def create_vault(self): """ Creates a new key vault with a unique name, granting full permissions to the current credentials :return: a newly created key vault :rtype: :class:`Vault <azure.keyvault.generated.models.Vault>` """ vault_name = get_name('vault') # setup vault permissions for the access policy for the sample service principle permissions = Permissions() permissions.keys = KEY_PERMISSIONS_ALL permissions.secrets = SECRET_PERMISSIONS_ALL permissions.certificates = CERTIFICATE_PERMISSIONS_ALL policy = AccessPolicyEntry(self.config.tenant_id, self.config.client_oid, permissions) properties = VaultProperties(self.config.tenant_id, Sku(name='standard'), access_policies=[policy]) parameters = VaultCreateOrUpdateParameters(self.config.location, properties) parameters.properties.enabled_for_deployment = True parameters.properties.enabled_for_disk_encryption = True parameters.properties.enabled_for_template_deployment = True print('creating vault {}'.format(vault_name)) vault = self.keyvault_mgmt_client.vaults.create_or_update(self.config.group_name, vault_name, parameters) # wait for vault DNS entry to be created # see issue: https://github.com/Azure/azure-sdk-for-python/issues/1172 self._poll_for_vault_connection(vault.properties.vault_uri) print('created vault {} {}'.format(vault_name, vault.properties.vault_uri)) return vault
def create_vault(self): """ Creates a new key vault with a unique name, granting full permissions to the current credentials :return: a newly created key vault :rtype: :class:`Vault <azure.keyvault.generated.models.Vault>` """ vault_name = KeyVaultSampleBase.get_unique_name() permissions = Permissions() permissions.keys = [KeyPermissions.all] permissions.secrets = [SecretPermissions.all] permissions.certificates = [CertificatePermissions.all] policy = AccessPolicyEntry(self.config.tenant_id, self.config.client_oid, permissions) properties = VaultProperties(self.config.tenant_id, Sku(name='standard'), policies=[policy]) parameters = VaultCreateOrUpdateParameters(self.config.location, properties) parameters.properties.enabled_for_deployment = True parameters.properties.enabled_for_disk_encryption = True parameters.properties.enabled_for_template_deployment = True vault = self.keyvault_mgmt_client.vaults.create_or_update( self.config.group_namne, vault_name, parameters) return vault
def create_vault(self): self.keyvault_mgmt_client.vaults.create_or_update() vault_name = KeyVaultSample.get_unique_name() permissions = Permissions() permissions.keys = [KeyPermissions.all] permissions.secrets = [SecretPermissions.all] permissions.certificates = [CertificatePermissions.all] policy = AccessPolicyEntry(self.config.tenant_id, self.config.client_oid, permissions) properties = VaultProperties(self.config.tenant_id, Sku(name='standard'), policies=[policy]) parameters = VaultCreateOrUpdateParameters(self.config.location, properties) parameters.properties.enabled_for_deployment = True parameters.properties.enabled_for_disk_encryption = True parameters.properties.enabled_for_template_deployment = True vault = self.keyvault_mgmt_client.vaults.create_or_update( self.config.group_namne, vault_name, parameters) return vault
def _add_vault(self): name = input('\nenter vault name:') all_perms = Permissions() all_perms.keys = [KeyPermissions.all] all_perms.secrets = [SecretPermissions.all] all_perms.certificates = [CertificatePermissions.all] user_policy = AccessPolicyEntry(self._config.tenant_id, self._config.user_oid, all_perms) app_policy = AccessPolicyEntry(CLIENT_TENANT_ID, CLIENT_OID, all_perms) access_policies = [user_policy, app_policy] properties = VaultProperties(self._config.tenant_id, Sku(name='standard'), access_policies) properties.enabled_for_deployment = True properties.enabled_for_disk_encryption = True properties.enabled_for_template_deployment = True vault = VaultCreateOrUpdateParameters(self._config.location, properties) self._mgmt_client.vaults.create_or_update(self._config.resource_group, name, vault) print('vault %s created\n' % name)
