/// <summary>
/// Create a new vault
/// </summary>
/// <param name="parameters">vault creation parameters</param>
/// <param name="adClient">the active directory client</param>
/// <returns></returns>
public PSVault CreateNewVault(VaultCreationParameters parameters, ActiveDirectoryClient adClient = null)
{
if (parameters == null)
{
throw new ArgumentNullException("parameters");
}
if (string.IsNullOrWhiteSpace(parameters.VaultName))
{
throw new ArgumentNullException("parameters.VaultName");
}
if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName))
{
throw new ArgumentNullException("parameters.ResourceGroupName");
}
if (string.IsNullOrWhiteSpace(parameters.Location))
{
throw new ArgumentNullException("parameters.Location");
}
if (string.IsNullOrWhiteSpace(parameters.SkuName))
{
throw new ArgumentNullException("parameters.SkuName");
}
if (string.IsNullOrWhiteSpace(parameters.SkuFamilyName))
{
throw new ArgumentNullException("parameters.SkuFamilyName");
}
if (parameters.TenantId == null || parameters.TenantId == Guid.Empty)
{
throw new ArgumentException("parameters.TenantId");
}
var response = this.KeyVaultManagementClient.Vaults.CreateOrUpdate(
resourceGroupName: parameters.ResourceGroupName,
vaultName: parameters.VaultName,
parameters: new VaultCreateOrUpdateParameters()
{
Location = parameters.Location,
Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
Properties = new VaultProperties
{
Sku = new Sku
{
Family = parameters.SkuFamilyName,
Name = parameters.SkuName
},
EnabledForDeployment = parameters.EnabledForDeployment,
EnabledForTemplateDeployment = parameters.EnabledForTemplateDeployment,
EnabledForDiskEncryption = parameters.EnabledForDiskEncryption,
TenantId = parameters.TenantId,
VaultUri = "",
AccessPolicies = (parameters.AccessPolicy != null) ? new[] { parameters.AccessPolicy } : new AccessPolicyEntry[] { }
}
});
return(new PSVault(response.Vault, adClient));
}
/// <summary>
/// Create a new vault
/// </summary>
/// <param name="parameters">vault creation parameters</param>
/// <param name="adClient">the active directory client</param>
/// <returns></returns>
public PSVault CreateNewVault(VaultCreationParameters parameters, ActiveDirectoryClient adClient = null)
{
if (parameters == null)
throw new ArgumentNullException("parameters");
if (string.IsNullOrWhiteSpace(parameters.VaultName))
throw new ArgumentNullException("parameters.VaultName");
if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName))
throw new ArgumentNullException("parameters.ResourceGroupName");
if (string.IsNullOrWhiteSpace(parameters.Location))
throw new ArgumentNullException("parameters.Location");
if (string.IsNullOrWhiteSpace(parameters.SkuName))
throw new ArgumentNullException("parameters.SkuName");
if (string.IsNullOrWhiteSpace(parameters.SkuFamilyName))
throw new ArgumentNullException("parameters.SkuFamilyName");
if (parameters.TenantId == null || parameters.TenantId == Guid.Empty)
throw new ArgumentException("parameters.TenantId");
if (parameters.ObjectId == null || parameters.ObjectId == Guid.Empty)
throw new ArgumentException("parameters.ObjectId");
var response = this.KeyVaultManagementClient.Vaults.CreateOrUpdate(
resourceGroupName: parameters.ResourceGroupName,
vaultName: parameters.VaultName,
parameters: new VaultCreateOrUpdateParameters()
{
Location = parameters.Location,
Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
Properties = new VaultProperties
{
Sku = new Sku
{
Family = parameters.SkuFamilyName,
Name = parameters.SkuName
},
EnabledForDeployment = parameters.EnabledForDeployment,
EnabledForTemplateDeployment = parameters.EnabledForTemplateDeployment,
EnabledForDiskEncryption = parameters.EnabledForDiskEncryption,
TenantId = parameters.TenantId,
VaultUri = "",
AccessPolicies = new []
{
new AccessPolicyEntry
{
TenantId = parameters.TenantId,
ObjectId = parameters.ObjectId,
PermissionsToKeys = parameters.PermissionsToKeys,
PermissionsToSecrets = parameters.PermissionsToSecrets
}
}
}
}
);
return new PSVault(response.Vault, adClient);
}
/// <summary>
/// Create a new vault
/// </summary>
/// <param name="parameters">vault creation parameters</param>
/// <param name="adClient">the active directory client</param>
/// <returns></returns>
public PSKeyVault CreateNewVault(VaultCreationParameters parameters, ActiveDirectoryClient adClient = null)
{
if (parameters == null)
{
throw new ArgumentNullException("parameters");
}
if (string.IsNullOrWhiteSpace(parameters.VaultName))
{
throw new ArgumentNullException("parameters.VaultName");
}
if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName))
{
throw new ArgumentNullException("parameters.ResourceGroupName");
}
if (string.IsNullOrWhiteSpace(parameters.Location))
{
throw new ArgumentNullException("parameters.Location");
}
var properties = new VaultProperties();
if (parameters.CreateMode != CreateMode.Recover)
{
if (string.IsNullOrWhiteSpace(parameters.SkuFamilyName))
{
throw new ArgumentNullException("parameters.SkuFamilyName");
}
if (parameters.TenantId == Guid.Empty)
{
throw new ArgumentException("parameters.TenantId");
}
properties.Sku = new Sku
{
Name = parameters.SkuName,
};
properties.EnabledForDeployment = parameters.EnabledForDeployment;
properties.EnabledForTemplateDeployment = parameters.EnabledForTemplateDeployment;
properties.EnabledForDiskEncryption = parameters.EnabledForDiskEncryption;
properties.EnableSoftDelete = parameters.EnableSoftDelete.HasValue && parameters.EnableSoftDelete.Value ? true : (bool?)null;
properties.EnablePurgeProtection = parameters.EnablePurgeProtection.HasValue && parameters.EnablePurgeProtection.Value ? true : (bool?)null;
// properties.SoftDeleteRetentionInDays = parameters.SoftDeleteRetentionInDays;
properties.TenantId = parameters.TenantId;
properties.VaultUri = "";
properties.AccessPolicies = (parameters.AccessPolicy != null) ? new[] { parameters.AccessPolicy } : new AccessPolicyEntry[] { };
properties.NetworkAcls = parameters.NetworkAcls;
}
else
{
properties.CreateMode = CreateMode.Recover;
}
var response = KeyVaultManagementClient.Vaults.CreateOrUpdate(
resourceGroupName: parameters.ResourceGroupName,
vaultName: parameters.VaultName,
parameters: new VaultCreateOrUpdateParameters
{
Location = parameters.Location,
Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
Properties = properties
});
return(new PSKeyVault(response, adClient));
}
