Class KeyVaultAccessControlAsyncClient
KeyVaultAccessControlAsyncClient
provides asynchronous methods to view and manage Role Based Access
for the Azure Key Vault. The client supports creating, listing, updating, and deleting
role definitions
and role assignments
.
Instances of this client are obtained by calling the KeyVaultAccessControlClientBuilder.buildAsyncClient()
method on a KeyVaultAccessControlClientBuilder
object.
Samples to construct an async client
KeyVaultAccessControlAsyncClient keyVaultAccessControlAsyncClient = new KeyVaultAccessControlClientBuilder() .vaultUrl("https://myaccount.managedhsm.azure.net/") .credential(new DefaultAzureCredentialBuilder().build()) .buildAsyncClient();
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptioncreateRoleAssignment
(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId) Creates arole assignment
with a randomly generated name.createRoleAssignment
(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName) Creates arole assignment
.createRoleAssignmentWithResponse
(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName) Creates arole assignment
.deleteRoleAssignment
(KeyVaultRoleScope roleScope, String roleAssignmentName) Deletes arole assignment
.deleteRoleAssignmentWithResponse
(KeyVaultRoleScope roleScope, String roleAssignmentName) Deletes arole assignment
.deleteRoleDefinition
(KeyVaultRoleScope roleScope, String roleDefinitionName) Deletes arole definition
.deleteRoleDefinitionWithResponse
(KeyVaultRoleScope roleScope, String roleDefinitionName) Deletes arole definition
.getRoleAssignment
(KeyVaultRoleScope roleScope, String roleAssignmentName) Gets arole assignment
.getRoleAssignmentWithResponse
(KeyVaultRoleScope roleScope, String roleAssignmentName) Gets arole assignment
.getRoleDefinition
(KeyVaultRoleScope roleScope, String roleDefinitionName) Gets arole definition
.getRoleDefinitionWithResponse
(KeyVaultRoleScope roleScope, String roleDefinitionName) Gets arole definition
.Gets the URL for the Key Vault this client is associated with.listRoleAssignments
(KeyVaultRoleScope roleScope) Lists allrole assignments
that are applicable at the givenrole scope
and above.listRoleDefinitions
(KeyVaultRoleScope roleScope) Lists allrole definitions
that are applicable at the givenrole scope
and above.setRoleDefinition
(KeyVaultRoleScope roleScope) Creates or updates arole definition
with a randomly generated name.setRoleDefinition
(KeyVaultRoleScope roleScope, String roleDefinitionName) Creates or updates arole definition
.Creates or updates arole definition
.
-
Method Details
-
getVaultUrl
Gets the URL for the Key Vault this client is associated with.- Returns:
- The Key Vault URL.
-
listRoleDefinitions
Lists allrole definitions
that are applicable at the givenrole scope
and above.Code Samples
Lists all
role definitions
. Prints out the details of the retrievedrole definitions
.keyVaultAccessControlAsyncClient.listRoleDefinitions(KeyVaultRoleScope.GLOBAL) .subscribe(roleDefinition -> System.out.printf("Retrieved role definition with name '%s'.%n", roleDefinition.getName()));
- Parameters:
roleScope
- Therole scope
of therole definitions
.- Returns:
- A
PagedFlux
containing therole definitions
for the givenrole scope
. - Throws:
KeyVaultAdministrationException
- If the givenroleScope
is invalid.NullPointerException
- If therole scope
isnull
.
-
setRoleDefinition
Creates or updates arole definition
with a randomly generated name.Code Samples
Creates a
role definition
with a randomly generated name. Prints out the details of the createdrole definition
.keyVaultAccessControlAsyncClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL) .subscribe(roleDefinition -> System.out.printf("Created role definition with randomly generated name '%s' and role name '%s'.%n", roleDefinition.getName(), roleDefinition.getRoleName()));
- Parameters:
roleScope
- Therole scope
of therole definition
. Managed HSM only supports '/'.- Returns:
- A
Mono
containing the createdrole definition
. - Throws:
KeyVaultAdministrationException
- If the givenroleScope
is invalid.NullPointerException
- If therole scope
isnull
.
-
setRoleDefinition
public Mono<KeyVaultRoleDefinition> setRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) Creates or updates arole definition
. If no name is provided, then arole definition
will be created with a randomly generated name.Code Samples
Creates or updates a
role definition
with a given generated name. Prints out the details of the createdrole definition
.String myRoleDefinitionName = "504a3d11-5a63-41a9-b603-41bdf88df03e"; keyVaultAccessControlAsyncClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName) .subscribe(roleDefinition -> System.out.printf("Set role definition with name '%s' and role name '%s'.%n", roleDefinition.getName(), roleDefinition.getRoleName()));
- Parameters:
roleScope
- Therole scope
of therole definition
. Managed HSM only supports '/'.roleDefinitionName
- The name of therole definition
. It can be any valid\ UUID. Ifnull
is provided, a name will be randomly generated.- Returns:
- A
Mono
containing the createdrole definition
. - Throws:
KeyVaultAdministrationException
- If the givenroleScope
is invalid.NullPointerException
- If therole scope
orroleDefinitionName
arenull
.
