/// <summary>
/// Creates or updates a role definition.
/// </summary>
/// <param name="roleDefinitionDescription">The description for the role definition.</param>
/// <param name="permissions">The permissions granted by the role definition when assigned to a principal.</param>
/// <param name="roleScope">The scope of the <see cref="KeyVaultRoleDefinition"/> to create. The default value is <see cref="KeyVaultRoleScope.Global"/>.</param>
/// <param name="roleDefinitionName">Optional name used to create the role definition. A new <see cref="Guid"/> will be generated if not specified.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns>
public virtual Response <KeyVaultRoleDefinition> CreateOrUpdateRoleDefinition(string roleDefinitionDescription, KeyVaultPermission permissions, KeyVaultRoleScope roleScope = default, Guid?roleDefinitionName = null, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateOrUpdateRoleDefinition)}");
scope.Start();
try
{
var name = (roleDefinitionName ?? Guid.NewGuid()).ToString();
var properties = new RoleDefinitionProperties()
{
Description = roleDefinitionDescription,
RoleName = name,
RoleType = KeyVaultRoleType.CustomRole
};
properties.AssignableScopes.Add(roleScope);
properties.Permissions.Add(permissions);
var parameters = new RoleDefinitionCreateParameters(properties);
return(_definitionsRestClient.CreateOrUpdate(
vaultBaseUrl: VaultUri.AbsoluteUri,
scope: roleScope == default ? roleScope.ToString() : KeyVaultRoleScope.Global.ToString(),
roleDefinitionName: name,
parameters: parameters,
cancellationToken: cancellationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Delete the specified role assignment.
/// </summary>
/// <param name="roleScope"> The scope of the role assignment. </param>
/// <param name="roleAssignmentName"> The name of the role assignment to get. </param>
/// <param name="cancellationToken"> The cancellation token to use. </param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="roleAssignmentName"/> is null.</exception>
public virtual Response <KeyVaultRoleAssignment> DeleteRoleAssignment(KeyVaultRoleScope roleScope, string roleAssignmentName, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(DeleteRoleAssignment)}");
scope.Start();
try
{
return(_assignmentsRestClient.Delete(VaultUri.AbsoluteUri, roleScope.ToString(), roleAssignmentName, cancellationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Get the specified role assignment.
/// </summary>
/// <param name="roleScope"> The scope of the role assignment. </param>
/// <param name="roleAssignmentName"> The name of the role assignment to get. </param>
/// <param name="cancellationToken"> The cancellation token to use. </param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="roleAssignmentName"/> is null.</exception>
public virtual async Task <Response <KeyVaultRoleAssignment> > GetRoleAssignmentAsync(KeyVaultRoleScope roleScope, string roleAssignmentName, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleAssignment)}");
scope.Start();
try
{
return(await _assignmentsRestClient.GetAsync(VaultUri.AbsoluteUri, roleScope.ToString(), roleAssignmentName, cancellationToken)
.ConfigureAwait(false));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Creates a <see cref="KeyVaultRoleAssignment"/>.
/// </summary>
/// <param name="roleScope"> The scope of the role assignment to create. </param>
/// <param name="properties"> Properties for the role assignment. </param>
/// <param name="name">Optional name used to create the role assignment. A new <see cref="Guid"/> will be generated if not specified.</param>
/// <param name="cancellationToken"> The cancellation token to use. </param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="properties"/> is null.</exception>
public virtual Response <KeyVaultRoleAssignment> CreateRoleAssignment(KeyVaultRoleScope roleScope, KeyVaultRoleAssignmentProperties properties, Guid?name = null, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}");
scope.Start();
try
{
var _name = (name ?? Guid.NewGuid()).ToString();
return(_assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Creates a <see cref="KeyVaultRoleAssignment"/>.
