我需要以编程方式获得 Azure Key Vault 的许可,而我最接近它的是Set-AzureRmKeyVaultAccessPolicyPowerShell 命令。
.NET SDK 中是否有等效项,或者可能在 REST API 中?
问问题
290 次
2 回答
0
在这里,您可能会找到与 .NET SDK 类似的东西。
此外,如果您这样做,Set-AzureRmKeyVaultAccessPolicy -debug您会找到所需的信息:
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PUT
Absolute Uri:
https://management.azure.com/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.KeyVault/vaults/xxx?api-version=2015-06-01
Body {Omitted}
编辑:为了将来参考,PowerShell 使用 REST API。如果有它的 PS 命令,那么肯定有一个 REST 端点。通过 朱纳斯
于 2016-12-05T17:47:31.473 回答
0
我们可以使用Microsoft Azure Key Vault Management 来做到这一点。它是一个预览版。我们可以使用 keyVaultManagementClient.Vaults.CreateOrUpdateAsync() 函数创建或更新 Key Vault。我为它做了一个演示。我的详细步骤如下:
先决条件:
在 Azure AD 中注册一个应用并为其创建服务原则。更详细的步骤请参考文档。
脚步:
1.创建一个C#控制台应用程序
2.在项目中添加demo代码
using System;
using System.Collections.Generic;
using Microsoft.Azure.Management.KeyVault;
using Microsoft.Azure.Management.KeyVault.Models;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Rest;
var subscriptionId = "Your Subscription Id";
var clientId = "Your Registry Application Id";
var tenantId = "Your tenant Id";
var secretKey = "Application secret Key";
var objectId = "Registry Application object Id"
var clientCredential = new ClientCredential(clientId, secretKey);
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
const string resourceGroupName = "tom";
// The name of the vault to create.
const string vaultName = "TomNewKeyVaultForTest";
var accessPolicy = new AccessPolicyEntry
{
ApplicationId = Guid.Parse(clientId),
TenantId = Guid.Parse(tenantId),
Permissions = new Permissions
{
Keys = new List<string> { "List","Get" },
Secrets = new List<string> { "All" }
},
ObjectId = Guid.Parse(objectId)
};
VaultProperties vaultProps = new VaultProperties
{
EnabledForTemplateDeployment = true,
TenantId = Guid.Parse(tenantId),
AccessPolicies = new List<AccessPolicyEntry>
{
accessPolicy
}
};
Microsoft.Rest.ServiceClientCredentials credentials = new TokenCredentials(token);
VaultCreateOrUpdateParameters vaultParams = new VaultCreateOrUpdateParameters("eastasia", vaultProps);
KeyVaultManagementClient keyVaultManagementClient= new KeyVaultManagementClient(credentials)
{
SubscriptionId = subscriptionId
};
var result = keyVaultManagementClient.Vaults.CreateOrUpdateAsync(resourceGroupName, vaultName, vaultParams).Result;
3.调试demo
4.在 Azure 门户中检查创建或更新的 KeyVault
更多 SDK 信息请参考 package.config 文件:
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Hyak.Common" version="1.0.2" targetFramework="net452" />
<package id="Microsoft.Azure.Common" version="2.1.0" targetFramework="net452" />
<package id="Microsoft.Azure.Common.Dependencies" version="1.0.0" targetFramework="net452" />
<package id="Microsoft.Azure.Management.KeyVault" version="2.0.0-preview" targetFramework="net452" />
<package id="Microsoft.Bcl" version="1.1.9" targetFramework="net452" />
<package id="Microsoft.Bcl.Async" version="1.0.168" targetFramework="net452" />
<package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net452" />
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="2.28.3" targetFramework="net452" />
<package id="Microsoft.Net.Http" version="2.2.22" targetFramework="net452" />
<package id="Microsoft.Rest.ClientRuntime" version="2.3.1" targetFramework="net452" />
<package id="Microsoft.Rest.ClientRuntime.Azure" version="3.3.1" targetFramework="net452" />
<package id="Newtonsoft.Json" version="6.0.8" targetFramework="net452" />
</packages>
于 2016-12-06T16:07:25.693 回答