com.azure.security.keyvault.administration.KeyVaultAccessControlAsyncClient Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure-security-keyvault-administration Show documentation
Show all versions of azure-security-keyvault-administration Show documentation
This module contains client library for Microsoft Azure KeyVault Administration.
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
package com.azure.security.keyvault.administration;
import com.azure.core.annotation.ReturnType;
import com.azure.core.annotation.ServiceClient;
import com.azure.core.annotation.ServiceMethod;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.rest.PagedFlux;
import com.azure.core.http.rest.PagedResponse;
import com.azure.core.http.rest.Response;
import com.azure.core.http.rest.SimpleResponse;
import com.azure.core.util.Context;
import com.azure.core.util.FluxUtil;
import com.azure.core.util.logging.ClientLogger;
import com.azure.security.keyvault.administration.implementation.KeyVaultAccessControlClientImpl;
import com.azure.security.keyvault.administration.implementation.KeyVaultAdministrationUtils;
import com.azure.security.keyvault.administration.implementation.KeyVaultErrorCodeStrings;
import com.azure.security.keyvault.administration.implementation.models.RoleAssignmentCreateParameters;
import com.azure.security.keyvault.administration.implementation.models.RoleDefinitionCreateParameters;
import com.azure.security.keyvault.administration.models.KeyVaultAdministrationException;
import com.azure.security.keyvault.administration.models.KeyVaultRoleAssignment;
import com.azure.security.keyvault.administration.models.KeyVaultRoleDefinition;
import com.azure.security.keyvault.administration.models.KeyVaultRoleScope;
import com.azure.security.keyvault.administration.models.SetRoleDefinitionOptions;
import reactor.core.publisher.Mono;
import java.net.URL;
import java.util.Objects;
import java.util.UUID;
import static com.azure.core.util.FluxUtil.monoError;
import static com.azure.core.util.FluxUtil.withContext;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.swallowExceptionForStatusCodeAsync;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.validateAndGetRoleAssignmentCreateParameters;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.validateAndGetRoleDefinitionCreateParameters;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.validateRoleAssignmentParameters;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.validateRoleDefinitionParameters;
/**
* The {@link KeyVaultAccessControlAsyncClient} provides asynchronous methods to view and manage Role Based Access
* for a key vault. The client supports creating, listing, updating, and deleting
* {@link KeyVaultRoleDefinition role definitions} and {@link KeyVaultRoleAssignment role assignments}.
*
* Getting Started
*
* In order to interact with the Azure Key Vault service, you will need to create an instance of the
* {@link KeyVaultAccessControlAsyncClient} class, a vault url and a credential object.
*
* The examples shown in this document use a credential object named DefaultAzureCredential for authentication,
* which is appropriate for most scenarios, including local development and production environments. Additionally,
* we recommend using a
*
* managed identity for authentication in production environments.
* You can find more information on different ways of authenticating and their corresponding credential types in the
*
* Azure Identity documentation".
*
* Sample: Construct Asynchronous Access Control Client
*
* The following code sample demonstrates the creation of a {@link KeyVaultAccessControlAsyncClient}, using the
* {@link KeyVaultAccessControlClientBuilder} to configure it.
*
*
*
* KeyVaultAccessControlAsyncClient keyVaultAccessControlAsyncClient = new KeyVaultAccessControlClientBuilder()
* .vaultUrl("<your-managed-hsm-url>")
* .credential(new DefaultAzureCredentialBuilder().build())
* .buildAsyncClient();
*
*
*
*
*
*
*
* Set a Role Definition
* The {@link KeyVaultAccessControlAsyncClient} can be used to set a role definition in the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously create a role definition in the key vault, using the
* {@link KeyVaultAccessControlAsyncClient#setRoleDefinition(KeyVaultRoleScope)} API.
*
*
*
* KeyVaultRoleDefinition roleDefinition = keyVaultAccessControlClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL);
*
* System.out.printf("Created role definition with randomly generated name '%s' and role name '%s'.%n",
* roleDefinition.getName(), roleDefinition.getRoleName());
*
*
*
* Note: For the synchronous sample, refer to {@link KeyVaultAccessControlClient}.
*
*
*
*
*
* Get a Role Definition
* The {@link KeyVaultAccessControlClient} can be used to retrieve a role definition from the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously retrieve a role definition from the key vault, using
* the {@link KeyVaultAccessControlClient#getRoleDefinition(KeyVaultRoleScope, String)} API.
*
*
*
* String roleDefinitionName = "de8df120-987e-4477-b9cc-570fd219a62c";
* KeyVaultRoleDefinition roleDefinition =
* keyVaultAccessControlClient.getRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName);
*
* System.out.printf("Retrieved role definition with name '%s' and role name '%s'.%n", roleDefinition.getName(),
* roleDefinition.getRoleName());
*
*
*
* Note: For the synchronous sample, refer to {@link KeyVaultAccessControlClient}.
*
*
*
*
*
* Delete a Role Definition
* The {@link KeyVaultAccessControlAsyncClient} can be used to delete a role definition from the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously delete a role definition from the key vault, using
* the {@link KeyVaultAccessControlAsyncClient#deleteRoleDefinition(KeyVaultRoleScope, String)} API.
*
*
*
* String roleDefinitionName = "6a709e6e-8964-4012-a99b-6b0131e8ce40";
*
* keyVaultAccessControlClient.deleteRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName);
*
* System.out.printf("Deleted role definition with name '%s'.%n", roleDefinitionName);
*
*
*
* Note: For the synchronous sample, refer to {@link KeyVaultAccessControlClient}.
*
*
*
*
*
* Create a Role Assignment
* The {@link KeyVaultAccessControlAsyncClient} can be used to set a role assignment in the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously create a role assignment in the key vault, using the
* {@link KeyVaultAccessControlAsyncClient#createRoleAssignment(KeyVaultRoleScope, String, String)} API.
*
*
*
* String roleDefinitionId = "b0b43a39-920c-475b-b34c-32ecc2bbb0ea";
* String servicePrincipalId = "169d6a86-61b3-4615-ac7e-2da09edfeed4";
* KeyVaultRoleAssignment roleAssignment =
* keyVaultAccessControlClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, roleDefinitionId,
* servicePrincipalId);
*
* System.out.printf("Created role assignment with randomly generated name '%s' for principal with id '%s'.%n",
* roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId());
*
*
*
* Note: For the synchronous sample, refer to {@link KeyVaultAccessControlClient}.
*
*
*
*
*
* Get a Role Definition
* The {@link KeyVaultAccessControlClient} can be used to retrieve a role assignment from the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously retrieve a role assignment from the key vault, using
* the {@link KeyVaultAccessControlClient#getRoleDefinition(KeyVaultRoleScope, String)} API.
*
*
*
* String roleAssignmentName = "06d1ae8b-0791-4f02-b976-f631251f5a95";
* KeyVaultRoleAssignment roleAssignment =
* keyVaultAccessControlClient.getRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName);
*
* System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName());
*
*
*
* Note: For the synchronous sample, refer to {@link KeyVaultAccessControlClient}.
*
*
*
*
*
* Delete a Role Definition
* The {@link KeyVaultAccessControlAsyncClient} can be used to delete a role assignment from the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously delete a role assignment from the key vault, using
* the {@link KeyVaultAccessControlAsyncClient#deleteRoleDefinition(KeyVaultRoleScope, String)} API.
*
*
*
* String roleAssignmentName = "c3ed874a-64a9-4a87-8581-2a1ad84b9ddb";
*
* keyVaultAccessControlClient.deleteRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName);
*
* System.out.printf("Deleted role assignment with name '%s'.%n", roleAssignmentName);
*
*
*
* Note: For the synchronous sample, refer to {@link KeyVaultAccessControlClient}.
*
* @see com.azure.security.keyvault.administration
* @see KeyVaultAccessControlClientBuilder
*/
@ServiceClient(builder = KeyVaultAccessControlClientBuilder.class, isAsync = true)
public final class KeyVaultAccessControlAsyncClient {
/**
* The logger to be used.
*/
private static final ClientLogger LOGGER = new ClientLogger(KeyVaultAccessControlAsyncClient.class);
/**
* The underlying AutoRest client used to interact with the Key Vault service.
*/
private final KeyVaultAccessControlClientImpl clientImpl;
/**
* The Key Vault URL this client is associated to.
*/
private final String vaultUrl;
/**
* The Key Vault Administration Service version to use with this client.
*/
private final String serviceVersion;
/**
* The {@link HttpPipeline} powering this client.
*/
private final HttpPipeline pipeline;
/**
* Package private constructor to be used by {@link KeyVaultAccessControlClientBuilder}.
*/
KeyVaultAccessControlAsyncClient(URL vaultUrl, HttpPipeline httpPipeline,
KeyVaultAdministrationServiceVersion serviceVersion) {
Objects.requireNonNull(vaultUrl, KeyVaultErrorCodeStrings.VAULT_END_POINT_REQUIRED);
this.vaultUrl = vaultUrl.toString();
this.serviceVersion = serviceVersion.getVersion();
this.pipeline = httpPipeline;
clientImpl = new KeyVaultAccessControlClientImpl(httpPipeline, this.serviceVersion);
}
/**
* Gets the URL for the Key Vault this client is associated with.
*
* @return The Key Vault URL.
*/
public String getVaultUrl() {
return vaultUrl;
}
/**
* Gets the {@link HttpPipeline} powering this client.
*
* @return The pipeline.
