identity.Type);
//--------------------------------------------------
//Give Key Vault Permissions to namespace to set system assigned encryption
//---------------------------------------------------
Microsoft.Azure.Management.KeyVault.Models.VaultCreateOrUpdateParameters vaultparams = new Microsoft.Azure.Management.KeyVault.Models.VaultCreateOrUpdateParameters();
var accesPolicies = new Microsoft.Azure.Management.KeyVault.Models.AccessPolicyEntry()
{
ObjectId = createNamespaceResponse.Identity.PrincipalId,
TenantId = Guid.Parse(createNamespaceResponse.Identity.TenantId),
Permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions()
{
Keys = new List <string> {
"get", "wrapKey", "unwrapKey"
}
}
};
Vault getVaultRsponse = KeyVaultManagementClient.Vaults.Get(resourceGroupCluster, keyVaultName);
vaultparams = new VaultCreateOrUpdateParameters(getVaultRsponse.Location, getVaultRsponse.Properties);
vaultparams.Properties.AccessPolicies.Add(accesPolicies);
var updateVault = KeyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupCluster, keyVaultName, vaultparams);
TestUtilities.Wait(TimeSpan.FromSeconds(5));
// Encrypt data in Event Hub namespace Customer managed key from keyvault
var getNamespaceResponse = EventHubManagementClient.Namespaces.Get(resourceGroup, namespaceName);
getNamespaceResponse.Encryption = new Encryption()
{
KeySource = KeySource.MicrosoftKeyVault,
KeyVaultProperties = new[] {
new KeyVaultProperties()
{
KeyName = KeyName,
KeyVaultUri = updateVault.Properties.VaultUri,
KeyVersion = ""
}
}
};
var updateNamespaceResponse = this.EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName, getNamespaceResponse);
Assert.Equal(1, updateNamespaceResponse.Encryption.KeyVaultProperties.Count);
Assert.Equal(KeyName, updateNamespaceResponse.Encryption.KeyVaultProperties[0].KeyName);
Assert.Equal(updateVault.Properties.VaultUri, updateNamespaceResponse.Encryption.KeyVaultProperties[0].KeyVaultUri + "/");
//-------------------------------------------------------------
Vault getVaultRsponse1 = KeyVaultManagementClient.Vaults.Get(resourceGroupCluster, keyVaultName);
vaultparams = new VaultCreateOrUpdateParameters(getVaultRsponse.Location, getVaultRsponse.Properties);
vaultparams.Properties.AccessPolicies.Remove(accesPolicies);
var updateVault1 = KeyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupCluster, keyVaultName, vaultparams);
TestUtilities.Wait(TimeSpan.FromSeconds(5));
//Create User Assigned Identities and give permissions to access keyvault
//----------------------------------------------------------------
Microsoft.Azure.Management.ManagedServiceIdentity.Models.Identity identity1 = new Microsoft.Azure.Management.ManagedServiceIdentity.Models.Identity()
{
Location = "westus"
};
Microsoft.Azure.Management.ManagedServiceIdentity.Models.Identity identity2 = new Microsoft.Azure.Management.ManagedServiceIdentity.Models.Identity()
{
Location = "westus"
};
var userAssignedIdentity1 = IdentityManagementClient.UserAssignedIdentities.CreateOrUpdate(resourceGroup, identityName1, identity1);
var userAssignedIdentity2 = IdentityManagementClient.UserAssignedIdentities.CreateOrUpdate(resourceGroup, identityName2, identity2);
var accessPolicies = new Microsoft.Azure.Management.KeyVault.Models.AccessPolicyEntry()
{
ObjectId = userAssignedIdentity1.PrincipalId.ToString(),
