在REST API或.Net SDK中是否有等效的Set-AzureRmKeyVaultAccessPolicy？

Question

我需要以编程方式许可AzureKeyVault，并且距离它最近的是Set-AzureRmKeyVaultAccessPolicy powershell命令。

是否有针对该或REST API的.Net SDK？

Answer 1

here you go，你可能会找到类似于.NET SDK的东西。

此外，如果你做Set-AzureRmKeyVaultAccessPolicy -debug你会发现所需的信息：

DEBUG: ============================ HTTP REQUEST ============================ 

HTTP Method: 
PUT 

Absolute Uri: 
https://management.azure.com/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.KeyVault/vaults/xxx?api-version=2015-06-01 

Body {Omitted} 

编辑：以供将来参考，PowerShell使用REST的API。如果有PS命令，肯定有REST端点。通过Junnas

Answer 2

我们可以使用Microsoft Azure Key Vault Management来做到这一点。它是一个预览版本。我们可以使用keyVaultManagementClient.Vaults.CreateOrUpdateAsync（）函数创建或更新密钥保险库。 我为它做了一个演示。我的具体步骤如下：

先决条件：

注册一个App在Azure的AD并为它创建的服务原则。更详细的步骤请参考document。

步骤：

1.创建一个C＃控制台应用程序

2.增加该项目的演示代码

using System; 
using System.Collections.Generic; 
using Microsoft.Azure.Management.KeyVault; 
using Microsoft.Azure.Management.KeyVault.Models; 
using Microsoft.IdentityModel.Clients.ActiveDirectory; 
using Microsoft.Rest; 

var subscriptionId = "Your Subscription Id"; 
var clientId = "Your Registry Application Id"; 
var tenantId = "Your tenant Id"; 
var secretKey = "Application secret Key"; 
var objectId = "Registry Application object Id" 
var clientCredential = new ClientCredential(clientId, secretKey); 
var context = new AuthenticationContext("https://login.windows.net/" + tenantId); 
const string resourceGroupName = "tom"; 
// The name of the vault to create. 
const string vaultName = "TomNewKeyVaultForTest"; 

var accessPolicy = new AccessPolicyEntry 
{ 
    ApplicationId = Guid.Parse(clientId), 
    TenantId = Guid.Parse(tenantId), 
    Permissions = new Permissions 
    { 
     Keys = new List<string> { "List","Get" }, 
     Secrets = new List<string> { "All" } 
     }, 
     ObjectId = Guid.Parse(objectId) 
    }; 

    VaultProperties vaultProps = new VaultProperties 
    { 
     EnabledForTemplateDeployment = true, 
     TenantId = Guid.Parse(tenantId), 
     AccessPolicies = new List<AccessPolicyEntry> 
     { 
      accessPolicy 
     } 
    }; 
    Microsoft.Rest.ServiceClientCredentials credentials = new TokenCredentials(token); 
    VaultCreateOrUpdateParameters vaultParams = new VaultCreateOrUpdateParameters("eastasia", vaultProps); 

    KeyVaultManagementClient keyVaultManagementClient= new KeyVaultManagementClient(credentials) 
    { 
     SubscriptionId = subscriptionId 
    }; 

    var result = keyVaultManagementClient.Vaults.CreateOrUpdateAsync(resourceGroupName, vaultName, vaultParams).Result; 

3.Debug演示

4.检查在蔚蓝的门户

更多SDK的信息，请参阅package.config文件中创建或更新KeyVault：

<?xml version="1.0" encoding="utf-8"?> 
<packages> 
    <package id="Hyak.Common" version="1.0.2" targetFramework="net452" /> 
    <package id="Microsoft.Azure.Common" version="2.1.0" targetFramework="net452" /> 
    <package id="Microsoft.Azure.Common.Dependencies" version="1.0.0" targetFramework="net452" /> 
    <package id="Microsoft.Azure.Management.KeyVault" version="2.0.0-preview" targetFramework="net452" /> 
    <package id="Microsoft.Bcl" version="1.1.9" targetFramework="net452" /> 
    <package id="Microsoft.Bcl.Async" version="1.0.168" targetFramework="net452" /> 
    <package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net452" /> 
    <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="2.28.3" targetFramework="net452" /> 
    <package id="Microsoft.Net.Http" version="2.2.22" targetFramework="net452" /> 
    <package id="Microsoft.Rest.ClientRuntime" version="2.3.1" targetFramework="net452" /> 
    <package id="Microsoft.Rest.ClientRuntime.Azure" version="3.3.1" targetFramework="net452" /> 
    <package id="Newtonsoft.Json" version="6.0.8" targetFramework="net452" /> 
</packages>