我需要以編程方式許可AzureKeyVault,並且距離它最近的是Set-AzureRmKeyVaultAccessPolicy powershell命令。在REST API或.Net SDK中是否有等效的Set-AzureRmKeyVaultAccessPolicy?
是否有針對該或REST API的.Net SDK?
我需要以編程方式許可AzureKeyVault,並且距離它最近的是Set-AzureRmKeyVaultAccessPolicy powershell命令。在REST API或.Net SDK中是否有等效的Set-AzureRmKeyVaultAccessPolicy?
是否有針對該或REST API的.Net SDK?
here you go,你可能會找到類似於.NET SDK的東西。
此外,如果你做Set-AzureRmKeyVaultAccessPolicy -debug
你會發現所需的信息:
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PUT
Absolute Uri:
https://management.azure.com/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.KeyVault/vaults/xxx?api-version=2015-06-01
Body {Omitted}
編輯:以供將來參考,PowerShell使用REST的API。如果有PS命令,肯定有REST端點。通過Junnas
我們可以使用Microsoft Azure Key Vault Management來做到這一點。它是一個預覽版本。我們可以使用keyVaultManagementClient.Vaults.CreateOrUpdateAsync()函數創建或更新密鑰保險庫。 我爲它做了一個演示。我的具體步驟如下:
先決條件:
註冊一個App在Azure的AD併爲它創建的服務原則。更詳細的步驟請參考document。
步驟:
1.創建一個C#控制檯應用程序
2.增加該項目的演示代碼
using System;
using System.Collections.Generic;
using Microsoft.Azure.Management.KeyVault;
using Microsoft.Azure.Management.KeyVault.Models;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Rest;
var subscriptionId = "Your Subscription Id";
var clientId = "Your Registry Application Id";
var tenantId = "Your tenant Id";
var secretKey = "Application secret Key";
var objectId = "Registry Application object Id"
var clientCredential = new ClientCredential(clientId, secretKey);
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
const string resourceGroupName = "tom";
// The name of the vault to create.
const string vaultName = "TomNewKeyVaultForTest";
var accessPolicy = new AccessPolicyEntry
{
ApplicationId = Guid.Parse(clientId),
TenantId = Guid.Parse(tenantId),
Permissions = new Permissions
{
Keys = new List<string> { "List","Get" },
Secrets = new List<string> { "All" }
},
ObjectId = Guid.Parse(objectId)
};
VaultProperties vaultProps = new VaultProperties
{
EnabledForTemplateDeployment = true,
TenantId = Guid.Parse(tenantId),
AccessPolicies = new List<AccessPolicyEntry>
{
accessPolicy
}
};
Microsoft.Rest.ServiceClientCredentials credentials = new TokenCredentials(token);
VaultCreateOrUpdateParameters vaultParams = new VaultCreateOrUpdateParameters("eastasia", vaultProps);
KeyVaultManagementClient keyVaultManagementClient= new KeyVaultManagementClient(credentials)
{
SubscriptionId = subscriptionId
};
var result = keyVaultManagementClient.Vaults.CreateOrUpdateAsync(resourceGroupName, vaultName, vaultParams).Result;
3.Debug演示
4.檢查在蔚藍的門戶
更多SDK的信息,請參閱package.config文件中創建或更新KeyVault:
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Hyak.Common" version="1.0.2" targetFramework="net452" />
<package id="Microsoft.Azure.Common" version="2.1.0" targetFramework="net452" />
<package id="Microsoft.Azure.Common.Dependencies" version="1.0.0" targetFramework="net452" />
<package id="Microsoft.Azure.Management.KeyVault" version="2.0.0-preview" targetFramework="net452" />
<package id="Microsoft.Bcl" version="1.1.9" targetFramework="net452" />
<package id="Microsoft.Bcl.Async" version="1.0.168" targetFramework="net452" />
<package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net452" />
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="2.28.3" targetFramework="net452" />
<package id="Microsoft.Net.Http" version="2.2.22" targetFramework="net452" />
<package id="Microsoft.Rest.ClientRuntime" version="2.3.1" targetFramework="net452" />
<package id="Microsoft.Rest.ClientRuntime.Azure" version="3.3.1" targetFramework="net452" />
<package id="Newtonsoft.Json" version="6.0.8" targetFramework="net452" />
</packages>
以供將來參考,PowerShell使用REST的API。如果有PS命令,肯定會有* REST端點。 – juunas