-
setRoleDefinitionWithResponse
public Mono<Response<KeyVaultRoleDefinition>> setRoleDefinitionWithResponse(SetRoleDefinitionOptions options) Creates or updates arole definition
.Code Samples
Creates or updates a
role definition
. Prints out the details of theHTTP response
and the createdrole definition
.String roleDefinitionName = "9de303d3-6ea8-4b8f-a20b-18e67f77e42a"; List<KeyVaultRoleScope> assignableScopes = new ArrayList<>(); assignableScopes.add(KeyVaultRoleScope.GLOBAL); assignableScopes.add(KeyVaultRoleScope.KEYS); List<KeyVaultDataAction> dataActions = new ArrayList<>(); dataActions.add(KeyVaultDataAction.START_HSM_RESTORE); dataActions.add(KeyVaultDataAction.START_HSM_BACKUP); dataActions.add(KeyVaultDataAction.READ_HSM_BACKUP_STATUS); dataActions.add(KeyVaultDataAction.READ_HSM_RESTORE_STATUS); dataActions.add(KeyVaultDataAction.BACKUP_HSM_KEYS); dataActions.add(KeyVaultDataAction.RESTORE_HSM_KEYS); List<KeyVaultPermission> permissions = new ArrayList<>(); permissions.add(new KeyVaultPermission(null, null, dataActions, null)); SetRoleDefinitionOptions setRoleDefinitionOptions = new SetRoleDefinitionOptions(KeyVaultRoleScope.GLOBAL, roleDefinitionName) .setRoleName("Backup and Restore Role Definition") .setDescription("Can backup and restore a whole Managed HSM, as well as individual keys.%n") .setAssignableScopes(assignableScopes) .setPermissions(permissions); keyVaultAccessControlAsyncClient.setRoleDefinitionWithResponse(setRoleDefinitionOptions) .subscribe(response -> System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role" + " name '%s' was set.%n", response.getStatusCode(), response.getValue().getName(), response.getValue().getRoleName()));
- Parameters:
options
- Object representing the configurable options to create or update arole definition
.- Returns:
- A
Mono
containing aResponse
whosevalue
contains the created or updatedrole definition
. - Throws:
KeyVaultAdministrationException
- If any parameter inoptions
is invalid.NullPointerException
- If therole scope
orroleDefinitionName
in theoptions
object arenull
.
-
getRoleDefinition
public Mono<KeyVaultRoleDefinition> getRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) Gets arole definition
.Code Samples
Gets a
role definition
. Prints out the details of the retrievedrole definition
.String roleDefinitionName = "8f90b099-7361-4db6-8321-719adaf6e4ca"; keyVaultAccessControlAsyncClient.getRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName) .subscribe(roleDefinition -> System.out.printf("Retrieved role definition with name '%s' and role name '%s'.%n", roleDefinition.getName(), roleDefinition.getRoleName()));
- Parameters:
roleScope
- Therole scope
of therole definition
.roleDefinitionName
- The name used of therole definition
.- Returns:
- A
Mono
containing therole definition
. - Throws:
KeyVaultAdministrationException
- If arole definition
with the given name cannot be found or if the givenroleScope
is invalid.NullPointerException
- If therole scope
orroleDefinitionName
arenull
.
-
getRoleDefinitionWithResponse
public Mono<Response<KeyVaultRoleDefinition>> getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionName) Gets arole definition
.Code Samples
Gets a
role definition
. Prints out the details of theHTTP response
and the retrievedrole definition
.String myRoleDefinitionName = "0877b4ee-6275-4559-89f1-c289060ef398"; keyVaultAccessControlAsyncClient.getRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName) .subscribe(response -> System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role" + " name '%s' was retrieved.%n", response.getStatusCode(), response.getValue().getName(), response.getValue().getRoleName()));
- Parameters:
roleScope
- Therole scope
of therole definition
.roleDefinitionName
- The name of therole definition
.- Returns:
- A
Mono
containing aResponse
whosevalue
contains therole definition
. - Throws:
KeyVaultAdministrationException
- If arole definition
with the given name cannot be found or if the givenroleScope
is invalid.NullPointerException
- If therole scope
orroleDefinitionName
arenull
.
