KeyVaultManagementClient.UpdateVault C# (CSharp)のコード例

コード例 #1

0

ファイルを表示

ファイル: RemoveAzureKeyVaultAccessPolicy.cs プロジェクト: zapdog43/azure-powershell

        public override void ExecuteCmdlet()
        {
            if (ShouldProcess(VaultName, Properties.Resources.RemoveVaultAccessPolicy))
            {
                if (ParameterSetName == ForVault && !EnabledForDeployment.IsPresent &&
                    !EnabledForTemplateDeployment.IsPresent && !EnabledForDiskEncryption.IsPresent)
                {
                    throw new ArgumentException(PSKeyVaultProperties.Resources.VaultPermissionFlagMissing);
                }

                ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;

                // Get the vault to be updated
                PSKeyVaultModels.PSVault existingVault = null;

                if (!string.IsNullOrWhiteSpace(ResourceGroupName))
                {
                    existingVault = KeyVaultManagementClient.GetVault(
                        VaultName,
                        ResourceGroupName);
                }
                if (existingVault == null)
                {
                    throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.VaultNotFound, VaultName, ResourceGroupName));
                }

                if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
                {
                    throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidApplicationId);
                }

                if (!string.IsNullOrWhiteSpace(this.ObjectId) && !this.IsValidObjectIdSyntax(this.ObjectId))
                {
                    throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidObjectIdSyntax);
                }

                // Update vault policies
                var updatedPolicies = existingVault.AccessPolicies;
                if (!string.IsNullOrEmpty(UserPrincipalName) || !string.IsNullOrEmpty(ServicePrincipalName) || !string.IsNullOrWhiteSpace(this.ObjectId))
                {
                    if (string.IsNullOrWhiteSpace(this.ObjectId))
                    {
                        ObjectId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.ServicePrincipalName);
                    }
                    updatedPolicies = existingVault.AccessPolicies.Where(ap => !ShallBeRemoved(ap, ObjectId, this.ApplicationId)).ToArray();
                }

                // Update the vault
                var updatedVault = KeyVaultManagementClient.UpdateVault(existingVault, updatedPolicies,
                                                                        EnabledForDeployment.IsPresent ? false : existingVault.EnabledForDeployment,
                                                                        EnabledForTemplateDeployment.IsPresent ? false : existingVault.EnabledForTemplateDeployment,
                                                                        EnabledForDiskEncryption.IsPresent ? false : existingVault.EnabledForDiskEncryption,
                                                                        ActiveDirectoryClient);

                if (PassThru.IsPresent)
                {
                    WriteObject(updatedVault);
                }
            }
        }

コード例 #2

0

ファイルを表示

 protected PSKeyVault UpdateCurrentVault(PSKeyVault existingVault, PSKeyVaultNetworkRuleSet updatedNetworkAcls)
 {
     return(KeyVaultManagementClient.UpdateVault(
                existingVault,
                existingVault.AccessPolicies,
                existingVault.EnabledForDeployment,
                existingVault.EnabledForTemplateDeployment,
                existingVault.EnabledForDiskEncryption,
                existingVault.EnableSoftDelete,
                existingVault.EnablePurgeProtection,
                updatedNetworkAcls,
                ActiveDirectoryClient));
 }

コード例 #3

0

ファイルを表示

        public override void ExecuteCmdlet()
        {
            if (this.IsParameterBound(c => c.InputObject))
            {
                this.ResourceGroupName = this.InputObject.ResourceGroupName;
                this.VaultName         = this.InputObject.VaultName;
            }

            if (this.IsParameterBound(c => c.ResourceId))
            {
                var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
                this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
                this.VaultName         = resourceIdentifier.ResourceName;
            }

