public async Task RunAsync() { // Generate a random name for a new vault String vaultName = Util.generateRandomVaultId(); // Set up credentials to access management plane to set up example key vault AzureCredentials credentials = new AzureCredentialsFactory().FromServicePrincipal( settings.ClientID, settings.ClientSecret, settings.TenantID, AzureEnvironment.AzureGlobalCloud ); // Ensure that our sample resource group exists. Console.WriteLine("Creating sample resource group"); ResourceManagementClient resourceMgmtClient = new ResourceManagementClient(credentials); resourceMgmtClient.SubscriptionId = settings.SubscriptionID; await resourceMgmtClient.ResourceGroups.CreateOrUpdateAsync(settings.ResourceGroupName, new ResourceGroupInner(settings.AzureLocation)); // Create the sample key vault. Console.WriteLine("Creating sample Key Vault - " + vaultName); // Set up the params for the API call VaultCreateOrUpdateParametersInner createParams = new VaultCreateOrUpdateParametersInner( settings.AzureLocation, new VaultProperties( Guid.Parse(settings.TenantID), new Microsoft.Azure.Management.KeyVault.Fluent.Models.Sku(SkuName.Standard), // Create an access policy granting all secret permissions to our sample's service principal new[] { new AccessPolicyEntry(Guid.Parse(settings.TenantID), settings.ClientOID, new Permissions(null, new[] { "all" })) } ) ); KeyVaultManagementClient kvMgmtClient = new KeyVaultManagementClient(credentials); kvMgmtClient.SubscriptionId = settings.SubscriptionID; VaultInner vault = await kvMgmtClient.Vaults.CreateOrUpdateAsync(settings.ResourceGroupName, vaultName, createParams); // Now demo authentication to the vault using ADAL // Add a delay to wait for KV DNS record to be created. See: https://github.com/Azure/azure-sdk-for-node/pull/1938 System.Threading.Thread.Sleep(15000); await authUsingADALCallbackAsync(vault.Properties.VaultUri); }
/// <summary> /// Enables soft delete on a pre-existing vault. /// </summary> /// <param name="resourceGroupName"></param> /// <param name="vaultName"></param> /// <returns></returns> public async Task EnableRecoveryOptionsOnExistingVaultAsync(string resourceGroupName, string vaultName, bool enablePurgeProtection) { var vault = await ManagementClient.Vaults.GetAsync(resourceGroupName, vaultName).ConfigureAwait(false); // First check if there is anything to do. The recovery levels are as follows: // - no protection: soft delete = false // - recoverable deletion: soft delete = true, purge protection = false // - recoverable deletion, purge protected: soft delete = true, purge protection = true // // The protection level can be strengthened, but never weakened; we will throw on an attempt to lower it. // if (vault.Properties.EnableSoftDelete.HasValue && vault.Properties.EnableSoftDelete.Value) { //if (!(vault.Properties.EnablePurgeProtection ^ enablePurgeProtection)) //{ Console.WriteLine("The required recovery protection level is already enabled on vault {0}.", vaultName); return; //} // check if this is an attempt to lower the recovery level. //if (vault.Properties.EnablePurgeProtection // && !enablePurgeProtection) //{ // throw new InvalidOperationException("The recovery level on an existing vault cannot be lowered."); //} } vault.Properties.EnableSoftDelete = true; //vault.Properties.EnablePurgeProtection = enablePurgeProtection; // prepare the update operation on the vault var updateParameters = new VaultCreateOrUpdateParametersInner { Location = vault.Location, Properties = vault.Properties, Tags = vault.Tags }; try { vault = await ManagementClient.Vaults.CreateOrUpdateAsync(resourceGroupName, vaultName, updateParameters).ConfigureAwait(false); } catch (Exception e) { Console.WriteLine("Failed to update vault {0} in resource group {1}: {2}", vaultName, resourceGroupName, e.Message); } }
///GENMHASH:0202A00A1DCF248D2647DBDBEF2CA865:4B81B6736F1A9E225E6208032B876D9A public async override Task <Microsoft.Azure.Management.KeyVault.Fluent.IVault> CreateResourceAsync(CancellationToken cancellationToken = default(CancellationToken)) { await PopulateAccessPolicies(cancellationToken); VaultCreateOrUpdateParametersInner parameters = new VaultCreateOrUpdateParametersInner() { Location = RegionName, Properties = Inner.Properties, Tags = Inner.Tags }; parameters.Properties.AccessPolicies = new List <AccessPolicyEntry>(); foreach (var accessPolicy in accessPolicies) { parameters.Properties.AccessPolicies.Add(accessPolicy.Inner); } var inner = await Manager.Inner.Vaults.CreateOrUpdateAsync(ResourceGroupName, Name, parameters, cancellationToken); SetInner(inner); return(this); }
/// <summary> /// Create or update a key vault in the specified subscription. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the Resource Group to which the server belongs. /// </param> /// <param name='vaultName'> /// Name of the vault /// </param> /// <param name='parameters'> /// Parameters to create or update the vault /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <VaultInner> CreateOrUpdateAsync(this IVaultsOperations operations, string resourceGroupName, string vaultName, VaultCreateOrUpdateParametersInner parameters, CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.CreateOrUpdateWithHttpMessagesAsync(resourceGroupName, vaultName, parameters, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }