def create_vault(self):
"""
Creates a new key vault with a unique name, granting full permissions to the current credentials
:return: a newly created key vault
:rtype: :class:`Vault <azure.keyvault.generated.models.Vault>`
"""
vault_name = get_name('vault')
# setup vault permissions for the access policy for the sample service principle
permissions = Permissions()
permissions.keys = KEY_PERMISSIONS_ALL
permissions.secrets = SECRET_PERMISSIONS_ALL
permissions.certificates = CERTIFICATE_PERMISSIONS_ALL
policy = AccessPolicyEntry(self.config.tenant_id, self.config.client_oid, permissions)
properties = VaultProperties(self.config.tenant_id, Sku(name='standard'), access_policies=[policy])
parameters = VaultCreateOrUpdateParameters(self.config.location, properties)
parameters.properties.enabled_for_deployment = True
parameters.properties.enabled_for_disk_encryption = True
parameters.properties.enabled_for_template_deployment = True
print('creating vault {}'.format(vault_name))
vault = self.keyvault_mgmt_client.vaults.create_or_update(self.config.group_name, vault_name, parameters)
# wait for vault DNS entry to be created
# see issue: https://github.com/Azure/azure-sdk-for-python/issues/1172
self._poll_for_vault_connection(vault.properties.vault_uri)
print('created vault {} {}'.format(vault_name, vault.properties.vault_uri))
return vault
def create_vault(self):
"""
Creates a new key vault with a unique name, granting full permissions to the current credentials
:return: a newly created key vault
:rtype: :class:`Vault <azure.keyvault.generated.models.Vault>`
"""
vault_name = KeyVaultSampleBase.get_unique_name()
permissions = Permissions()
permissions.keys = [KeyPermissions.all]
permissions.secrets = [SecretPermissions.all]
permissions.certificates = [CertificatePermissions.all]
policy = AccessPolicyEntry(self.config.tenant_id,
self.config.client_oid, permissions)
properties = VaultProperties(self.config.tenant_id,
Sku(name='standard'),
policies=[policy])
parameters = VaultCreateOrUpdateParameters(self.config.location,
properties)
parameters.properties.enabled_for_deployment = True
parameters.properties.enabled_for_disk_encryption = True
parameters.properties.enabled_for_template_deployment = True
vault = self.keyvault_mgmt_client.vaults.create_or_update(
self.config.group_namne, vault_name, parameters)
return vault
def create_vault(self):
self.keyvault_mgmt_client.vaults.create_or_update()
vault_name = KeyVaultSample.get_unique_name()
permissions = Permissions()
permissions.keys = [KeyPermissions.all]
permissions.secrets = [SecretPermissions.all]
permissions.certificates = [CertificatePermissions.all]
policy = AccessPolicyEntry(self.config.tenant_id,
self.config.client_oid, permissions)
properties = VaultProperties(self.config.tenant_id,
Sku(name='standard'),
policies=[policy])
parameters = VaultCreateOrUpdateParameters(self.config.location,
properties)
parameters.properties.enabled_for_deployment = True
parameters.properties.enabled_for_disk_encryption = True
parameters.properties.enabled_for_template_deployment = True
vault = self.keyvault_mgmt_client.vaults.create_or_update(
self.config.group_namne, vault_name, parameters)
return vault
def _add_vault(self):
name = input('\nenter vault name:')
all_perms = Permissions()
all_perms.keys = [KeyPermissions.all]
all_perms.secrets = [SecretPermissions.all]
all_perms.certificates = [CertificatePermissions.all]
user_policy = AccessPolicyEntry(self._config.tenant_id,
self._config.user_oid, all_perms)
app_policy = AccessPolicyEntry(CLIENT_TENANT_ID, CLIENT_OID, all_perms)
access_policies = [user_policy, app_policy]
properties = VaultProperties(self._config.tenant_id,
Sku(name='standard'), access_policies)
properties.enabled_for_deployment = True
properties.enabled_for_disk_encryption = True
properties.enabled_for_template_deployment = True
vault = VaultCreateOrUpdateParameters(self._config.location,
properties)
self._mgmt_client.vaults.create_or_update(self._config.resource_group,
name, vault)
print('vault %s created\n' % name)
def _get_params(self):
"""Build the vault parameters block."""
