diff --git a/R/object_props.R b/R/object_props.R index 34e13c5..dc93e8a 100644 --- a/R/object_props.R +++ b/R/object_props.R @@ -1,3 +1,27 @@ +#' Helper functions for key vault objects +#' +#' @param type For key properties, the type of key to create: RSA or elliptic curve (EC). Adding the "-HSM" suffix indicates a hardware key (requires a premium key vault). +#' @param ec_curve For an EC key, the type of elliptic curve. +#' @param rsa_key_size For an RSA key, the key size, either 2048, 3072 or 4096. +#' @param key_exportable For a key used in a certificate, whether it should be exportable. +#' @param reuse_key For a key used in a certificate, whether it should be reused when renewing the certificate. +#' @param dns_names,emails,upns For `cert_x509_properties`, the possible subject alternative names (SANs) for a certificate. These should be character vectors. +#' @param key_usages For `cert_x509_properties`, a character vector of key usages. +#' @param enhanced_key_usages For `cert_x509_properties`, a character vector of enhanced key usages (EKUs). +#' @param valid For `cert_x509_properties`, the number of months the certificate should be valid for. +#' @param issuer For `cert_issuer_properties`, the name of the issuer. Defaults to "self" for a self-signed certificate. +#' @param type For `cert_issuer_properties`, the type of certificate to issue. +#' @param transparent For `cert_issuer_properties`, whether the certificate should be transparent. +#' @param auto_renew For `cert_expiry_actions`, when to automatically renew the certificate. If this is a number between 0 and 1, it is interpreted as the fraction of lifetime remaining; if greater than 1, the number of days remaining. +#' @param email_contacts For `cert_expiry_actions`, when to notify the listed contacts for the key vault that a certificate is about to expire. If this is a number between 0 and 1, it is interpreted as the fraction of lifetime remaining; if greater than 1, the number of days remaining. +#' @param enabled For `vault_object_attrs`, whether this stored object (key, secret, certificate, storage account) is enabled. +#' @param expiry_date,activation_date For `vault_object_attrs`, the optional expiry date and activation date of the stored object. Can be any R object that can be coerced to POSIXct format. +#' @param recovery_level For `vault_object_attrs`, the recovery level for the stored object. +#' +#' @details +#' These are convenience functions for specifying the properties of objects stored in a key vault. They return lists of fields to pass to the REST API. +#' +#' @rdname helpers #' @export key_properties <- function(type=c("RSA", "RSA-HSM", "EC", "EC-HSM"), ec_curve=NULL, rsa_key_size=NULL) { @@ -10,6 +34,7 @@ key_properties <- function(type=c("RSA", "RSA-HSM", "EC", "EC-HSM"), ec_curve=NU } +#' @rdname helpers #' @export cert_key_properties <- function(type=c("RSA", "RSA-HSM", "EC", "EC-HSM"), ec_curve=NULL, rsa_key_size=NULL, key_exportable=TRUE, reuse_key=FALSE) @@ -19,6 +44,7 @@ cert_key_properties <- function(type=c("RSA", "RSA-HSM", "EC", "EC-HSM"), ec_cur } +#' @rdname helpers #' @export cert_x509_properties=function(dns_names=character(), emails=character(), upns=character(), key_usages=character(), enhanced_key_usages=character(), valid=NULL) @@ -29,6 +55,7 @@ cert_x509_properties=function(dns_names=character(), emails=character(), upns=ch } +#' @rdname helpers #' @export cert_issuer_properties=function(issuer="self", type=NULL, transparent=NULL) { @@ -36,6 +63,7 @@ cert_issuer_properties=function(issuer="self", type=NULL, transparent=NULL) } +#' @rdname helpers #' @export cert_expiry_actions <- function(auto_renew=NULL, email_contacts=NULL) { @@ -58,6 +86,7 @@ cert_expiry_actions <- function(auto_renew=NULL, email_contacts=NULL) } +#' @rdname helpers #' @export vault_object_attrs <- function(enabled=TRUE, expiry_date=NULL, activation_date=NULL, recovery_level=NULL) { @@ -77,6 +106,16 @@ compact <- function(lst) } +make_vault_date <- function(date) +{ + if(is_empty(date)) + NULL + else if(inherits(date, "POSIXt")) + as.numeric(date) + else as.numeric(as.POSIXct(date)) +} + + int_to_date <- function(dte) { if(is_empty(dte)) diff --git a/R/utils.R b/R/utils.R index 5d548bd..e52ed0a 100644 --- a/R/utils.R +++ b/R/utils.R @@ -111,13 +111,3 @@ delete_confirmed <- function(confirm, name, type) return(tolower(substr(yn, 1, 1)) == "y") } - -make_vault_date <- function(date) -{ - if(is_empty(date)) - NULL - else if(inherits(date, "POSIXt")) - as.numeric(date) - else as.numeric(as.POSIXct(date)) -} - diff --git a/man/helpers.Rd b/man/helpers.Rd new file mode 100644 index 0000000..7ff64fb --- /dev/null +++ b/man/helpers.Rd @@ -0,0 +1,71 @@ +% Generated by roxygen2: do not edit by hand +% Please edit documentation in R/object_props.R +\name{key_properties} +\alias{key_properties} +\alias{cert_key_properties} +\alias{cert_x509_properties} +\alias{cert_issuer_properties} +\alias{cert_expiry_actions} +\alias{vault_object_attrs} +\title{Helper functions for key vault objects} +\usage{ +key_properties(type = c("RSA", "RSA-HSM", "EC", "EC-HSM"), + ec_curve = NULL, rsa_key_size = NULL) + +cert_key_properties(type = c("RSA", "RSA-HSM", "EC", "EC-HSM"), + ec_curve = NULL, rsa_key_size = NULL, key_exportable = TRUE, + reuse_key = FALSE) + +cert_x509_properties(dns_names = character(), emails = character(), + upns = character(), key_usages = character(), + enhanced_key_usages = character(), valid = NULL) + +cert_issuer_properties(issuer = "self", type = NULL, + transparent = NULL) + +cert_expiry_actions(auto_renew = NULL, email_contacts = NULL) + +vault_object_attrs(enabled = TRUE, expiry_date = NULL, + activation_date = NULL, recovery_level = NULL) +} +\arguments{ +\item{type}{For key properties, the type of key to create: RSA or elliptic curve (EC). Adding the "-HSM" suffix indicates a hardware key (requires a premium key vault).} + +\item{ec_curve}{For an EC key, the type of elliptic curve.} + +\item{rsa_key_size}{For an RSA key, the key size, either 2048, 3072 or 4096.} + +\item{key_exportable}{For a key used in a certificate, whether it should be exportable.} + +\item{reuse_key}{For a key used in a certificate, whether it should be reused when renewing the certificate.} + +\item{dns_names, emails, upns}{For \code{cert_x509_properties}, the possible subject alternative names (SANs) for a certificate. These should be character vectors.} + +\item{key_usages}{For \code{cert_x509_properties}, a character vector of key usages.} + +\item{enhanced_key_usages}{For \code{cert_x509_properties}, a character vector of enhanced key usages (EKUs).} + +\item{valid}{For \code{cert_x509_properties}, the number of months the certificate should be valid for.} + +\item{issuer}{For \code{cert_issuer_properties}, the name of the issuer. Defaults to "self" for a self-signed certificate.} + +\item{transparent}{For \code{cert_issuer_properties}, whether the certificate should be transparent.} + +\item{auto_renew}{For \code{cert_expiry_actions}, when to automatically renew the certificate. If this is a number between 0 and 1, it is interpreted as the fraction of lifetime remaining; if greater than 1, the number of days remaining.} + +\item{email_contacts}{For \code{cert_expiry_actions}, when to notify the listed contacts for the key vault that a certificate is about to expire. If this is a number between 0 and 1, it is interpreted as the fraction of lifetime remaining; if greater than 1, the number of days remaining.} + +\item{enabled}{For \code{vault_object_attrs}, whether this stored object (key, secret, certificate, storage account) is enabled.} + +\item{expiry_date, activation_date}{For \code{vault_object_attrs}, the optional expiry date and activation date of the stored object. Can be any R object that can be coerced to POSIXct format.} + +\item{recovery_level}{For \code{vault_object_attrs}, the recovery level for the stored object.} + +\item{type}{For \code{cert_issuer_properties}, the type of certificate to issue.} +} +\description{ +Helper functions for key vault objects +} +\details{ +These are convenience functions for specifying the properties of objects stored in a key vault. They return lists of fields to pass to the REST API. +}