forked from Azure-Samples/key-vault-dotnet-manage-key-vaults
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathProgram.cs
164 lines (140 loc) · 6.67 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License. See License.txt in the project root for license information.
using Microsoft.Azure.Management.Fluent;
using Microsoft.Azure.Management.KeyVault.Fluent.Models;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent.Authentication;
using Microsoft.Azure.Management.ResourceManager.Fluent.Core;
using Microsoft.Azure.Management.Samples.Common;
using System;
namespace ManageKeyVault
{
public class Program
{
/**
* Azure Key Vault sample for managing key vaults -
* - Create a key vault
* - Authorize an application
* - Update a key vault
* - alter configurations
* - change permissions
* - Create another key vault
* - List key vaults
* - Delete a key vault.
*/
public static void RunSample(IAzure azure)
{
string vaultName1 = SdkContext.RandomResourceName("vault1", 20);
string vaultName2 = SdkContext.RandomResourceName("vault2", 20);
string rgName = SdkContext.RandomResourceName("rgNEMV", 24);
try
{
//============================================================
// Create a key vault with empty access policy
Utilities.Log("Creating a key vault...");
var vault1 = azure.Vaults
.Define(vaultName1)
.WithRegion(Region.USWest)
.WithNewResourceGroup(rgName)
.WithEmptyAccessPolicy()
.Create();
Utilities.Log("Created key vault");
Utilities.PrintVault(vault1);
//============================================================
// Authorize an application
Utilities.Log("Authorizing the application associated with the current service principal...");
vault1 = vault1.Update()
.DefineAccessPolicy()
.ForServicePrincipal(SdkContext.AzureCredentialsFactory.FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION")).ClientId)
.AllowKeyAllPermissions()
.AllowSecretPermissions(SecretPermissions.Get)
.AllowSecretPermissions(SecretPermissions.List)
.Attach()
.Apply();
Utilities.Log("Updated key vault");
Utilities.PrintVault(vault1);
//============================================================
// Update a key vault
Utilities.Log("Update a key vault to enable deployments and add permissions to the application...");
vault1 = vault1.Update()
.WithDeploymentEnabled()
.WithTemplateDeploymentEnabled()
.UpdateAccessPolicy(vault1.AccessPolicies[0].ObjectId)
.AllowSecretAllPermissions()
.Parent()
.Apply();
Utilities.Log("Updated key vault");
// Print the network security group
Utilities.PrintVault(vault1);
//============================================================
// Create another key vault
var vault2 = azure.Vaults
.Define(vaultName2)
.WithRegion(Region.USEast)
.WithExistingResourceGroup(rgName)
.DefineAccessPolicy()
.ForServicePrincipal(SdkContext.AzureCredentialsFactory.FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION")).ClientId)
.AllowKeyPermissions(KeyPermissions.List)
.AllowKeyPermissions(KeyPermissions.Get)
.AllowKeyPermissions(KeyPermissions.Decrypt)
.AllowSecretPermissions(SecretPermissions.Get)
.Attach()
.Create();
Utilities.Log("Created key vault");
// Print the network security group
Utilities.PrintVault(vault2);
//============================================================
// List key vaults
Utilities.Log("Listing key vaults...");
foreach (var vault in azure.Vaults.ListByResourceGroup(rgName))
{
Utilities.PrintVault(vault);
}
//============================================================
// Delete key vaults
Utilities.Log("Deleting the key vaults");
azure.Vaults.DeleteById(vault1.Id);
azure.Vaults.DeleteById(vault2.Id);
Utilities.Log("Deleted the key vaults");
}
finally
{
try
{
Utilities.Log("Deleting Resource Group: " + rgName);
azure.ResourceGroups.DeleteByName(rgName);
Utilities.Log("Deleted Resource Group: " + rgName);
}
catch (NullReferenceException)
{
Utilities.Log("Did not create any resources in Azure. No clean up is necessary");
}
catch (Exception g)
{
Utilities.Log(g);
}
}
}
public static void Main(string[] args)
{
try
{
//=================================================================
// Authenticate
AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION"));
var azure = Azure
.Configure()
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Authenticate(credentials)
.WithDefaultSubscription();
// Print selected subscription
Utilities.Log("Selected subscription: " + azure.SubscriptionId);
RunSample(azure);
}
catch (Exception e)
{
Utilities.Log(e);
}
}
}
}