com.microsoft.azure.management.keyvault.Vault Java Examples

The following examples show how to use com.microsoft.azure.management.keyvault.Vault. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AzureKeyVaultScanner.java    From clouditor with Apache License 2.0 6 votes vote down vote up
@Override
protected Asset transform(Vault vault) throws ScanException {
  var asset = super.transform(vault);

  enrichList(asset, "keys", vault, x -> vault.keys().list(), Key::id, Key::name);

  enrichList(asset, "secrets", vault, x -> vault.secrets().list(), Secret::id, Secret::name);

  asset.setProperty(
      "logs",
      this.api.monitor().diagnosticSettings().listByResource(vault.id()).stream()
          .map(DiagnosticSetting::logs)
          .flatMap(Collection::stream)
          .map(log -> MAPPER.convertValue(log, AssetProperties.class))
          .collect(Collectors.toList()));

  return asset;
}
 
Example #2
Source File: CertificatesTests.java    From azure-libraries-for-java with MIT License 6 votes vote down vote up
@Test
@Ignore("Test is failing fix it, this is based on Existing RG and settings.")
public void canCRDCertificate() throws Exception {
    Vault vault = keyVaultManager.vaults().getByResourceGroup(RG_NAME, "bananagraphwebapp319com");
    AppServiceCertificate certificate = appServiceManager.certificates().define("bananacert")
            .withRegion(Region.US_WEST)
            .withExistingResourceGroup(RG_NAME)
            .withExistingCertificateOrder(appServiceManager.certificateOrders().getByResourceGroup(RG_NAME, "graphwebapp319"))
            .create();
    Assert.assertNotNull(certificate);

    // CREATE
    certificate = appServiceManager.certificates().define(CERTIFICATE_NAME)
            .withRegion(Region.US_EAST)
            .withExistingResourceGroup(RG_NAME)
            .withPfxFile(new File("/Users/jianghlu/Documents/code/certs/myserver.pfx"))
            .withPfxPassword("StrongPass!123")
            .create();
    Assert.assertNotNull(certificate);
}
 
Example #3
Source File: Utils.java    From azure-libraries-for-java with MIT License 6 votes vote down vote up
/**
 * Print a key vault.
 *
 * @param vault the key vault resource
 */
public static void print(Vault vault) {
    StringBuilder info = new StringBuilder().append("Key Vault: ").append(vault.id())
            .append("Name: ").append(vault.name())
            .append("\n\tResource group: ").append(vault.resourceGroupName())
            .append("\n\tRegion: ").append(vault.region())
            .append("\n\tSku: ").append(vault.sku().name()).append(" - ").append(vault.sku().family())
            .append("\n\tVault URI: ").append(vault.vaultUri())
            .append("\n\tAccess policies: ");
    for (AccessPolicy accessPolicy : vault.accessPolicies()) {
        info.append("\n\t\tIdentity:").append(accessPolicy.objectId())
                .append("\n\t\tKey permissions: ").append(Joiner.on(", ").join(accessPolicy.permissions().keys()))
                .append("\n\t\tSecret permissions: ").append(Joiner.on(", ").join(accessPolicy.permissions().secrets()));
    }
    System.out.println(info.toString());
}
 
Example #4
Source File: VaultImpl.java    From azure-libraries-for-java with MIT License 6 votes vote down vote up
@Override
public Observable<Vault> createResourceAsync() {
    final VaultsInner client = this.manager().inner().vaults();
    return populateAccessPolicies().flatMap(new Func1<Object, Observable<VaultInner>>() {
        @Override
        public Observable<VaultInner> call(Object o) {
            VaultCreateOrUpdateParameters parameters = new VaultCreateOrUpdateParameters();
            parameters.withLocation(regionName());
            parameters.withProperties(inner().properties());
            parameters.withTags(inner().getTags());
            parameters.properties().withAccessPolicies(new ArrayList<AccessPolicyEntry>());
            for (AccessPolicy accessPolicy : accessPolicies) {
                parameters.properties().accessPolicies().add(accessPolicy.inner());
            }
            return client.createOrUpdateAsync(resourceGroupName(), name(), parameters);
        }
    }).map(innerToFluentMap(this));
}
 