oid = _user_oid(self.auth_client.legacy.token)
sec_perms_all = [perm.value for perm in SecretPermissions]
key_perms_all = [perm.value for perm in KeyPermissions]
cert_perms_all = [perm.value for perm in CertificatePermissions]
permissions = Permissions()
permissions.keys = key_perms_all
permissions.secrets = sec_perms_all
permissions.certificates = cert_perms_all
policy = AccessPolicyEntry(tenant_id=self.tenant_id,
object_id=oid,
permissions=permissions)
properties = VaultProperties(
tenant_id=self.tenant_id,
sku=Sku(name="standard", family="A"),
access_policies=[policy],
)
parameters = VaultCreateOrUpdateParameters(location=self.azure_region,
properties=properties)
parameters.properties.enabled_for_deployment = True
parameters.properties.enabled_for_disk_encryption = True
parameters.properties.enabled_for_template_deployment = True
return parameters
def create_soft_delete_enabled_vault(self):
"""
creates a key vault which has soft delete enabled so that the vault as well as all of its keys,
certificates and secrets are recoverable
"""
vault_name = get_name('vault')
permissions = Permissions()
permissions.keys = KEY_PERMISSIONS_ALL
permissions.secrets = SECRET_PERMISSIONS_ALL
permissions.certificates = CERTIFICATE_PERMISSIONS_ALL
policy = AccessPolicyEntry(tenant_id=self.config.tenant_id,
object_id=self.config.client_oid,
permissions=permissions)
properties = VaultProperties(tenant_id=self.config.tenant_id,
sku=Sku(name='standard'),
access_policies=[policy])
parameters = VaultCreateOrUpdateParameters(
location=self.config.location, properties=properties)
parameters.properties.enabled_for_deployment = True
parameters.properties.enabled_for_disk_encryption = True
parameters.properties.enabled_for_template_deployment = True
# this vault property controls whether recovery functionality is available on the vault itself as well as
# all keys, certificates and secrets in the vault as well
# NOTE: This value should only None or True, setting the value to false will cause a service validation error
# once soft delete has been enabled on the vault it cannot be disabled
parameters.properties.enable_soft_delete = True
print('creating soft delete enabled vault: {}'.format(vault_name))
# create the vault
vault = self.keyvault_mgmt_client.vaults.create_or_update(
self.config.group_name, vault_name, parameters)
# wait for vault DNS entry to be created
# see issue: https://github.com/Azure/azure-sdk-for-python/issues/1172
self._poll_for_vault_connection(vault.properties.vault_uri)
print('vault {} created enable_soft_delete={}'.format(
vault.name, vault.properties.enable_soft_delete))
def create_recoverable_vault_sample(self):
"""
Provides a sample for creating a key vault which has recovery enable so that the vault as well as all of its keys,
certificates and secrets are recoverable
:return: a key vault which has been created with recovery enabled
:rtype: :class:`Vault <azure.keyvault.generated.models.Vault>`
"""
self.setup_sample()
vault_name = KeyVaultSampleBase.get_unique_name()
permissions = Permissions()
permissions.keys = [KeyPermissions.all]
permissions.secrets = [SecretPermissions.all]
permissions.certificates = [CertificatePermissions.all]
policy = AccessPolicyEntry(self.config.tenant_id,
self.config.client_oid, permissions)
properties = VaultProperties(self.config.tenant_id,
Sku(name='standard'),
policies=[policy])
parameters = VaultCreateOrUpdateParameters(self.config.location,
properties)
parameters.properties.enabled_for_deployment = True
parameters.properties.enabled_for_disk_encryption = True
parameters.properties.enabled_for_template_deployment = True
# this vault property controls whether recovery functionality is available on the vault itself as well as
# all keys, certificates and secrets in the vault as well
parameters.properties.enable_soft_delete = True
# create the vault
vault = self.keyvault_mgmt_client.vaults.create_or_update(
self.config.group_name, vault_name, parameters)
print(vault)
return vault
