com.microsoft.azure.management.keyvault.AccessPolicy Maven / Gradle / Ivy
Show all versions of azure-mgmt-keyvault Show documentation
/**
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License. See License.txt in the project root for
* license information.
*/
package com.microsoft.azure.management.keyvault;
import com.microsoft.azure.management.apigeneration.Fluent;
import com.microsoft.azure.management.apigeneration.Method;
import com.microsoft.azure.management.graphrbac.ActiveDirectoryGroup;
import com.microsoft.azure.management.graphrbac.ActiveDirectoryUser;
import com.microsoft.azure.management.graphrbac.ServicePrincipal;
import com.microsoft.azure.management.resources.fluentcore.arm.models.ChildResource;
import com.microsoft.azure.management.resources.fluentcore.model.Attachable;
import com.microsoft.azure.management.resources.fluentcore.model.HasInner;
import com.microsoft.azure.management.resources.fluentcore.model.Settable;
import java.util.List;
/**
* An immutable client-side representation of a key vault access policy.
*/
@Fluent(ContainerName = "/Microsoft.Azure.Management.Fluent.KeyVault")
public interface AccessPolicy extends
ChildResource,
HasInner {
/**
* @return The Azure Active Directory tenant ID that should be used for
* authenticating requests to the key vault.
*/
String tenantId();
/**
* @return The object ID of a user or service principal in the Azure Active
* Directory tenant for the vault.
*/
String objectId();
/**
* @return Application ID of the client making request on behalf of a principal.
*/
String applicationId();
/**
* @return Permissions the identity has for keys and secrets.
*/
Permissions permissions();
/**************************************************************
* Fluent interfaces to attach an access policy
**************************************************************/
/**
* The entirety of an access policy definition.
* @param the return type of the final {@link Attachable#attach()}
*/
interface Definition extends
DefinitionStages.Blank,
DefinitionStages.WithAttach {
}
/**
* Grouping of access policy definition stages applicable as part of a key vault creation.
*/
interface DefinitionStages {
/**
* The first stage of an access policy definition.
*
* @param the stage of the parent definition to return to after attaching this definition
*/
interface Blank extends WithIdentity {
}
/**
* The access policy definition stage allowing the Active Directory identity to be specified.
* @param the stage of the parent definition to return to after attaching this definition
*/
interface WithIdentity {
/**
* Specifies the object ID of the Active Directory identity this access policy is for.
*
* @param objectId the object ID of the AD identity
* @return the next stage of access policy definition
*/
WithAttach forObjectId(String objectId);
/**
* Specifies the Active Directory user this access policy is for.
*
* @param user the AD user object
* @return the next stage of access policy definition
*/
WithAttach forUser(ActiveDirectoryUser user);
/**
* Specifies the Active Directory user this access policy is for.
*
* @param userPrincipalName the user principal name of the AD user
* @return the next stage of access policy definition
*/
WithAttach forUser(String userPrincipalName);
/**
* Application ID of the client making request on behalf of a principal.
*
* @param applicationId the application ID
* @return the next stage of access policy definition
*/
WithAttach forApplicationId(String applicationId);
/**
* Specifies the Azure Active Directory tenant ID that should be used for
* authenticating requests to the key vault.
*
* @param tenantId the tenant ID for the key vault.
* @return the next stage of access policy definition
*/
WithAttach forTenantId(String tenantId);
/**
* Specifies the Active Directory group this access policy is for.
*
* @param activeDirectoryGroup the AD group object
* @return the next stage of access policy definition
*/
WithAttach forGroup(ActiveDirectoryGroup activeDirectoryGroup);
/**
* Specifies the Active Directory service principal this access policy is for.
*
* @param servicePrincipal the AD service principal object
* @return the next stage of access policy definition
*/
WithAttach forServicePrincipal(ServicePrincipal servicePrincipal);
/**
* Specifies the Active Directory service principal this access policy is for.
*
* @param servicePrincipalName the service principal name of the AD user
* @return the next stage of access policy definition
*/
WithAttach forServicePrincipal(String servicePrincipalName);
}
/**
* The access policy definition stage allowing permissions to be added.
* @param the stage of the parent definition to return to after attaching this definition
*/
interface WithPermissions {
/**
* Allow all permissions for the AD identity to access keys.
*
* @return the next stage of access policy definition
*/
@Method
WithAttach allowKeyAllPermissions();
/**
* Allow a list of permissions for the AD identity to access keys.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowKeyPermissions(KeyPermissions... permissions);
/**
* Allow a list of permissions for the AD identity to access keys.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowKeyPermissions(List permissions);
/**
* Allow all permissions for the AD identity to access secrets.