TenantId = (Guid)userAssignedIdentity1.TenantId,
Permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions()
{
Keys = new List <string> {
"get", "wrapKey", "unwrapKey"
}
}
};
var accessPolicies2 = new Microsoft.Azure.Management.KeyVault.Models.AccessPolicyEntry()
{
ObjectId = userAssignedIdentity2.PrincipalId.ToString(),
TenantId = (Guid)userAssignedIdentity2.TenantId,
Permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions()
{
Keys = new List <string> {
"get", "wrapKey", "unwrapKey"
}
}
};
getVaultRsponse = KeyVaultManagementClient.Vaults.Get(resourceGroupCluster, keyVaultName);
vaultparams = new VaultCreateOrUpdateParameters(getVaultRsponse.Location, getVaultRsponse.Properties);
vaultparams.Properties.AccessPolicies.Add(accessPolicies);
vaultparams.Properties.AccessPolicies.Add(accessPolicies2);
updateVault = KeyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupCluster, keyVaultName, vaultparams);
//--------------------------------------------------------
TestUtilities.Wait(TimeSpan.FromSeconds(5));
//Enable User Assigned Identity Encryption
//---------------------------------------------
createNamespaceResponse = this.EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName2,
new EHNamespace()
{
Location = location,
Sku = new Microsoft.Azure.Management.EventHub.Models.Sku
{
Name = Microsoft.Azure.Management.EventHub.Models.SkuName.Premium,
Tier = SkuTier.Premium
},
Identity = new Identity()
{
Type = ManagedServiceIdentityType.UserAssigned,
UserAssignedIdentities = new Dictionary <string, UserAssignedIdentity>()
{
{ userAssignedIdentity1.Id, new UserAssignedIdentity() },
{ userAssignedIdentity2.Id, new UserAssignedIdentity() }
},
},
Encryption = new Encryption()
{
KeySource = KeySource.MicrosoftKeyVault,
KeyVaultProperties = new List <KeyVaultProperties> {
new KeyVaultProperties()
{
KeyName = KeyName2,
KeyVaultUri = updateVault.Properties.VaultUri,
KeyVersion = "",
Identity = new UserAssignedIdentityProperties()
{
UserAssignedIdentity = userAssignedIdentity1.Id
}
},
new KeyVaultProperties()
{
KeyName = KeyName3,
KeyVaultUri = updateVault.Properties.VaultUri,
KeyVersion = "",
Identity = new UserAssignedIdentityProperties()
{
UserAssignedIdentity = userAssignedIdentity1.Id
}
}
}
}
}
);
Assert.Equal(ManagedServiceIdentityType.UserAssigned, createNamespaceResponse.Identity.Type);
Assert.Equal(2, createNamespaceResponse.Encryption.KeyVaultProperties.Count);
Assert.Equal(KeyName2, createNamespaceResponse.Encryption.KeyVaultProperties[0].KeyName);
Assert.Equal(KeyName3, createNamespaceResponse.Encryption.KeyVaultProperties[1].KeyName);
Assert.Equal(updateVault.Properties.VaultUri, createNamespaceResponse.Encryption.KeyVaultProperties[0].KeyVaultUri + "/");
Assert.Equal(updateVault.Properties.VaultUri, createNamespaceResponse.Encryption.KeyVaultProperties[1].KeyVaultUri + "/");
Assert.Equal(userAssignedIdentity1.Id, createNamespaceResponse.Encryption.KeyVaultProperties[0].Identity.UserAssignedIdentity);
Assert.Equal(userAssignedIdentity1.Id, createNamespaceResponse.Encryption.KeyVaultProperties[1].Identity.UserAssignedIdentity);
Assert.Equal(2, createNamespaceResponse.Identity.UserAssignedIdentities.Count);
//-------------------------------------------------------------------------------------
//Test if identity can be set to System and User assigned.