def _get_params(self): """Build the vault parameters block.""" oid = _user_oid(self.auth_client.legacy.token) sec_perms_all = [perm.value for perm in SecretPermissions] key_perms_all = [perm.value for perm in KeyPermissions] cert_perms_all = [perm.value for perm in CertificatePermissions] permissions = Permissions() permissions.keys = key_perms_all permissions.secrets = sec_perms_all permissions.certificates = cert_perms_all policy = AccessPolicyEntry(tenant_id=self.tenant_id, object_id=oid, permissions=permissions) properties = VaultProperties( tenant_id=self.tenant_id, sku=Sku(name="standard", family="A"), access_policies=[policy], ) parameters = VaultCreateOrUpdateParameters(location=self.azure_region, properties=properties) parameters.properties.enabled_for_deployment = True parameters.properties.enabled_for_disk_encryption = True parameters.properties.enabled_for_template_deployment = True return parameters
def create_soft_delete_enabled_vault(self): """ creates a key vault which has soft delete enabled so that the vault as well as all of its keys, certificates and secrets are recoverable """ vault_name = get_name('vault') permissions = Permissions() permissions.keys = KEY_PERMISSIONS_ALL permissions.secrets = SECRET_PERMISSIONS_ALL permissions.certificates = CERTIFICATE_PERMISSIONS_ALL policy = AccessPolicyEntry(tenant_id=self.config.tenant_id, object_id=self.config.client_oid, permissions=permissions) properties = VaultProperties(tenant_id=self.config.tenant_id, sku=Sku(name='standard'), access_policies=[policy]) parameters = VaultCreateOrUpdateParameters( location=self.config.location, properties=properties) parameters.properties.enabled_for_deployment = True parameters.properties.enabled_for_disk_encryption = True parameters.properties.enabled_for_template_deployment = True # this vault property controls whether recovery functionality is available on the vault itself as well as # all keys, certificates and secrets in the vault as well # NOTE: This value should only None or True, setting the value to false will cause a service validation error # once soft delete has been enabled on the vault it cannot be disabled parameters.properties.enable_soft_delete = True print('creating soft delete enabled vault: {}'.format(vault_name)) # create the vault vault = self.keyvault_mgmt_client.vaults.create_or_update( self.config.group_name, vault_name, parameters) # wait for vault DNS entry to be created # see issue: https://github.com/Azure/azure-sdk-for-python/issues/1172 self._poll_for_vault_connection(vault.properties.vault_uri) print('vault {} created enable_soft_delete={}'.format( vault.name, vault.properties.enable_soft_delete))
def create_recoverable_vault_sample(self): """ Provides a sample for creating a key vault which has recovery enable so that the vault as well as all of its keys, certificates and secrets are recoverable :return: a key vault which has been created with recovery enabled :rtype: :class:`Vault <azure.keyvault.generated.models.Vault>` """ self.setup_sample() vault_name = KeyVaultSampleBase.get_unique_name() permissions = Permissions() permissions.keys = [KeyPermissions.all] permissions.secrets = [SecretPermissions.all] permissions.certificates = [CertificatePermissions.all] policy = AccessPolicyEntry(self.config.tenant_id, self.config.client_oid, permissions) properties = VaultProperties(self.config.tenant_id, Sku(name='standard'), policies=[policy]) parameters = VaultCreateOrUpdateParameters(self.config.location, properties) parameters.properties.enabled_for_deployment = True parameters.properties.enabled_for_disk_encryption = True parameters.properties.enabled_for_template_deployment = True # this vault property controls whether recovery functionality is available on the vault itself as well as # all keys, certificates and secrets in the vault as well parameters.properties.enable_soft_delete = True # create the vault vault = self.keyvault_mgmt_client.vaults.create_or_update( self.config.group_name, vault_name, parameters) print(vault) return vault