Skip to content

Commit

Permalink
Add update flow to vault
Browse files Browse the repository at this point in the history
  • Loading branch information
@jianghaolu
jianghaolu committed Aug 3, 2016
1 parent 6865f00 commit f8a29d6
Show file tree
Hide file tree
Showing 3 changed files with 138 additions and 53 deletions.
154 changes: 104 additions & 50 deletions azure-mgmt-keyvault/src/main/java/com/microsoft/azure/management/keyvault/AccessPolicy.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import com.microsoft.azure.management.graphrbac.User;
import com.microsoft.azure.management.resources.fluentcore.arm.models.ChildResource;
import com.microsoft.azure.management.resources.fluentcore.model.Attachable;
import com.microsoft.azure.management.resources.fluentcore.model.Settable;
import com.microsoft.azure.management.resources.fluentcore.model.Wrapper;

import java.util.List;
Expand Down Expand Up @@ -74,55 +75,50 @@ interface WithIdentity<ParentT> {
* The access policy definition stage allowing permissions to be added.
* @param <ParentT> the return type of the final {@link WithAttach#attach()}
*/
interface WithPermissions<ParentT> {
WithAttach<ParentT> allowKeyDecrypting();
WithAttach<ParentT> allowKeyEncrypting();
WithAttach<ParentT> allowKeyUnwrapping();
WithAttach<ParentT> allowKeyWrapping();
WithAttach<ParentT> allowKeyVerifying();
WithAttach<ParentT> allowKeySigning();
WithAttach<ParentT> allowKeyGetting();
WithAttach<ParentT> allowKeyListing();
WithAttach<ParentT> allowKeyUpdating();
WithAttach<ParentT> allowKeyCreating();
WithAttach<ParentT> allowKeyImporting();
WithAttach<ParentT> allowKeyDeleting();
WithAttach<ParentT> allowKeyBackingUp();
WithAttach<ParentT> allowKeyRestoring();
WithAttach<ParentT> allowKeyAllPermissions();
WithAttach<ParentT> allowKeyPermission(String permission);
WithAttach<ParentT> allowKeyPermissions(List<String> permissions);
WithAttach<ParentT> disallowKeyDecrypting();
WithAttach<ParentT> disallowKeyEncrypting();
WithAttach<ParentT> disallowKeyUnwrapping();
WithAttach<ParentT> disallowKeyWrapping();
WithAttach<ParentT> disallowKeyVerifying();
WithAttach<ParentT> disallowKeySigning();
WithAttach<ParentT> disallowKeyGetting();
WithAttach<ParentT> disallowKeyListing();
WithAttach<ParentT> disallowKeyUpdating();
WithAttach<ParentT> disallowKeyCreating();
WithAttach<ParentT> disallowKeyImporting();
WithAttach<ParentT> disallowKeyDeleting();
WithAttach<ParentT> disallowKeyBackingUp();
WithAttach<ParentT> disallowKeyRestoring();
WithAttach<ParentT> disallowKeyAllPermissions();
WithAttach<ParentT> disallowKeyPermission(String permission);
WithAttach<ParentT> disallowKeyPermissions(List<String> permissions);
WithAttach<ParentT> allowSecretGetting();
WithAttach<ParentT> allowSecretListing();
WithAttach<ParentT> allowSecretSetting();
WithAttach<ParentT> allowSecretDeleting();
WithAttach<ParentT> allowSecretAllPermissions();
WithAttach<ParentT> allowSecretPermission(String permission);
WithAttach<ParentT> allowSecretPermissions(List<String> permissions);
WithAttach<ParentT> disallowSecretGetting();
WithAttach<ParentT> disallowSecretListing();
WithAttach<ParentT> disallowSecretSetting();
WithAttach<ParentT> disallowSecretDeleting();
WithAttach<ParentT> disallowSecretAllPermissions();
WithAttach<ParentT> disallowSecretPermission(String permission);
WithAttach<ParentT> disallowSecretPermissions(List<String> permissions);
interface WithPermissions<ParentT> extends WithPermissionsBase<WithAttach<ParentT>> {
}

/** The final stage of the access policy definition.
* <p>
* At this stage, more permissions can be added or application ID can be specified,
* or the access policy definition can be attached to the parent key vault definition
* using {@link WithAttach#attach()}.
* @param <ParentT> the return type of {@link WithAttach#attach()}
*/
interface WithAttach<ParentT> extends
Attachable.InDefinition<ParentT>,
WithPermissions<ParentT> {
}
}

interface UpdateDefinition<ParentT> extends
UpdateDefinitionStages.Blank<ParentT>,
UpdateDefinitionStages.WithAttach<ParentT> {
}

/**
* Grouping of access policy definition stages applicable as part of a key vault creation.
*/
interface UpdateDefinitionStages {
/**
* The first stage of an access policy definition.
*
* @param <ParentT> the return type of the final {@link WithAttach#attach()}
*/
interface Blank<ParentT> extends WithIdentity<ParentT> {
}

interface WithIdentity<ParentT> {
WithAttach<ParentT> forObjectId(UUID objectId);
WithAttach<ParentT> forUser(User user);
WithAttach<ParentT> forServicePrincipal(ServicePrincipal servicePrincipal);
}

