Package com.azure.security.keyvault.administration

Class KeyVaultAccessControlAsyncClient

java.lang.Object

com.azure.security.keyvault.administration.KeyVaultAccessControlAsyncClient

public final class KeyVaultAccessControlAsyncClient
extends Object

The KeyVaultAccessControlAsyncClient provides asynchronous methods to view and manage Role Based Access for the Azure Key Vault. The client supports creating, listing, updating, and deleting role definitions and role assignments.

Instances of this client are obtained by calling the KeyVaultAccessControlClientBuilder.buildAsyncClient() method on a KeyVaultAccessControlClientBuilder object.

Samples to construct an async client

 KeyVaultAccessControlAsyncClient keyVaultAccessControlAsyncClient = new KeyVaultAccessControlClientBuilder()
     .vaultUrl("https://myaccount.managedhsm.azure.net/")
     .credential(new DefaultAzureCredentialBuilder().build())
     .buildAsyncClient();
 

See Also:

• KeyVaultAccessControlClientBuilder

Method Summary

Modifier and Type	Method	Description
Mono<KeyVaultRoleAssignment>	createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId)	Creates a role assignment with a randomly generated name.
Mono<KeyVaultRoleAssignment>	createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName)	Creates a role assignment.
Mono<Response<KeyVaultRoleAssignment>>	createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName)	Creates a role assignment.
Mono<Void>	deleteRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName)	Deletes a role assignment.
Mono<Response<Void>>	deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName)	Deletes a role assignment.
Mono<Void>	deleteRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName)	Deletes a role definition.
Mono<Response<Void>>	deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionName)	Deletes a role definition.
Mono<KeyVaultRoleAssignment>	getRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName)	Gets a role assignment.
Mono<Response<KeyVaultRoleAssignment>>	getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName)	Gets a role assignment.
Mono<KeyVaultRoleDefinition>	getRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName)	Gets a role definition.
Mono<Response<KeyVaultRoleDefinition>>	getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionName)	Gets a role definition.
String	getVaultUrl()	Gets the URL for the Key Vault this client is associated with.
PagedFlux<KeyVaultRoleAssignment>	listRoleAssignments(KeyVaultRoleScope roleScope)	Lists all role assignments that are applicable at the given role scope and above.
PagedFlux<KeyVaultRoleDefinition>	listRoleDefinitions(KeyVaultRoleScope roleScope)	Lists all role definitions that are applicable at the given role scope and above.
Mono<KeyVaultRoleDefinition>	setRoleDefinition(KeyVaultRoleScope roleScope)	Creates or updates a role definition with a randomly generated name.
Mono<KeyVaultRoleDefinition>	setRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName)	Creates or updates a role definition.
Mono<Response<KeyVaultRoleDefinition>>	setRoleDefinitionWithResponse(SetRoleDefinitionOptions options)	Creates or updates a role definition.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

getVaultUrl

public String getVaultUrl()

Gets the URL for the Key Vault this client is associated with.

Returns:

The Key Vault URL.

listRoleDefinitions

public PagedFlux<KeyVaultRoleDefinition> listRoleDefinitions(KeyVaultRoleScope roleScope)

Lists all role definitions that are applicable at the given role scope and above.

Code Samples

Lists all role definitions. Prints out the details of the retrieved role definitions.

 keyVaultAccessControlAsyncClient.listRoleDefinitions(KeyVaultRoleScope.GLOBAL)
     .subscribe(roleDefinition ->
         System.out.printf("Retrieved role definition with name '%s'.%n", roleDefinition.getName()));
 

Parameters:

roleScope - The role scope of the role definitions.

Returns:

A PagedFlux containing the role definitions for the given role scope.

Throws:

KeyVaultAdministrationException - If the given roleScope is invalid.

NullPointerException - If the role scope is null.

setRoleDefinition

public Mono<KeyVaultRoleDefinition> setRoleDefinition(KeyVaultRoleScope roleScope)

Creates or updates a role definition with a randomly generated name.

