KeyVaultAccessControlClient.java
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
package com.azure.security.keyvault.administration;
import com.azure.core.annotation.ReturnType;
import com.azure.core.annotation.ServiceClient;
import com.azure.core.annotation.ServiceMethod;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.rest.PagedIterable;
import com.azure.core.http.rest.Response;
import com.azure.core.util.Context;
import com.azure.security.keyvault.administration.models.KeyVaultAdministrationException;
import com.azure.security.keyvault.administration.models.KeyVaultRoleAssignment;
import com.azure.security.keyvault.administration.models.KeyVaultRoleDefinition;
import com.azure.security.keyvault.administration.models.KeyVaultRoleScope;
import com.azure.security.keyvault.administration.models.SetRoleDefinitionOptions;
import reactor.core.publisher.Mono;
import java.util.UUID;
/**
* The {@link KeyVaultAccessControlClient} provides synchronous methods to view and manage Role Based Access for the
* Azure Key Vault. The client supports creating, listing, updating, and deleting
* {@link KeyVaultRoleDefinition role definitions} and {@link KeyVaultRoleAssignment role assignments}.
*
* <p>Instances of this client are obtained by calling the {@link KeyVaultAccessControlClientBuilder#buildClient()}
* method on a {@link KeyVaultAccessControlClientBuilder} object.</p>
*
* <p><strong>Samples to construct a sync client</strong></p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.instantiation -->
* <pre>
* KeyVaultAccessControlClient keyVaultAccessControlClient = new KeyVaultAccessControlClientBuilder()
* .vaultUrl("https://myaccount.managedhsm.azure.net/")
* .credential(new DefaultAzureCredentialBuilder().build())
* .buildClient();
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.instantiation -->
*
* @see KeyVaultAccessControlClientBuilder
*/
@ServiceClient(builder = KeyVaultAccessControlClientBuilder.class)
public final class KeyVaultAccessControlClient {
private final KeyVaultAccessControlAsyncClient asyncClient;
/**
* Creates an {@link KeyVaultAccessControlClient} that uses a {@link HttpPipeline pipeline} to service requests.
*
* @param asyncClient The {@link KeyVaultAccessControlAsyncClient} that this client routes its request through.
*/
KeyVaultAccessControlClient(KeyVaultAccessControlAsyncClient asyncClient) {
this.asyncClient = asyncClient;
}
/**
* Gets the URL for the Key Vault this client is associated with.
*
* @return The Key Vault URL.
*/
public String getVaultUrl() {
return asyncClient.getVaultUrl();
}
/**
* Get all {@link KeyVaultRoleDefinition role definitions} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* <p><strong>Code Samples</strong></p>
* <p>Lists all {@link KeyVaultRoleDefinition role definitions}. Prints out the details of the retrieved
* {@link KeyVaultRoleDefinition role definitions}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.listRoleDefinitions#KeyVaultRoleScope -->
* <pre>
* PagedIterable<KeyVaultRoleDefinition> roleDefinitions =
* keyVaultAccessControlClient.listRoleDefinitions(KeyVaultRoleScope.GLOBAL);
*
* roleDefinitions.forEach(roleDefinition ->
* System.out.printf("Retrieved role definition with name '%s'.%n", roleDefinition.getName()));
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.listRoleDefinitions#KeyVaultRoleScope -->
*
* @param roleScope The {@link KeyVaultRoleScope roleScope} of the {@link KeyVaultRoleDefinition role definitions}.
*
* @return A {@link PagedIterable} containing the {@link KeyVaultRoleDefinition role definitions} for the given
* {@link KeyVaultRoleScope roleScope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.COLLECTION)
public PagedIterable<KeyVaultRoleDefinition> listRoleDefinitions(KeyVaultRoleScope roleScope) {
return new PagedIterable<>(asyncClient.listRoleDefinitions(roleScope, Context.NONE));
}
/**
* Get all {@link KeyVaultRoleDefinition role definitions} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* <p><strong>Code Samples</strong></p>
* <p>Lists all {@link KeyVaultRoleDefinition role definitions}. Prints out the details of the retrieved
* {@link KeyVaultRoleDefinition role definitions}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.listRoleDefinitions#KeyVaultRoleScope-Context -->
* <pre>
* PagedIterable<KeyVaultRoleDefinition> keyVaultRoleDefinitions =
* keyVaultAccessControlClient.listRoleDefinitions(KeyVaultRoleScope.GLOBAL, new Context("key1", "value1"));
*
* keyVaultRoleDefinitions.forEach(roleDefinition ->
* System.out.printf("Retrieved role definition with name '%s'.%n", roleDefinition.getName()));
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.listRoleDefinitions#KeyVaultRoleScope-Context -->
*
* @param roleScope The {@link KeyVaultRoleScope scope} of the {@link KeyVaultRoleDefinition role definitions}.
