public final class KeyVaultAccessControlClient extends Object
KeyVaultAccessControlClient
provides synchronous methods to view and manage Role Based Access for the
Azure Key Vault. The client supports creating, listing, updating, and deleting role
assignments
. Additionally, the client supports listing role definitions
.Modifier and Type | Method and Description |
---|---|
KeyVaultRoleAssignment |
createRoleAssignment(KeyVaultRoleScope roleScope,
String roleDefinitionId,
String principalId)
Creates a
KeyVaultRoleAssignment with a randomly generated name . |
KeyVaultRoleAssignment |
createRoleAssignment(KeyVaultRoleScope roleScope,
String roleDefinitionId,
String principalId,
String roleAssignmentName)
Creates a
KeyVaultRoleAssignment . |
com.azure.core.http.rest.Response<KeyVaultRoleAssignment> |
createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionId,
String principalId,
String roleAssignmentName,
com.azure.core.util.Context context)
Creates a
KeyVaultRoleAssignment . |
KeyVaultRoleAssignment |
deleteRoleAssignment(KeyVaultRoleScope roleScope,
String roleAssignmentName)
Deletes a
KeyVaultRoleAssignment . |
com.azure.core.http.rest.Response<KeyVaultRoleAssignment> |
deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleAssignmentName,
com.azure.core.util.Context context)
Deletes a
KeyVaultRoleAssignment . |
KeyVaultRoleDefinition |
deleteRoleDefinition(KeyVaultRoleScope roleScope,
String roleDefinitionName)
Deletes a
KeyVaultRoleDefinition . |
com.azure.core.http.rest.Response<KeyVaultRoleDefinition> |
deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionName,
com.azure.core.util.Context context)
Deletes a
KeyVaultRoleDefinition . |
KeyVaultRoleAssignment |
getRoleAssignment(KeyVaultRoleScope roleScope,
String roleAssignmentName)
Gets a
KeyVaultRoleAssignment . |
com.azure.core.http.rest.Response<KeyVaultRoleAssignment> |
getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleAssignmentName,
com.azure.core.util.Context context)
Gets a
KeyVaultRoleAssignment . |
KeyVaultRoleDefinition |
getRoleDefinition(KeyVaultRoleScope roleScope,
String roleDefinitionName)
Gets a
KeyVaultRoleDefinition . |
com.azure.core.http.rest.Response<KeyVaultRoleDefinition> |
getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionName,
com.azure.core.util.Context context)
Gets a
KeyVaultRoleDefinition . |
String |
getVaultUrl()
Gets the URL for the Key Vault this client is associated with.
|
com.azure.core.http.rest.PagedIterable<KeyVaultRoleAssignment> |
listRoleAssignments(KeyVaultRoleScope roleScope)
Get all
role assignments that are applicable at the given
role scope and above. |
com.azure.core.http.rest.PagedIterable<KeyVaultRoleAssignment> |
listRoleAssignments(KeyVaultRoleScope roleScope,
com.azure.core.util.Context context)
Get all
role assignments that are applicable at the given
role scope and above. |
com.azure.core.http.rest.PagedIterable<KeyVaultRoleDefinition> |
listRoleDefinitions(KeyVaultRoleScope roleScope)
Get all
role definitions that are applicable at the given
role scope and above. |
com.azure.core.http.rest.PagedIterable<KeyVaultRoleDefinition> |
listRoleDefinitions(KeyVaultRoleScope roleScope,
com.azure.core.util.Context context)
Get all
role definitions that are applicable at the given
role scope and above. |
KeyVaultRoleDefinition |
setRoleDefinition(KeyVaultRoleScope roleScope)
Creates a
KeyVaultRoleDefinition with a randomly generated name . |
KeyVaultRoleDefinition |
setRoleDefinition(KeyVaultRoleScope roleScope,
String roleDefinitionName)
Creates or updates a
KeyVaultRoleDefinition . |
com.azure.core.http.rest.Response<KeyVaultRoleDefinition> |
setRoleDefinitionWithResponse(SetRoleDefinitionOptions options,
com.azure.core.util.Context context)
Creates or updates a
KeyVaultRoleDefinition . |
public String getVaultUrl()
public com.azure.core.http.rest.PagedIterable<KeyVaultRoleDefinition> listRoleDefinitions(KeyVaultRoleScope roleScope)
role definitions
that are applicable at the given
role scope
and above.roleScope
- The roleScope
of the role
definitions
.PagedIterable
containing the role definitions
for the given
roleScope
.KeyVaultAdministrationException
- If the given roleScope
is invalid.NullPointerException
- if the roleScope
is null
.public com.azure.core.http.rest.PagedIterable<KeyVaultRoleDefinition> listRoleDefinitions(KeyVaultRoleScope roleScope, com.azure.core.util.Context context)
role definitions
that are applicable at the given
role scope
and above.roleScope
- The scope
of the role definitions
.context
- Additional Context
that is passed through the HTTP pipeline during the service call.PagedIterable
containing the role definitions
for the given
roleScope
.KeyVaultAdministrationException
