зеркало из https://github.com/Azure/AzureKeyVault.git
add storage support
This commit is contained in:
Hong Ooi
Родитель
0ddb4622c2
Коммит
894b171dd3
|
|
@ -15,7 +15,9 @@ add_methods <- function()
|
|||
c("Get", "List", "Update", "Create", "Import", "Delete", "Recover", "Backup", "Restore"),
|
||||
c("Get", "List", "Set", "Delete", "Recover", "Backup", "Restore"),
|
||||
c("Get", "List", "Update", "Create", "Import", "Delete", "Recover", "Backup", "Restore",
|
||||
"ManageContacts", "ManageIssuers", "GetIssuers", "ListIssuers", "SetIssuers", "DeleteIssuers")
|
||||
"ManageContacts", "ManageIssuers", "GetIssuers", "ListIssuers", "SetIssuers", "DeleteIssuers"),
|
||||
c("Get", "List", "Update", "Set", "Delete", "Recover", "Backup", "Restore",
|
||||
"GetSas", "ListSas", "SetSas", "DeleteSas", "RegenerateKey")
|
||||
))
|
||||
}
|
||||
|
||||
|
|
|
|||
18
R/az_vault.R
18
R/az_vault.R
|
|
@ -3,15 +3,16 @@ az_key_vault=R6::R6Class("az_key_vault", inherit=AzureRMR::az_resource,
|
|||
|
||||
public=list(
|
||||
|
||||
add_principal=function(principal, key_permissions="all", secret_permissions="all", certificate_permissions="all")
|
||||
add_principal=function(principal,
|
||||
key_permissions="all", secret_permissions="all", certificate_permissions="all", storage_permissions="all")
|
||||
{
|
||||
principal <- find_principal(principal)
|
||||
tenant <- self$properties$tenantId
|
||||
|
||||
props <- list(accessPolicies=list(
|
||||
# need to unclass to satisfy toJSON
|
||||
unclass(vault_access_policy(
|
||||
principal, tenant, key_permissions, secret_permissions, certificate_permissions))
|
||||
unclass(vault_access_policy(principal,
|
||||
tenant, key_permissions, secret_permissions, certificate_permissions, storage_permissions))
|
||||
))
|
||||
|
||||
self$do_operation("accessPolicies/add",
|
||||
|
|
@ -32,7 +33,7 @@ public=list(
|
|||
|
||||
pol <- pols[[which(i)]]
|
||||
vault_access_policy(pol$objectId, pol$tenantId,
|
||||
pol$permissions$keys, pol$permissions$secrets, pol$permissions$certificates)
|
||||
pol$permissions$keys, pol$permissions$secrets, pol$permissions$certificates, pol$permissions$storage)
|
||||
},
|
||||
|
||||
remove_principal=function(principal)
|
||||
|
|
@ -51,7 +52,7 @@ public=list(
|
|||
{
|
||||
lapply(self$properties$accessPolicies, function(pol)
|
||||
vault_access_policy(pol$objectId, pol$tenantId,
|
||||
pol$permissions$keys, pol$permissions$secrets, pol$permissions$certificates)
|
||||
pol$permissions$keys, pol$permissions$secrets, pol$permissions$certificates, pol$permissions$storage)
|
||||
)
|
||||
},
|
||||
|
||||
|
|
@ -77,11 +78,13 @@ find_principal=function(principal)
|
|||
|
||||
|
||||
#' @export
|
||||
vault_access_policy <- function(principal, tenant, key_permissions, secret_permissions, certificate_permissions)
|
||||
vault_access_policy <- function(principal, tenant,
|
||||
key_permissions, secret_permissions, certificate_permissions, storage_permissions)
|
||||
{
|
||||
key_permissions <- verify_permissions(unlist(key_permissions), "key")
|
||||
secret_permissions <- verify_permissions(unlist(secret_permissions), "secret")
|
||||
certificate_permissions <- verify_permissions(unlist(certificate_permissions), "certificate")
|
||||
storage_permissions <- verify_permissions(unlist(storage_permissions), "storage")
|
||||
|
||||
obj <- list(
|
||||
tenantId=tenant,
|
||||
|
|
@ -124,6 +127,9 @@ verify_permissions <- function(perms, type=c("key", "secret", "certificate"))
|
|||
"managecontacts", "manageissuers", "getissuers", "listissuers", "setissuers",
|
||||
"deleteissuers", "purge")
|
||||
|
||||
storage_perms <- c("backup", "delete", "deletesas", "get", "getsas", "list", "listsas",
|
||||
"purge", "recover", "regeneratekey", "restore", "set", "setsas", "update")
|
||||
|
||||
all_perms <- switch(match.arg(type),
|
||||
key=key_perms,
|
||||
secret=secret_perms,
|
||||
|
|
|
|||
|
|
@ -0,0 +1,80 @@
|
|||
vault_storage_accounts <- R6::R6Class("vault_storage_accounts",
|
||||
|
||||
public=list(
|
||||
|
||||
token=NULL,
|
||||
url=NULL,
|
||||
|
||||
initialize=function(token, url)
|
||||
{
|
||||
self$token <- token
|
||||
self$url <- url
|
||||
},
|
||||
|
||||
add=function(name, storage_account, key_name, regen_key=TRUE, regen_period=30,
|
||||
enabled=NULL, recovery_level=NULL, ...)
|
||||
{
|
||||
if(is_resource(storage_account))
|
||||
storage_account <- storage_account$id
|
||||
|
||||
attribs <- list(
|
||||
enabled=enabled,
|
||||
recoveryLevel=recovery_level
|
||||
)
|
||||
attribs <- attribs[!sapply(attribs, is_empty)]
|
||||
|
||||
body <- list(id=storage_account, activeKeyName=key_name,
|
||||
autoRegenerateKey=regen_key, regenerationPeriod=regen_period,
|
||||
attributes=attribs, tags=list(...))
|
||||
|
||||
self$do_operation(name, body=body, encode="json", http_verb="PUT")
|
||||
},
|
||||
|
||||
show=function(name, version=NULL)
|
||||
{
|
||||
op <- construct_path(name, version)
|
||||
self$do_operation(op)
|
||||
},
|
||||
|
||||
remove=function(name, confirm=TRUE)
|
||||
{
|
||||
if(delete_confirmed(confirm, name, "key"))
|
||||
self$do_operation(name, http_verb="DELETE")
|
||||
},
|
||||
|
||||
list_all=function()
|
||||
{
|
||||
lst <- get_vault_paged_list(self$do_operation(), self$token)
|
||||
names(lst) <- sapply(lst, function(x) basename(x$id))
|
||||
lst
|
||||
},
|
||||
|
||||
versions_of=function(name)
|
||||
{
|
||||
op <- construct_path(name, "versions")
|
||||
lst <- get_vault_paged_list(self$do_operation(op), self$token)
|
||||
names(lst) <- sapply(lst, function(x) basename(x$id))
|
||||
lst
|
||||
},
|
||||
|
||||
backup=function(name)
|
||||
{
|
||||
self$do_operation(construct_path(name, "backup"), http_verb="POST")$value
|
||||
},
|
||||
|
||||
restore=function(name, backup)
|
||||
{
|
||||
stopifnot(is.character(backup))
|
||||
self$do_operation("restore", body=list(value=backup), encode="json", http_verb="POST")
|
||||
},
|
||||
|
||||
do_operation=function(op="", ..., options=list(),
|
||||
api_version=getOption("azure_keyvault_api_version"))
|
||||
{
|
||||
url <- self$url
|
||||
url$path <- construct_path("storage", op)
|
||||
url$query <- utils::modifyList(list(`api-version`=api_version), options)
|
||||
|
||||
call_vault_url(self$token, url, ...)
|
||||
}
|
||||
))
|
||||
|
|
@ -3,28 +3,28 @@ key_vault <- R6::R6Class("key_vault", public=list(
|
|||
|
||||
token=NULL,
|
||||
url=NULL,
|
||||
tenant=NULL,
|
||||
|
||||
keys=NULL,
|
||||
secrets=NULL,
|
||||
certificates=NULL,
|
||||
storage_accounts=NULL,
|
||||
|
||||
initialize=function(url, tenant="common", app=.az_cli_app_id, ..., token=NULL)
|
||||
initialize=function(url, tenant="common", app=.az_cli_app_id, ..., domain="vault.azure.net", token=NULL)
|
||||
{
|
||||
self$url <- httr::parse_url(url)
|
||||
self$tenant <- tenant
|
||||
if(!is_url(url))
|
||||
url <- sprintf("https://%s.%s", url, domain)
|
||||
|
||||
# "https://vault.azure.net/" (with trailing slash) will fail
|
||||
if(is.null(token))
|
||||
token <- get_azure_token("https://vault.azure.net", tenant=tenant, app=app, ...)
|
||||
token <- get_azure_token(sprintf("https://%s", domain), tenant=tenant, app=app, ...)
|
||||
|
||||
self$url <- httr::parse_url(url)
|
||||
self$token <- token
|
||||
|
||||
self$keys <- vault_keys$new(self$token, self$url)
|
||||
self$secrets <- vault_secrets$new(self$token, self$url)
|
||||
self$certificates <- vault_certificates$new(self$token, self$url)
|
||||
#self$storage_accounts <- vault_storage_accounts$new(self$token, self$url)
|
||||
#self$storage <- vault_storage_accounts$new(self$token, self$url)
|
||||
},
|
||||
|
||||
call_endpoint=function(op="", ..., options=list(),
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче