public void GlacierGetVaultAccessPolicy() { #region to--get-the-access-policy-set-on-the-vault-1481936004590 var response = client.GetVaultAccessPolicy(new GetVaultAccessPolicyRequest { AccountId = "-", VaultName = "example-vault" }); VaultAccessPolicy policy = response.Policy; #endregion }
public static bool IsEqual(this IList <VaultAccessPolicy> expected, IList <VaultAccessPolicy> actual) { if (expected == null && actual == null) { return(true); } if (expected == null || actual == null) { return(false); } if (expected.Count != actual.Count) { return(false); } VaultAccessPolicy[] expectedCopy = new VaultAccessPolicy[expected.Count]; expected.CopyTo(expectedCopy, 0); foreach (VaultAccessPolicy a in actual) { var match = expectedCopy.Where(e => e.TenantId == a.TenantId && e.ObjectId == a.ObjectId && e.ApplicationId == a.ApplicationId && ((a.Permissions.Secrets == null && e.Permissions.Secrets == null) || Enumerable.SequenceEqual(a.Permissions.Secrets, e.Permissions.Secrets)) && ((a.Permissions.Keys == null && e.Permissions.Keys == null) || Enumerable.SequenceEqual(a.Permissions.Keys, e.Permissions.Keys)) && ((a.Permissions.Certificates == null && e.Permissions.Certificates == null) || Enumerable.SequenceEqual(a.Permissions.Certificates, e.Permissions.Certificates)) && ((a.Permissions.Storage == null && e.Permissions.Storage == null) || Enumerable.SequenceEqual(a.Permissions.Storage, e.Permissions.Storage)) ).FirstOrDefault(); if (match == null) { return(false); } expectedCopy = expectedCopy.Where(e => e != match).ToArray(); } if (expectedCopy.Length > 0) { return(false); } return(true); }
public async Task CreateOrUpdate() { #region Snippet:Managing_KeyVaults_CreateAVault VaultCollection vaultCollection = resourceGroup.GetVaults(); string vaultName = "myVault"; Guid tenantIdGuid = new Guid("Your tenantId"); string objectId = "Your Object Id"; IdentityAccessPermissions permissions = new IdentityAccessPermissions { Keys = { new KeyPermission("all") }, Secrets = { new SecretPermission("all") }, Certificates = { new CertificatePermission("all") }, Storage = { new StoragePermission("all") }, }; VaultAccessPolicy AccessPolicy = new VaultAccessPolicy(tenantIdGuid, objectId, permissions); VaultProperties VaultProperties = new VaultProperties(tenantIdGuid, new KeyVaultSku(KeyVaultSkuFamily.A, KeyVaultSkuName.Standard)); VaultProperties.EnabledForDeployment = true; VaultProperties.EnabledForDiskEncryption = true; VaultProperties.EnabledForTemplateDeployment = true; VaultProperties.EnableSoftDelete = true; VaultProperties.VaultUri = new Uri("http://vaulturi.com"); VaultProperties.NetworkRuleSet = new VaultNetworkRuleSet() { Bypass = "******", DefaultAction = "Allow", IPRules = { new VaultIPRule("1.2.3.4/32"), new VaultIPRule("1.0.0.0/25") } }; VaultProperties.AccessPolicies.Add(AccessPolicy); VaultCreateOrUpdateContent parameters = new VaultCreateOrUpdateContent(AzureLocation.WestUS, VaultProperties); var rawVault = await vaultCollection.CreateOrUpdateAsync(WaitUntil.Started, vaultName, parameters).ConfigureAwait(false); VaultResource vault = await rawVault.WaitForCompletionAsync(); #endregion }