- If the given roleScope
is invalid.NullPointerException
- if the roleScope
is null
.public KeyVaultRoleDefinition setRoleDefinition(KeyVaultRoleScope roleScope)
KeyVaultRoleDefinition
with a randomly generated name
.roleScope
- The role scope
of the KeyVaultRoleDefinition
. Managed HSM only
supports '/'.KeyVaultRoleDefinition
.KeyVaultAdministrationException
- If the given roleScope
is invalid.NullPointerException
- If the role scope
is null
.public KeyVaultRoleDefinition setRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName)
KeyVaultRoleDefinition
.roleScope
- The role scope
of the KeyVaultRoleDefinition
. Managed HSM
only supports '/'.roleDefinitionName
- The name of the KeyVaultRoleDefinition
. It can be any valid UUID.KeyVaultRoleDefinition
.KeyVaultAdministrationException
- If the given roleScope
is invalid.NullPointerException
- If the role scope
or roleDefinitionName
are null
.public com.azure.core.http.rest.Response<KeyVaultRoleDefinition> setRoleDefinitionWithResponse(SetRoleDefinitionOptions options, com.azure.core.util.Context context)
KeyVaultRoleDefinition
.options
- Object representing the configurable options to create or update a
role definition
.context
- Additional context that is passed through the HTTP pipeline during the service call.Response
whose value
contains the created or updated
KeyVaultRoleDefinition
.KeyVaultAdministrationException
- If any parameter in options
is invalid.NullPointerException
- If the role scope
or roleDefinitionName
in the options
object are null
.public KeyVaultRoleDefinition getRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName)
KeyVaultRoleDefinition
.roleScope
- The role scope
of the KeyVaultRoleDefinition
.roleDefinitionName
- The name used of the KeyVaultRoleDefinition
.KeyVaultRoleDefinition
.KeyVaultAdministrationException
- If a role definition
with the given name cannot
be found or if the given roleScope
is invalid.NullPointerException
- If the role scope
or roleDefinitionName
are
null
.public com.azure.core.http.rest.Response<KeyVaultRoleDefinition> getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionName, com.azure.core.util.Context context)
KeyVaultRoleDefinition
.roleScope
- The role scope
of the KeyVaultRoleDefinition
.roleDefinitionName
- The name of the KeyVaultRoleDefinition
.context
- Additional context that is passed through the HTTP pipeline during the service call.Response
whose value
contains the
retrieved KeyVaultRoleDefinition
.KeyVaultAdministrationException
- If a role definition
with the given name cannot
be found or if the given roleScope
is invalid.NullPointerException
- If the role scope
or roleDefinitionName
are
null
.public KeyVaultRoleDefinition deleteRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName)
KeyVaultRoleDefinition
.roleScope
- The role scope
of the KeyVaultRoleDefinition
. Managed HSM
only supports '/'.roleDefinitionName
- The name of the KeyVaultRoleDefinition
.KeyVaultRoleDefinition
.KeyVaultAdministrationException
- If a role definition
with the given name cannot
be found or if the given roleScope
is invalid.NullPointerException
- If the role scope
or roleDefinitionName
are
null
.public com.azure.core.http.rest.Response<KeyVaultRoleDefinition> deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionName, com.azure.core.util.Context context)
KeyVaultRoleDefinition
.roleScope
- The role scope
of the KeyVaultRoleDefinition
.roleDefinitionName
- The name of the KeyVaultRoleDefinition
.context
- Additional context that is passed through the HTTP pipeline during the service call.Response
whose value
contains the deleted
KeyVaultRoleDefinition
.KeyVaultAdministrationException
- If a role definition
with the given name cannot
be found or if the given roleScope
is invalid.NullPointerException
- If the role scope
or roleDefinitionName
are
null
.public com.azure.core.http.rest.PagedIterable<KeyVaultRoleAssignment> listRoleAssignments(KeyVaultRoleScope roleScope)
role assignments
that are applicable at the given
role scope
and above.roleScope
- The scope
of the KeyVaultRoleAssignment
.PagedIterable
containing the role assignments
for the given
roleScope
.KeyVaultAdministrationException
- If the given roleScope
is invalid.NullPointerException
- if the roleScope
is null
.public com.azure.core.http.rest.PagedIterable<KeyVaultRoleAssignment> listRoleAssignments(KeyVaultRoleScope roleScope, com.azure.core.util.Context context)
role assignments
that are applicable at the given
role scope
and above.roleScope
- The scope
of the KeyVaultRoleAssignment
.context
- Additional context that is passed through the HTTP pipeline during the service call.PagedIterable
containing the role assignments
for the given
roleScope
.KeyVaultAdministrationException
- If the given roleScope
is invalid.NullPointerException
- if the roleScope
is null
.public KeyVaultRoleAssignment createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId)
KeyVaultRoleAssignment
with a randomly generated name
.roleScope
- The role scope
of the KeyVaultRoleAssignment
to create.roleDefinitionId
- The role definition
ID for the role assignment.principalId
- The principal ID assigned to the role. This maps to the ID inside the Active Directory.Mono
containing the created KeyVaultRoleAssignment
.KeyVaultAdministrationException
- If the given roleScope
, roleDefinitionId
or principalId
are invalid.NullPointerException
- if the roleScope
, roleDefinitionId
or
principalId
are null
.public KeyVaultRoleAssignment createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName)
KeyVaultRoleAssignment
.roleScope
- The role scope
of the KeyVaultRoleAssignment
to create.roleAssignmentName
- The name used to create the KeyVaultRoleAssignment
. It can be any valid UUID.roleDefinitionId
- The role definition
ID for the role assignment.principalId
- The principal ID assigned to the role. This maps to the ID inside the Active Directory.KeyVaultRoleAssignment
.KeyVaultAdministrationException
- If a role assignment
with the given name already
exists or if the given roleScope
, roleDefinitionId
or principalId
are invalid.NullPointerException
- if the roleScope
, roleAssignmentName
or
properties
are null
.public com.azure.core.http.rest.Response<KeyVaultRoleAssignment> createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleDefinitionId, String principalId, String roleAssignmentName, com.azure.core.util.Context context)
KeyVaultRoleAssignment
.roleScope
- The role scope
of the KeyVaultRoleAssignment
to create.roleAssignmentName
- The name used to create the KeyVaultRoleAssignment
. It can be any valid UUID.roleDefinitionId
- The role definition
ID for the role assignment.principalId
- The principal ID assigned to the role. This maps to the ID inside the Active Directory.context
- Additional context that is passed through the HTTP pipeline during the service call.Mono
containing a Response
whose value
contains the created
KeyVaultRoleAssignment
.KeyVaultAdministrationException
- If a role assignment
with the given name already
exists or if the given roleScope
, roleDefinitionId
or principalId
are invalid.NullPointerException
- if the roleScope
, roleAssignmentName
or
properties
are null
.public KeyVaultRoleAssignment getRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName)
KeyVaultRoleAssignment
.roleScope
- The role scope
of the KeyVaultRoleAssignment
.roleAssignmentName
- The name of the KeyVaultRoleAssignment
.KeyVaultRoleAssignment
.KeyVaultAdministrationException
- If a role assignment
with the given name cannot
be found or if the given roleScope
is invalid.NullPointerException
- if the roleScope
or roleAssignmentName
are
null
.public com.azure.core.http.rest.Response<KeyVaultRoleAssignment> getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName, com.azure.core.util.Context context)
KeyVaultRoleAssignment
.roleScope
- The role scope
of the KeyVaultRoleAssignment
.roleAssignmentName
- The name of the KeyVaultRoleAssignment
.context
- Additional context that is passed through the HTTP pipeline during the service call.KeyVaultRoleAssignment
.KeyVaultAdministrationException
- If a role assignment
with the given name cannot
be found or if the given roleScope
is invalid.NullPointerException
- if the roleScope
or roleAssignmentName
are
null
.public KeyVaultRoleAssignment deleteRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName)
KeyVaultRoleAssignment
.roleScope
- The role scope
of the KeyVaultRoleAssignment
.roleAssignmentName
- The name of the KeyVaultRoleAssignment
.KeyVaultRoleAssignment
.KeyVaultAdministrationException
- If a role assignment
with the given name cannot
be found or if the given roleScope
is invalid.NullPointerException
- if the roleScope
or roleAssignmentName
are
null
.public com.azure.core.http.rest.Response<KeyVaultRoleAssignment> deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName, com.azure.core.util.Context context)
KeyVaultRoleAssignment
.roleScope
- The role scope
of the KeyVaultRoleAssignment
.roleAssignmentName
- The name of the KeyVaultRoleAssignment
.context
- Additional context that is passed through the HTTP pipeline during the service call.KeyVaultRoleAssignment
.KeyVaultAdministrationException
- If a role assignment
with the given name cannot
be found or if the given roleScope
is invalid.NullPointerException
- if the roleScope
or roleAssignmentName
are
null
.Copyright © 2021 Microsoft Corporation. All rights reserved.