public async Task RunAsync()
{
// Generate a random name for a new vault
String vaultName = Util.generateRandomVaultId();
// Set up credentials to access management plane to set up example key vault
AzureCredentials credentials = new AzureCredentialsFactory().FromServicePrincipal(
settings.ClientID,
settings.ClientSecret,
settings.TenantID,
AzureEnvironment.AzureGlobalCloud
);
// Ensure that our sample resource group exists.
Console.WriteLine("Creating sample resource group");
ResourceManagementClient resourceMgmtClient = new ResourceManagementClient(credentials);
resourceMgmtClient.SubscriptionId = settings.SubscriptionID;
await resourceMgmtClient.ResourceGroups.CreateOrUpdateAsync(settings.ResourceGroupName, new ResourceGroupInner(settings.AzureLocation));
// Create the sample key vault.
Console.WriteLine("Creating sample Key Vault - " + vaultName);
// Set up the params for the API call
VaultCreateOrUpdateParametersInner createParams = new VaultCreateOrUpdateParametersInner(
settings.AzureLocation,
new VaultProperties(
Guid.Parse(settings.TenantID),
new Microsoft.Azure.Management.KeyVault.Fluent.Models.Sku(SkuName.Standard),
// Create an access policy granting all secret permissions to our sample's service principal
new[] { new AccessPolicyEntry(Guid.Parse(settings.TenantID), settings.ClientOID, new Permissions(null, new[] { "all" })) }
)
);
KeyVaultManagementClient kvMgmtClient = new KeyVaultManagementClient(credentials);
kvMgmtClient.SubscriptionId = settings.SubscriptionID;
VaultInner vault = await kvMgmtClient.Vaults.CreateOrUpdateAsync(settings.ResourceGroupName, vaultName, createParams);
// Now demo authentication to the vault using ADAL
// Add a delay to wait for KV DNS record to be created. See: https://github.com/Azure/azure-sdk-for-node/pull/1938
System.Threading.Thread.Sleep(15000);
await authUsingADALCallbackAsync(vault.Properties.VaultUri);
}
/// <summary>
/// Enables soft delete on a pre-existing vault.
/// </summary>
/// <param name="resourceGroupName"></param>
/// <param name="vaultName"></param>
/// <returns></returns>
public async Task EnableRecoveryOptionsOnExistingVaultAsync(string resourceGroupName, string vaultName, bool enablePurgeProtection)
{
var vault = await ManagementClient.Vaults.GetAsync(resourceGroupName, vaultName).ConfigureAwait(false);
// First check if there is anything to do. The recovery levels are as follows:
// - no protection: soft delete = false
// - recoverable deletion: soft delete = true, purge protection = false
// - recoverable deletion, purge protected: soft delete = true, purge protection = true
//
// The protection level can be strengthened, but never weakened; we will throw on an attempt to lower it.
//
if (vault.Properties.EnableSoftDelete.HasValue &&
vault.Properties.EnableSoftDelete.Value)
{
//if (!(vault.Properties.EnablePurgeProtection ^ enablePurgeProtection))
//{
Console.WriteLine("The required recovery protection level is already enabled on vault {0}.", vaultName);
return;
//}
// check if this is an attempt to lower the recovery level.
//if (vault.Properties.EnablePurgeProtection
// && !enablePurgeProtection)
//{
// throw new InvalidOperationException("The recovery level on an existing vault cannot be lowered.");
//}
}
vault.Properties.EnableSoftDelete = true;
//vault.Properties.EnablePurgeProtection = enablePurgeProtection;
// prepare the update operation on the vault
var updateParameters = new VaultCreateOrUpdateParametersInner
{
Location = vault.Location,
Properties = vault.Properties,
Tags = vault.Tags
};
try
{
vault = await ManagementClient.Vaults.CreateOrUpdateAsync(resourceGroupName, vaultName, updateParameters).ConfigureAwait(false);
}
catch (Exception e)
{
Console.WriteLine("Failed to update vault {0} in resource group {1}: {2}", vaultName, resourceGroupName, e.Message);
}
}
///GENMHASH:0202A00A1DCF248D2647DBDBEF2CA865:4B81B6736F1A9E225E6208032B876D9A
public async override Task <Microsoft.Azure.Management.KeyVault.Fluent.IVault> CreateResourceAsync(CancellationToken cancellationToken = default(CancellationToken))
{
await PopulateAccessPolicies(cancellationToken);
VaultCreateOrUpdateParametersInner parameters = new VaultCreateOrUpdateParametersInner()
{
Location = RegionName,
Properties = Inner.Properties,
Tags = Inner.Tags
};
parameters.Properties.AccessPolicies = new List <AccessPolicyEntry>();
foreach (var accessPolicy in accessPolicies)
{
parameters.Properties.AccessPolicies.Add(accessPolicy.Inner);
}
var inner = await Manager.Inner.Vaults.CreateOrUpdateAsync(ResourceGroupName, Name, parameters, cancellationToken);
SetInner(inner);
return(this);
}
/// <summary>
/// Create or update a key vault in the specified subscription.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the Resource Group to which the server belongs.
/// </param>
/// <param name='vaultName'>
/// Name of the vault
/// </param>
/// <param name='parameters'>
/// Parameters to create or update the vault
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <VaultInner> CreateOrUpdateAsync(this IVaultsOperations operations, string resourceGroupName, string vaultName, VaultCreateOrUpdateParametersInner parameters, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.CreateOrUpdateWithHttpMessagesAsync(resourceGroupName, vaultName, parameters, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
