Class KeyVaultAccessControlAsyncClient
java.lang.Object
com.azure.security.keyvault.administration.KeyVaultAccessControlAsyncClient
The
KeyVaultAccessControlAsyncClient provides asynchronous methods to view and manage Role Based Access
for the Azure Key Vault. The client supports creating, listing, updating, and deleting
role definitions and role assignments.
Instances of this client are obtained by calling the KeyVaultAccessControlClientBuilder.buildAsyncClient()
method on a KeyVaultAccessControlClientBuilder object.
Samples to construct an async client
KeyVaultAccessControlAsyncClient keyVaultAccessControlAsyncClient = new KeyVaultAccessControlClientBuilder()
.vaultUrl("<your-managed-hsm-url>")
.credential(new DefaultAzureCredentialBuilder().build())
.buildAsyncClient();
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptioncreateRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId) Creates arole assignmentwith a randomly generated name.createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName) Creates arole assignment.Mono<com.azure.core.http.rest.Response<KeyVaultRoleAssignment>>createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName) Creates arole assignment.deleteRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName) Deletes arole assignment.deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName) Deletes arole assignment.deleteRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) Deletes arole definition.deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionName) Deletes arole definition.getRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName) Gets arole assignment.Mono<com.azure.core.http.rest.Response<KeyVaultRoleAssignment>>getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName) Gets arole assignment.getRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) Gets arole definition.Mono<com.azure.core.http.rest.Response<KeyVaultRoleDefinition>>getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionName) Gets arole definition.Gets the URL for the Key Vault this client is associated with.com.azure.core.http.rest.PagedFlux<KeyVaultRoleAssignment>listRoleAssignments(KeyVaultRoleScope roleScope) Lists allrole assignmentsthat are applicable at the givenrole scopeand above.com.azure.core.http.rest.PagedFlux<KeyVaultRoleDefinition>listRoleDefinitions(KeyVaultRoleScope roleScope) Lists allrole definitionsthat are applicable at the givenrole scopeand above.setRoleDefinition(KeyVaultRoleScope roleScope) Creates or updates arole definitionwith a randomly generated name.setRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) Creates or updates arole definition.Mono<com.azure.core.http.rest.Response<KeyVaultRoleDefinition>>Creates or updates arole definition.
-
Method Details
-
getVaultUrl
Gets the URL for the Key Vault this client is associated with.- Returns:
- The Key Vault URL.
-
listRoleDefinitions
public com.azure.core.http.rest.PagedFlux<KeyVaultRoleDefinition> listRoleDefinitions(KeyVaultRoleScope roleScope) Lists allrole definitionsthat are applicable at the givenrole scopeand above.Code Samples
Lists all
role definitions. Prints out the details of the retrievedrole definitions.keyVaultAccessControlAsyncClient.listRoleDefinitions(KeyVaultRoleScope.GLOBAL) .subscribe(roleDefinition -> System.out.printf("Retrieved role definition with name '%s'.%n", roleDefinition.getName()));- Parameters:
roleScope- Therole scopeof therole definitions.- Returns:
- A
PagedFluxcontaining therole definitionsfor the givenrole scope. - Throws:
KeyVaultAdministrationException- If the givenroleScopeis invalid.NullPointerException- If therole scopeisnull.
-
setRoleDefinition
Creates or updates arole definitionwith a randomly generated name.Code Samples
Creates a
role definitionwith a randomly generated name. Prints out the details of the createdrole definition.keyVaultAccessControlAsyncClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL) .subscribe(roleDefinition -> System.out.printf("Created role definition with randomly generated name '%s' and role name '%s'.%n", roleDefinition.getName(), roleDefinition.getRoleName()));- Parameters:
roleScope- Therole scopeof therole definition. Managed HSM only supports '/'.- Returns:
- A
Monocontaining the createdrole definition. - Throws:
KeyVaultAdministrationException- If the givenroleScopeis invalid.NullPointerException- If therole scopeisnull.
-
setRoleDefinition
public Mono<KeyVaultRoleDefinition> setRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) Creates or updates arole definition. If no name is provided, then arole definitionwill be created with a randomly generated name.Code Samples
Creates or updates a
role definitionwith a given generated name. Prints out the details of the createdrole definition.String myRoleDefinitionName = "504a3d11-5a63-41a9-b603-41bdf88df03e"; keyVaultAccessControlAsyncClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName) .subscribe(roleDefinition -> System.out.printf("Set role definition with name '%s' and role name '%s'.%n", roleDefinition.getName(), roleDefinition.getRoleName()));- Parameters:
roleScope- Therole scopeof therole definition. Managed HSM only supports '/'.roleDefinitionName- The name of therole definition. It can be any valid\ UUID. Ifnullis provided, a name will be randomly generated.- Returns:
- A
Monocontaining the createdrole definition. - Throws:
KeyVaultAdministrationException- If the givenroleScopeis invalid.NullPointerException- If therole scopeorroleDefinitionNamearenull.