Code Samples

Creates a role definition with a randomly generated name. Prints out the details of the created role definition.

 keyVaultAccessControlAsyncClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL)
     .subscribe(roleDefinition ->
         System.out.printf("Created role definition with randomly generated name '%s' and role name '%s'.%n",
             roleDefinition.getName(), roleDefinition.getRoleName()));
 

Parameters:

roleScope - The role scope of the role definition. Managed HSM only supports '/'.

Returns:

A Mono containing the created role definition.

Throws:

KeyVaultAdministrationException - If the given roleScope is invalid.

NullPointerException - If the role scope is null.

setRoleDefinition

public Mono<KeyVaultRoleDefinition> setRoleDefinition(KeyVaultRoleScope roleScope,
 String roleDefinitionName)

Creates or updates a role definition. If no name is provided, then a role definition will be created with a randomly generated name.

Code Samples

Creates or updates a role definition with a given generated name. Prints out the details of the created role definition.

 String myRoleDefinitionName = "504a3d11-5a63-41a9-b603-41bdf88df03e";

 keyVaultAccessControlAsyncClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName)
     .subscribe(roleDefinition ->
         System.out.printf("Set role definition with name '%s' and role name '%s'.%n", roleDefinition.getName(),
             roleDefinition.getRoleName()));
 

Parameters:

roleScope - The role scope of the role definition. Managed HSM only supports '/'.

roleDefinitionName - The name of the role definition. It can be any valid\ UUID. If null is provided, a name will be randomly generated.

Returns:

A Mono containing the created role definition.

Throws:

KeyVaultAdministrationException - If the given roleScope is invalid.

NullPointerException - If the role scope or roleDefinitionName are null.

setRoleDefinitionWithResponse

public Mono<Response<KeyVaultRoleDefinition>> setRoleDefinitionWithResponse(SetRoleDefinitionOptions options)

Creates or updates a role definition.

Code Samples

Creates or updates a role definition. Prints out the details of the HTTP response and the created role definition.

 String roleDefinitionName = "9de303d3-6ea8-4b8f-a20b-18e67f77e42a";

 List<KeyVaultRoleScope> assignableScopes = new ArrayList<>();
 assignableScopes.add(KeyVaultRoleScope.GLOBAL);
 assignableScopes.add(KeyVaultRoleScope.KEYS);

 List<KeyVaultDataAction> dataActions = new ArrayList<>();
 dataActions.add(KeyVaultDataAction.START_HSM_RESTORE);
 dataActions.add(KeyVaultDataAction.START_HSM_BACKUP);
 dataActions.add(KeyVaultDataAction.READ_HSM_BACKUP_STATUS);
 dataActions.add(KeyVaultDataAction.READ_HSM_RESTORE_STATUS);
 dataActions.add(KeyVaultDataAction.BACKUP_HSM_KEYS);
 dataActions.add(KeyVaultDataAction.RESTORE_HSM_KEYS);

 List<KeyVaultPermission> permissions = new ArrayList<>();
 permissions.add(new KeyVaultPermission(null, null, dataActions, null));

 SetRoleDefinitionOptions setRoleDefinitionOptions =
     new SetRoleDefinitionOptions(KeyVaultRoleScope.GLOBAL, roleDefinitionName)
         .setRoleName("Backup and Restore Role Definition")
         .setDescription("Can backup and restore a whole Managed HSM, as well as individual keys.%n")
         .setAssignableScopes(assignableScopes)
         .setPermissions(permissions);

 keyVaultAccessControlAsyncClient.setRoleDefinitionWithResponse(setRoleDefinitionOptions)
     .subscribe(response ->
         System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role"
             + " name '%s' was set.%n", response.getStatusCode(), response.getValue().getName(),
             response.getValue().getRoleName()));
 

Parameters:

options - Object representing the configurable options to create or update a role definition.

Returns:

A Mono containing a Response whose value contains the created or updated role definition.

Throws:

KeyVaultAdministrationException - If any parameter in options is invalid.

