public async Task GetRoleDefinition()
{
var description = Recording.GenerateAlphaNumericId("role");
Guid name = Recording.Random.NewGuid();
CreateOrUpdateRoleDefinitionOptions options = new(KeyVaultRoleScope.Global, name)
{
Description = description,
Permissions =
{
new()
{
DataActions =
{
KeyVaultDataAction.BackupHsmKeys,
}
}
}
};
KeyVaultRoleDefinition createdDefinition = await Client.CreateOrUpdateRoleDefinitionAsync(options);
RegisterForCleanup(createdDefinition);
KeyVaultRoleDefinition fetchedRoleDefinition = await Client.GetRoleDefinitionAsync(KeyVaultRoleScope.Global, name);
Assert.That(fetchedRoleDefinition.AssignableScopes, Is.EqualTo(new[] { KeyVaultRoleScope.Global }));
Assert.That(fetchedRoleDefinition.Description, Is.EqualTo(description));
Assert.That(fetchedRoleDefinition.Name, Is.EqualTo(name.ToString()));
Assert.That(fetchedRoleDefinition.Permissions.First().DataActions, Is.EquivalentTo(options.Permissions[0].DataActions));
Assert.That(fetchedRoleDefinition.Type, Is.EqualTo(KeyVaultRoleDefinitionType.MicrosoftAuthorizationRoleDefinitions));
}
public async Task DeleteRoleDefinition()
{
var description = Recording.GenerateAlphaNumericId("role");
Guid name = Recording.Random.NewGuid();
CreateOrUpdateRoleDefinitionOptions options = new(KeyVaultRoleScope.Global, name)
{
Description = description,
Permissions =
{
new()
{
DataActions =
{
KeyVaultDataAction.BackupHsmKeys,
}
}
}
};
KeyVaultRoleDefinition createdDefinition = await Client.CreateOrUpdateRoleDefinitionAsync(options);
await Client.DeleteRoleDefinitionAsync(KeyVaultRoleScope.Global, name);
List <KeyVaultRoleDefinition> results = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
Assert.That(!results.Any(r => r.Name.ToString().Equals(name.ToString())));
}
public async Task CreateOrUpdateRoleDefinition()
{
var description = Recording.GenerateAlphaNumericId("role");
var name = Recording.Random.NewGuid();
var originalPermissions = new KeyVaultPermission();
originalPermissions.DataActions.Add(KeyVaultDataAction.BackupHsmKeys);
KeyVaultRoleDefinition createdDefinition = await Client.CreateOrUpdateRoleDefinitionAsync(description, originalPermissions, KeyVaultRoleScope.Global, name);
RegisterForCleanup(createdDefinition);
Assert.That(createdDefinition.AssignableScopes, Is.EqualTo(new[] { KeyVaultRoleScope.Global }));
Assert.That(createdDefinition.Description, Is.EqualTo(description));
Assert.That(createdDefinition.Name, Is.EqualTo(name.ToString()));
Assert.That(createdDefinition.Permissions.First().DataActions, Is.EquivalentTo(originalPermissions.DataActions));
Assert.That(createdDefinition.Type, Is.EqualTo(KeyVaultRoleDefinitionType.MicrosoftAuthorizationRoleDefinitions));
var updatedpermissions = new KeyVaultPermission();
updatedpermissions.DataActions.Add(KeyVaultDataAction.CreateHsmKey);
updatedpermissions.DataActions.Add(KeyVaultDataAction.DownloadHsmSecurityDomain);
KeyVaultRoleDefinition updatedDefinition = await Client.CreateOrUpdateRoleDefinitionAsync(description, updatedpermissions, KeyVaultRoleScope.Global, name);
Assert.That(updatedDefinition.AssignableScopes, Is.EqualTo(new[] { KeyVaultRoleScope.Global }));
Assert.That(updatedDefinition.Description, Is.EqualTo(description));
Assert.That(updatedDefinition.Name, Is.EqualTo(name.ToString()));
Assert.That(updatedDefinition.Permissions.First().DataActions, Is.EquivalentTo(updatedpermissions.DataActions));
Assert.That(updatedDefinition.Type, Is.EqualTo(KeyVaultRoleDefinitionType.MicrosoftAuthorizationRoleDefinitions));
}
public async Task DeleteRoleAssignment()
{
List <KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
KeyVaultRoleDefinition definitionToAssign = definitions.First(d => d.RoleName.Contains(RoleName));
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment assignment = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, roleAssignmentName).ConfigureAwait(false);
await Client.DeleteRoleAssignmentAsync(KeyVaultRoleScope.Global, assignment.Name).ConfigureAwait(false);
}
public PSKeyVaultRoleDefinition(KeyVaultRoleDefinition roleDefinition)
{
Id = roleDefinition.Id;
Name = roleDefinition.Name;
Type = roleDefinition.Type;
RoleName = roleDefinition.RoleName;
Description = roleDefinition.Description;
RoleType = roleDefinition.RoleType;
AssignableScopes = roleDefinition.AssignableScopes.ToArray();
Permissions = roleDefinition.Permissions.Select(permission => new PSKeyVaultPermission(permission)).ToArray();
}
public async Task CreateRoleAssignment()
{
List <KeyVaultRoleDefinition> definitions = await Client.GetRoleDefinitionsAsync(KeyVaultRoleScope.Global).ToEnumerableAsync().ConfigureAwait(false);
KeyVaultRoleDefinition definitionToAssign = definitions.First(d => d.RoleName.Contains(RoleName));
Guid roleAssignmentName = Recording.Random.NewGuid();
KeyVaultRoleAssignment result = await Client.CreateRoleAssignmentAsync(KeyVaultRoleScope.Global, definitionToAssign.Id, TestEnvironment.ClientObjectId, roleAssignmentName).ConfigureAwait(false);
RegisterForCleanup(result);
Assert.That(result.Id, Is.Not.Null);
Assert.That(result.Name, Is.Not.Null);
Assert.That(result.Type, Is.Not.Null);
Assert.That(result.Properties.PrincipalId, Is.EqualTo(TestEnvironment.ClientObjectId));
Assert.That(result.Properties.RoleDefinitionId, Is.EqualTo(definitionToAssign.Id));
}