//---------------------------------------------------------------------------------
createNamespaceResponse.Identity.Type = ManagedServiceIdentityType.SystemAssignedUserAssigned;
createNamespaceResponse = EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroup, namespaceName2, createNamespaceResponse);
Assert.Equal(ManagedServiceIdentityType.SystemAssignedUserAssigned, createNamespaceResponse.Identity.Type);
Assert.Equal(2, createNamespaceResponse.Encryption.KeyVaultProperties.Count);
Assert.Equal(KeyName2, createNamespaceResponse.Encryption.KeyVaultProperties[0].KeyName);
Assert.Equal(KeyName3, createNamespaceResponse.Encryption.KeyVaultProperties[1].KeyName);
Assert.Equal(updateVault.Properties.VaultUri, createNamespaceResponse.Encryption.KeyVaultProperties[0].KeyVaultUri + "/");
Assert.Equal(updateVault.Properties.VaultUri, createNamespaceResponse.Encryption.KeyVaultProperties[1].KeyVaultUri + "/");
Assert.Equal(userAssignedIdentity1.Id, createNamespaceResponse.Encryption.KeyVaultProperties[0].Identity.UserAssignedIdentity);
Assert.Equal(userAssignedIdentity1.Id, createNamespaceResponse.Encryption.KeyVaultProperties[1].Identity.UserAssignedIdentity);
Assert.Equal(2, createNamespaceResponse.Identity.UserAssignedIdentities.Count);
//----------------------------------------------------------------------------------
}
finally
{
this.EventHubManagementClient.Namespaces.DeleteAsync(resourceGroup, namespaceName, default(CancellationToken)).ConfigureAwait(false);
this.EventHubManagementClient.Namespaces.DeleteAsync(resourceGroup, namespaceName2, default(CancellationToken)).ConfigureAwait(false);
//Delete Resource Group
this.ResourceManagementClient.ResourceGroups.DeleteWithHttpMessagesAsync(resourceGroup, null, default(CancellationToken)).ConfigureAwait(false);
Console.WriteLine("End of EH2018 Namespace CRUD IPFilter Rules test");
}
}
}
public VaultCreateOrUpdateParameters GetCreationParameters(
Guid tenantId,
IResourceGroup resourceGroup,
ServicePrincipal serviceApplicationSP,
DirectoryObject owner,
IDictionary <string, string> tags = null
)
{
tags ??= new Dictionary <string, string>();
var keyVaultAccessPolicies = new List <AccessPolicyEntry> {
new AccessPolicyEntry {
TenantId = tenantId,
ObjectId = serviceApplicationSP.Id,
Permissions = new Permissions {
Secrets = new List <SecretPermissions> {
SecretPermissions.Get
},
Certificates = new List <CertificatePermissions> {
CertificatePermissions.Get,
CertificatePermissions.List
}
}
},
new AccessPolicyEntry {
TenantId = tenantId,
ObjectId = owner.Id,
Permissions = new Permissions {
Keys = new List <KeyPermissions> {
KeyPermissions.Get,
KeyPermissions.List,
KeyPermissions.Sign
},
Secrets = new List <SecretPermissions> {
SecretPermissions.Get,
SecretPermissions.List,
SecretPermissions.Set,
SecretPermissions.Delete
},
Certificates = new List <CertificatePermissions> {
CertificatePermissions.Get,
CertificatePermissions.List,
CertificatePermissions.Update,
CertificatePermissions.Create,
CertificatePermissions.Import
}
}
}
};
keyVaultAccessPolicies.ElementAt(0).Validate();
keyVaultAccessPolicies.ElementAt(1).Validate();
var keyVaultParameters = new VaultCreateOrUpdateParameters {
Location = resourceGroup.RegionName,
Tags = tags,
Properties = new VaultProperties {
EnabledForDeployment = false,
EnabledForTemplateDeployment = false,
EnabledForDiskEncryption = false,
TenantId = tenantId,
Sku = new Sku {
Name = SkuName.Premium,
//Family = "A"
},
AccessPolicies = keyVaultAccessPolicies
}
};
keyVaultParameters.Validate();
return(keyVaultParameters);
}
public void NamespaceBYOKCreateGetUpdateDelete()
{
using (MockContext context = MockContext.Start(this.GetType()))
{
InitializeClients(context);
var location = "West US 2";
var resourceGroup = string.Empty;
var resourceGroupCluster = EventHubManagementHelper.ResourceGroupCluster;
var testClusterName = "PMTestCluster1";
var keyVaultName = "SDKTestingKey1";
var KeyName = "sdktestingkey11";
if (string.IsNullOrWhiteSpace(resourceGroup))
{
resourceGroup = TestUtilities.GenerateName(EventHubManagementHelper.ResourceGroupPrefix);
this.ResourceManagementClient.TryRegisterResourceGroup(location, resourceGroup);
}
var namespaceName = TestUtilities.GenerateName(EventHubManagementHelper.NamespacePrefix);
try
{
Cluster getClusterResponse = EventHubManagementClient.Clusters.Get(resourceGroupCluster, testClusterName);
var checkNameAvailable = EventHubManagementClient.Namespaces.CheckNameAvailability(namespaceName);
var createNamespaceResponse = this.EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroupCluster, namespaceName,
new EHNamespace()
{
Location = location,
Sku = new Microsoft.Azure.Management.EventHub.Models.Sku
{
Name = Microsoft.Azure.Management.EventHub.Models.SkuName.Standard,
Tier = SkuTier.Standard
},
Tags = new Dictionary <string, string>()
{
{ "tag1", "value1" },
{ "tag2", "value2" }
},
IsAutoInflateEnabled = false,
MaximumThroughputUnits = 0,
ClusterArmId = getClusterResponse.Id,
Identity = new Identity()
{
Type = ManagedServiceIdentityType.SystemAssigned
}
});
Assert.NotNull(createNamespaceResponse);
Assert.Equal(namespaceName, createNamespaceResponse.Name);
Assert.Equal(getClusterResponse.Id, createNamespaceResponse.ClusterArmId);
Assert.False(createNamespaceResponse.IsAutoInflateEnabled);
Assert.Equal(0, createNamespaceResponse.MaximumThroughputUnits);
TestUtilities.Wait(TimeSpan.FromSeconds(5));
// Create KeyVault
Microsoft.Azure.Management.KeyVault.Models.VaultCreateOrUpdateParameters vaultparams = new Microsoft.Azure.Management.KeyVault.Models.VaultCreateOrUpdateParameters();
var accesPolicies = new Microsoft.Azure.Management.KeyVault.Models.AccessPolicyEntry()
{
ObjectId = createNamespaceResponse.Identity.PrincipalId,
TenantId = Guid.Parse(createNamespaceResponse.Identity.TenantId),
Permissions = new Microsoft.Azure.Management.KeyVault.Models.Permissions()
{
Keys = new List <string> {
"get", "wrapKey", "unwrapKey"
}
}
};
Vault getVaultRsponse = KeyVaultManagementClient.Vaults.Get(resourceGroupCluster, keyVaultName);
vaultparams = new VaultCreateOrUpdateParameters(getVaultRsponse.Location, getVaultRsponse.Properties);
vaultparams.Properties.AccessPolicies.Add(accesPolicies);
var updateVault = KeyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupCluster, keyVaultName, vaultparams);
TestUtilities.Wait(TimeSpan.FromSeconds(5));
// Encrypt data in Event Hub namespace Customer managed key from keyvault
var getNamespaceResponse = EventHubManagementClient.Namespaces.Get(resourceGroupCluster, namespaceName);
getNamespaceResponse.Encryption = new Encryption()
{
KeySource = KeySource.MicrosoftKeyVault,
KeyVaultProperties = new[] {
new KeyVaultProperties()
{
KeyName = KeyName,
KeyVaultUri = updateVault.Properties.VaultUri,
KeyVersion = ""
}
}
};
var updateNamespaceResponse = this.EventHubManagementClient.Namespaces.CreateOrUpdate(resourceGroupCluster, namespaceName, getNamespaceResponse);
Vault getVaultRsponse1 = KeyVaultManagementClient.Vaults.Get(resourceGroupCluster, keyVaultName);
vaultparams = new VaultCreateOrUpdateParameters(getVaultRsponse.Location, getVaultRsponse.Properties);
vaultparams.Properties.AccessPolicies.Remove(accesPolicies);
var updateVault1 = KeyVaultManagementClient.Vaults.CreateOrUpdate(resourceGroupCluster, keyVaultName, vaultparams);
TestUtilities.Wait(TimeSpan.FromSeconds(5));
//Delete the namesapce within the cluster
}
finally
{
//Delete Resource Group
this.EventHubManagementClient.Namespaces.DeleteAsync(resourceGroupCluster, namespaceName, default(CancellationToken)).ConfigureAwait(false);
Console.WriteLine("End of EH2018 Namespace CRUD IPFilter Rules test");
}
}
}