*/
HttpPipeline getHttpPipeline() {
return this.pipeline;
}
/**
* Lists all {@link KeyVaultRoleDefinition role definitions} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* Code Samples
* Lists all {@link KeyVaultRoleDefinition role definitions}. Prints out the details of the retrieved
* {@link KeyVaultRoleDefinition role definitions}.
*
*
* keyVaultAccessControlAsyncClient.listRoleDefinitions(KeyVaultRoleScope.GLOBAL)
* .subscribe(roleDefinition ->
* System.out.printf("Retrieved role definition with name '%s'.%n", roleDefinition.getName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definitions}.
*
* @return A {@link PagedFlux} containing the {@link KeyVaultRoleDefinition role definitions} for the given
* {@link KeyVaultRoleScope role scope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.COLLECTION)
public PagedFlux listRoleDefinitions(KeyVaultRoleScope roleScope) {
return new PagedFlux<>(
() -> withContext(context -> listRoleDefinitionsFirstPage(vaultUrl, roleScope, context)),
continuationToken -> withContext(context -> listRoleDefinitionsNextPage(continuationToken, context)));
}
/**
* Lists all {@link KeyVaultRoleDefinition role definitions} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definitions}.
* @param context Additional {@link Context} that is passed through the HTTP pipeline during the service call.
*
* @return A {@link PagedFlux} containing the {@link KeyVaultRoleDefinition role definitions} for the given
* {@link KeyVaultRoleScope role scope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
PagedFlux listRoleDefinitions(KeyVaultRoleScope roleScope, Context context) {
return new PagedFlux<>(
() -> listRoleDefinitionsFirstPage(vaultUrl, roleScope, context),
continuationToken -> listRoleDefinitionsNextPage(continuationToken, context));
}
/**
* Lists all {@link KeyVaultRoleDefinition role definitions} in the first page that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* @param vaultUrl The URL for the Key Vault this client is associated with.
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link PagedResponse} of {@link KeyVaultRoleDefinition role definitions}
* for the given {@link KeyVaultRoleScope role scope} from the first page of results.
*
* @throws KeyVaultAdministrationException If the given {@code vaultUrl} or {@code roleScope} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
Mono> listRoleDefinitionsFirstPage(String vaultUrl,
KeyVaultRoleScope roleScope,
Context context) {
try {
Objects.requireNonNull(roleScope,
String.format(KeyVaultErrorCodeStrings.PARAMETER_REQUIRED, "'roleScope'"));
return clientImpl.getRoleDefinitions()
.listSinglePageAsync(vaultUrl, roleScope.toString(), null,
context)
.doOnRequest(ignored -> LOGGER.verbose("Listing role definitions for roleScope - {}", roleScope))
.doOnSuccess(response -> LOGGER.verbose("Listed role definitions for roleScope - {}", roleScope))
.doOnError(error -> LOGGER.warning("Failed to list role definitions for roleScope - {}", roleScope,
error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(KeyVaultAdministrationUtil::transformRoleDefinitionsPagedResponse);
} catch (RuntimeException e) {
return monoError(LOGGER, e);
}
}
/**
* Lists all {@link KeyVaultRoleDefinition role definitions} given by the {@code nextPageLink} that was retrieved
* from a call to
* {@link KeyVaultAccessControlAsyncClient#listRoleDefinitionsFirstPage(String, KeyVaultRoleScope, Context)}.
*
* @param continuationToken The {@link PagedResponse#getContinuationToken() continuationToken} from a previous,
* successful call to one of the {@code listKeyVaultRoleDefinitions} operations.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link PagedResponse} of {@link KeyVaultRoleDefinition role definitions}
* for the given {@link KeyVaultRoleScope role scope} from the next page of results.
*
* @throws KeyVaultAdministrationException If the given {@code continuationToken} is invalid.
*/
Mono> listRoleDefinitionsNextPage(String continuationToken, Context context) {
try {
return clientImpl.getRoleDefinitions()
.listNextSinglePageAsync(continuationToken, vaultUrl, context)
.doOnRequest(ignored ->
LOGGER.verbose("Listing next role definitions page - Page {}", continuationToken))
.doOnSuccess(response ->
LOGGER.verbose("Listed next role definitions page - Page {}", continuationToken))
.doOnError(error ->
LOGGER.warning("Failed to list next role definitions page - Page {}", continuationToken, error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(KeyVaultAdministrationUtil::transformRoleDefinitionsPagedResponse);
} catch (RuntimeException e) {
return monoError(LOGGER, e);
}
}
/**
* Creates or updates a {@link KeyVaultRoleDefinition role definition} with a randomly generated name.
*
* Code Samples
* Creates a {@link KeyVaultRoleDefinition role definition} with a randomly generated name. Prints out the
* details of the created {@link KeyVaultRoleDefinition role definition}.