NullPointerException - If the role scope or roleDefinitionName in the options object are null.

getRoleDefinition

public Mono<KeyVaultRoleDefinition> getRoleDefinition(KeyVaultRoleScope roleScope,
 String roleDefinitionName)

Gets a role definition.

Code Samples

Gets a role definition. Prints out the details of the retrieved role definition.

 String roleDefinitionName = "8f90b099-7361-4db6-8321-719adaf6e4ca";

 keyVaultAccessControlAsyncClient.getRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName)
     .subscribe(roleDefinition ->
         System.out.printf("Retrieved role definition with name '%s' and role name '%s'.%n",
             roleDefinition.getName(), roleDefinition.getRoleName()));
 

Parameters:

roleScope - The role scope of the role definition.

roleDefinitionName - The name used of the role definition.

Returns:

A Mono containing the role definition.

Throws:

KeyVaultAdministrationException - If a role definition with the given name cannot be found or if the given roleScope is invalid.

NullPointerException - If the role scope or roleDefinitionName are null.

getRoleDefinitionWithResponse

public Mono<Response<KeyVaultRoleDefinition>> getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
 String roleDefinitionName)

Gets a role definition.

Code Samples

Gets a role definition. Prints out the details of the HTTP response and the retrieved role definition.

 String myRoleDefinitionName = "0877b4ee-6275-4559-89f1-c289060ef398";

 keyVaultAccessControlAsyncClient.getRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName)
     .subscribe(response ->
         System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role"
             + " name '%s' was retrieved.%n", response.getStatusCode(), response.getValue().getName(),
             response.getValue().getRoleName()));
 

Parameters:

roleScope - The role scope of the role definition.

roleDefinitionName - The name of the role definition.

Returns:

A Mono containing a Response whose value contains the role definition.

Throws:

KeyVaultAdministrationException - If a role definition with the given name cannot be found or if the given roleScope is invalid.

NullPointerException - If the role scope or roleDefinitionName are null.

deleteRoleDefinition

public Mono<Void> deleteRoleDefinition(KeyVaultRoleScope roleScope,
 String roleDefinitionName)

Deletes a role definition.

Code Samples

Deletes a role definition.

 String roleDefinitionName = "e3c7c51a-8abd-4b1b-9201-48ded34d0358";

 keyVaultAccessControlAsyncClient.deleteRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName)
     .subscribe(unused -> System.out.printf("Deleted role definition with name '%s'.%n", roleDefinitionName));
 

Parameters:

roleScope - The role scope of the role definition. Managed HSM only supports '/'.

roleDefinitionName - The name of the role definition.

Returns:

A Mono of a Void.

Throws:

KeyVaultAdministrationException - If the given roleScope is invalid.

NullPointerException - If the role scope or roleDefinitionName are null.

deleteRoleDefinitionWithResponse

public Mono<Response<Void>> deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
 String roleDefinitionName)

Deletes a role definition.

Code Samples

Deletes a role definition. Prints out the details of the HTTP response.

 String myRoleDefinitionName = "ccaafb00-31fb-40fe-9ccc-39a2ad2af082";

 keyVaultAccessControlAsyncClient.deleteRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL,
     myRoleDefinitionName).subscribe(response ->
         System.out.printf("Response successful with status code: %d. Role definition with name '%s' was"
             + " deleted.%n", response.getStatusCode(), myRoleDefinitionName));
 

Parameters:

roleScope - The role scope of the role definition.

roleDefinitionName - The name of the role definition.

Returns:

A Mono containing a Response with a Void value.

Throws:

KeyVaultAdministrationException - If the given roleScope is invalid.

NullPointerException - If the role scope or roleDefinitionName are null.

listRoleAssignments

public PagedFlux<KeyVaultRoleAssignment> listRoleAssignments(KeyVaultRoleScope roleScope)

Lists all role assignments that are applicable at the given role scope and above.

Parameters:

roleScope - The role scope of the role assignment.

Returns:

A PagedFlux containing the role assignments for the given role scope.