/// </summary>
/// <param name="roleScope">The scope of the role assignment to create.</param>
/// <param name="roleDefinitionId">The role definition ID used in the role assignment.</param>
/// <param name="principalId">The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.</param>
/// <param name="roleAssignmentName">Optional name used to create the role assignment. A new <see cref="Guid"/> will be generated if not specified.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleDefinitionId"/> or <paramref name="principalId"/> is null.</exception>
/// <exception cref="ArgumentException"><paramref name="roleDefinitionId"/> or <paramref name="principalId"/> is empty.</exception>
/// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns>
public virtual Response <KeyVaultRoleAssignment> CreateRoleAssignment(KeyVaultRoleScope roleScope, string roleDefinitionId, string principalId, Guid?roleAssignmentName = null, CancellationToken cancellationToken = default)
{
Argument.AssertNotNullOrEmpty(roleDefinitionId, nameof(roleDefinitionId));
Argument.AssertNotNullOrEmpty(principalId, nameof(principalId));
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}");
scope.Start();
try
{
var _name = (roleAssignmentName ?? Guid.NewGuid()).ToString();
var properties = new KeyVaultRoleAssignmentProperties(roleDefinitionId, principalId);
return(_assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Get all role definitions that are applicable at scope and above.
/// </summary>
/// <param name="roleScope"> The scope of the role assignments. </param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleScope"/> is null.</exception>
public virtual Pageable <KeyVaultRoleDefinition> GetRoleDefinitions(KeyVaultRoleScope roleScope, CancellationToken cancellationToken = default)
{
return(PageableHelpers.CreateEnumerable(_ =>
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleDefinitions)}");
scope.Start();
try
{
var response = _definitionsRestClient.List(vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken);
return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse());
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}, (nextLink, _) =>
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleDefinitions)}");
scope.Start();
try
{
var response = _definitionsRestClient.ListNextPage(nextLink: nextLink, vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken);
return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse());
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}));
}
/// <summary>0
/// Gets the <see cref="KeyVaultRoleAssignment"/>s for a scope.
/// </summary>
/// <param name="roleScope"> The scope of the role assignments. </param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleScope"/> is null.</exception>
public virtual AsyncPageable <KeyVaultRoleAssignment> GetRoleAssignmentsAsync(KeyVaultRoleScope roleScope, CancellationToken cancellationToken = default)
{
return(PageableHelpers.CreateAsyncEnumerable(async _ =>
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleAssignments)}");
scope.Start();
try
{
var response = await _assignmentsRestClient.ListForScopeAsync(vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken)
.ConfigureAwait(false);
return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse());
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}, async(nextLink, _) =>
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleAssignments)}");
scope.Start();
try
{
var response = await _assignmentsRestClient.ListForScopeNextPageAsync(nextLink: nextLink, vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken)
.ConfigureAwait(false);
return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse());
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}));
}
/// <summary>
/// Deletes a role definition.
/// </summary>
/// <param name="roleDefinitionName"></param>
/// <param name="roleScope"></param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns>
public virtual Response <KeyVaultRoleDefinition> DeleteRoleDefinition(Guid roleDefinitionName, KeyVaultRoleScope roleScope, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(DeleteRoleDefinition)}");
scope.Start();
try
{
return(_definitionsRestClient.Delete(vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), roleDefinitionName: roleDefinitionName.ToString(), cancellationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Get a specific role definition.
/// </summary>
/// <param name="roleDefinitionName">The role definition name.</param>
/// <param name="roleScope"> The scope of the role definition. </param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
/// <exception cref="ArgumentNullException"><paramref name="roleScope"/> is null.</exception>
public virtual async Task <Response <KeyVaultRoleDefinition> > GetRoleDefinitionAsync(Guid roleDefinitionName, KeyVaultRoleScope roleScope, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleDefinition)}");
scope.Start();
try
{
return(await _definitionsRestClient.GetAsync(vaultBaseUrl : VaultUri.AbsoluteUri, scope : roleScope.ToString(), roleDefinitionName : roleDefinitionName.ToString(), cancellationToken : cancellationToken).ConfigureAwait(false));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}