*
*
* keyVaultAccessControlAsyncClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL)
* .subscribe(roleDefinition ->
* System.out.printf("Created role definition with randomly generated name '%s' and role name '%s'.%n",
* roleDefinition.getName(), roleDefinition.getRoleName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* Managed HSM only supports '/'.
*
* @return A {@link Mono} containing the created {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono setRoleDefinition(KeyVaultRoleScope roleScope) {
return setRoleDefinition(roleScope, UUID.randomUUID().toString());
}
/**
* Creates or updates a {@link KeyVaultRoleDefinition role definition}. If no name is provided, then a
* {@link KeyVaultRoleDefinition role definition} will be created with a randomly generated name.
*
* Code Samples
* Creates or updates a {@link KeyVaultRoleDefinition role definition} with a given generated name. Prints out
* the details of the created {@link KeyVaultRoleDefinition role definition}.
*
*
* String myRoleDefinitionName = "504a3d11-5a63-41a9-b603-41bdf88df03e";
*
* keyVaultAccessControlAsyncClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName)
* .subscribe(roleDefinition ->
* System.out.printf("Set role definition with name '%s' and role name '%s'.%n", roleDefinition.getName(),
* roleDefinition.getRoleName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* Managed HSM only supports '/'.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}. It can be any valid\
* UUID. If {@code null} is provided, a name will be randomly generated.
*
* @return A {@link Mono} containing the created {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName}
* are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono setRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) {
return setRoleDefinitionWithResponse(new SetRoleDefinitionOptions(roleScope, roleDefinitionName))
.flatMap(FluxUtil::toMono);
}
/**
* Creates or updates a {@link KeyVaultRoleDefinition role definition}.
*
* Code Samples
* Creates or updates a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the
* {@link Response HTTP response} and the created {@link KeyVaultRoleDefinition role definition}.
*
*
* String roleDefinitionName = "9de303d3-6ea8-4b8f-a20b-18e67f77e42a";
*
* List<KeyVaultRoleScope> assignableScopes = new ArrayList<>();
* assignableScopes.add(KeyVaultRoleScope.GLOBAL);
* assignableScopes.add(KeyVaultRoleScope.KEYS);
*
* List<KeyVaultDataAction> dataActions = new ArrayList<>();
* dataActions.add(KeyVaultDataAction.START_HSM_RESTORE);
* dataActions.add(KeyVaultDataAction.START_HSM_BACKUP);
* dataActions.add(KeyVaultDataAction.READ_HSM_BACKUP_STATUS);
* dataActions.add(KeyVaultDataAction.READ_HSM_RESTORE_STATUS);
* dataActions.add(KeyVaultDataAction.BACKUP_HSM_KEYS);
* dataActions.add(KeyVaultDataAction.RESTORE_HSM_KEYS);
*
* List<KeyVaultPermission> permissions = new ArrayList<>();
* permissions.add(new KeyVaultPermission(null, null, dataActions, null));
*
* SetRoleDefinitionOptions setRoleDefinitionOptions =
* new SetRoleDefinitionOptions(KeyVaultRoleScope.GLOBAL, roleDefinitionName)
* .setRoleName("Backup and Restore Role Definition")
* .setDescription("Can backup and restore a whole Managed HSM, as well as individual keys.%n")
* .setAssignableScopes(assignableScopes)
* .setPermissions(permissions);
*
* keyVaultAccessControlAsyncClient.setRoleDefinitionWithResponse(setRoleDefinitionOptions)
* .subscribe(response ->
* System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role"
* + " name '%s' was set.%n", response.getStatusCode(), response.getValue().getName(),
* response.getValue().getRoleName()));
*
*
*
* @param options Object representing the configurable options to create or update a
* {@link KeyVaultRoleDefinition role definition}.
*
* @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the
* created or updated {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If any parameter in {@code options} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName}
* in the {@link SetRoleDefinitionOptions options} object are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono> setRoleDefinitionWithResponse(SetRoleDefinitionOptions options) {
return withContext(context -> setRoleDefinitionWithResponse(options, context));
}
/**
* Creates or updates a {@link KeyVaultRoleDefinition role definition}.
*
* @param options Object representing the configurable options to create or update a
* {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the
* created or updated {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If any parameter in {@code options} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName}
* in the {@link SetRoleDefinitionOptions options} object are {@code null}.
*/
Mono> setRoleDefinitionWithResponse(SetRoleDefinitionOptions options,
Context context) {
try {
RoleDefinitionCreateParameters parameters = validateAndGetRoleDefinitionCreateParameters(options);
return clientImpl.getRoleDefinitions()
.createOrUpdateWithResponseAsync(vaultUrl, options.getRoleScope().toString(),
options.getRoleDefinitionName(), parameters,
context)
.doOnRequest(ignored ->
LOGGER.verbose("Creating role definition - {}", options.getRoleDefinitionName()))
.doOnSuccess(response -> LOGGER.verbose("Created role definition - {}", response.getValue().getName()))
.doOnError(error ->
LOGGER.warning("Failed to create role definition - {}", options.getRoleDefinitionName(), error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(KeyVaultAdministrationUtil::transformRoleDefinitionResponse);
} catch (RuntimeException e) {
return monoError(LOGGER, e);
}
}
/**
* Gets a {@link KeyVaultRoleDefinition role definition}.
*
* Code Samples
* Gets a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the retrieved
* {@link KeyVaultRoleDefinition role definition}.
*
*
* String roleDefinitionName = "8f90b099-7361-4db6-8321-719adaf6e4ca";
*
* keyVaultAccessControlAsyncClient.getRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName)
* .subscribe(roleDefinition ->
* System.out.printf("Retrieved role definition with name '%s' and role name '%s'.%n",
* roleDefinition.getName(), roleDefinition.getRoleName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name used of the {@link KeyVaultRoleDefinition role definition}.
*
* @return A {@link Mono} containing the {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono getRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) {
return getRoleDefinitionWithResponse(roleScope, roleDefinitionName).flatMap(FluxUtil::toMono);
}
/**
* Gets a {@link KeyVaultRoleDefinition role definition}.
*
* Code Samples
* Gets a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the
* {@link Response HTTP response} and the retrieved {@link KeyVaultRoleDefinition role definition}.
*
*
* String myRoleDefinitionName = "0877b4ee-6275-4559-89f1-c289060ef398";
*
* keyVaultAccessControlAsyncClient.getRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName)
* .subscribe(response ->
* System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role"
* + " name '%s' was retrieved.%n", response.getStatusCode(), response.getValue().getName(),
* response.getValue().getRoleName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
*
* @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the
* {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono> getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionName) {
return withContext(context -> getRoleDefinitionWithResponse(roleScope, roleDefinitionName, context));
}
/**
* Gets a {@link KeyVaultRoleDefinition role definition}.
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the
* {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
Mono> getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionName, Context context) {
try {
validateRoleDefinitionParameters(roleScope, roleDefinitionName);
return clientImpl.getRoleDefinitions()
.getWithResponseAsync(vaultUrl, roleScope.toString(), roleDefinitionName,
context)
.doOnRequest(ignored -> LOGGER.verbose("Retrieving role definition - {}", roleDefinitionName))
.doOnSuccess(response ->
LOGGER.verbose("Retrieved role definition - {}", response.getValue().getName()))
.doOnError(error ->
LOGGER.warning("Failed to retrieved role definition - {}", roleDefinitionName, error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(KeyVaultAdministrationUtil::transformRoleDefinitionResponse);
} catch (RuntimeException e) {
return monoError(LOGGER, e);
}
}
/**
* Deletes a {@link KeyVaultRoleDefinition role definition}.
*
* Code Samples
* Deletes a {@link KeyVaultRoleDefinition role definition}.
*
*
* String roleDefinitionName = "e3c7c51a-8abd-4b1b-9201-48ded34d0358";
*
* keyVaultAccessControlAsyncClient.deleteRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName)
* .subscribe(unused -> System.out.printf("Deleted role definition with name '%s'.%n", roleDefinitionName));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* Managed HSM only supports '/'.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
*
* @return A {@link Mono} of a {@link Void}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono deleteRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) {
return deleteRoleDefinitionWithResponse(roleScope, roleDefinitionName).flatMap(FluxUtil::toMono);
}
/**
* Deletes a {@link KeyVaultRoleDefinition role definition}.
*
* Code Samples
* Deletes a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the
* {@link Response HTTP response}.
*
*
* String myRoleDefinitionName = "ccaafb00-31fb-40fe-9ccc-39a2ad2af082";
*
* keyVaultAccessControlAsyncClient.deleteRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL,
* myRoleDefinitionName).subscribe(response ->
* System.out.printf("Response successful with status code: %d. Role definition with name '%s' was"
* + " deleted.%n", response.getStatusCode(), myRoleDefinitionName));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
*
* @return A {@link Mono} containing a {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono> deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionName) {
return withContext(context -> deleteRoleDefinitionWithResponse(roleScope, roleDefinitionName, context));
}
/**
* Deletes a {@link KeyVaultRoleDefinition role definition}.
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
Mono> deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionName,
Context context) {
try {
validateRoleDefinitionParameters(roleScope, roleDefinitionName);
return clientImpl.getRoleDefinitions()
.deleteWithResponseAsync(vaultUrl, roleScope.toString(), roleDefinitionName,
context)
.doOnRequest(ignored -> LOGGER.verbose("Deleting role definition - {}", roleDefinitionName))
.doOnSuccess(response -> LOGGER.verbose("Deleted role definition - {}", response.getValue().getName()))
.doOnError(error -> LOGGER.warning("Failed to delete role definition - {}", roleDefinitionName, error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(response -> (Response) new SimpleResponse(response, null))
.onErrorResume(KeyVaultAdministrationException.class, e ->
swallowExceptionForStatusCodeAsync(404, e, LOGGER));
} catch (RuntimeException e) {
return monoError(LOGGER, e);
}
}
/**
* Lists all {@link KeyVaultRoleAssignment role assignments} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
*
* @return A {@link PagedFlux} containing the {@link KeyVaultRoleAssignment role assignments} for the given
* {@link KeyVaultRoleScope role scope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.COLLECTION)
public PagedFlux listRoleAssignments(KeyVaultRoleScope roleScope) {
return new PagedFlux<>(
() -> withContext(context -> listRoleAssignmentsFirstPage(vaultUrl, roleScope, context)),
continuationToken -> withContext(context -> listRoleAssignmentsNextPage(continuationToken, context)));
}
/**
* Lists all {@link KeyVaultRoleAssignment role assignments} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link PagedFlux} containing the {@link KeyVaultRoleAssignment role assignments} for the given
* {@link KeyVaultRoleScope role scope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
PagedFlux listRoleAssignments(KeyVaultRoleScope roleScope, Context context) {
return new PagedFlux<>(
() -> listRoleAssignmentsFirstPage(vaultUrl, roleScope, context),
continuationToken -> listRoleAssignmentsNextPage(continuationToken, context));
}
/**
* Lists all {@link KeyVaultRoleAssignment role assignments} in the first page that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* @param vaultUrl The URL for the Key Vault this client is associated with.
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link PagedResponse} of {@link KeyVaultRoleAssignment role assignments}
* in the given {@link KeyVaultRoleScope role scope} from the first page of results.
*
* @throws KeyVaultAdministrationException If the given {@code vaultUrl} or {@code roleScope} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
Mono> listRoleAssignmentsFirstPage(String vaultUrl,
KeyVaultRoleScope roleScope,
Context context) {
try {
Objects.requireNonNull(roleScope,
String.format(KeyVaultErrorCodeStrings.PARAMETER_REQUIRED, "'roleScope'"));
return clientImpl.getRoleAssignments()
.listForScopeSinglePageAsync(vaultUrl, roleScope.toString(), null,
context)
.doOnRequest(ignored -> LOGGER.verbose("Listing role assignments for roleScope - {}", roleScope))
.doOnSuccess(response -> LOGGER.verbose("Listed role assignments for roleScope - {}", roleScope))
.doOnError(error -> LOGGER.warning("Failed to list role assignments for roleScope - {}", roleScope,
error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(KeyVaultAdministrationUtil::transformRoleAssignmentsPagedResponse);
} catch (RuntimeException e) {
return monoError(LOGGER, e);
}
}
/**
* Lists all {@link KeyVaultRoleAssignment role assignments} given by the {@code nextPageLink} that was
* retrieved from a call to {@link KeyVaultAccessControlAsyncClient#listRoleAssignments(KeyVaultRoleScope)}.
*
* @param continuationToken The {@link PagedResponse#getContinuationToken() continuationToken} from a previous,
* successful call to one of the {@code listKeyVaultRoleAssignments} operations.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link PagedResponse} of {@link KeyVaultRoleAssignment role assignments}
* for the given {@link KeyVaultRoleScope role scope} from the first page of results.
*
* @throws KeyVaultAdministrationException If the given {@code continuationToken} is invalid.
*/
Mono> listRoleAssignmentsNextPage(String continuationToken, Context context) {
try {
return clientImpl.getRoleAssignments()
.listForScopeNextSinglePageAsync(continuationToken, vaultUrl,
context)
.doOnRequest(ignored ->
LOGGER.verbose("Listing next role assignments page - Page {}", continuationToken))
.doOnSuccess(response ->
LOGGER.verbose("Listed next role assignments page - Page {}", continuationToken))
.doOnError(error -> LOGGER.warning("Failed to list next role assignments page - Page {}",
continuationToken, error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(KeyVaultAdministrationUtil::transformRoleAssignmentsPagedResponse);
} catch (RuntimeException e) {
return monoError(LOGGER, e);
}
}
/**
* Creates a {@link KeyVaultRoleAssignment role assignment} with a randomly generated name.
*
* Code Samples
* Creates a {@link KeyVaultRoleAssignment role assignment} with a randomly generated name. Prints out the
* details of the created {@link KeyVaultRoleAssignment role assignment}.
*
*
* String roleDefinitionId = "142e42c1-ab29-4dc7-9dfa-8fd7c0815128";
* String servicePrincipalId = "07dca82e-b625-4a60-977b-859d2a162ca7";
*
* keyVaultAccessControlAsyncClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, roleDefinitionId,
* servicePrincipalId).subscribe(roleAssignment ->
* System.out.printf("Created role assignment with randomly generated name '%s' for principal with id"
* + "'%s'.%n", roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}
* to create.