            PSKeyVault existingResource = null;

            try
            {
                existingResource = KeyVaultManagementClient.GetVault(this.VaultName, this.ResourceGroupName);
            }
            catch
            {
                existingResource = null;
            }

            if (existingResource == null)
            {
                throw new Exception(string.Format("A key vault with name '{0}' in resource group '{1}' does not exist. Please use New-AzKeyVault to create a key vault with these properties.", this.VaultName, this.ResourceGroupName));
            }

            if (this.ShouldProcess(this.VaultName, string.Format("Updating key vault '{0}' in resource group '{1}'.", this.VaultName, this.ResourceGroupName)))
            {
                var result = KeyVaultManagementClient.UpdateVault(existingResource,
                                                                  existingResource.AccessPolicies,
                                                                  existingResource.EnabledForDeployment,
                                                                  existingResource.EnabledForTemplateDeployment,
                                                                  existingResource.EnabledForDiskEncryption,
                                                                  EnableSoftDelete.IsPresent ? (true as bool?) : null,
                                                                  EnablePurgeProtection.IsPresent ? (true as bool?) : null,
                                                                  EnableRbacAuthorization,
                                                                  this.IsParameterBound(c => c.SoftDeleteRetentionInDays)
                        ? (SoftDeleteRetentionInDays as int?)
                        : (existingResource.SoftDeleteRetentionInDays ?? Constants.DefaultSoftDeleteRetentionDays),
                                                                  existingResource.NetworkAcls
                                                                  );

                WriteObject(result);
            }
        }

コード例 #4

0

ファイルを表示

 protected PSKeyVault UpdateCurrentVault(PSKeyVault existingVault, PSKeyVaultNetworkRuleSet updatedNetworkAcls)
 {
     return(KeyVaultManagementClient.UpdateVault(
                existingVault,
                existingVault.AccessPolicies,
                existingVault.EnabledForDeployment,
                existingVault.EnabledForTemplateDeployment,
                existingVault.EnabledForDiskEncryption,
                existingVault.EnableSoftDelete,
                existingVault.EnablePurgeProtection,
                existingVault.EnableRbacAuthorization,
                existingVault.SoftDeleteRetentionInDays,
                updatedNetworkAcls,
                GraphClient));
 }

コード例 #5

0

ファイルを表示

        public override void ExecuteCmdlet()
        {
            if (this.IsParameterBound(c => c.InputObject))
            {
                this.ResourceGroupName = this.InputObject.ResourceGroupName;
                this.VaultName         = this.InputObject.VaultName;
            }

            if (this.IsParameterBound(c => c.ResourceId))
            {
                var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
                this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
                this.VaultName         = resourceIdentifier.ResourceName;
            }

            PSKeyVault existingResource = null;

            try
            {
                existingResource = KeyVaultManagementClient.GetVault(this.VaultName, this.ResourceGroupName);
            }
            catch
            {
                existingResource = null;
            }

            if (existingResource == null)
            {
                throw new Exception(string.Format("A key vault with name '{0}' in resource group '{1}' does not exist. Please use New-AzKeyVault to create a key vault with these properties.", this.VaultName, this.ResourceGroupName));
            }

            if (this.ShouldProcess(this.VaultName, string.Format("Updating key vault '{0}' in resource group '{1}'.", this.VaultName, this.ResourceGroupName)))
            {
                var result = KeyVaultManagementClient.UpdateVault(
                    existingResource,
                    updatedParamater: new VaultCreationOrUpdateParameters
                {
                    EnablePurgeProtection   = this.EnablePurgeProtection.IsPresent ? (true as bool?) : null,
                    EnableRbacAuthorization = this.EnableRbacAuthorization,
                    PublicNetworkAccess     = this.PublicNetworkAccess,
                    Tags = this.Tag
                }
                    );

                WriteObject(result);
            }
        }

コード例 #6

0

ファイルを表示

        public override void ExecuteCmdlet()
        {
            ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;

            // Get the vault to be updated
            PSKeyVaultModels.PSVault existingVault = null;

            if (!string.IsNullOrWhiteSpace(ResourceGroupName))
            {
                existingVault = KeyVaultManagementClient.GetVault(
                    VaultName,
                    ResourceGroupName);
            }
            if (existingVault == null)
            {
                throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.VaultNotFound, VaultName, ResourceGroupName));
            }

            if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
            {
                throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidApplicationId);
            }

            // Update vault policies
            var updatedPolicies = existingVault.AccessPolicies;

            if (!string.IsNullOrEmpty(UserPrincipalName) || !string.IsNullOrEmpty(ServicePrincipalName) || (ObjectId != null && ObjectId != Guid.Empty))
            {
                Guid objId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.ServicePrincipalName);

                updatedPolicies = existingVault.AccessPolicies.Where(ap => !ShallBeRemoved(ap, objId, this.ApplicationId)).ToArray();
            }

            // Update the vault
            var updatedVault = KeyVaultManagementClient.UpdateVault(existingVault, updatedPolicies, !this.EnabledForDeployment.IsPresent, ActiveDirectoryClient);

            if (PassThru.IsPresent)
            {
                WriteObject(updatedVault);
            }
        }

コード例 #7

0

ファイルを表示

ファイル: SetAzureKeyVaultAccessPolicy.cs プロジェクト: zioniriest/azure-powershell

        public override void ExecuteCmdlet()
        {
            if (InputObject != null)
            {
                VaultName         = InputObject.VaultName;
                ResourceGroupName = InputObject.ResourceGroupName;
            }
            else if (ResourceId != null)
            {
                var resourceIdentifier = new ResourceIdentifier(ResourceId);
                VaultName         = resourceIdentifier.ResourceName;
                ResourceGroupName = resourceIdentifier.ResourceGroupName;
            }

            if (ShouldProcess(VaultName, Properties.Resources.SetVaultAccessPolicy))
            {
                if (ParameterSetName == ForVault && !EnabledForDeployment.IsPresent &&
                    !EnabledForTemplateDeployment.IsPresent && !EnabledForDiskEncryption.IsPresent)
                {
                    throw new ArgumentException(Resources.VaultPermissionFlagMissing);
                }

                ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
                if (ResourceGroupName == null)
                {
                    throw new ArgumentException(string.Format(Resources.VaultDoesNotExist, VaultName));
                }

                PSKeyVault vault = null;

                // Get the vault to be updated
                if (!string.IsNullOrWhiteSpace(ResourceGroupName))
                {
                    vault = KeyVaultManagementClient.GetVault(
                        VaultName,
                        ResourceGroupName);
                }
                if (vault == null)
                {
                    throw new ArgumentException(string.Format(Resources.VaultNotFound, VaultName, ResourceGroupName));
                }

                if (!string.IsNullOrWhiteSpace(this.ObjectId) && !this.IsValidObjectIdSyntax(this.ObjectId))
                {
                    throw new ArgumentException(Resources.InvalidObjectIdSyntax);
                }

                // Update vault policies
                PSKeyVaultAccessPolicy[] updatedListOfAccessPolicies = vault.AccessPolicies;
                if (!string.IsNullOrEmpty(UserPrincipalName) ||
                    !string.IsNullOrEmpty(ServicePrincipalName) ||
                    !string.IsNullOrWhiteSpace(this.ObjectId) ||
                    !string.IsNullOrWhiteSpace(this.EmailAddress))
                {
                    var objId = this.ObjectId;
                    if (!this.BypassObjectIdValidation.IsPresent && ActiveDirectoryClient != null)
                    {
                        objId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.EmailAddress, this.ServicePrincipalName);
                    }
                    else if (ActiveDirectoryClient == null && objId == null)
                    {
                        throw new Exception(Resources.ActiveDirectoryClientNull);
                    }

                    if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
                    {
                        throw new ArgumentException(Resources.InvalidApplicationId);
                    }

                    //All permission arrays cannot be null
                    if (PermissionsToKeys == null && PermissionsToSecrets == null && PermissionsToCertificates == null && PermissionsToStorage == null)
                    {
                        throw new ArgumentException(Resources.PermissionsNotSpecified);
                    }
                    else
                    {
                        //Is there an existing policy for this policy identity?
                        var existingPolicy = vault.AccessPolicies.FirstOrDefault(ap => MatchVaultAccessPolicyIdentity(ap, objId, ApplicationId));

                        //New policy will have permission arrays that are either from cmdlet input
                        //or if that's null, then from the old policy for this object ID if one existed
                        var keys = PermissionsToKeys ?? (existingPolicy != null && existingPolicy.PermissionsToKeys != null ?
                                                         existingPolicy.PermissionsToKeys.ToArray() : null);

                        var secrets = PermissionsToSecrets ?? (existingPolicy != null && existingPolicy.PermissionsToSecrets != null ?
                                                               existingPolicy.PermissionsToSecrets.ToArray() : null);

                        var certificates = PermissionsToCertificates ?? (existingPolicy != null && existingPolicy.PermissionsToCertificates != null ?
                                                                         existingPolicy.PermissionsToCertificates.ToArray() : null);

                        var managedStorage = PermissionsToStorage ?? (existingPolicy != null && existingPolicy.PermissionsToStorage != null ?
                                                                      existingPolicy.PermissionsToStorage.ToArray() : null);