-
setRoleDefinitionWithResponse
public Mono<com.azure.core.http.rest.Response<KeyVaultRoleDefinition>> setRoleDefinitionWithResponse(SetRoleDefinitionOptions options) Creates or updates arole definition.Code Samples
Creates or updates a
role definition. Prints out the details of theHTTP responseand the createdrole definition.String roleDefinitionName = "9de303d3-6ea8-4b8f-a20b-18e67f77e42a"; List<KeyVaultRoleScope> assignableScopes = new ArrayList<>(); assignableScopes.add(KeyVaultRoleScope.GLOBAL); assignableScopes.add(KeyVaultRoleScope.KEYS); List<KeyVaultDataAction> dataActions = new ArrayList<>(); dataActions.add(KeyVaultDataAction.START_HSM_RESTORE); dataActions.add(KeyVaultDataAction.START_HSM_BACKUP); dataActions.add(KeyVaultDataAction.READ_HSM_BACKUP_STATUS); dataActions.add(KeyVaultDataAction.READ_HSM_RESTORE_STATUS); dataActions.add(KeyVaultDataAction.BACKUP_HSM_KEYS); dataActions.add(KeyVaultDataAction.RESTORE_HSM_KEYS); List<KeyVaultPermission> permissions = new ArrayList<>(); permissions.add(new KeyVaultPermission(null, null, dataActions, null)); SetRoleDefinitionOptions setRoleDefinitionOptions = new SetRoleDefinitionOptions(KeyVaultRoleScope.GLOBAL, roleDefinitionName) .setRoleName("Backup and Restore Role Definition") .setDescription("Can backup and restore a whole Managed HSM, as well as individual keys.%n") .setAssignableScopes(assignableScopes) .setPermissions(permissions); keyVaultAccessControlAsyncClient.setRoleDefinitionWithResponse(setRoleDefinitionOptions) .subscribe(response -> System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role" + " name '%s' was set.%n", response.getStatusCode(), response.getValue().getName(), response.getValue().getRoleName()));- Parameters:
options- Object representing the configurable options to create or update arole definition.- Returns:
- A
Monocontaining aResponsewhosevaluecontains the created or updatedrole definition. - Throws:
KeyVaultAdministrationException- If any parameter inoptionsis invalid.NullPointerException- If therole scopeorroleDefinitionNamein theoptionsobject arenull.
-
getRoleDefinition
public Mono<KeyVaultRoleDefinition> getRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) Gets arole definition.Code Samples
Gets a
role definition. Prints out the details of the retrievedrole definition.String roleDefinitionName = "8f90b099-7361-4db6-8321-719adaf6e4ca"; keyVaultAccessControlAsyncClient.getRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName) .subscribe(roleDefinition -> System.out.printf("Retrieved role definition with name '%s' and role name '%s'.%n", roleDefinition.getName(), roleDefinition.getRoleName()));- Parameters:
roleScope- Therole scopeof therole definition.roleDefinitionName- The name used of therole definition.- Returns:
- A
Monocontaining therole definition. - Throws:
KeyVaultAdministrationException- If arole definitionwith the given name cannot be found or if the givenroleScopeis invalid.NullPointerException- If therole scopeorroleDefinitionNamearenull.
-
getRoleDefinitionWithResponse
public Mono<com.azure.core.http.rest.Response<KeyVaultRoleDefinition>> getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionName) Gets arole definition.Code Samples
Gets a
role definition. Prints out the details of theHTTP responseand the retrievedrole definition.String myRoleDefinitionName = "0877b4ee-6275-4559-89f1-c289060ef398"; keyVaultAccessControlAsyncClient.getRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName) .subscribe(response -> System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role" + " name '%s' was retrieved.%n", response.getStatusCode(), response.getValue().getName(), response.getValue().getRoleName()));- Parameters:
roleScope- Therole scopeof therole definition.roleDefinitionName- The name of therole definition.- Returns:
- A
Monocontaining aResponsewhosevaluecontains therole definition. - Throws:
KeyVaultAdministrationException- If arole definitionwith the given name cannot be found or if the givenroleScopeis invalid.NullPointerException- If therole scopeorroleDefinitionNamearenull.
-
deleteRoleDefinition
Deletes arole definition.Code Samples
Deletes a
role definition.String roleDefinitionName = "e3c7c51a-8abd-4b1b-9201-48ded34d0358"; keyVaultAccessControlAsyncClient.deleteRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName) .subscribe(unused -> System.out.printf("Deleted role definition with name '%s'.%n", roleDefinitionName));- Parameters:
roleScope- Therole scopeof therole definition. Managed HSM only supports '/'.roleDefinitionName- The name of therole definition.- Returns:
- A
Monoof aVoid. - Throws:
KeyVaultAdministrationException- If the givenroleScopeis invalid.NullPointerException- If therole scopeorroleDefinitionNamearenull.
-
deleteRoleDefinitionWithResponse
public Mono<com.azure.core.http.rest.Response<Void>> deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionName) Deletes arole definition.Code Samples
Deletes a
role definition. Prints out the details of theHTTP response.String myRoleDefinitionName = "ccaafb00-31fb-40fe-9ccc-39a2ad2af082"; keyVaultAccessControlAsyncClient.deleteRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName).subscribe(response -> System.out.printf("Response successful with status code: %d. Role definition with name '%s' was" + " deleted.%n", response.getStatusCode(), myRoleDefinitionName));- Parameters:
roleScope- Therole scopeof therole definition.roleDefinitionName- The name of therole definition.- Returns:
- A
Monocontaining aResponsewith aVoidvalue. - Throws:
KeyVaultAdministrationException- If the givenroleScopeis invalid.NullPointerException- If therole scopeorroleDefinitionNamearenull.
-
listRoleAssignments
public com.azure.core.http.rest.PagedFlux<KeyVaultRoleAssignment> listRoleAssignments(KeyVaultRoleScope roleScope) Lists allrole assignmentsthat are applicable at the givenrole scopeand above.- Parameters:
roleScope- Therole scopeof therole assignment.- Returns:
- A
PagedFluxcontaining therole assignmentsfor the givenrole scope. - Throws:
KeyVaultAdministrationException- If the givenroleScopeis invalid.NullPointerException- If therole scopeisnull.
-
createRoleAssignment
public Mono<KeyVaultRoleAssignment> createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId) Creates arole assignmentwith a randomly generated name.Code Samples
Creates a
role assignmentwith a randomly generated name. Prints out the details of the createdrole assignment.String roleDefinitionId = "142e42c1-ab29-4dc7-9dfa-8fd7c0815128"; String servicePrincipalId = "07dca82e-b625-4a60-977b-859d2a162ca7"; keyVaultAccessControlAsyncClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, roleDefinitionId, servicePrincipalId).subscribe(roleAssignment -> System.out.printf("Created role assignment with randomly generated name '%s' for principal with id" + "'%s'.%n", roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId()));- Parameters:
roleScope- Therole scopeof therole assignmentto create.roleDefinitionId- Therole definitionID for the role assignment.principalId- The principal ID assigned to the role. This maps to the ID inside the Active Directory.- Returns:
- A
Monocontaining the createdrole assignment. - Throws:
KeyVaultAdministrationException- If the givenroleScope,roleDefinitionIdorprincipalIdare invalid.NullPointerException- If therole scope,roleAssignmentName,roleDefinitionIdorprincipalIdarenull.
-
createRoleAssignment
public Mono<KeyVaultRoleAssignment> createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName) Creates arole assignment.Code Samples
Creates a
role assignment. Prints out the details of the createdrole assignment.String myRoleDefinitionId = "e1ca67d0-4332-465c-b9cd-894b2834401b"; String myServicePrincipalId = "31af81fe-6123-4838-92c0-7c2531ec13d7"; String myRoleAssignmentName = "94d7827f-f8c9-4a5d-94fd-9fd2cd02d12f"; keyVaultAccessControlAsyncClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, myRoleDefinitionId, myServicePrincipalId, myRoleAssignmentName).subscribe(roleAssignment -> System.out.printf("Created role assignment with name '%s' for principal with id '%s'.%n", roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId()));- Parameters:
roleScope- Therole scopeof therole assignmentto create.roleDefinitionId- Therole definitionID for the role assignment.principalId- The principal ID assigned to the role. This maps to the ID inside the Active Directory.roleAssignmentName- The name used to create therole assignment. It can be any valid UUID.- Returns:
- A
Monocontaining the createdrole assignment. - Throws:
KeyVaultAdministrationException- If arole assignmentwith the given name already or if the givenroleScope,roleDefinitionIdorprincipalIdare invalid.NullPointerException- If therole scope,roleAssignmentName,roleDefinitionIdorprincipalIdarenull.
-
createRoleAssignmentWithResponse
public Mono<com.azure.core.http.rest.Response<KeyVaultRoleAssignment>> createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName) Creates arole assignment.Code Samples
Creates a
role assignment. Prints out details of theHTTP responseand the createdrole assignment.String someRoleDefinitionId = "686b0f78-5012-4def-8a70-eba36aa54d3d"; String someServicePrincipalId = "345ec980-904b-4238-aafc-1eaeed3e23cf"; String someRoleAssignmentName = "1c79927c-6e08-4e5c-8a6c-f58c13c9bbb5"; keyVaultAccessControlAsyncClient.createRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, someRoleDefinitionId, someServicePrincipalId, someRoleAssignmentName).subscribe(response -> { KeyVaultRoleAssignment createdRoleAssignment = response.getValue(); System.out.printf("Response successful with status code: %d. Role assignment with name '%s' for" + " principal with id '%s' was created.%n", response.getStatusCode(), createdRoleAssignment.getName(), createdRoleAssignment.getProperties().getPrincipalId()); });- Parameters:
roleScope- Therole scopeof therole assignmentto create.roleAssignmentName- The name used to create therole assignment. It can be any valid UUID.roleDefinitionId- Therole definitionID for the role assignment.principalId- The principal ID assigned to the role. This maps to the ID inside the Active Directory.- Returns:
- A
Monocontaining aResponsewhosevaluecontains the createdrole assignment. - Throws:
KeyVaultAdministrationException- If arole assignmentwith the given name already exists or if the givenroleScope,roleDefinitionIdorprincipalIdare invalid.NullPointerException- If therole scope,roleAssignmentName,roleDefinitionIdorprincipalIdarenull.
-
getRoleAssignment
public Mono<KeyVaultRoleAssignment> getRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName) Gets arole assignment.Code Samples
Gets a
role assignment. Prints out details of the retrievedrole assignment.String roleAssignmentName = "c5a305c0-e17a-40f5-af79-73801bdd8867"; keyVaultAccessControlAsyncClient.getRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName) .subscribe(roleAssignment -> System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName()));- Parameters:
roleScope- Therole scopeof therole assignment.roleAssignmentName- The name used of therole assignment.- Returns:
- A
Monocontaining therole assignment. - Throws:
KeyVaultAdministrationException- If arole assignmentwith the given name cannot be found or if the givenroleScopeis invalid.NullPointerException- If therole scopeorroleAssignmentNamearenull.
-
getRoleAssignmentWithResponse
public Mono<com.azure.core.http.rest.Response<KeyVaultRoleAssignment>> getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName) Gets arole assignment.Code Samples
Gets a
role assignment. Prints out details of theHTTP responseand the retrievedrole assignment.String myRoleAssignmentName = "76ccbf52-4d49-4fcc-ad3f-044c254be114"; keyVaultAccessControlAsyncClient.getRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, myRoleAssignmentName) .subscribe(response -> System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was" + " retrieved.%n", response.getStatusCode(), response.getValue().getName()));- Parameters:
roleScope- Therole scopeof therole assignment.roleAssignmentName- The name of therole assignment.- Returns:
- A
Monocontaining aResponsewhosevaluecontains therole assignment. - Throws:
KeyVaultAdministrationException- If arole assignmentwith the given name cannot be found or if the givenroleScopeis invalid.NullPointerException- If therole scopeorroleAssignmentNamearenull.
-
deleteRoleAssignment
Deletes arole assignment.Code Samples
Deletes a
role assignment.String roleAssignmentName = "f05d11ce-578a-4524-950c-fb4c53e5fb96"; keyVaultAccessControlAsyncClient.deleteRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName) .subscribe(unused -> System.out.printf("Deleted role assignment with name '%s'.%n", roleAssignmentName));- Parameters:
roleScope- Therole scopeof therole assignment.roleAssignmentName- The name of therole assignment.- Returns:
- A
Monoof aVoid. - Throws:
KeyVaultAdministrationException- If the givenroleScopeis invalid.NullPointerException- If therole scopeorroleAssignmentNamearenull.
-
deleteRoleAssignmentWithResponse
public Mono<com.azure.core.http.rest.Response<Void>> deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName) Deletes arole assignment.Code Samples
Deletes a
role assignment. Prints out details of theHTTP response.String myRoleAssignmentName = "06aaea13-e4f3-4d3f-8a93-088dff6e90ed"; keyVaultAccessControlAsyncClient.deleteRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, myRoleAssignmentName).subscribe(response -> System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was" + " deleted.%n", response.getStatusCode(), myRoleAssignmentName));- Parameters:
roleScope- Therole scopeof therole assignment.roleAssignmentName- The name of therole assignment.- Returns:
- A
Monocontaining aResponsewith aVoidvalue. - Throws:
KeyVaultAdministrationException- If the givenroleScopeis invalid.NullPointerException- If therole scopeorroleAssignmentNamearenull.
-