我需要以编程方式许可AzureKeyVault,并且距离它最近的是Set-AzureRmKeyVaultAccessPolicy powershell命令。在REST API或.Net SDK中是否有等效的Set-AzureRmKeyVaultAccessPolicy?
是否有针对该或REST API的.Net SDK?
我需要以编程方式许可AzureKeyVault,并且距离它最近的是Set-AzureRmKeyVaultAccessPolicy powershell命令。在REST API或.Net SDK中是否有等效的Set-AzureRmKeyVaultAccessPolicy?
是否有针对该或REST API的.Net SDK?
here you go,你可能会找到类似于.NET SDK的东西。
此外,如果你做Set-AzureRmKeyVaultAccessPolicy -debug
你会发现所需的信息:
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PUT
Absolute Uri:
https://management.azure.com/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.KeyVault/vaults/xxx?api-version=2015-06-01
Body {Omitted}
编辑:以供将来参考,PowerShell使用REST的API。如果有PS命令,肯定有REST端点。通过Junnas
我们可以使用Microsoft Azure Key Vault Management来做到这一点。它是一个预览版本。我们可以使用keyVaultManagementClient.Vaults.CreateOrUpdateAsync()函数创建或更新密钥保险库。 我为它做了一个演示。我的具体步骤如下:
先决条件:
注册一个App在Azure的AD并为它创建的服务原则。更详细的步骤请参考document。
步骤:
1.创建一个C#控制台应用程序
2.增加该项目的演示代码
using System;
using System.Collections.Generic;
using Microsoft.Azure.Management.KeyVault;
using Microsoft.Azure.Management.KeyVault.Models;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Rest;
var subscriptionId = "Your Subscription Id";
var clientId = "Your Registry Application Id";
var tenantId = "Your tenant Id";
var secretKey = "Application secret Key";
var objectId = "Registry Application object Id"
var clientCredential = new ClientCredential(clientId, secretKey);
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
const string resourceGroupName = "tom";
// The name of the vault to create.
const string vaultName = "TomNewKeyVaultForTest";
var accessPolicy = new AccessPolicyEntry
{
ApplicationId = Guid.Parse(clientId),
TenantId = Guid.Parse(tenantId),
Permissions = new Permissions
{
Keys = new List<string> { "List","Get" },
Secrets = new List<string> { "All" }
},
ObjectId = Guid.Parse(objectId)
};
VaultProperties vaultProps = new VaultProperties
{
EnabledForTemplateDeployment = true,
TenantId = Guid.Parse(tenantId),
AccessPolicies = new List<AccessPolicyEntry>
{
accessPolicy
}
};
Microsoft.Rest.ServiceClientCredentials credentials = new TokenCredentials(token);
VaultCreateOrUpdateParameters vaultParams = new VaultCreateOrUpdateParameters("eastasia", vaultProps);
KeyVaultManagementClient keyVaultManagementClient= new KeyVaultManagementClient(credentials)
{
SubscriptionId = subscriptionId
};
var result = keyVaultManagementClient.Vaults.CreateOrUpdateAsync(resourceGroupName, vaultName, vaultParams).Result;
3.Debug演示
4.检查在蔚蓝的门户
更多SDK的信息,请参阅package.config文件中创建或更新KeyVault:
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Hyak.Common" version="1.0.2" targetFramework="net452" />
<package id="Microsoft.Azure.Common" version="2.1.0" targetFramework="net452" />
<package id="Microsoft.Azure.Common.Dependencies" version="1.0.0" targetFramework="net452" />
<package id="Microsoft.Azure.Management.KeyVault" version="2.0.0-preview" targetFramework="net452" />
<package id="Microsoft.Bcl" version="1.1.9" targetFramework="net452" />
<package id="Microsoft.Bcl.Async" version="1.0.168" targetFramework="net452" />
<package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net452" />
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="2.28.3" targetFramework="net452" />
<package id="Microsoft.Net.Http" version="2.2.22" targetFramework="net452" />
<package id="Microsoft.Rest.ClientRuntime" version="2.3.1" targetFramework="net452" />
<package id="Microsoft.Rest.ClientRuntime.Azure" version="3.3.1" targetFramework="net452" />
<package id="Newtonsoft.Json" version="6.0.8" targetFramework="net452" />
</packages>
以供将来参考,PowerShell使用REST的API。如果有PS命令,肯定会有* REST端点。 – juunas