From 76a3f1c2946318ed8de1095df0174d91d577a5e0 Mon Sep 17 00:00:00 2001 From: Hong Ooi Date: Wed, 27 Mar 2019 05:12:23 +1100 Subject: [PATCH] working principal mgmt --- NAMESPACE | 2 +- R/az_vault.R | 35 ++++++++++++++---------------- R/{KeyVault.R => vault_endpoint.R} | 2 +- 3 files changed, 18 insertions(+), 21 deletions(-) rename R/{KeyVault.R => vault_endpoint.R} (93%) diff --git a/NAMESPACE b/NAMESPACE index 5cd5ac5..5fdaf8c 100644 --- a/NAMESPACE +++ b/NAMESPACE @@ -1,10 +1,10 @@ # Generated by roxygen2: do not edit by hand -export(KeyVault) export(az_vault) export(create_vault_login) export(delete_vault_login) export(get_vault_login) export(list_vault_logins) +export(vault_endpoint) import(AzureGraph) import(AzureRMR) diff --git a/R/az_vault.R b/R/az_vault.R index 45763e7..9a5521a 100644 --- a/R/az_vault.R +++ b/R/az_vault.R @@ -9,7 +9,9 @@ public=list( tenant <- self$properties$tenantId props <- list(accessPolicies=list( - vault_access_policy(principal, tenant, key_permissions, secret_permissions, certificate_permissions) + # need to unclass to satisfy toJSON + unclass(vault_access_policy( + principal, tenant, key_permissions, secret_permissions, certificate_permissions)) )) self$do_operation("accessPolicies/add", @@ -24,7 +26,7 @@ public=list( principal <- find_principal(principal) pols <- self$properties$accessPolicies - i <- sapply(pols, function(obj) obj$principalId == principal) + i <- sapply(pols, function(obj) obj$objectId == principal) if(!any(i)) stop("No access policy for principal '", principal, "'", call.=FALSE) @@ -35,12 +37,8 @@ public=list( remove_principal=function(principal) { - principal <- find_principal(principal) - tenant <- self$properties$tenantId - - props <- list(accessPolicies=list( - vault_access_policy(principal, tenant, list(), list(), list()) - )) + pol <- self$get_principal(principal) + props <- list(accessPolicies=list(unclass(pol))) self$do_operation("accessPolicies/remove", body=list(properties=props), encode="json", http_verb="PUT") @@ -61,7 +59,7 @@ public=list( { url <- self$properties$vaultUri token <- get_azure_token(url, self$token$tenant, app=app, password=password, ...) - KeyVault$new(token=token) + vault_endpoint$new(token=token) } )) @@ -74,7 +72,7 @@ find_principal=function(principal) principal$get_service_principal()$properties$id else if(!is_guid(principal)) stop("Must supply a valid principal ID or object", call.=FALSE) - else principal + else AzureAuth::normalize_guid(principal) } @@ -100,15 +98,14 @@ vault_access_policy <- function(principal, tenant, key_permissions, secret_permi print.vault_access_policy <- function(x, ...) { - cat("Key vault access policy\n") - cat(" Tenant:", x$tenantId, "\n") - cat(" Principal:", x$objectId, "\n") - cat(" Key permissions:\n ") - cat(x$permissions$keys, sep=", ") - cat("\n Secret permissions:\n ") - cat(x$permissions$secrets, sep=", ") - cat("\n Certificate permissions:\n ") - cat(x$permissions$certificates, sep=", ") + cat("Tenant:", x$tenantId, "\n") + cat("Principal:", x$objectId, "\n") + cat("Key permissions:\n") + cat(strwrap(paste(x$permissions$keys, collapse=", "), indent=4, exdent=4), sep="\n") + cat("Secret permissions:\n") + cat(strwrap(paste(x$permissions$secrets, collapse=", "), indent=4, exdent=4), sep="\n") + cat("Certificate permissions:\n") + cat(strwrap(paste(x$permissions$certificates, collapse=", "), indent=4, exdent=4), sep="\n") cat("\n") invisible(x) } diff --git a/R/KeyVault.R b/R/vault_endpoint.R similarity index 93% rename from R/KeyVault.R rename to R/vault_endpoint.R index 4dfd56a..8b2f2db 100644 --- a/R/KeyVault.R +++ b/R/vault_endpoint.R @@ -1,5 +1,5 @@ #' @export -KeyVault <- R6::R6Class("key_vault", public=list( +vault_endpoint <- R6::R6Class("vault_endpoint", public=list( token=NULL, uri=NULL,