*
* @return the next stage of access policy definition
*/
@Method
WithAttach allowSecretAllPermissions();
/**
* Allow a list of permissions for the AD identity to access secrets.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowSecretPermissions(SecretPermissions... permissions);
/**
* Allow a list of permissions for the AD identity to access secrets.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowSecretPermissions(List permissions);
/**
* Allow all permissions for the AD identity to access certificates.
*
* @return the next stage of access policy definition
*/
@Method
WithAttach allowCertificateAllPermissions();
/**
* Allow a list of permissions for the AD identity to access certificates.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowCertificatePermissions(CertificatePermissions... permissions);
/**
* Allow a list of permissions for the AD identity to access certificates.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowCertificatePermissions(List permissions);
/**
* Allow all permissions for the Ad identity to access storage.
*
* @return the next stage of access policy definition
*/
@Method
WithAttach allowStorageAllPermissions();
/**
* Allow a list of permissions for the AD identity to access storage.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowStoragePermissions(StoragePermissions...permissions);
/**
* Allow a list of permissions for the AD identity to access storage.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowStoragePermissions(List permissions);
}
/** The final stage of the access policy definition.
*
* At this stage, more permissions can be added or application ID can be specified,
* or the access policy definition can be attached to the parent key vault definition
* using {@link WithAttach#attach()}.
* @param the return type of {@link WithAttach#attach()}
*/
interface WithAttach extends
Attachable.InUpdate,
WithPermissions {
}
}
/**
* The entirety of an access policy definition as part of a key vault update.
* @param the return type of the final {@link UpdateDefinitionStages.WithAttach#attach()}
*/
interface UpdateDefinition extends
UpdateDefinitionStages.Blank,
UpdateDefinitionStages.WithAttach {
}
/**
* Grouping of access policy definition stages applicable as part of a key vault update.
*/
interface UpdateDefinitionStages {
/**
* The first stage of an access policy definition.
*
* @param the stage of the parent definition to return to after attaching this definition
*/
interface Blank extends WithIdentity {
}
/**
* The access policy definition stage allowing the Active Directory identity to be specified.
* @param the stage of the parent definition to return to after attaching this definition
*/
interface WithIdentity {
/**
* Specifies the object ID of the Active Directory identity this access policy is for.
*
* @param objectId the object ID of the AD identity
* @return the next stage of access policy definition
*/
WithAttach forObjectId(String objectId);
/**
* Specifies the Active Directory user this access policy is for.
*
* @param user the AD user object
* @return the next stage of access policy definition
*/
WithAttach forUser(ActiveDirectoryUser user);
/**
* Specifies the Active Directory user this access policy is for.
*
* @param userPrincipalName the user principal name of the AD user
* @return the next stage of access policy definition
*/
WithAttach forUser(String userPrincipalName);
/**
* Application ID of the client making request on behalf of a principal.
*
* @param applicationId the application ID
* @return the next stage of access policy definition
*/
WithAttach forApplicationId(String applicationId);
/**
* Specifies the Azure Active Directory tenant ID that should be used for
* authenticating requests to the key vault.
*
* @param tenantId the tenant ID for the key vault.
* @return the next stage of access policy definition
*/
WithAttach forTenantId(String tenantId);
/**
* Specifies the Active Directory group this access policy is for.
*
* @param activeDirectoryGroup the AD group object
* @return the next stage of access policy definition
*/
WithAttach forGroup(ActiveDirectoryGroup activeDirectoryGroup);
/**
* Specifies the Active Directory service principal this access policy is for.
*
* @param servicePrincipal the AD service principal object
* @return the next stage of access policy definition
*/
WithAttach forServicePrincipal(ServicePrincipal servicePrincipal);
/**
* Specifies the Active Directory service principal this access policy is for.
*
* @param servicePrincipalName the service principal name of the AD user
* @return the next stage of access policy definition
*/
WithAttach forServicePrincipal(String servicePrincipalName);
}
/**
* The access policy definition stage allowing permissions to be added.
* @param the stage of the parent definition to return to after attaching this definition
*/
interface WithPermissions {
/**
* Allow all permissions for the AD identity to access keys.
*
* @return the next stage of access policy definition
*/
@Method
WithAttach allowKeyAllPermissions();
/**
* Allow a list of permissions for the AD identity to access keys.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowKeyPermissions(KeyPermissions... permissions);
/**
* Allow a list of permissions for the AD identity to access keys.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowKeyPermissions(List permissions);
/**
* Allow all permissions for the AD identity to access secrets.
*
* @return the next stage of access policy definition
*/
@Method
WithAttach allowSecretAllPermissions();
/**
* Allow a list of permissions for the AD identity to access secrets.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowSecretPermissions(SecretPermissions... permissions);
/**
* Allow a list of permissions for the AD identity to access secrets.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowSecretPermissions(List permissions);
/**
* Allow all permissions for the Ad identity to access storage.
*
* @return the next stage of access policy definition
*/
@Method
WithAttach allowStorageAllPermissions();
/**
* Allow a list of permissions for the AD identity to access storage.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowStoragePermissions(StoragePermissions...permissions);
/**
* Allow a list of permissions for the AD identity to access storage.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
WithAttach allowStoragePermissions(List permissions);
}
/** The final stage of the access policy definition.
*
* At this stage, more permissions can be added or application ID can be specified,
* or the access policy definition can be attached to the parent key vault update
* using {@link WithAttach#attach()}.
* @param the return type of {@link WithAttach#attach()}
*/
interface WithAttach extends
Attachable.InDefinition,
WithPermissions {
}
}
/**
* Grouping of all the key vault update stages.
*/
interface UpdateStages {
/**
* The access policy update stage allowing permissions to be added or removed.
*/
interface WithPermissions {
/**
* Allow all permissions for the AD identity to access keys.
*
* @return the next stage of access policy update
*/
@Method
Update allowKeyAllPermissions();
/**
* Allow a list of permissions for the AD identity to access keys.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy update
*/
Update allowKeyPermissions(KeyPermissions... permissions);
/**
* Allow a list of permissions for the AD identity to access keys.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy update
*/
Update allowKeyPermissions(List permissions);
/**
* Revoke all permissions for the AD identity to access keys.
*
* @return the next stage of access policy update
*/
@Method
Update disallowKeyAllPermissions();
/**
* Revoke a list of permissions for the AD identity to access keys.
*
* @param permissions the list of permissions to revoke
* @return the next stage of access policy update
*/
Update disallowKeyPermissions(KeyPermissions... permissions);
/**
* Revoke a list of permissions for the AD identity to access keys.
*
* @param permissions the list of permissions to revoke
* @return the next stage of access policy update
*/
Update disallowKeyPermissions(List permissions);
/**
* Allow all permissions for the AD identity to access secrets.
*
* @return the next stage of access policy definition
*/
@Method
Update allowSecretAllPermissions();
/**
* Allow a list of permissions for the AD identity to access secrets.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
Update allowSecretPermissions(SecretPermissions... permissions);
/**
* Allow a list of permissions for the AD identity to access secrets.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
Update allowSecretPermissions(List permissions);
/**
* Revoke all permissions for the AD identity to access secrets.
*
* @return the next stage of access policy update
*/
@Method
Update disallowSecretAllPermissions();
/**
* Revoke a list of permissions for the AD identity to access secrets.
*
* @param permissions the list of permissions to revoke
* @return the next stage of access policy update
*/
Update disallowSecretPermissions(SecretPermissions... permissions);
/**
* Revoke a list of permissions for the AD identity to access secrets.
*
* @param permissions the list of permissions to revoke
* @return the next stage of access policy update
*/
Update disallowSecretPermissions(List permissions);
/**
* Allow all permissions for the AD identity to access certificates.
*
* @return the next stage of access policy update
*/
@Method
Update allowCertificateAllPermissions();
/**
* Allow a list of permissions for the AD identity to access certificates.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy update
*/
Update allowCertificatePermissions(CertificatePermissions... permissions);
/**
* Allow a list of permissions for the AD identity to access certificates.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy update
*/
Update allowCertificatePermissions(List permissions);
/**
* Revoke all permissions for the AD identity to access certificates.
*
* @return the next stage of access policy update
*/
@Method
Update disallowCertificateAllPermissions();
/**
* Revoke a list of permissions for the AD identity to access certificates.
*
* @param permissions the list of permissions to revoke
* @return the next stage of access policy update
*/
Update disallowCertificatePermissions(CertificatePermissions... permissions);
/**
* Revoke a list of permissions for the AD identity to access certificates.
*
* @param permissions the list of permissions to revoke
* @return the next stage of access policy update
*/
Update disallowCertificatePermissions(List permissions);
/**
* Allow all permissions for the Ad identity to access storage.
*
* @return the next stage of access policy definition
*/
@Method
Update allowStorageAllPermissions();
/**
* Allow a list of permissions for the AD identity to access storage.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
Update allowStoragePermissions(StoragePermissions...permissions);
/**
* Allow a list of permissions for the AD identity to access storage.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
Update allowStoragePermissions(List permissions);
/**
* Revoke all permissions for the Ad identity to access storage.
*
* @return the next stage of access policy definition
*/
@Method
Update disallowStorageAllPermissions();
/**
* Revoke a list of permissions for the AD identity to access storage.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
Update disallowStoragePermissions(StoragePermissions...permissions);
/**
* Revoke a list of permissions for the AD identity to access storage.
*
* @param permissions the list of permissions allowed
* @return the next stage of access policy definition
*/
Update disallowStoragePermissions(List permissions);
}
}
/**
* The entirety of an access policy update as part of a key vault update.
*/
interface Update extends
UpdateStages.WithPermissions,
Settable {
}
}