internal static KeyVaultRoleAssignmentPropertiesWithScope DeserializeKeyVaultRoleAssignmentPropertiesWithScope(JsonElement element) { Optional <KeyVaultRoleScope> scope = default; Optional <string> roleDefinitionId = default; Optional <string> principalId = default; foreach (var property in element.EnumerateObject()) { if (property.NameEquals("scope")) { if (property.Value.ValueKind == JsonValueKind.Null) { property.ThrowNonNullablePropertyIsNull(); continue; } scope = new KeyVaultRoleScope(property.Value.GetString()); continue; } if (property.NameEquals("roleDefinitionId")) { roleDefinitionId = property.Value.GetString(); continue; } if (property.NameEquals("principalId")) { principalId = property.Value.GetString(); continue; } } return(new KeyVaultRoleAssignmentPropertiesWithScope(Optional.ToNullable(scope), roleDefinitionId.Value, principalId.Value)); }
/// <summary> /// Get all role definitions that are applicable at scope and above. /// </summary> /// <param name="roleScope"> The scope of the role assignments. </param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception> /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> is null.</exception> public virtual Pageable <KeyVaultRoleDefinition> GetRoleDefinitions(KeyVaultRoleScope roleScope, CancellationToken cancellationToken = default) { return(PageableHelpers.CreateEnumerable(_ => { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleDefinitions)}"); scope.Start(); try { var response = _definitionsRestClient.List(vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken); return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse()); } catch (Exception ex) { scope.Failed(ex); throw; } }, (nextLink, _) => { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleDefinitions)}"); scope.Start(); try { var response = _definitionsRestClient.ListNextPage(nextLink: nextLink, vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken); return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse()); } catch (Exception ex) { scope.Failed(ex); throw; } })); }
/// <summary> /// Initializes a new instance of the <see cref="CreateOrUpdateRoleDefinitionOptions"/> class using a generated role definition name. /// </summary> /// <param name="roleScope">The <see cref="KeyVaultRoleScope"/> to which the definition applies.</param> /// <param name="roleDefinitionName">The unique role definition name. If the named role definition is already defined it will be updated.</param> public CreateOrUpdateRoleDefinitionOptions(KeyVaultRoleScope roleScope, Guid roleDefinitionName) { RoleScope = roleScope; RoleDefinitionName = roleDefinitionName; Permissions = new List <KeyVaultPermission>(); AssignableScopes = new List <KeyVaultRoleScope>(); }
/// <summary> /// Deletes a role definition. /// </summary> /// <param name="roleScope"></param> /// <param name="roleDefinitionName"></param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns> public virtual Response DeleteRoleDefinition(KeyVaultRoleScope roleScope, Guid roleDefinitionName, CancellationToken cancellationToken = default) { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(DeleteRoleDefinition)}"); scope.Start(); try { return(_definitionsRestClient.Delete(vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), roleDefinitionName: roleDefinitionName.ToString(), cancellationToken)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary> /// Delete the specified role assignment. /// </summary> /// <param name="roleScope"> The scope of the role assignment. </param> /// <param name="roleAssignmentName"> The name of the role assignment to get. </param> /// <param name="cancellationToken"> The cancellation token to use. </param> /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception> /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="roleAssignmentName"/> is null.</exception> public virtual Response <KeyVaultRoleAssignment> DeleteRoleAssignment(KeyVaultRoleScope roleScope, string roleAssignmentName, CancellationToken cancellationToken = default) { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(DeleteRoleAssignment)}"); scope.Start(); try { return(_assignmentsRestClient.Delete(VaultUri.AbsoluteUri, roleScope.ToString(), roleAssignmentName, cancellationToken)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary> /// Creates a <see cref="KeyVaultRoleAssignment"/>. /// </summary> /// <param name="roleScope"> The scope of the role assignment to create. </param> /// <param name="properties"> Properties for the role assignment. </param> /// <param name="name">Optional name used to create the role assignment. A new <see cref="Guid"/> will be generated if not specified.