/**
* The access policy definition stage allowing permissions to be added.
* @param <ParentT> the return type of the final {@link WithAttach#attach()}
*/
interface WithPermissions<ParentT> extends WithPermissionsBase<WithAttach<ParentT>> {
}

/** The final stage of the access policy definition.
Expand All @@ -142,12 +138,70 @@ interface WithAttach<ParentT> extends
* Grouping of all the key vault update stages.
*/
interface UpdateStages {
/**
* The access policy definition stage allowing permissions to be added.
*/
interface WithPermissions extends WithPermissionsBase<Update> {
}
}

/**
* The template for a key vault update operation, containing all the settings that can be modified.
*/
interface Update {
interface Update extends
UpdateStages.WithPermissions,
Settable<Vault.Update>{
}

interface WithPermissionsBase<T> {
T allowKeyDecrypting();
T allowKeyEncrypting();
T allowKeyUnwrapping();
T allowKeyWrapping();
T allowKeyVerifying();
T allowKeySigning();
T allowKeyGetting();
T allowKeyListing();
T allowKeyUpdating();
T allowKeyCreating();
T allowKeyImporting();
T allowKeyDeleting();
T allowKeyBackingUp();
T allowKeyRestoring();
T allowKeyAllPermissions();
T allowKeyPermission(String permission);
T allowKeyPermissions(List<String> permissions);
T disallowKeyDecrypting();
T disallowKeyEncrypting();
T disallowKeyUnwrapping();
T disallowKeyWrapping();
T disallowKeyVerifying();
T disallowKeySigning();
T disallowKeyGetting();
T disallowKeyListing();
T disallowKeyUpdating();
T disallowKeyCreating();
T disallowKeyImporting();
T disallowKeyDeleting();
T disallowKeyBackingUp();
T disallowKeyRestoring();
T disallowKeyAllPermissions();
T disallowKeyPermission(String permission);
T disallowKeyPermissions(List<String> permissions);
T allowSecretGetting();
T allowSecretListing();
T allowSecretSetting();
T allowSecretDeleting();
T allowSecretAllPermissions();
T allowSecretPermission(String permission);
T allowSecretPermissions(List<String> permissions);
T disallowSecretGetting();
T disallowSecretListing();
T disallowSecretSetting();
T disallowSecretDeleting();
T disallowSecretAllPermissions();
T disallowSecretPermission(String permission);
T disallowSecretPermissions(List<String> permissions);
}
}

16 changes: 15 additions & 1 deletion azure-mgmt-keyvault/src/main/java/com/microsoft/azure/management/keyvault/Vault.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,13 +145,27 @@ interface WithCreate extends
* Grouping of all the key vault update stages.
*/
interface UpdateStages {
interface WithAccessPolicy {
Update withoutAccessPolicy(String objectId);
Update withAccessPolicy(AccessPolicy accessPolicy);
AccessPolicy.UpdateDefinitionStages.Blank<Update> defineAccessPolicy();
AccessPolicy.Update updateAccessPolicy(String objectId);
}

interface WithConfigurations {
Update enabledForDeployment(boolean enabled);
Update enabledForDiskEncryption(boolean enabled);
Update enabledForTemplateDeployment(boolean enabled);
}
}

/**
* The template for a key vault update operation, containing all the settings that can be modified.
*/
interface Update extends
Appliable<Vault> {
Appliable<Vault>,
UpdateStages.WithAccessPolicy,
UpdateStages.WithConfigurations {
}
}

21 changes: 19 additions & 2 deletions azure-mgmt-keyvault/src/main/test/com/microsoft/azure/management/keyvault/VaultTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
import org.junit.BeforeClass;
import org.junit.Test;

import java.util.UUID;
import java.util.List;

public class VaultTests extends KeyVaultManagementTestBase {
private static final String RG_NAME = "javacsmrg901";
Expand All @@ -38,7 +38,6 @@ public void canCRUDVault() throws Exception {
Vault vault = keyVaultManager.vaults().define(VAULT_NAME)
.withRegion(Region.US_WEST)
.withNewResourceGroup(RG_NAME)
.withTenantId(UUID.fromString(credentials.getDomain()))
.defineAccessPolicy()
.forServicePrincipal(sp)
.allowKeyGetting()
Expand All @@ -49,5 +48,23 @@ public void canCRUDVault() throws Exception {
.create();
Assert.assertNotNull(vault);
// GET
vault = keyVaultManager.vaults().getByGroup(RG_NAME, VAULT_NAME);
Assert.assertNotNull(vault);
// LIST
List<Vault> vaults = keyVaultManager.vaults().listByGroup(RG_NAME);
for (Vault v : vaults) {
if (VAULT_NAME.equals(v.name())) {
vault = v;
break;
}
}
Assert.assertNotNull(vault);
// UPDATE
vault.update()
.updateAccessPolicy(sp.objectId())
.allowKeyAllPermissions()
.disallowSecretAllPermissions()
.parent()
.apply();
}
}

0 comments on commit f8a29d6

Please sign in to comment.