-
deleteRoleDefinition
Deletes arole definition
.Code Samples
Deletes a
role definition
.String roleDefinitionName = "e3c7c51a-8abd-4b1b-9201-48ded34d0358"; keyVaultAccessControlAsyncClient.deleteRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName) .subscribe(unused -> System.out.printf("Deleted role definition with name '%s'.%n", roleDefinitionName));
- Parameters:
roleScope
- Therole scope
of therole definition
. Managed HSM only supports '/'.roleDefinitionName
- The name of therole definition
.- Returns:
- A
Mono
of aVoid
. - Throws:
KeyVaultAdministrationException
- If the givenroleScope
is invalid.NullPointerException
- If therole scope
orroleDefinitionName
arenull
.
-
deleteRoleDefinitionWithResponse
public Mono<Response<Void>> deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionName) Deletes arole definition
.Code Samples
Deletes a
role definition
. Prints out the details of theHTTP response
.String myRoleDefinitionName = "ccaafb00-31fb-40fe-9ccc-39a2ad2af082"; keyVaultAccessControlAsyncClient.deleteRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName).subscribe(response -> System.out.printf("Response successful with status code: %d. Role definition with name '%s' was" + " deleted.%n", response.getStatusCode(), myRoleDefinitionName));
- Parameters:
roleScope
- Therole scope
of therole definition
.roleDefinitionName
- The name of therole definition
.- Returns:
- A
Mono
containing aResponse
with aVoid
value. - Throws:
KeyVaultAdministrationException
- If the givenroleScope
is invalid.NullPointerException
- If therole scope
orroleDefinitionName
arenull
.
-
listRoleAssignments
Lists allrole assignments
that are applicable at the givenrole scope
and above.- Parameters:
roleScope
- Therole scope
of therole assignment
.- Returns:
- A
PagedFlux
containing therole assignments
for the givenrole scope
. - Throws:
KeyVaultAdministrationException
- If the givenroleScope
is invalid.NullPointerException
- If therole scope
isnull
.
-
createRoleAssignment
public Mono<KeyVaultRoleAssignment> createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId) Creates arole assignment
with a randomly generated name.Code Samples
Creates a
role assignment
with a randomly generated name. Prints out the details of the createdrole assignment
.String roleDefinitionId = "142e42c1-ab29-4dc7-9dfa-8fd7c0815128"; String servicePrincipalId = "07dca82e-b625-4a60-977b-859d2a162ca7"; keyVaultAccessControlAsyncClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, roleDefinitionId, servicePrincipalId).subscribe(roleAssignment -> System.out.printf("Created role assignment with randomly generated name '%s' for principal with id" + "'%s'.%n", roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId()));
- Parameters:
roleScope
- Therole scope
of therole assignment
to create.roleDefinitionId
- Therole definition
ID for the role assignment.principalId
- The principal ID assigned to the role. This maps to the ID inside the Active Directory.- Returns:
- A
Mono
containing the createdrole assignment
. - Throws:
KeyVaultAdministrationException
- If the givenroleScope
,roleDefinitionId
orprincipalId
are invalid.NullPointerException
- If therole scope
,roleAssignmentName
,roleDefinitionId
orprincipalId
arenull
.
-
createRoleAssignment
public Mono<KeyVaultRoleAssignment> createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName) Creates arole assignment
.Code Samples
Creates a
role assignment
. Prints out the details of the createdrole assignment
.String myRoleDefinitionId = "e1ca67d0-4332-465c-b9cd-894b2834401b"; String myServicePrincipalId = "31af81fe-6123-4838-92c0-7c2531ec13d7"; String myRoleAssignmentName = "94d7827f-f8c9-4a5d-94fd-9fd2cd02d12f"; keyVaultAccessControlAsyncClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, myRoleDefinitionId, myServicePrincipalId, myRoleAssignmentName).subscribe(roleAssignment -> System.out.printf("Created role assignment with name '%s' for principal with id '%s'.%n", roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId()));
- Parameters:
roleScope
- Therole scope
of therole assignment
to create.roleDefinitionId
- Therole definition
ID for the role assignment.principalId
- The principal ID assigned to the role. This maps to the ID inside the Active Directory.roleAssignmentName
- The name used to create therole assignment
. It can be any valid UUID.- Returns:
- A
Mono
containing the createdrole assignment
. - Throws:
KeyVaultAdministrationException
- If arole assignment
with the given name already or if the givenroleScope
,roleDefinitionId
orprincipalId
are invalid.NullPointerException
- If therole scope
,roleAssignmentName
,roleDefinitionId
orprincipalId
arenull
.
-
createRoleAssignmentWithResponse
public Mono<Response<KeyVaultRoleAssignment>> createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName) Creates arole assignment
.Code Samples
Creates a
role assignment
. Prints out details of theHTTP response
and the createdrole assignment
.String someRoleDefinitionId = "686b0f78-5012-4def-8a70-eba36aa54d3d"; String someServicePrincipalId = "345ec980-904b-4238-aafc-1eaeed3e23cf"; String someRoleAssignmentName = "1c79927c-6e08-4e5c-8a6c-f58c13c9bbb5"; keyVaultAccessControlAsyncClient.createRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, someRoleDefinitionId, someServicePrincipalId, someRoleAssignmentName).subscribe(response -> { KeyVaultRoleAssignment createdRoleAssignment = response.getValue(); System.out.printf("Response successful with status code: %d. Role assignment with name '%s' for" + " principal with id '%s' was created.%n", response.getStatusCode(), createdRoleAssignment.getName(), createdRoleAssignment.getProperties().getPrincipalId()); });
- Parameters:
roleScope
- Therole scope
of therole assignment
to create.roleAssignmentName
- The name used to create therole assignment
. It can be any valid UUID.roleDefinitionId
- Therole definition
ID for the role assignment.principalId
- The principal ID assigned to the role. This maps to the ID inside the Active Directory.- Returns:
- A
Mono
containing aResponse
whosevalue
contains the createdrole assignment
. - Throws:
KeyVaultAdministrationException
- If arole assignment
with the given name already exists or if the givenroleScope
,roleDefinitionId
orprincipalId
are invalid.NullPointerException
- If therole scope
,roleAssignmentName
,roleDefinitionId
orprincipalId
arenull
.
-
getRoleAssignment
public Mono<KeyVaultRoleAssignment> getRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName) Gets arole assignment
.Code Samples
Gets a
role assignment
. Prints out details of the retrievedrole assignment
.String roleAssignmentName = "c5a305c0-e17a-40f5-af79-73801bdd8867"; keyVaultAccessControlAsyncClient.getRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName) .subscribe(roleAssignment -> System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName()));
- Parameters:
roleScope
- Therole scope
of therole assignment
.roleAssignmentName
- The name used of therole assignment
.- Returns:
- A
Mono
containing therole assignment
. - Throws:
KeyVaultAdministrationException
- If arole assignment
with the given name cannot be found or if the givenroleScope
is invalid.NullPointerException
- If therole scope
orroleAssignmentName
arenull
.
-
getRoleAssignmentWithResponse
public Mono<Response<KeyVaultRoleAssignment>> getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName) Gets arole assignment
.Code Samples
Gets a
role assignment
. Prints out details of theHTTP response
and the retrievedrole assignment
.String myRoleAssignmentName = "76ccbf52-4d49-4fcc-ad3f-044c254be114"; keyVaultAccessControlAsyncClient.getRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, myRoleAssignmentName) .subscribe(response -> System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was" + " retrieved.%n", response.getStatusCode(), response.getValue().getName()));
- Parameters:
roleScope
- Therole scope
of therole assignment
.roleAssignmentName
- The name of therole assignment
.- Returns:
- A
Mono
containing aResponse
whosevalue
contains therole assignment
. - Throws:
KeyVaultAdministrationException
- If arole assignment
with the given name cannot be found or if the givenroleScope
is invalid.NullPointerException
- If therole scope
orroleAssignmentName
arenull
.
-
deleteRoleAssignment
Deletes arole assignment
.Code Samples
Deletes a
role assignment
.String roleAssignmentName = "f05d11ce-578a-4524-950c-fb4c53e5fb96"; keyVaultAccessControlAsyncClient.deleteRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName) .subscribe(unused -> System.out.printf("Deleted role assignment with name '%s'.%n", roleAssignmentName));
- Parameters:
roleScope
- Therole scope
of therole assignment
.roleAssignmentName
- The name of therole assignment
.- Returns:
- A
Mono
of aVoid
. - Throws:
KeyVaultAdministrationException
- If the givenroleScope
is invalid.NullPointerException
- If therole scope
orroleAssignmentName
arenull
.
-
deleteRoleAssignmentWithResponse
public Mono<Response<Void>> deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName) Deletes arole assignment
.Code Samples
Deletes a
role assignment
. Prints out details of theHTTP response
.String myRoleAssignmentName = "06aaea13-e4f3-4d3f-8a93-088dff6e90ed"; keyVaultAccessControlAsyncClient.deleteRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, myRoleAssignmentName).subscribe(response -> System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was" + " deleted.%n", response.getStatusCode(), myRoleAssignmentName));
- Parameters:
roleScope
- Therole scope
of therole assignment
.roleAssignmentName
- The name of therole assignment
.- Returns:
- A
Mono
containing aResponse
with aVoid
value. - Throws:
KeyVaultAdministrationException
- If the givenroleScope
is invalid.NullPointerException
- If therole scope
orroleAssignmentName
arenull
.
-