</param> /// <param name="cancellationToken"> The cancellation token to use. </param> /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception> /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> or <paramref name="properties"/> is null.</exception> public virtual Response <KeyVaultRoleAssignment> CreateRoleAssignment(KeyVaultRoleScope roleScope, KeyVaultRoleAssignmentProperties properties, Guid?name = null, CancellationToken cancellationToken = default) { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}"); scope.Start(); try { var _name = (name ?? Guid.NewGuid()).ToString(); return(_assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary> /// Delete the specified role assignment. /// </summary> /// <param name="roleScope"> The scope of the role assignment. </param> /// <param name="roleAssignmentName"> The name of the role assignment to get. </param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception> /// <exception cref="ArgumentNullException"><paramref name="roleAssignmentName"/> is null.</exception> /// <exception cref="ArgumentException"><paramref name="roleAssignmentName"/> is empty.</exception> /// <returns>A <see cref="Task{TResult}"/> containing the result of the asynchronous operation.</returns> public virtual async Task <Response> DeleteRoleAssignmentAsync(KeyVaultRoleScope roleScope, string roleAssignmentName, CancellationToken cancellationToken = default) { Argument.AssertNotNullOrEmpty(roleAssignmentName, nameof(roleAssignmentName)); using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(DeleteRoleAssignment)}"); scope.Start(); try { return(await _assignmentsRestClient.DeleteAsync(VaultUri.AbsoluteUri, roleScope.ToString(), roleAssignmentName, cancellationToken) .ConfigureAwait(false)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary> /// Creates a <see cref="KeyVaultRoleAssignment"/>. /// </summary> /// <param name="roleScope">The scope of the role assignment to create.</param> /// <param name="roleDefinitionId">The role definition ID used in the role assignment.</param> /// <param name="principalId">The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.</param> /// <param name="roleAssignmentName">Optional name used to create the role assignment. A new <see cref="Guid"/> will be generated if not specified.</param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception> /// <exception cref="ArgumentNullException"><paramref name="roleDefinitionId"/> or <paramref name="principalId"/> is null.</exception> /// <exception cref="ArgumentException"><paramref name="roleDefinitionId"/> or <paramref name="principalId"/> is empty.</exception> /// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns> public virtual Response <KeyVaultRoleAssignment> CreateRoleAssignment(KeyVaultRoleScope roleScope, string roleDefinitionId, string principalId, Guid?roleAssignmentName = null, CancellationToken cancellationToken = default) { Argument.AssertNotNullOrEmpty(roleDefinitionId, nameof(roleDefinitionId)); Argument.AssertNotNullOrEmpty(principalId, nameof(principalId)); using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateRoleAssignment)}"); scope.Start(); try { var _name = (roleAssignmentName ?? Guid.NewGuid()).ToString(); var properties = new KeyVaultRoleAssignmentProperties(roleDefinitionId, principalId); return(_assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary>0 /// Gets the <see cref="KeyVaultRoleAssignment"/>s for a scope. /// </summary> /// <param name="roleScope"> The scope of the role assignments. </param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception> /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> is null.</exception> public virtual AsyncPageable <KeyVaultRoleAssignment> GetRoleAssignmentsAsync(KeyVaultRoleScope roleScope, CancellationToken cancellationToken = default) { return(PageableHelpers.CreateAsyncEnumerable(async _ => { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleAssignments)}"); scope.Start(); try { var response = await _assignmentsRestClient.ListForScopeAsync(vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken) .ConfigureAwait(false); return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse()); } catch (Exception ex) { scope.Failed(ex); throw; } }, async(nextLink, _) => { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleAssignments)}"); scope.Start(); try { var response = await _assignmentsRestClient.ListForScopeNextPageAsync(nextLink: nextLink, vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope.ToString(), cancellationToken: cancellationToken) .ConfigureAwait(false); return Page.FromValues(response.Value.Value, response.Value.NextLink, response.GetRawResponse()); } catch (Exception ex) { scope.Failed(ex); throw; } })); }
