Azure · gracewilcox · Apr 21, 2023 · Apr 21, 2023 · Apr 21, 2023 · Apr 21, 2023
@@ -2,17 +2,17 @@
 
 >**Note:** The Administration module only works with [Managed HSM][managed_hsm] – functions targeting a Key Vault will fail.
 
-* Vault administration (this module) - role-based access control (RBAC), settings, and vault-level backup and restore options
+* Managed HSM administration (this module) - role-based access control (RBAC), settings, and vault-level backup and restore options
 * Certificate management ([azcertificates](https://aka.ms/azsdk/go/keyvault-certificates/docs)) - create, manage, and deploy public and private SSL/TLS certificates
-* Cryptographic key management ([azkeys](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys)) - create, store, and control access to the keys used to encrypt your data
+* Cryptographic key management ([azkeys](https://aka.ms/azsdk/go/keyvault-keys/docs)) - create, store, and control access to the keys used to encrypt your data
 * Secrets management ([azsecrets](https://aka.ms/azsdk/go/keyvault-secrets/docs)) - securely store and control access to tokens, passwords, certificates, API keys, and other secrets
 
 Azure Key Vault Managed HSM is a fully-managed, highly-available, single-tenant, standards-compliant cloud service that enables you to safeguard
 cryptographic keys for your cloud applications using FIPS 140-2 Level 3 validated HSMs.
 
 The Azure Key Vault administration library clients support administrative tasks such as full backup / restore, key-level role-based access control (RBAC), and settings management.
 
-Source code | Package (pkg.go.dev)| [Product documentation][managed_hsm_docs] | Samples
+[Source code][azadmin_repo] | [Package (pkg.go.dev)][azadmin_pkg_go]| [Product documentation][managed_hsm_docs] | Samples ([backup][azadmin_pkg_go_samples_backup], [rbac][azadmin_pkg_go_samples_rbac], [settings][azadmin_pkg_go_samples_settings])
 