* @param context Additional {@link Context} that is passed through the HTTP pipeline during the service call.
*
* @return A {@link PagedIterable} containing the {@link KeyVaultRoleDefinition role definitions} for the given
* {@link KeyVaultRoleScope roleScope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.COLLECTION)
public PagedIterable<KeyVaultRoleDefinition> listRoleDefinitions(KeyVaultRoleScope roleScope, Context context) {
return new PagedIterable<>(asyncClient.listRoleDefinitions(roleScope, context));
}
/**
* Creates a {@link KeyVaultRoleDefinition role definition} with a randomly generated name.
*
* <p><strong>Code Samples</strong></p>
* <p>Creates a {@link KeyVaultRoleDefinition role definition} with a randomly generated name. Prints out the
* details of the created {@link KeyVaultRoleDefinition role definition}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.setRoleDefinition#KeyVaultRoleScope -->
* <pre>
* KeyVaultRoleDefinition roleDefinition = keyVaultAccessControlClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL);
*
* System.out.printf("Created role definition with randomly generated name '%s' and role name '%s'.%n",
* roleDefinition.getName(), roleDefinition.getRoleName());
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.setRoleDefinition#KeyVaultRoleScope -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* Managed HSM only supports '/'.
*
* @return The created {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleDefinition setRoleDefinition(KeyVaultRoleScope roleScope) {
return asyncClient.setRoleDefinition(roleScope).block();
}
/**
* Creates or updates a {@link KeyVaultRoleDefinition role definition} with a given name. If no name is provided,
* then a {@link KeyVaultRoleDefinition role definition} will be created with a randomly generated name.
*
* <p><strong>Code Samples</strong></p>
* <p>Creates or updates a {@link KeyVaultRoleDefinition role definition} with a given generated name. Prints out
* the details of the created {@link KeyVaultRoleDefinition role definition}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.setRoleDefinition#KeyVaultRoleScope-String -->
* <pre>
* String myRoleDefinitionName = "b67c3cf4-cbfd-451e-89ab-97c01906a2e0";
* KeyVaultRoleDefinition myRoleDefinition =
* keyVaultAccessControlClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName);
*
* System.out.printf("Set role definition with name '%s' and role name '%s'.%n", myRoleDefinition.getName(),
* myRoleDefinition.getRoleName());
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.setRoleDefinition#KeyVaultRoleScope-String -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* Managed HSM only supports '/'.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}. It can be any valid
* UUID. If {@code null} is provided, a name will be randomly generated.
*
* @return The created or updated {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName}
* are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleDefinition setRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) {
return asyncClient.setRoleDefinition(roleScope, roleDefinitionName).block();
}
/**
* Creates or updates a {@link KeyVaultRoleDefinition role definition}.
*
* <p><strong>Code Samples</strong></p>
* <p>Creates or updates a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the
* {@link Response HTTP response} and the created {@link KeyVaultRoleDefinition role definition}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.setRoleDefinitionWithResponse#SetRoleDefinitionOptions-Context -->
* <pre>
* String roleDefinitionName = "a86990e4-2080-4666-bd36-6e1664d3706f";
*
* List<KeyVaultRoleScope> assignableScopes = new ArrayList<>();
* assignableScopes.add(KeyVaultRoleScope.GLOBAL);
* assignableScopes.add(KeyVaultRoleScope.KEYS);
*
* List<KeyVaultDataAction> dataActions = new ArrayList<>();
* dataActions.add(KeyVaultDataAction.START_HSM_RESTORE);
* dataActions.add(KeyVaultDataAction.START_HSM_BACKUP);
* dataActions.add(KeyVaultDataAction.READ_HSM_BACKUP_STATUS);
* dataActions.add(KeyVaultDataAction.READ_HSM_RESTORE_STATUS);
* dataActions.add(KeyVaultDataAction.BACKUP_HSM_KEYS);
* dataActions.add(KeyVaultDataAction.RESTORE_HSM_KEYS);
*
* List<KeyVaultPermission> permissions = new ArrayList<>();
* permissions.add(new KeyVaultPermission(null, null, dataActions, null));
*
* SetRoleDefinitionOptions setRoleDefinitionOptions =
* new SetRoleDefinitionOptions(KeyVaultRoleScope.GLOBAL, roleDefinitionName)
* .setRoleName("Backup and Restore Role Definition")
* .setDescription("Can backup and restore a whole Managed HSM, as well as individual keys.")