/// <summary> /// Creates or updates a role definition. /// </summary> /// <param name="roleDefinitionDescription">The description for the role definition.</param> /// <param name="permissions">The permissions granted by the role definition when assigned to a principal.</param> /// <param name="roleScope">The scope of the <see cref="KeyVaultRoleDefinition"/> to create. The default value is <see cref="KeyVaultRoleScope.Global"/>.</param> /// <param name="roleDefinitionName">Optional name used to create the role definition. A new <see cref="Guid"/> will be generated if not specified.</param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <returns>A <see cref="Response{TResult}"/> containing the result of the operation.</returns> public virtual Response <KeyVaultRoleDefinition> CreateOrUpdateRoleDefinition(string roleDefinitionDescription, KeyVaultPermission permissions, KeyVaultRoleScope roleScope = default, Guid?roleDefinitionName = null, CancellationToken cancellationToken = default) { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(CreateOrUpdateRoleDefinition)}"); scope.Start(); try { var name = (roleDefinitionName ?? Guid.NewGuid()).ToString(); var properties = new RoleDefinitionProperties() { Description = roleDefinitionDescription, RoleName = name, RoleType = KeyVaultRoleType.CustomRole }; properties.AssignableScopes.Add(roleScope); properties.Permissions.Add(permissions); var parameters = new RoleDefinitionCreateParameters(properties); return(_definitionsRestClient.CreateOrUpdate( vaultBaseUrl: VaultUri.AbsoluteUri, scope: roleScope == default ? roleScope.ToString() : KeyVaultRoleScope.Global.ToString(), roleDefinitionName: name, parameters: parameters, cancellationToken: cancellationToken)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary> /// Get a specific role definition. /// </summary> /// <param name="roleDefinitionName">The role definition name.</param> /// <param name="roleScope"> The scope of the role definition. </param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception> /// <exception cref="ArgumentNullException"><paramref name="roleScope"/> is null.</exception> public virtual async Task <Response <KeyVaultRoleDefinition> > GetRoleDefinitionAsync(Guid roleDefinitionName, KeyVaultRoleScope roleScope, CancellationToken cancellationToken = default) { using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultAccessControlClient)}.{nameof(GetRoleDefinition)}"); scope.Start(); try { return(await _definitionsRestClient.GetAsync(vaultBaseUrl : VaultUri.AbsoluteUri, scope : roleScope.ToString(), roleDefinitionName : roleDefinitionName.ToString(), cancellationToken : cancellationToken).ConfigureAwait(false)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary> /// Creates or updates a role definition. If the named role definition is already defined it will be updated. /// </summary> /// <param name="roleScope">The <see cref="KeyVaultRoleScope"/> to which the definition applies.</param> /// <param name="roleDefinitionName">The unique role definition name. If null a unique role definition name will be generated.</param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <returns>A <see cref="Task{TResult}"/> representing the result of the asynchronous operation.</returns> public virtual Response <KeyVaultRoleDefinition> CreateOrUpdateRoleDefinition(KeyVaultRoleScope roleScope, Guid?roleDefinitionName = null, CancellationToken cancellationToken = default) => CreateOrUpdateRoleDefinition(new CreateOrUpdateRoleDefinitionOptions(roleScope, roleDefinitionName ?? Guid.NewGuid()), cancellationToken);
/// <summary> /// Initializes a new instance of the <see cref="CreateOrUpdateRoleDefinitionOptions"/> class using a generated role definition name. /// </summary> /// <param name="roleScope">The <see cref="KeyVaultRoleScope"/> to which the definition applies.</param> public CreateOrUpdateRoleDefinitionOptions(KeyVaultRoleScope roleScope) : this(roleScope, Guid.NewGuid()) { }