 ## Getting started
 
@@ -23,14 +23,14 @@ Install `azadmin` and `azidentity` with `go get`:
 go get github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azadmin
 go get github.com/Azure/azure-sdk-for-go/sdk/azidentity
 ```
-[azidentity][azure_identity] is used for Azure Active Directory authentication during client contruction.
+[azidentity][azure_identity] is used for Azure Active Directory authentication. It creates a credential which is passed to the client contructor as shown in the examples below.
 
 
 ### Prerequisites
 
 * An [Azure subscription][azure_sub].
 * A supported Go version (the Azure SDK supports the two most recent Go releases)
-* An existing [Key Vault Managed HSM][managed_hsm]. If you need to create one, you can do so using the Azure CLI by following the steps in [this document][create_managed_hsm].
+* An existing [Key Vault Managed HSM][managed_hsm]. If you need to create one, you can do so [using the Azure CLI][create_managed_hsm].
 
 ### Authentication
 
@@ -42,34 +42,40 @@ The clients accept any [azidentity][azure_identity] credential. See the [azident
 
 Constructing the client also requires your Managed HSM's URL, which you can get from the Azure CLI or the Azure Portal.
 
+- [Example backup client](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azadmin/backup#example-NewClient)
+- [Example rbac client][azadmin_pkg_go_samples_rbac]
+- [Example settings client](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azadmin/settings#example-NewClient)
+
 ## Key concepts
 
 ### RoleDefinition
 
-A `RoleDefinition` is a collection of permissions. A role definition defines the operations that can be performed, such as read, write,
-and delete. It can also define the operations that are excluded from allowed operations.
+A `RoleDefinition` is a collection of permissions. A role definition defines the operations that can be performed, such as read, write, and delete. It can also define the operations that are excluded from allowed operations.
 
-RoleDefinitions can be listed and specified as part of a `RoleAssignment`.
+A `RoleDefinition` can be listed and specified as part of a `RoleAssignment`.
 
 ### RoleAssignment
 
 A `RoleAssignment` is the association of a RoleDefinition to a service principal. They can be created, listed, fetched individually, and deleted.
 
 ### rbac.Client
 
-An `rbac.Client` allows for management of `RoleDefinition` and `RoleAssignment` types.
+An `rbac.Client` manages `RoleDefinition` and `RoleAssignment` types.
 
 ### backup.Client
 
-A `backup.Client` allows for performing full key backups, full key restores, and selective key restores.
+A `backup.Client` performs full key backups, full key restores, and selective key restores.
 
 ### settings.Client
 
 A `settings.Client` provides methods to update, get, and list settings for a Managed HSM.
 
 ## Examples
 
-Get started with our examples.
+Get started with our examples:
+- [backup][azadmin_pkg_go_samples_backup]  
+- [rbac][azadmin_pkg_go_samples_rbac]
+- [settings][azadmin_pkg_go_samples_settings]
 
 ## Troubleshooting
 
@@ -136,6 +142,11 @@ or contact [email protected] with any
 additional questions or comments.
 
 <!-- LINKS -->
+[azadmin_repo]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/security/keyvault/azadmin
+[azadmin_pkg_go]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azadmin
+[azadmin_pkg_go_samples_backup]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azadmin/backup#pkg-examples
+[azadmin_pkg_go_samples_rbac]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azadmin/rbac#pkg-examples
+[azadmin_pkg_go_samples_settings]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azadmin/settings#pkg-examples
 [azure_identity]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity
 [azure_sub]: https://azure.microsoft.com/free
 [create_managed_hsm]: https://learn.microsoft.com/azure/key-vault/managed-hsm/quick-create-cli

@@ -14,8 +14,8 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
-	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
 	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azadmin/backup"
+	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
 	"github.com/stretchr/testify/require"
 )
 

@@ -10,8 +10,8 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
-	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
 	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azadmin/backup"
+	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
 )
 
 var client *backup.Client

@@ -6,14 +6,13 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v0.11.0
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0
 	github.com/google/uuid v1.3.0
 	github.com/stretchr/testify v1.8.2
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dnaeon/go-vcr v1.2.0 // indirect
@@ -22,9 +21,9 @@ require (
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	golang.org/x/crypto v0.6.0 // indirect
-	golang.org/x/net v0.7.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
@@ -4,10 +4,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1 h1:T8quHYlUGyb/oqtSTwqlC
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1/go.mod h1:gLa1CL2RNE4s7M3yopJ/p0iq5DdY6Yv5ZUt9MTRZOQM=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0 h1:TOFrNxfjslms5nLLIMjW7N0+zSALX4KiGsptmpb16AA=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0/go.mod h1:EAyXOW1F6BTJPiK2pDvmnvxOHPxoTYWoqBeIlql+QhI=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 h1:Lg6BW0VPmCwcMlvOviL3ruHFO+H9tZNqscK0AeuFjGM=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v0.11.0 h1:efdSCWUBtk2FUUIlEfZhRQyVIM3Ts8lA3vaF18amnwo=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v0.11.0/go.mod h1:LLJYu/UhJ8GpH5PtJc06RmJ1gJ5mPCSc1PiDMW17MHM=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 h1:T028gtTPiYt/RMUfs8nVsAL7FDQrfLlrm/NnRG/zcC4=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0/go.mod h1:cw4zVQgBby0Z5f2v0itn6se2dDP17nTjbZFXW5uPyHA=
 github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1 h1:oPdPEZFSbl7oSPEAIPMPBMUmiL+mqgzBJwM/9qYcwNg=
@@ -37,13 +35,13 @@ github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

@@ -15,7 +15,7 @@ import (
 
 var client rbac.Client
 
-func ExampleClient() {
+func ExampleNewClient() {
 	vaultURL := "https://<TODO: your vault name>.managedhsm.azure.net/"
 	cred, err := azidentity.NewDefaultAzureCredential(nil)
 	if err != nil {
@@ -34,11 +34,11 @@ func ExampleClient_CreateOrUpdateRoleDefinition() {
 	scope := rbac.RoleScopeGlobal
 	name := uuid.New().String()
 	roleType := rbac.RoleTypeCustomRole
-	roleName := "ExampleRoleName"
+	roleName := "<role name>"
 	parameters := rbac.RoleDefinitionCreateParameters{
 		Properties: &rbac.RoleDefinitionProperties{
 			AssignableScopes: []*rbac.RoleScope{to.Ptr(scope)},
-			Description:      to.Ptr("Example description"),
+			Description:      to.Ptr("<description>"),
 			Permissions:      []*rbac.Permission{{DataActions: []*rbac.DataAction{to.Ptr(rbac.DataActionBackupHsmKeys), to.Ptr(rbac.DataActionCreateHsmKey)}}},
 			RoleName:         to.Ptr(roleName),
 			RoleType:         to.Ptr(roleType),
@@ -70,3 +70,69 @@ func ExampleClient_CreateRoleAssignment() {
 
 	fmt.Printf("Role Assignment Name: %s", *roleAssignment.Name)
 }
+
+func ExampleClient_DeleteRoleAssignment() {
+	deletedRoleAssignment, err := client.DeleteRoleAssignment(context.Background(), rbac.RoleScopeGlobal, "<role assignment name>", nil)
+	if err != nil {
+		// TODO: handle error
+	}
+
+	fmt.Printf("Deleted Role Assignment Name: %s", *deletedRoleAssignment.Name)
+}
+
+func ExampleClient_DeleteRoleDefinition() {
+	deletedRoleDefinition, err := client.DeleteRoleDefinition(context.Background(), rbac.RoleScopeGlobal, "<role definition name>", nil)
+	if err != nil {
+		// TODO: handle error
+	}
+
+	fmt.Printf("Deleted Role Definition Name: %s", *deletedRoleDefinition.Name)
+}
+
+func ExampleClient_GetRoleAssignment() {
+	roleAssignment, err := client.GetRoleAssignment(context.Background(), rbac.RoleScopeGlobal, "<role assignment name>", nil)
+	if err != nil {
+		// TODO: handle error
+	}
+
+	fmt.Printf("Role Assignment Name: %s", *roleAssignment.Name)
+}
+
+func ExampleClient_GetRoleDefinition() {
+	roleDefinition, err := client.GetRoleDefinition(context.Background(), rbac.RoleScopeGlobal, "<role definition name>", nil)
+	if err != nil {
+		// TODO: handle error
+	}
+
+	fmt.Printf("Role Definition Name: %s", *roleDefinition.Name)
+}
+
+func ExampleClient_NewListRoleAssignmentsPager() {
+	pager := client.NewListRoleAssignmentsPager(rbac.RoleScopeGlobal, nil)
+
+	for pager.More() {
+		nextResult, err := pager.NextPage(context.TODO())
+		if err != nil {
+			//TODO: handle error
+		}
+		fmt.Println("Role Assignment Name List")
+		for index, roleAssignment := range nextResult.Value {
+			fmt.Printf("%d) %s\n", index, *roleAssignment.Name)
+		}
+	}
+}
+
+func ExampleClient_NewListRoleDefinitionsPager() {
+	pager := client.NewListRoleAssignmentsPager(rbac.RoleScopeGlobal, nil)
+
+	for pager.More() {
+		nextResult, err := pager.NextPage(context.TODO())
+		if err != nil {
+			//TODO: handle error
+		}
+		fmt.Println("Role Definition Name List")
+		for index, roleDefinition := range nextResult.Value {
+			fmt.Printf("%d) %s\n", index, *roleDefinition.Name)
+		}
+	}
+}
@@ -1,6 +1,7 @@
 # Azure Key Vault Certificates client module for Go
 
 * Certificate management (this module) - create, manage, and deploy public and private SSL/TLS certificates
+* Managed HSM administration ([azadmin](https://aka.ms/azsdk/go/keyvault-admin/docs)) - role-based access control (RBAC), settings, and vault-level backup and restore options
 * Cryptographic key management ([azkeys](https://aka.ms/azsdk/go/keyvault-keys/docs)) - create, store, and control access to the keys used to encrypt your data
 * Secrets management ([azsecrets](https://aka.ms/azsdk/go/keyvault-secrets/docs)) - securely store and control access to tokens, passwords, certificates, API keys, and other secrets
 
@@ -56,7 +57,7 @@ func main() {
 
 ### Client
 
-With a [Client][client_docs] you can get certificates from the vault, create new certificates and
+With a [Client][client_docs], you can get certificates from the vault, create new certificates and
 new versions of existing certificates, update certificate metadata, and delete certificates. You
 can also manage certificate issuers, contacts, and management policies of certificates. This is
 illustrated in the [examples](#examples) below.
@@ -136,7 +137,7 @@ This project has adopted the [Microsoft Open Source Code of Conduct][code_of_con
 [azure_sub]: https://azure.microsoft.com/free/
 [code_of_conduct]: https://opensource.microsoft.com/codeofconduct/
 [keyvault_docs]: https://docs.microsoft.com/azure/key-vault/
-[client_docs]: https://aka.ms/azsdk/go/azcertificates
+[client_docs]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates#Client
 [reference_docs]: https://aka.ms/azsdk/go/keyvault-certificates/docs
 [certificates_client_src]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/security/keyvault/azcertificates
 [certificates_samples]: https://aka.ms/azsdk/go/keyvault-certificates/docs#pkg-examples

@@ -1,8 +1,9 @@
 # Azure Key Vault Keys client module for Go
 
 * Cryptographic key management (this module) - create, store, and control access to the keys used to encrypt your data
-* Secrets management ([azsecrets](https://aka.ms/azsdk/go/keyvault-secrets/docs)) - securely store and control access to tokens, passwords, certificates, API keys, and other secrets
+* Managed HSM administration ([azadmin](https://aka.ms/azsdk/go/keyvault-admin/docs)) - role-based access control (RBAC), settings, and vault-level backup and restore options
 * Certificate management ([azcertificates](https://aka.ms/azsdk/go/keyvault-certificates/docs)) - create, manage, and deploy public and private SSL/TLS certificates
+* Secrets management ([azsecrets](https://aka.ms/azsdk/go/keyvault-secrets/docs)) - securely store and control access to tokens, passwords, certificates, API keys, and other secrets
 
 [Source code][key_client_src] | [Package (pkg.go.dev)][goget_azkeys] | [Product documentation][keyvault_docs] | [Samples][keys_samples]
 

@@ -2,8 +2,9 @@
 
 Azure Key Vault helps solve the following problems:
 * Secrets management (this module) - securely store and control access to tokens, passwords, certificates, API keys, and other secrets
-* Cryptographic key management ([azkeys](https://azsdk/go/keyvault-keys/docs)) - create, store, and control access to the keys used to encrypt your data
+* Managed HSM administration ([azadmin](https://aka.ms/azsdk/go/keyvault-admin/docs)) - role-based access control (RBAC), settings, and vault-level backup and restore options
 * Certificate management ([azcertificates](https://aka.ms/azsdk/go/keyvault-certificates/docs)) - create, manage, and deploy public and private SSL/TLS certificates
+* Cryptographic key management ([azkeys](https://azsdk/go/keyvault-keys/docs)) - create, store, and control access to the keys used to encrypt your data
 
 [Source code][module_source] | [Package (pkg.go.dev)][reference_docs] | [Product documentation][keyvault_docs] | [Samples][secrets_samples]
 
@@ -61,7 +62,7 @@ A secret consists of a secret value and its associated metadata and management i
 
 ## Examples
 
-Get started with our [examples](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets#pkg-examples).
+Get started with our [examples][secrets_samples].
 
 ## Troubleshooting
 
@@ -137,7 +138,7 @@ This project has adopted the [Microsoft Open Source Code of Conduct][code_of_con
 [managed_identity]: https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview
 [reference_docs]: https://aka.ms/azsdk/go/keyvault-secrets/docs
 [client_docs]: https://aka.ms/azsdk/go/keyvault-secrets/docs#Client
-[module_source]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/keyvault/azsecrets
-[secrets_samples]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/keyvault/azsecrets/example_test.go
+[module_source]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/security/keyvault/azsecrets
+[secrets_samples]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets#pkg-examples
 
 ![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-go%2Fsdk%2Fsecurity%2Fkeyvault%2Fazsecrets%2FREADME.png)