private void VerifyKeyVault(string keyVaultId) { string regexString = @"/subscriptions/(?<subId>\S+)/resourceGroups/(?<rgName>\S+)/providers/Microsoft.KeyVault/vaults/(?<vaultName>\S+)(.*?)"; Regex r = new Regex(regexString, RegexOptions.IgnoreCase); Match m = r.Match(keyVaultId); if (m.Success) { string sub = m.Groups["subId"].Value; string rg = m.Groups["rgName"].Value; string kv = m.Groups["vaultName"].Value; if (!string.IsNullOrWhiteSpace(sub) && sub.Equals(this.DefaultContext.Subscription.Id)) { IKeyVaultManagementClient keyVaultManagementFactory = AzureSession.Instance.ClientFactory.CreateArmClient <KeyVaultManagementClient>( this.DefaultContext, AzureEnvironment.Endpoint.ResourceManager); var thisVmss = this.VirtualMachineScaleSetClient.Get(this.ResourceGroupName, this.VMScaleSetName); Microsoft.Azure.Commands.Common.KeyVault.Version2016_10_1.Models.Vault returnedKeyVault = null; try { returnedKeyVault = keyVaultManagementFactory.Vaults.Get(rg, kv); } catch { WriteWarning("Cannot access the given key vault. Please check if 'enabledForDiskEncryption' of the key vault is set."); } if (returnedKeyVault == null) { WriteWarning("Cannot access the given key vault. Please check if 'enabledForDiskEncryption' of the key vault is set."); } if (!returnedKeyVault.Location.Replace(" ", "").Equals(thisVmss.Location.Replace(" ", ""), StringComparison.OrdinalIgnoreCase)) { ThrowInvalidArgumentError("The location of key vault ID, {0}, does not match with the VM scale set.", keyVaultId); } else if (returnedKeyVault.Properties == null || returnedKeyVault.Properties.EnabledForDiskEncryption == null || returnedKeyVault.Properties.EnabledForDiskEncryption.Value == false) { ThrowInvalidArgumentError("The EnabledForDiskEncryption flag of the key vault ID, {0}, is not set.", keyVaultId); } else { return; } } else { ThrowInvalidArgumentError("The subscription ID of key vault ID, {0}, is incorrect.", keyVaultId); } } else { ThrowInvalidArgumentError("The format of key vault ID, {0}, is incorrect.", keyVaultId); } }
private async Task EnsureAuthenticatedAsync() { if (_client is null) { var tm = new AzureAdTokenManager(); TokenCredentials token = await tm.RequestTokenAsync(_azureCredentials); _client = new KeyVaultManagementClient(token) { SubscriptionId = _identifier.SubscriptionId, }; } }