* .setAssignableScopes(assignableScopes)
* .setPermissions(permissions);
*
* Response<KeyVaultRoleDefinition> response =
* keyVaultAccessControlClient.setRoleDefinitionWithResponse(setRoleDefinitionOptions,
* new Context("key1", "value1"));
*
* System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role name '%s' "
* + "was set.%n", response.getStatusCode(), response.getValue().getName(), response.getValue().getRoleName());
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.setRoleDefinitionWithResponse#SetRoleDefinitionOptions-Context -->
*
* @param options Object representing the configurable options to create or update a
* {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Response} whose {@link Response#getValue() value} contains the created or updated
* {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If any parameter in {@code options} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName}
* in the {@link SetRoleDefinitionOptions options} object are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response<KeyVaultRoleDefinition> setRoleDefinitionWithResponse(SetRoleDefinitionOptions options,
Context context) {
return asyncClient.setRoleDefinitionWithResponse(options, context).block();
}
/**
* Gets a {@link KeyVaultRoleDefinition role definition}.
*
* <p><strong>Code Samples</strong></p>
* <p>Gets a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the retrieved
* {@link KeyVaultRoleDefinition role definition}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.getRoleDefinition#KeyVaultRoleScope-String -->
* <pre>
* String roleDefinitionName = "de8df120-987e-4477-b9cc-570fd219a62c";
* KeyVaultRoleDefinition roleDefinition =
* keyVaultAccessControlClient.getRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName);
*
* System.out.printf("Retrieved role definition with name '%s' and role name '%s'.%n", roleDefinition.getName(),
* roleDefinition.getRoleName());
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.getRoleDefinition#KeyVaultRoleScope-String -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name used of the {@link KeyVaultRoleDefinition role definition}.
*
* @return The retrieved {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleDefinition getRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) {
return asyncClient.getRoleDefinition(roleScope, roleDefinitionName).block();
}
/**
* Gets a {@link KeyVaultRoleDefinition role definition}.
*
* <p><strong>Code Samples</strong></p>
* <p>Gets a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the
* {@link Response HTTP response} and the retrieved {@link KeyVaultRoleDefinition role definition}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.getRoleDefinitionWithResponse#KeyVaultRoleScope-String-Context -->
* <pre>
* String myRoleDefinitionName = "cb15ef18-b32c-4224-b048-3a91cd68acc3";
* Response<KeyVaultRoleDefinition> response =
* keyVaultAccessControlClient.getRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName,
* new Context("key1", "value1"));
*
* System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role name '%s'"
* + " was retrieved.%n", response.getStatusCode(), response.getValue().getName(),
* response.getValue().getRoleName());
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.getRoleDefinitionWithResponse#KeyVaultRoleScope-String-Context -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Response} whose {@link Response#getValue() value} contains the
* retrieved {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response<KeyVaultRoleDefinition> getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionName, Context context) {
return asyncClient.getRoleDefinitionWithResponse(roleScope, roleDefinitionName, context).block();
}
/**
* Deletes a {@link KeyVaultRoleDefinition role definition}.
*
* <p><strong>Code Samples</strong></p>
* <p>Deletes a {@link KeyVaultRoleDefinition role definition}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.deleteRoleDefinition#KeyVaultRoleScope-String -->
* <pre>
* String roleDefinitionName = "6a709e6e-8964-4012-a99b-6b0131e8ce40";
*
* keyVaultAccessControlClient.deleteRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName);
*
* System.out.printf("Deleted role definition with name '%s'.%n", roleDefinitionName);
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.deleteRoleDefinition#KeyVaultRoleScope-String -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* Managed HSM only supports '/'.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public void deleteRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) {
asyncClient.deleteRoleDefinition(roleScope, roleDefinitionName).block();
}
/**
* Deletes a {@link KeyVaultRoleDefinition role definition}.