Example #5
Source File: AppServiceCertificateOrderImpl.java    From azure-libraries-for-java with MIT License 6 votes vote down vote up
@Override
public Observable<AppServiceCertificateKeyVaultBinding> createKeyVaultBindingAsync(String certificateName, Vault vault) {
    AppServiceCertificateResourceInner certInner = new AppServiceCertificateResourceInner();
    certInner.withLocation(vault.regionName());
    certInner.withKeyVaultId(vault.id());
    certInner.withKeyVaultSecretName(certificateName);
    final AppServiceCertificateOrderImpl self = this;
    return this.manager().inner().appServiceCertificateOrders().createOrUpdateCertificateAsync(
            resourceGroupName(), name(), certificateName, certInner)
            .map(new Func1<AppServiceCertificateResourceInner, AppServiceCertificateKeyVaultBinding>() {
                @Override
                public AppServiceCertificateKeyVaultBinding call(AppServiceCertificateResourceInner appServiceCertificateInner) {
                    return new AppServiceCertificateKeyVaultBindingImpl(appServiceCertificateInner, self);
                }
            });
}
 
Example #6
Source File: HostNameSslBindingImpl.java    From azure-libraries-for-java with MIT License 6 votes vote down vote up
@Override
public HostNameSslBindingImpl<FluentT, FluentImplT> withExistingKeyVault(final Vault vault) {
    Observable<AppServiceCertificateOrder> appServiceCertificateOrderObservable = Utils.rootResource(certificateInDefinition
            .withExistingKeyVault(vault)
            .createAsync());
    final AppServiceManager manager = this.parent().manager();
    this.newCertificate = appServiceCertificateOrderObservable
            .flatMap(new Func1<AppServiceCertificateOrder, Observable<AppServiceCertificate>>() {
        @Override
        public Observable<AppServiceCertificate> call(AppServiceCertificateOrder appServiceCertificateOrder) {
            return Utils.rootResource(manager.certificates().define(appServiceCertificateOrder.name())
                    .withRegion(parent().regionName())
                    .withExistingResourceGroup(parent().resourceGroupName())
                    .withExistingCertificateOrder(appServiceCertificateOrder)
                    .createAsync());
        }
    });
    return this;
}
 
Example #7
Source File: ITManagedStorageAccountKey.java    From azure-keyvault-java with MIT License 5 votes vote down vote up
private Vault initVault(final String VAULT_NAME) {

        Vault vault = keyVaultManager.vaults().define(VAULT_NAME).withRegion(VAULT_REGION)
                .withExistingResourceGroup(RESOURCE_GROUP).defineAccessPolicy()
                .forObjectId(MSAK_USER_OID).allowSecretAllPermissions()
                .allowStorageAllPermissions().attach().withDeploymentDisabled().create();
        return vault;
    }
 
Example #8
Source File: AzureKeyVaultScanner.java    From clouditor with Apache License 2.0 5 votes vote down vote up
private List<Vault> listVaultsBySubscription() {
  // for some reason Vaults does not directly expose the listBySubscription of VaultsImpl, so we
  // have to loop over all resource groups
  if (this.resourceGroup == null) {
    List<Vault> vaults = new ArrayList<>();
    for (var group : this.api.azure().resourceGroups().list()) {
      vaults.addAll(this.api.azure().vaults().listByResourceGroup(group.name()));
    }

    return vaults;
  } else {
    return this.api.azure().vaults().listByResourceGroup(this.resourceGroup);
  }
}
 
Example #9
Source File: ApplicationGatewayTests.java    From azure-libraries-for-java with MIT License 5 votes vote down vote up
private Secret createKeyVaultSecret(String servicePrincipal, String identityPrincipal) throws Exception {
    String vaultName = SdkContext.randomResourceName("vlt", 10);
    String secretName = SdkContext.randomResourceName("srt", 10);
    String secretValue = Files.readFirstLine(new File(getClass().getClassLoader().getResource("test.certificate").getFile()), Charset.defaultCharset());

    Vault vault = keyVaultManager.vaults()
            .define(vaultName)
            .withRegion(Region.US_EAST)
            .withExistingResourceGroup(RG_NAME)
            .defineAccessPolicy()
                .forServicePrincipal(servicePrincipal)
                .allowSecretAllPermissions()
                .attach()
            .defineAccessPolicy()
                .forObjectId(identityPrincipal)
                .allowSecretAllPermissions()
                .attach()
            .withAccessFromAzureServices()
            .withDeploymentEnabled()
            // Important!! Only soft delete enabled key vault can be assigned to application gateway
            // See also: https://github.com/MicrosoftDocs/azure-docs/issues/34382
            .withSoftDeleteEnabled()
            .create();

    return vault.secrets()
            .define(secretName)
            .withValue(secretValue)
            .create();
}
 