* @param roleDefinitionId The {@link KeyVaultRoleDefinition role definition} ID for the role assignment.
* @param principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory.
*
* @return A {@link Mono} containing the created {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope}, {@code roleDefinitionId} or
* {@code principalId} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope}, {@link String roleAssignmentName},
* {@link String roleDefinitionId} or {@link String principalId} are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId,
String principalId) {
return createRoleAssignment(roleScope, roleDefinitionId, principalId, UUID.randomUUID().toString());
}
/**
* Creates a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Creates a {@link KeyVaultRoleAssignment role assignment}. Prints out the details of the created
* {@link KeyVaultRoleAssignment role assignment}.
*
*
* String myRoleDefinitionId = "e1ca67d0-4332-465c-b9cd-894b2834401b";
* String myServicePrincipalId = "31af81fe-6123-4838-92c0-7c2531ec13d7";
* String myRoleAssignmentName = "94d7827f-f8c9-4a5d-94fd-9fd2cd02d12f";
*
* keyVaultAccessControlAsyncClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, myRoleDefinitionId,
* myServicePrincipalId, myRoleAssignmentName).subscribe(roleAssignment ->
* System.out.printf("Created role assignment with name '%s' for principal with id '%s'.%n",
* roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}
* to create.
* @param roleDefinitionId The {@link KeyVaultRoleDefinition role definition} ID for the role assignment.
* @param principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory.
* @param roleAssignmentName The name used to create the {@link KeyVaultRoleAssignment role assignment}. It can be
* any valid UUID.
*
* @return A {@link Mono} containing the created {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* already or if the given {@code roleScope}, {@code roleDefinitionId} or {@code principalId} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope}, {@link String roleAssignmentName},
* {@link String roleDefinitionId} or {@link String principalId} are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId,
String principalId, String roleAssignmentName) {
return createRoleAssignmentWithResponse(roleScope, roleDefinitionId, principalId, roleAssignmentName)
.flatMap(FluxUtil::toMono);
}
/**
* Creates a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Creates a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the
* {@link Response HTTP response} and the created {@link KeyVaultRoleAssignment role assignment}.
*
*
* String someRoleDefinitionId = "686b0f78-5012-4def-8a70-eba36aa54d3d";
* String someServicePrincipalId = "345ec980-904b-4238-aafc-1eaeed3e23cf";
* String someRoleAssignmentName = "1c79927c-6e08-4e5c-8a6c-f58c13c9bbb5";
*
* keyVaultAccessControlAsyncClient.createRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL,
* someRoleDefinitionId, someServicePrincipalId, someRoleAssignmentName).subscribe(response -> {
* KeyVaultRoleAssignment createdRoleAssignment = response.getValue();
*
* System.out.printf("Response successful with status code: %d. Role assignment with name '%s' for"
* + " principal with id '%s' was created.%n", response.getStatusCode(),
* createdRoleAssignment.getName(), createdRoleAssignment.getProperties().getPrincipalId());
* });
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}
* to create.
* @param roleAssignmentName The name used to create the {@link KeyVaultRoleAssignment role assignment}. It can be
* any valid UUID.
* @param roleDefinitionId The {@link KeyVaultRoleDefinition role definition} ID for the role assignment.
* @param principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory.
*
* @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the created
* {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* already exists or if the given {@code roleScope}, {@code roleDefinitionId} or {@code principalId} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope}, {@link String roleAssignmentName},
* {@link String roleDefinitionId} or {@link String principalId} are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono> createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionId,
String principalId,
String roleAssignmentName) {
return withContext(context ->
createRoleAssignmentWithResponse(roleScope, roleDefinitionId, principalId, roleAssignmentName, context));
}
/**
* Creates a {@link KeyVaultRoleAssignment role assignment}.
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}
* to create.
* @param roleAssignmentName The name used to create the {@link KeyVaultRoleAssignment role assignment}. It can be
* any valid UUID.
* @param roleDefinitionId The {@link KeyVaultRoleDefinition role definition} ID for the role assignment.
* @param principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the created
* {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* already exists or if the given {@code roleScope}, {@code roleDefinitionId} or {@code principalId} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope}, {@link String roleAssignmentName},
* {@link String roleDefinitionId} or {@link String principalId} are {@code null}.