*
* <p><strong>Code Samples</strong></p>
* <p>Deletes a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the
* {@link Response HTTP response}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.deleteRoleDefinitionWithResponse#KeyVaultRoleScope-String-Context -->
* <pre>
* String myRoleDefinitionName = "6b2d0b58-4108-44d6-b7e0-4fd02f77fe7e";
* Response<Void> response =
* keyVaultAccessControlClient.deleteRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName,
* new Context("key1", "value1"));
*
* System.out.printf("Response successful with status code: %d. Role definition with name '%s' was deleted.%n",
* response.getStatusCode(), myRoleDefinitionName);
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.deleteRoleDefinitionWithResponse#KeyVaultRoleScope-String-Context -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response<Void> deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionName,
Context context) {
return asyncClient.deleteRoleDefinitionWithResponse(roleScope, roleDefinitionName, context).block();
}
/**
* Get all {@link KeyVaultRoleAssignment role assignments} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* <p><strong>Code Samples</strong></p>
* <p>Lists all {@link KeyVaultRoleAssignment role assignments}. Prints out the details of the retrieved
* {@link KeyVaultRoleAssignment role assignments}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.listRoleAssignments#KeyVaultRoleScope -->
* <pre>
* PagedIterable<KeyVaultRoleAssignment> roleAssignments =
* keyVaultAccessControlClient.listRoleAssignments(KeyVaultRoleScope.GLOBAL);
*
* roleAssignments.forEach(roleAssignment ->
* System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName()));
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.listRoleAssignments#KeyVaultRoleScope -->
*
* @param roleScope The {@link KeyVaultRoleScope scope} of the {@link KeyVaultRoleAssignment role assignment}.
*
* @return A {@link PagedIterable} containing the {@link KeyVaultRoleAssignment role assignments} for the given
* {@link KeyVaultRoleScope roleScope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.COLLECTION)
public PagedIterable<KeyVaultRoleAssignment> listRoleAssignments(KeyVaultRoleScope roleScope) {
return new PagedIterable<>(asyncClient.listRoleAssignments(roleScope, Context.NONE));
}
/**
* Get all {@link KeyVaultRoleAssignment role assignments} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* <p><strong>Code Samples</strong></p>
* <p>Lists all {@link KeyVaultRoleAssignment role assignments}. Prints out the details of the retrieved
* {@link KeyVaultRoleAssignment role assignments}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.listRoleAssignments#KeyVaultRoleScope-Context -->
* <pre>
* PagedIterable<KeyVaultRoleAssignment> keyVaultRoleAssignments =
* keyVaultAccessControlClient.listRoleAssignments(KeyVaultRoleScope.GLOBAL, new Context("key1", "value1"));
*
* keyVaultRoleAssignments.forEach(roleAssignment ->
* System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName()));
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.listRoleAssignments#KeyVaultRoleScope-Context -->
*
* @param roleScope The {@link KeyVaultRoleScope scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link PagedIterable} containing the {@link KeyVaultRoleAssignment role assignments} for the given
* {@link KeyVaultRoleScope roleScope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.COLLECTION)
public PagedIterable<KeyVaultRoleAssignment> listRoleAssignments(KeyVaultRoleScope roleScope, Context context) {
return new PagedIterable<>(asyncClient.listRoleAssignments(roleScope, context));
}
/**
* Creates a {@link KeyVaultRoleAssignment role assignment} with a randomly generated name.
*
* <p><strong>Code Samples</strong></p>
* <p>Creates a {@link KeyVaultRoleAssignment role assignment} with a randomly generated name. Prints out the
* details of the created {@link KeyVaultRoleAssignment role assignment}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.createRoleAssignment#KeyVaultRoleScope-String-String -->
* <pre>
* String roleDefinitionId = "b0b43a39-920c-475b-b34c-32ecc2bbb0ea";
* String servicePrincipalId = "169d6a86-61b3-4615-ac7e-2da09edfeed4";
* KeyVaultRoleAssignment roleAssignment =
* keyVaultAccessControlClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, roleDefinitionId,
* servicePrincipalId);
*
* System.out.printf("Created role assignment with randomly generated name '%s' for principal with id '%s'.%n",
* roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId());
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.createRoleAssignment#KeyVaultRoleScope-String-String -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}
* to create.