protected async Task Initialize() { Location = AzureLocation.CanadaCentral; Client = GetArmClient(); Subscription = await Client.GetDefaultSubscriptionAsync(); DeletedVaultCollection = Subscription.GetDeletedVaults(); if (Mode == RecordedTestMode.Playback) { this.ObjectId = Recording.GetVariable(ObjectIdKey, string.Empty); } else if (Mode == RecordedTestMode.Record) { // Get ObjectId of Service Principal // [warning] Microsoft.Graph required corresponding api permission, Please make sure the service has these two api permissions as follows. // 1. ServicePrincipalEndpoint.Read.All(TYPE-Application) 2.ServicePrincipalEndpoint.ReadWrite.All(TYPE-Application) var scopes = new[] { "https://graph.microsoft.com/.default" }; var options = new TokenCredentialOptions { AuthorityHost = AzureAuthorityHosts.AzurePublicCloud }; var clientSecretCredential = new ClientSecretCredential(TestEnvironment.TenantId, TestEnvironment.ClientId, TestEnvironment.ClientSecret, options); var graphClient = new GraphServiceClient(clientSecretCredential, scopes); var response = await graphClient.ServicePrincipals.Request().GetAsync(); var result = response.CurrentPage.Where(i => i.AppId == TestEnvironment.ClientId).FirstOrDefault(); this.ObjectId = result.Id; Recording.GetVariable(ObjectIdKey, this.ObjectId); } ResGroupName = Recording.GenerateAssetName("sdktestrg-kv-"); ArmOperation <ResourceGroupResource> rgResponse = await Subscription.GetResourceGroups().CreateOrUpdateAsync(WaitUntil.Completed, ResGroupName, new ResourceGroupData(Location)).ConfigureAwait(false); ResourceGroupResource = rgResponse.Value; VaultCollection = ResourceGroupResource.GetVaults(); VaultName = Recording.GenerateAssetName("sdktest-vault-"); MHSMName = Recording.GenerateAssetName("sdktest-mhsm-"); TenantIdGuid = new Guid(TestEnvironment.TenantId); Tags = new Dictionary <string, string> { { "tag1", "value1" }, { "tag2", "value2" }, { "tag3", "value3" } }; IdentityAccessPermissions permissions = new IdentityAccessPermissions { Keys = { new KeyPermission("all") }, Secrets = { new SecretPermission("all") }, Certificates = { new CertificatePermission("all") }, Storage = { new StoragePermission("all") }, }; AccessPolicy = new VaultAccessPolicy(TenantIdGuid, ObjectId, permissions); VaultProperties = new VaultProperties(TenantIdGuid, new KeyVaultSku(KeyVaultSkuFamily.A, KeyVaultSkuName.Standard)); VaultProperties.EnabledForDeployment = true; VaultProperties.EnabledForDiskEncryption = true; VaultProperties.EnabledForTemplateDeployment = true; VaultProperties.EnableSoftDelete = true; VaultProperties.SoftDeleteRetentionInDays = DefSoftDeleteRetentionInDays; VaultProperties.VaultUri = new Uri("http://vaulturi.com"); VaultProperties.NetworkRuleSet = new VaultNetworkRuleSet() { Bypass = "******", DefaultAction = "Allow", IPRules = { new VaultIPRule("1.2.3.4/32"), new VaultIPRule("1.0.0.0/25") } }; VaultProperties.AccessPolicies.Add(AccessPolicy); ManagedHsmCollection = ResourceGroupResource.GetManagedHsms(); ManagedHsmProperties = new ManagedHsmProperties(); ManagedHsmProperties.InitialAdminObjectIds.Add(ObjectId); ManagedHsmProperties.CreateMode = ManagedHsmCreateMode.Default; ManagedHsmProperties.EnableSoftDelete = true; ManagedHsmProperties.SoftDeleteRetentionInDays = DefSoftDeleteRetentionInDays; ManagedHsmProperties.EnablePurgeProtection = false; ManagedHsmProperties.NetworkRuleSet = new ManagedHsmNetworkRuleSet() { Bypass = "******", DefaultAction = "Deny" //Property properties.networkAcls.ipRules is not supported currently and must be set to null. }; ManagedHsmProperties.PublicNetworkAccess = PublicNetworkAccess.Disabled; ManagedHsmProperties.TenantId = TenantIdGuid; }