*/
Mono> createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionId, String principalId,
String roleAssignmentName,
Context context) {
try {
RoleAssignmentCreateParameters parameters = validateAndGetRoleAssignmentCreateParameters(roleScope, roleDefinitionId, principalId, roleAssignmentName);
return clientImpl.getRoleAssignments()
.createWithResponseAsync(vaultUrl, roleScope.toString(), roleAssignmentName, parameters,
context)
.doOnRequest(ignored -> LOGGER.verbose("Creating role assignment - {}", roleAssignmentName))
.doOnSuccess(response -> LOGGER.verbose("Created role assignment - {}", response.getValue().getName()))
.doOnError(error -> LOGGER.warning("Failed to create role assignment - {}", roleAssignmentName, error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(KeyVaultAdministrationUtil::transformRoleAssignmentResponse);
} catch (RuntimeException e) {
return monoError(LOGGER, e);
}
}
/**
* Gets a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Gets a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the retrieved
* {@link KeyVaultRoleAssignment role assignment}.
*
*
* String roleAssignmentName = "c5a305c0-e17a-40f5-af79-73801bdd8867";
*
* keyVaultAccessControlAsyncClient.getRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName)
* .subscribe(roleAssignment ->
* System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name used of the {@link KeyVaultRoleAssignment role assignment}.
*
* @return A {@link Mono} containing the {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono getRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName) {
return getRoleAssignmentWithResponse(roleScope, roleAssignmentName).flatMap(FluxUtil::toMono);
}
/**
* Gets a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Gets a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the
* {@link Response HTTP response} and the retrieved {@link KeyVaultRoleAssignment role assignment}.
*
*
* String myRoleAssignmentName = "76ccbf52-4d49-4fcc-ad3f-044c254be114";
*
* keyVaultAccessControlAsyncClient.getRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, myRoleAssignmentName)
* .subscribe(response ->
* System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was"
* + " retrieved.%n", response.getStatusCode(), response.getValue().getName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
*
* @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the
* {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono> getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleAssignmentName) {
return withContext(context -> getRoleAssignmentWithResponse(roleScope, roleAssignmentName, context));
}
/**
* Gets a {@link KeyVaultRoleAssignment role assignment}.
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the
* {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleAssignmentName} are
* {@code null}.
*/
Mono> getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleAssignmentName, Context context) {
try {
validateRoleAssignmentParameters(roleScope, roleAssignmentName);
return clientImpl.getRoleAssignments()
.getWithResponseAsync(vaultUrl, roleScope.toString(), roleAssignmentName,
context)
.doOnRequest(ignored -> LOGGER.verbose("Retrieving role assignment - {}", roleAssignmentName))
.doOnSuccess(response ->
LOGGER.verbose("Retrieved role assignment - {}", response.getValue().getName()))
.doOnError(error ->
LOGGER.warning("Failed to retrieve role assignment - {}", roleAssignmentName, error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(KeyVaultAdministrationUtil::transformRoleAssignmentResponse);
} catch (RuntimeException e) {
return monoError(LOGGER, e);
}
}
/**
* Deletes a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Deletes a {@link KeyVaultRoleAssignment role assignment}.
*
*
* String roleAssignmentName = "f05d11ce-578a-4524-950c-fb4c53e5fb96";
*
* keyVaultAccessControlAsyncClient.deleteRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName)
* .subscribe(unused ->
* System.out.printf("Deleted role assignment with name '%s'.%n", roleAssignmentName));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
*
* @return A {@link Mono} of a {@link Void}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono deleteRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName) {
return deleteRoleAssignmentWithResponse(roleScope, roleAssignmentName).flatMap(FluxUtil::toMono);
}
/**
* Deletes a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Deletes a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the
* {@link Response HTTP response}.
*
*
* String myRoleAssignmentName = "06aaea13-e4f3-4d3f-8a93-088dff6e90ed";
*
* keyVaultAccessControlAsyncClient.deleteRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL,
* myRoleAssignmentName).subscribe(response ->
* System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was"
* + " deleted.%n", response.getStatusCode(), myRoleAssignmentName));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
*
* @return A {@link Mono} containing a {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono> deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleAssignmentName) {
return withContext(context -> deleteRoleAssignmentWithResponse(roleScope, roleAssignmentName, context));
}
/**
* Deletes a {@link KeyVaultRoleAssignment role assignment}.
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleAssignmentName} are
* {@code null}.
*/
Mono> deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName,
Context context) {
try {
validateRoleAssignmentParameters(roleScope, roleAssignmentName);
return clientImpl.getRoleAssignments()
.deleteWithResponseAsync(vaultUrl, roleScope.toString(), roleAssignmentName,
context)
.doOnRequest(ignored -> LOGGER.verbose("Deleting role assignment - {}", roleAssignmentName))
.doOnSuccess(response -> LOGGER.verbose("Deleted role assignment - {}", response.getValue().getName()))
.doOnError(error -> LOGGER.warning("Failed to delete role assignment - {}", roleAssignmentName, error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(response -> (Response) new SimpleResponse(response, null))
.onErrorResume(KeyVaultAdministrationException.class, e ->
swallowExceptionForStatusCodeAsync(404, e, LOGGER));
} catch (RuntimeException e) {
return monoError(LOGGER, e);
}
}
}