Throws:

KeyVaultAdministrationException - If the given roleScope is invalid.

NullPointerException - If the role scope is null.

createRoleAssignment

public Mono<KeyVaultRoleAssignment> createRoleAssignment(KeyVaultRoleScope roleScope,
 String roleDefinitionId,
 String principalId)

Creates a role assignment with a randomly generated name.

Code Samples

Creates a role assignment with a randomly generated name. Prints out the details of the created role assignment.

 String roleDefinitionId = "142e42c1-ab29-4dc7-9dfa-8fd7c0815128";
 String servicePrincipalId = "07dca82e-b625-4a60-977b-859d2a162ca7";

 keyVaultAccessControlAsyncClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, roleDefinitionId,
     servicePrincipalId).subscribe(roleAssignment ->
         System.out.printf("Created role assignment with randomly generated name '%s' for principal with id"
             + "'%s'.%n", roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId()));
 

Parameters:

roleScope - The role scope of the role assignment to create.

roleDefinitionId - The role definition ID for the role assignment.

principalId - The principal ID assigned to the role. This maps to the ID inside the Active Directory.

Returns:

A Mono containing the created role assignment.

Throws:

KeyVaultAdministrationException - If the given roleScope, roleDefinitionId or principalId are invalid.

NullPointerException - If the role scope, roleAssignmentName, roleDefinitionId or principalId are null.

createRoleAssignment

public Mono<KeyVaultRoleAssignment> createRoleAssignment(KeyVaultRoleScope roleScope,
 String roleDefinitionId,
 String principalId,
 String roleAssignmentName)

Creates a role assignment.

Code Samples

Creates a role assignment. Prints out the details of the created role assignment.

 String myRoleDefinitionId = "e1ca67d0-4332-465c-b9cd-894b2834401b";
 String myServicePrincipalId = "31af81fe-6123-4838-92c0-7c2531ec13d7";
 String myRoleAssignmentName = "94d7827f-f8c9-4a5d-94fd-9fd2cd02d12f";

 keyVaultAccessControlAsyncClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, myRoleDefinitionId,
     myServicePrincipalId, myRoleAssignmentName).subscribe(roleAssignment ->
         System.out.printf("Created role assignment with name '%s' for principal with id '%s'.%n",
             roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId()));
 

Parameters:

roleScope - The role scope of the role assignment to create.

roleDefinitionId - The role definition ID for the role assignment.

principalId - The principal ID assigned to the role. This maps to the ID inside the Active Directory.

roleAssignmentName - The name used to create the role assignment. It can be any valid UUID.

Returns:

A Mono containing the created role assignment.

Throws:

KeyVaultAdministrationException - If a role assignment with the given name already or if the given roleScope, roleDefinitionId or principalId are invalid.

NullPointerException - If the role scope, roleAssignmentName, roleDefinitionId or principalId are null.

createRoleAssignmentWithResponse

public Mono<Response<KeyVaultRoleAssignment>> createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
 String roleDefinitionId,
 String principalId,
 String roleAssignmentName)

Creates a role assignment.

Code Samples

Creates a role assignment. Prints out details of the HTTP response and the created role assignment.

 String someRoleDefinitionId = "686b0f78-5012-4def-8a70-eba36aa54d3d";
 String someServicePrincipalId = "345ec980-904b-4238-aafc-1eaeed3e23cf";
 String someRoleAssignmentName = "1c79927c-6e08-4e5c-8a6c-f58c13c9bbb5";

 keyVaultAccessControlAsyncClient.createRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL,
     someRoleDefinitionId, someServicePrincipalId, someRoleAssignmentName).subscribe(response -> {
         KeyVaultRoleAssignment createdRoleAssignment = response.getValue();

         System.out.printf("Response successful with status code: %d. Role assignment with name '%s' for"
             + " principal with id '%s' was created.%n", response.getStatusCode(),
             createdRoleAssignment.getName(), createdRoleAssignment.getProperties().getPrincipalId());
     });
 

Parameters:

roleScope - The role scope of the role assignment to create.

roleAssignmentName - The name used to create the role assignment. It can be any valid UUID.

roleDefinitionId - The role definition ID for the role assignment.

principalId - The principal ID assigned to the role. This maps to the ID inside the Active Directory.