                        //Remove old policies for this policy identity and add a new one with the right permissions, iff there were some non-empty permissions
                        updatedListOfAccessPolicies = vault.AccessPolicies.Where(ap => !MatchVaultAccessPolicyIdentity(ap, objId, this.ApplicationId)).ToArray();
                        if ((keys != null && keys.Length > 0) || (secrets != null && secrets.Length > 0) || (certificates != null && certificates.Length > 0) || (managedStorage != null && managedStorage.Length > 0))
                        {
                            var policy = new PSKeyVaultAccessPolicy(vault.TenantId, objId, this.ApplicationId, keys, secrets, certificates, managedStorage);
                            updatedListOfAccessPolicies = updatedListOfAccessPolicies.Concat(new[] { policy }).ToArray();
                        }
                    }
                }

                // Update the vault
                var updatedVault = KeyVaultManagementClient.UpdateVault(
                    vault,
                    updatedListOfAccessPolicies,
                    EnabledForDeployment.IsPresent ? true : vault.EnabledForDeployment,
                    EnabledForTemplateDeployment.IsPresent ? true : vault.EnabledForTemplateDeployment,
                    EnabledForDiskEncryption.IsPresent ? true : vault.EnabledForDiskEncryption,
                    vault.EnableSoftDelete,
                    vault.EnablePurgeProtection,
                    vault.NetworkAcls,
                    ActiveDirectoryClient);

                if (PassThru.IsPresent)
                {
                    WriteObject(updatedVault);
                }
            }
        }

コード例 #8

0

ファイルを表示

ファイル: SetAzureKeyVaultAccessPolicy.cs プロジェクト: wangzq/azure-powershell

        public override void ExecuteCmdlet()
        {
            if (ParameterSetName == ForVault && !EnabledForDeployment.IsPresent &&
                !EnabledForTemplateDeployment.IsPresent && !EnabledForDiskEncryption.IsPresent)
            {
                throw new ArgumentException(PSKeyVaultProperties.Resources.VaultPermissionFlagMissing);
            }

            ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
            PSKeyVaultModels.PSVault vault = null;

            // Get the vault to be updated
            if (!string.IsNullOrWhiteSpace(ResourceGroupName))
            {
                vault = KeyVaultManagementClient.GetVault(
                    VaultName,
                    ResourceGroupName);
            }
            if (vault == null)
            {
                throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.VaultNotFound, VaultName, ResourceGroupName));
            }

            // Update vault policies
            PSKeyVaultModels.PSVaultAccessPolicy[] updatedListOfAccessPolicies = vault.AccessPolicies;
            if (!string.IsNullOrEmpty(UserPrincipalName) || !string.IsNullOrEmpty(ServicePrincipalName) || (ObjectId != Guid.Empty))
            {
                Guid objId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.ServicePrincipalName);

                if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
                {
                    throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidApplicationId);
                }

                //Both arrays cannot be null
                if (PermissionsToKeys == null && PermissionsToSecrets == null)
                {
                    throw new ArgumentException(PSKeyVaultProperties.Resources.PermissionsNotSpecified);
                }
                else
                {
                    //Validate
                    if (!IsMeaningfulPermissionSet(PermissionsToKeys))
                    {
                        throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.PermissionSetIncludesAllPlusOthers, "keys"));
                    }
                    if (!IsMeaningfulPermissionSet(PermissionsToSecrets))
                    {
                        throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.PermissionSetIncludesAllPlusOthers, "secrets"));
                    }

                    //Is there an existing policy for this policy identity?
                    var existingPolicy = vault.AccessPolicies.FirstOrDefault(ap => MatchVaultAccessPolicyIdentity(ap, objId, ApplicationId));

                    //New policy will have permission arrays that are either from cmdlet input
                    //or if that's null, then from the old policy for this object ID if one existed
                    var keys = PermissionsToKeys ?? (existingPolicy != null && existingPolicy.PermissionsToKeys != null ?
                                                     existingPolicy.PermissionsToKeys.ToArray() : null);

                    var secrets = PermissionsToSecrets ?? (existingPolicy != null && existingPolicy.PermissionsToSecrets != null ?
                                                           existingPolicy.PermissionsToSecrets.ToArray() : null);

                    //Remove old policies for this policy identity and add a new one with the right permissions, iff there were some non-empty permissions
                    updatedListOfAccessPolicies = vault.AccessPolicies.Where(ap => !MatchVaultAccessPolicyIdentity(ap, objId, this.ApplicationId)).ToArray();
                    if ((keys != null && keys.Length > 0) || (secrets != null && secrets.Length > 0))
                    {
                        var policy = new PSKeyVaultModels.PSVaultAccessPolicy(vault.TenantId, objId, this.ApplicationId, keys, secrets);
                        updatedListOfAccessPolicies = updatedListOfAccessPolicies.Concat(new[] { policy }).ToArray();
                    }
                }
            }

            // Update the vault
            var updatedVault = KeyVaultManagementClient.UpdateVault(vault, updatedListOfAccessPolicies,
                                                                    EnabledForDeployment.IsPresent || vault.EnabledForDeployment,
                                                                    EnabledForTemplateDeployment.IsPresent ? true : vault.EnabledForTemplateDeployment,
                                                                    EnabledForDiskEncryption.IsPresent ? true : vault.EnabledForDiskEncryption,
                                                                    ActiveDirectoryClient);

            if (PassThru.IsPresent)
            {
                WriteObject(updatedVault);
            }
        }

コード例 #9

0

ファイルを表示

        public override void ExecuteCmdlet()
        {
            if (ShouldProcess(VaultName, Properties.Resources.RemoveVaultAccessPolicy))
            {
                if (InputObject != null)
                {
                    VaultName         = InputObject.VaultName;
                    ResourceGroupName = InputObject.ResourceGroupName;
                }
                else if (!string.IsNullOrEmpty(ResourceId))
                {
                    var parsedResourceId = new ResourceIdentifier(ResourceId);
                    VaultName         = parsedResourceId.ResourceName;
                    ResourceGroupName = parsedResourceId.ResourceGroupName;
                }

                ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;

                // Get the vault to be updated
                PSKeyVault existingVault = null;

                if (!string.IsNullOrWhiteSpace(ResourceGroupName))
                {
                    existingVault = KeyVaultManagementClient.GetVault(
                        VaultName,
                        ResourceGroupName);
                }
                if (existingVault == null)
                {
                    throw new ArgumentException(string.Format(Resources.VaultNotFound, VaultName, ResourceGroupName));
                }

                if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
                {
                    throw new ArgumentException(Resources.InvalidApplicationId);
                }

                if (!string.IsNullOrWhiteSpace(this.ObjectId) && !this.IsValidObjectIdSyntax(this.ObjectId))
                {
                    throw new ArgumentException(Resources.InvalidObjectIdSyntax);
                }

                // Update vault policies
                var updatedPolicies = existingVault.AccessPolicies;
                if (!string.IsNullOrEmpty(UserPrincipalName) ||
                    !string.IsNullOrEmpty(ServicePrincipalName) ||
                    !string.IsNullOrWhiteSpace(this.ObjectId) ||
                    !string.IsNullOrWhiteSpace(this.EmailAddress))
                {
                    if (string.IsNullOrWhiteSpace(this.ObjectId))
                    {
                        if (ActiveDirectoryClient == null)
                        {
                            throw new Exception(Resources.ActiveDirectoryClientNull);
                        }
                        ObjectId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.EmailAddress, this.ServicePrincipalName);
                    }
                    updatedPolicies = existingVault.AccessPolicies.Where(ap => !ShallBeRemoved(ap, ObjectId, this.ApplicationId)).ToArray();
                }

                // Update the vault
                var updatedVault = KeyVaultManagementClient.UpdateVault(
                    existingVault,
                    updatedPolicies,
                    EnabledForDeployment.IsPresent ? false : existingVault.EnabledForDeployment,
                    EnabledForTemplateDeployment.IsPresent ? false : existingVault.EnabledForTemplateDeployment,
                    EnabledForDiskEncryption.IsPresent ? false : existingVault.EnabledForDiskEncryption,
                    existingVault.EnableSoftDelete,
                    existingVault.EnablePurgeProtection,
                    existingVault.SoftDeleteRetentionInDays,
                    existingVault.NetworkAcls,
                    ActiveDirectoryClient);

                if (PassThru.IsPresent)
                {
                    WriteObject(updatedVault);
                }
            }
        }

C# (CSharp) KeyVaultManagementClient.UpdateVaultの例