REST API或.Net SDK中是否存在等效的Set-AzureRmKeyVaultAccessPolicy？

Question

我需要以编程方式对AzureKeyVault进行权限，而我最接近它的是Set-AzureRmKeyVaultAccessPolicy powershell命令。

是否有针对该API或REST API的.Net SDK？

Answer 1

here you go，你可能会发现类似于.NET SDK的东西。

另外，如果你Set-AzureRmKeyVaultAccessPolicy -debug，你会找到所需的信息：

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PUT

Absolute Uri:
https://management.azure.com/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.KeyVault/vaults/xxx?api-version=2015-06-01

Body {Omitted}

编辑：为了将来参考，PowerShell使用REST API。如果有一个PS命令，肯定有一个REST端点。由Junnas

Answer 2

我们可以使用Microsoft Azure Key Vault Management来执行此操作。它是预览版本。我们可以使用keyVaultManagementClient.Vaults.CreateOrUpdateAsync（）函数创建或更新密钥保管库。 我做了一个演示。我的详细步骤如下：

<强>先决条件：

在Azure AD中注册应用程序并为其创建服务原则。更多详细步骤请参阅document。

<强>步骤：

1.创建一个C＃控制台应用程序

2.在项目中添加演示代码

using System;
using System.Collections.Generic;
using Microsoft.Azure.Management.KeyVault;
using Microsoft.Azure.Management.KeyVault.Models;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Rest;

var subscriptionId = "Your Subscription Id";
var clientId = "Your Registry Application Id";
var tenantId = "Your tenant Id";
var secretKey = "Application secret Key";
var objectId = "Registry Application object Id"
var clientCredential = new ClientCredential(clientId, secretKey);
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
const string resourceGroupName = "tom";
// The name of the vault to create.
const string vaultName = "TomNewKeyVaultForTest";

var accessPolicy = new AccessPolicyEntry
{
   ApplicationId = Guid.Parse(clientId),
   TenantId = Guid.Parse(tenantId),
   Permissions = new Permissions
   {
      Keys = new List<string> { "List","Get" },
      Secrets = new List<string> { "All" }
       },
      ObjectId = Guid.Parse(objectId)
    };

    VaultProperties vaultProps = new VaultProperties
    {
        EnabledForTemplateDeployment = true,
        TenantId = Guid.Parse(tenantId),
        AccessPolicies = new List<AccessPolicyEntry>
        {
            accessPolicy
        }
     };
     Microsoft.Rest.ServiceClientCredentials credentials = new TokenCredentials(token);
     VaultCreateOrUpdateParameters vaultParams = new VaultCreateOrUpdateParameters("eastasia", vaultProps);

     KeyVaultManagementClient keyVaultManagementClient= new KeyVaultManagementClient(credentials)
     {
         SubscriptionId = subscriptionId
     };

     var result = keyVaultManagementClient.Vaults.CreateOrUpdateAsync(resourceGroupName, vaultName, vaultParams).Result;

3.Debug演示

4.在天蓝色门户网站中检查已创建或更新的KeyVault

更多SDK信息请参考package.config文件：

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Hyak.Common" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.Azure.Common" version="2.1.0" targetFramework="net452" />
  <package id="Microsoft.Azure.Common.Dependencies" version="1.0.0" targetFramework="net452" />
  <package id="Microsoft.Azure.Management.KeyVault" version="2.0.0-preview" targetFramework="net452" />
  <package id="Microsoft.Bcl" version="1.1.9" targetFramework="net452" />
  <package id="Microsoft.Bcl.Async" version="1.0.168" targetFramework="net452" />
  <package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net452" />
  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="2.28.3" targetFramework="net452" />
  <package id="Microsoft.Net.Http" version="2.2.22" targetFramework="net452" />
  <package id="Microsoft.Rest.ClientRuntime" version="2.3.1" targetFramework="net452" />
  <package id="Microsoft.Rest.ClientRuntime.Azure" version="3.3.1" targetFramework="net452" />
  <package id="Newtonsoft.Json" version="6.0.8" targetFramework="net452" />
</packages>