Returns:

A Mono containing a Response whose value contains the created role assignment.

Throws:

KeyVaultAdministrationException - If a role assignment with the given name already exists or if the given roleScope, roleDefinitionId or principalId are invalid.

NullPointerException - If the role scope, roleAssignmentName, roleDefinitionId or principalId are null.

getRoleAssignment

public Mono<KeyVaultRoleAssignment> getRoleAssignment(KeyVaultRoleScope roleScope,
 String roleAssignmentName)

Gets a role assignment.

Code Samples

Gets a role assignment. Prints out details of the retrieved role assignment.

 String roleAssignmentName = "c5a305c0-e17a-40f5-af79-73801bdd8867";

 keyVaultAccessControlAsyncClient.getRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName)
     .subscribe(roleAssignment ->
         System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName()));
 

Parameters:

roleScope - The role scope of the role assignment.

roleAssignmentName - The name used of the role assignment.

Returns:

A Mono containing the role assignment.

Throws:

KeyVaultAdministrationException - If a role assignment with the given name cannot be found or if the given roleScope is invalid.

NullPointerException - If the role scope or roleAssignmentName are null.

getRoleAssignmentWithResponse

public Mono<Response<KeyVaultRoleAssignment>> getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
 String roleAssignmentName)

Gets a role assignment.

Code Samples

Gets a role assignment. Prints out details of the HTTP response and the retrieved role assignment.

 String myRoleAssignmentName = "76ccbf52-4d49-4fcc-ad3f-044c254be114";

 keyVaultAccessControlAsyncClient.getRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, myRoleAssignmentName)
     .subscribe(response ->
         System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was"
             + " retrieved.%n", response.getStatusCode(), response.getValue().getName()));
 

Parameters:

roleScope - The role scope of the role assignment.

roleAssignmentName - The name of the role assignment.

Returns:

A Mono containing a Response whose value contains the role assignment.

Throws:

KeyVaultAdministrationException - If a role assignment with the given name cannot be found or if the given roleScope is invalid.

NullPointerException - If the role scope or roleAssignmentName are null.

deleteRoleAssignment

public Mono<Void> deleteRoleAssignment(KeyVaultRoleScope roleScope,
 String roleAssignmentName)

Deletes a role assignment.

Code Samples

Deletes a role assignment.

 String roleAssignmentName = "f05d11ce-578a-4524-950c-fb4c53e5fb96";

 keyVaultAccessControlAsyncClient.deleteRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName)
     .subscribe(unused ->
         System.out.printf("Deleted role assignment with name '%s'.%n", roleAssignmentName));
 

Parameters:

roleScope - The role scope of the role assignment.

roleAssignmentName - The name of the role assignment.

Returns:

A Mono of a Void.

Throws:

KeyVaultAdministrationException - If the given roleScope is invalid.

NullPointerException - If the role scope or roleAssignmentName are null.

deleteRoleAssignmentWithResponse

public Mono<Response<Void>> deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
 String roleAssignmentName)

Deletes a role assignment.

Code Samples

Deletes a role assignment. Prints out details of the HTTP response.

 String myRoleAssignmentName = "06aaea13-e4f3-4d3f-8a93-088dff6e90ed";

 keyVaultAccessControlAsyncClient.deleteRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL,
     myRoleAssignmentName).subscribe(response ->
         System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was"
             + " deleted.%n", response.getStatusCode(), myRoleAssignmentName));
 

Parameters:

roleScope - The role scope of the role assignment.

roleAssignmentName - The name of the role assignment.

Returns:

A Mono containing a Response with a Void value.

Throws:

KeyVaultAdministrationException - If the given roleScope is invalid.

NullPointerException - If the role scope or roleAssignmentName are null.