* @param roleDefinitionId The {@link KeyVaultRoleDefinition role definition} ID for the role assignment.
* @param principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory.
*
* @return A {@link Mono} containing the created {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope}, {@code roleDefinitionId} or
* {@code principalId} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope}, {@link String roleDefinitionId} or
* {@link String principalId} are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleAssignment createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId,
String principalId) {
return createRoleAssignmentWithResponse(roleScope, roleDefinitionId, principalId, UUID.randomUUID().toString(),
Context.NONE).getValue();
}
/**
* Creates a {@link KeyVaultRoleAssignment role assignment}.
*
* <p><strong>Code Samples</strong></p>
* <p>Creates a {@link KeyVaultRoleAssignment role assignment}. Prints out the details of the created
* {@link KeyVaultRoleAssignment role assignment}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.createRoleAssignment#KeyVaultRoleScope-String-String-String -->
* <pre>
* String myRoleDefinitionId = "c7d4f70f-944d-494a-a73e-ff62fe7f04da";
* String myServicePrincipalId = "4196fc8f-7312-46b9-9a08-05bf44fdff37";
* String myRoleAssignmentName = "d80e9366-47a6-4f42-ba84-f2eefb084972";
* KeyVaultRoleAssignment myRoleAssignment =
* keyVaultAccessControlClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, myRoleDefinitionId,
* myServicePrincipalId, myRoleAssignmentName);
*
* System.out.printf("Created role assignment with name '%s' for principal with id '%s'.%n",
* myRoleAssignment.getName(), myRoleAssignment.getProperties().getPrincipalId());
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.createRoleAssignment#KeyVaultRoleScope-String-String-String -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}
* to create.
* @param roleAssignmentName The name used to create the {@link KeyVaultRoleAssignment role assignment}. It can be
* any valid UUID.
* @param roleDefinitionId The {@link KeyVaultRoleDefinition role definition} ID for the role assignment.
* @param principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory.
*
* @return The created {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* already exists or if the given {@code roleScope}, {@code roleDefinitionId} or {@code principalId} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope}, {@link String roleAssignmentName},
* {@link String roleDefinitionId} or {@link String principalId} are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleAssignment createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId,
String principalId, String roleAssignmentName) {
return createRoleAssignmentWithResponse(roleScope, roleDefinitionId, principalId, roleAssignmentName,
Context.NONE).getValue();
}
/**
* Creates a {@link KeyVaultRoleAssignment role assignment}.
*
* <p><strong>Code Samples</strong></p>
* <p>Creates a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the
* {@link Response HTTP response} and the created {@link KeyVaultRoleAssignment role assignment}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.createRoleAssignmentWithResponse#KeyVaultRoleScope-String-String-String-Context -->
* <pre>
* String someRoleDefinitionId = "11385c39-5efa-4e5f-8748-055aa51d4d23";
* String someServicePrincipalId = "eab943f7-a204-4434-9681-ef2cc0c85b51";
* String someRoleAssignmentName = "4d95e0ea-4808-43a4-b7f9-d9e61dba7ea9";
*
* Response<KeyVaultRoleAssignment> response =
* keyVaultAccessControlClient.createRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, someRoleDefinitionId,
* someServicePrincipalId, someRoleAssignmentName, new Context("key1", "value1"));
* KeyVaultRoleAssignment createdRoleAssignment = response.getValue();
*
* System.out.printf("Response successful with status code: %d. Role assignment with name '%s' for principal with"
* + "id '%s' was created.%n", response.getStatusCode(), createdRoleAssignment.getName(),
* createdRoleAssignment.getProperties().getPrincipalId());
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.createRoleAssignmentWithResponse#KeyVaultRoleScope-String-String-String-Context -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}
* to create.
* @param roleAssignmentName The name used to create the {@link KeyVaultRoleAssignment role assignment}. It can be
* any valid UUID.
* @param roleDefinitionId The {@link KeyVaultRoleDefinition role definition} ID for the role assignment.
* @param principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the created
* {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given
* name already exists or if the given {@code roleScope}, {@code roleDefinitionId} or {@code principalId} are
* invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope}, {@link String roleAssignmentName},
* {@link String roleDefinitionId} or {@link String principalId} are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response<KeyVaultRoleAssignment> createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionId,
String principalId,
String roleAssignmentName,
Context context) {
return asyncClient.createRoleAssignmentWithResponse(roleScope, roleDefinitionId, principalId,
roleAssignmentName, context).block();
}
/**
* Gets a {@link KeyVaultRoleAssignment role assignment}.
*
* <p><strong>Code Samples</strong></p>
* <p>Deletes a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the retrieved
* {@link KeyVaultRoleAssignment role assignment}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.getRoleAssignment#KeyVaultRoleScope-String -->
* <pre>
* String roleAssignmentName = "06d1ae8b-0791-4f02-b976-f631251f5a95";
* KeyVaultRoleAssignment roleAssignment =
* keyVaultAccessControlClient.getRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName);
*
* System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName());
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.getRoleAssignment#KeyVaultRoleScope-String -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
*
* @return The {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleAssignment getRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName) {
return getRoleAssignmentWithResponse(roleScope, roleAssignmentName, Context.NONE).getValue();
}
/**
* Gets a {@link KeyVaultRoleAssignment role assignment}.
*
* <p><strong>Code Samples</strong></p>
* <p>Deletes a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the
* {@link Response HTTP response} and the retrieved {@link KeyVaultRoleAssignment role assignment}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.getRoleAssignmentWithResponse#KeyVaultRoleScope-String-Context -->
* <pre>
* String myRoleAssignmentName = "b4a970d5-c581-4760-bba5-61d3d5aa24f9";
* Response<KeyVaultRoleAssignment> response =
* keyVaultAccessControlClient.getRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, myRoleAssignmentName,
* new Context("key1", "value1"));
*
* System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was retrieved.%n",
* response.getStatusCode(), response.getValue().getName());
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.getRoleAssignmentWithResponse#KeyVaultRoleScope-String-Context -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return The {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response<KeyVaultRoleAssignment> getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleAssignmentName, Context context) {
return asyncClient.getRoleAssignmentWithResponse(roleScope, roleAssignmentName, context).block();
}
/**
* Deletes a {@link KeyVaultRoleAssignment role assignment}.
*
* <p><strong>Code Samples</strong></p>
* <p>Deletes a {@link KeyVaultRoleAssignment role assignment}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.deleteRoleAssignment#KeyVaultRoleScope-String -->
* <pre>
* String roleAssignmentName = "c3ed874a-64a9-4a87-8581-2a1ad84b9ddb";
*
* keyVaultAccessControlClient.deleteRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName);
*
* System.out.printf("Deleted role assignment with name '%s'.%n", roleAssignmentName);
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.deleteRoleAssignment#KeyVaultRoleScope-String -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public void deleteRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName) {
asyncClient.deleteRoleAssignment(roleScope, roleAssignmentName).block();
}
/**
* Deletes a {@link KeyVaultRoleAssignment role assignment}.
*
* <p><strong>Code Samples</strong></p>
* <p>Deletes a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the
* {@link Response HTTP response}.</p>
* <!-- src_embed com.azure.security.keyvault.administration.keyVaultAccessControlClient.deleteRoleAssignmentWithResponse#KeyVaultRoleScope-String-Context -->
* <pre>
* String myRoleAssignmentName = "8ac293e1-1ac8-4a71-b254-7caf9f7c2646";
* Response<Void> response =
* keyVaultAccessControlClient.deleteRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, myRoleAssignmentName,
* new Context("key1", "value1"));
*
* System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was deleted.%n",
* response.getStatusCode(), myRoleAssignmentName);
* </pre>
* <!-- end com.azure.security.keyvault.administration.keyVaultAccessControlClient.deleteRoleAssignmentWithResponse#KeyVaultRoleScope-String-Context -->
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response<Void> deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName,
Context context) {
return asyncClient.deleteRoleAssignmentWithResponse(roleScope, roleAssignmentName, context).block();
}
}