Example #10
Source File: AppServiceCertificateOrderImpl.java    From azure-libraries-for-java with MIT License 5 votes vote down vote up
@Override
public Observable<AppServiceCertificateOrder> createResourceAsync() {
    final AppServiceCertificateOrder self = this;
    return this.manager().inner().appServiceCertificateOrders().createOrUpdateAsync(
            resourceGroupName(), name(), inner())
            .map(innerToFluentMap(this))
            .flatMap(new Func1<AppServiceCertificateOrder, Observable<Void>>() {
                @Override
                public Observable<Void> call(AppServiceCertificateOrder certificateOrder) {
                    if (domainVerifyWebApp != null) {
                        return domainVerifyWebApp.verifyDomainOwnershipAsync(name(), domainVerificationToken()).toObservable();
                    } else if (domainVerifyDomain != null) {
                        return domainVerifyDomain.verifyDomainOwnershipAsync(name(), domainVerificationToken()).toObservable();
                    } else {
                        throw new IllegalArgumentException(
                                "Please specify a non-null web app or domain to verify the domain ownership "
                                        + "for hostname " + distinguishedName());
                    }
                }
            })
            .flatMap(new Func1<Void, Observable<AppServiceCertificateKeyVaultBinding>>() {
                @Override
                public Observable<AppServiceCertificateKeyVaultBinding> call(Void aVoid) {
                    return bindingVault.flatMap(new Func1<Vault, Observable<AppServiceCertificateKeyVaultBinding>>() {
                        @Override
                        public Observable<AppServiceCertificateKeyVaultBinding> call(Vault vault) {
                            return createKeyVaultBindingAsync(name(), vault);
                        }
                    });
                }
            })
            .map(new Func1<AppServiceCertificateKeyVaultBinding, AppServiceCertificateOrder>() {
                @Override
                public AppServiceCertificateOrder call(AppServiceCertificateKeyVaultBinding appServiceCertificateKeyVaultBinding) {
                    return self;
                }
            });
}
 
Example #11
Source File: VaultsImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up
@Override
public Observable<Vault> listByResourceGroupAsync(String resourceGroupName) {
    return wrapPageAsync(this.inner().listByResourceGroupAsync(resourceGroupName));
}
 
Example #12
Source File: AppServiceCertificateOrderImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up
@Override
public AppServiceCertificateOrderImpl withExistingKeyVault(Vault vault) {
    this.bindingVault = Observable.just(vault);
    return this;
}
 
Example #13
Source File: AppServiceCertificateOrderImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up
@Override
public AppServiceCertificateKeyVaultBinding createKeyVaultBinding(String certificateName, Vault vault) {
    return createKeyVaultBindingAsync(certificateName, vault).toBlocking().single();
}
 
Example #14
Source File: VaultsImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up
@Override
public Vault recoverSoftDeletedVault(String resourceGroupName, String vaultName, String location) {
    return recoverSoftDeletedVaultAsync(resourceGroupName, vaultName, location).toBlocking().last();
}
 
Example #15
Source File: AzureKeyVaultScanner.java    From clouditor with Apache License 2.0 4 votes vote down vote up
public AzureKeyVaultScanner() {
  super(Vault::id, Vault::name);
}
 
Example #16
Source File: VaultsImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up
@Override
public PagedList<Vault> listByResourceGroup(String groupName) {
    return wrapList(this.inner().listByResourceGroup(groupName));
}
 
Example #17
Source File: SecretsImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up
SecretsImpl(KeyVaultClient client, Vault vault) {
    this.inner = client;
    this.vault = vault;
}
 
Example #18
Source File: SecretImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up
SecretImpl(String name, SecretBundle innerObject, Vault vault) {
    super(name, innerObject);
    this.vault = vault;
    this.updateSecretRequest = new UpdateSecretRequest.Builder(vault.vaultUri(), name);
}
 
Example #19
Source File: KeyImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up
KeyImpl(String name, KeyBundle innerObject, Vault vault) {
    super(name, innerObject);
    this.vault = vault;
    this.updateKeyRequest = new UpdateKeyRequest.Builder(vault.vaultUri(), name);
}
 
Example #20
Source File: KeysImpl.java    From azure-libraries-for-java with MIT License 4 votes vote down vote up
KeysImpl(KeyVaultClient client, Vault vault) {
    this.inner = client;
    this.vault = vault;
}
 
Example #21
Source File: AzureKeyVaultScannerTest.java    From clouditor with Apache License 2.0 4 votes vote down vote up
@BeforeAll
static void setUpOnce() {
  discoverAssets(
      AzureKeyVaultScanner::new,
      api -> {
        var vault1 = createWithId(Vault.class, "vault-with-expiry", new VaultInner());

        var key =
            createKey(
                "key",
                "key-name",
                new KeyBundle()
                    .withAttributes(
                        (KeyAttributes)
                            new KeyAttributes().withExpires(new DateTime().plusWeeks(30))));

        when(vault1.keys().list()).thenReturn(MockedPagedList.of(key));

        var vault2 = createWithId(Vault.class, "vault-without-expiry", new VaultInner());

        key = createKey("key", "key-name", new KeyBundle());

        when(vault2.keys().list()).thenReturn(MockedPagedList.of(key));

        when(api.azure.vaults().listByResourceGroup(anyString()))
            .thenReturn(MockedPagedList.of(vault1, vault2));

        var settings =
            createDiagnosticsSetting(
                "some-id",
                "some-name",
                new DiagnosticSettingsResourceInner()
                    .withLogs(
                        List.of(
                            new LogSettings()
                                .withEnabled(true)
                                .withRetentionPolicy(
                                    new RetentionPolicy().withEnabled(true).withDays(270)))));

        when(api.monitor().diagnosticSettings().listByResource(anyString()))
            .thenReturn(MockedPagedList.of(settings));
      });
}
 
Example #22
Source File: AzureKeyVaultScanner.java    From clouditor with Apache License 2.0 4 votes vote down vote up
@Override
protected List<Vault> list() {
  return this.listVaultsBySubscription();
}
 
Example #23
Source File: AppServiceCertificateOrder.java    From azure-libraries-for-java with MIT License 2 votes vote down vote up
/**
 * Bind a Key Vault secret to a certificate store that will be used for storing the certificate once it's ready.
 * @param certificateName the name of the Key Vault Secret
 * @param vault the key vault to store the certificate
 * @return a binding containing the key vault information
 */
AppServiceCertificateKeyVaultBinding createKeyVaultBinding(String certificateName, Vault vault);
 
Example #24
Source File: AppServiceCertificateOrder.java    From azure-libraries-for-java with MIT License 2 votes vote down vote up
/**
 * Bind a Key Vault secret to a certificate store that will be used for storing the certificate once it's ready.
 * @param certificateName the name of the Key Vault Secret
 * @param vault the key vault to store the certificate
 * @return a binding containing the key vault information
 */
Observable<AppServiceCertificateKeyVaultBinding> createKeyVaultBindingAsync(String certificateName, Vault vault);
 
Example #25
Source File: AppServiceCertificateOrder.java    From azure-libraries-for-java with MIT License 2 votes vote down vote up
/**
 * Specifies an existing key vault to store the certificate private key.
 *
 * The vault MUST allow 2 service principals to read/write secrets:
 * f3c21649-0979-4721-ac85-b0216b2cf413 and abfa0a7c-a6b6-4736-8310-5855508787cd.
 * If they don't have access, an attempt will be made to grant access. If you are
 * logged in from an identity without access to the Active Directory Graph, this
 * attempt will fail.
 *
 * @param vault the vault to store the private key
 * @return the next stage of the definition
 */
WithCreate withExistingKeyVault(Vault vault);
 
Example #26
Source File: HostNameSslBinding.java    From azure-libraries-for-java with MIT License 2 votes vote down vote up
/**
 * Stores the certificate in an existing vault.
 * @param vault the existing vault to use
 * @return the next stage of the definition
 */
WithSslType<ParentT> withExistingKeyVault(Vault vault);
 
Example #27
Source File: HostNameSslBinding.java    From azure-libraries-for-java with MIT License 2 votes vote down vote up
/**
 * Stores the certificate in an existing vault.
 * @param vault the existing vault to use
 * @return the next stage of the definition
 */
WithSslType<ParentT> withExistingKeyVault(Vault vault);