diff --git a/azurerm/data_source_key_vault_access_policy.go b/azurerm/data_source_key_vault_access_policy.go new file mode 100644 index 000000000000..370cc2582493 --- /dev/null +++ b/azurerm/data_source_key_vault_access_policy.go @@ -0,0 +1,107 @@ +package azurerm + +import ( + "strings" + + "github.com/Azure/azure-sdk-for-go/arm/keyvault" + "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/helper/validation" +) + +func dataSourceArmKeyVaultAccessPolicy() *schema.Resource { + return &schema.Resource{ + Read: dataSourceArmKeyVaultAccessPolicyRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{ + "Key Management", + "Secret Management", + "Certificate Management", + "Key & Secret Management", + "Key & Certificate Management", + "Secret & Certificate Management", + "Key, Secret, & Certificate Management", + }, false), + }, + + // Computed + "certificate_permissions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "key_permissions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "secret_permissions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceArmKeyVaultAccessPolicyRead(d *schema.ResourceData, meta interface{}) error { + name := d.Get("name").(string) + templateManagementPermissions := map[string][]string{ + "key": { + string(keyvault.KeyPermissionsGet), + string(keyvault.KeyPermissionsList), + string(keyvault.KeyPermissionsUpdate), + string(keyvault.KeyPermissionsCreate), + string(keyvault.KeyPermissionsImport), + string(keyvault.KeyPermissionsDelete), + string(keyvault.KeyPermissionsRecover), + string(keyvault.KeyPermissionsBackup), + string(keyvault.KeyPermissionsRestore), + }, + "secret": { + string(keyvault.SecretPermissionsGet), + string(keyvault.SecretPermissionsList), + string(keyvault.SecretPermissionsSet), + string(keyvault.SecretPermissionsDelete), + string(keyvault.SecretPermissionsRecover), + string(keyvault.SecretPermissionsBackup), + string(keyvault.SecretPermissionsRestore), + }, + "certificate": { + string(keyvault.Get), + string(keyvault.List), + string(keyvault.Update), + string(keyvault.Create), + string(keyvault.Import), + string(keyvault.Delete), + string(keyvault.Managecontacts), + string(keyvault.Manageissuers), + string(keyvault.Getissuers), + string(keyvault.Listissuers), + string(keyvault.Setissuers), + string(keyvault.Deleteissuers), + }, + } + + d.SetId(name) + + if strings.Contains(name, "Key") { + d.Set("key_permissions", templateManagementPermissions["key"]) + } + if strings.Contains(name, "Secret") { + d.Set("secret_permissions", templateManagementPermissions["secret"]) + } + if strings.Contains(name, "Certificate") { + d.Set("certificate_permissions", templateManagementPermissions["certificate"]) + } + + return nil +} diff --git a/azurerm/data_source_key_vault_access_policy_test.go b/azurerm/data_source_key_vault_access_policy_test.go new file mode 100644 index 000000000000..5a147db6e01a --- /dev/null +++ b/azurerm/data_source_key_vault_access_policy_test.go @@ -0,0 +1,142 @@ +package azurerm + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccDataSourceAzureRMKeyVaultAccessPolicy_key(t *testing.T) { + dataSourceName := "data.azurerm_key_vault_access_policy.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceKeyVaultAccessPolicy("Key Management"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(dataSourceName, "key_permissions.#", "9"), + resource.TestCheckNoResourceAttr(dataSourceName, "secret_permissions"), + resource.TestCheckNoResourceAttr(dataSourceName, "certificate_permissions"), + ), + }, + }, + }) +} + +func TestAccDataSourceAzureRMKeyVaultAccessPolicy_secret(t *testing.T) { + dataSourceName := "data.azurerm_key_vault_access_policy.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceKeyVaultAccessPolicy("Secret Management"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckNoResourceAttr(dataSourceName, "key_permissions"), + resource.TestCheckResourceAttr(dataSourceName, "secret_permissions.#", "7"), + resource.TestCheckNoResourceAttr(dataSourceName, "certificate_permissions"), + ), + }, + }, + }) +} + +func TestAccDataSourceAzureRMKeyVaultAccessPolicy_certificate(t *testing.T) { + dataSourceName := "data.azurerm_key_vault_access_policy.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceKeyVaultAccessPolicy("Certificate Management"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckNoResourceAttr(dataSourceName, "key_permissions"), + resource.TestCheckNoResourceAttr(dataSourceName, "secret_permissions"), + resource.TestCheckResourceAttr(dataSourceName, "certificate_permissions.#", "12"), + ), + }, + }, + }) +} + +func TestAccDataSourceAzureRMKeyVaultAccessPolicy_keySecret(t *testing.T) { + dataSourceName := "data.azurerm_key_vault_access_policy.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceKeyVaultAccessPolicy("Key & Secret Management"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(dataSourceName, "key_permissions.#", "9"), + resource.TestCheckResourceAttr(dataSourceName, "secret_permissions.#", "7"), + resource.TestCheckNoResourceAttr(dataSourceName, "certificate_permissions"), + ), + }, + }, + }) +} + +func TestAccDataSourceAzureRMKeyVaultAccessPolicy_keyCertificate(t *testing.T) { + dataSourceName := "data.azurerm_key_vault_access_policy.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceKeyVaultAccessPolicy("Key & Certificate Management"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(dataSourceName, "key_permissions.#", "9"), + resource.TestCheckNoResourceAttr(dataSourceName, "secret_permissions"), + resource.TestCheckResourceAttr(dataSourceName, "certificate_permissions.#", "12"), + ), + }, + }, + }) +} + +func TestAccDataSourceAzureRMKeyVaultAccessPolicy_secretCertificate(t *testing.T) { + dataSourceName := "data.azurerm_key_vault_access_policy.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceKeyVaultAccessPolicy("Secret & Certificate Management"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckNoResourceAttr(dataSourceName, "key_permissions"), + resource.TestCheckResourceAttr(dataSourceName, "secret_permissions.#", "7"), + resource.TestCheckResourceAttr(dataSourceName, "certificate_permissions.#", "12"), + ), + }, + }, + }) +} + +func TestAccDataSourceAzureRMKeyVaultAccessPolicy_keySecretCertificate(t *testing.T) { + dataSourceName := "data.azurerm_key_vault_access_policy.test" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceKeyVaultAccessPolicy("Key, Secret, & Certificate Management"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(dataSourceName, "key_permissions.#", "9"), + resource.TestCheckResourceAttr(dataSourceName, "secret_permissions.#", "7"), + resource.TestCheckResourceAttr(dataSourceName, "certificate_permissions.#", "12"), + ), + }, + }, + }) +} + +func testAccDataSourceKeyVaultAccessPolicy(name string) string { + return fmt.Sprintf(` +data "azurerm_key_vault_access_policy" "test" { + name = "%s" +} +`, name) +} diff --git a/azurerm/provider.go b/azurerm/provider.go index 693a6b777341..c159bc32029f 100644 --- a/azurerm/provider.go +++ b/azurerm/provider.go @@ -71,6 +71,7 @@ func Provider() terraform.ResourceProvider { "azurerm_builtin_role_definition": dataSourceArmBuiltInRoleDefinition(), "azurerm_client_config": dataSourceArmClientConfig(), "azurerm_image": dataSourceArmImage(), + "azurerm_key_vault_access_policy": dataSourceArmKeyVaultAccessPolicy(), "azurerm_managed_disk": dataSourceArmManagedDisk(), "azurerm_platform_image": dataSourceArmPlatformImage(), "azurerm_public_ip": dataSourceArmPublicIP(), diff --git a/azurerm/resource_arm_key_vault.go b/azurerm/resource_arm_key_vault.go index 7054935ddf5a..7380c55cf9d9 100644 --- a/azurerm/resource_arm_key_vault.go +++ b/azurerm/resource_arm_key_vault.go @@ -14,7 +14,7 @@ import ( "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/validation" - "github.com/satori/uuid" + uuid "github.com/satori/go.uuid" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) @@ -32,6 +32,8 @@ func resourceArmKeyVault() *schema.Resource { Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, }, + MigrateState: resourceAzureRMKeyVaultMigrateState, + SchemaVersion: 1, Schema: map[string]*schema.Schema{ "name": { @@ -101,7 +103,6 @@ func resourceArmKeyVault() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ - string(keyvault.All), string(keyvault.Create), string(keyvault.Delete), string(keyvault.Deleteissuers), @@ -124,7 +125,6 @@ func resourceArmKeyVault() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ - string(keyvault.KeyPermissionsAll), string(keyvault.KeyPermissionsBackup), string(keyvault.KeyPermissionsCreate), string(keyvault.KeyPermissionsDecrypt), @@ -133,6 +133,8 @@ func resourceArmKeyVault() *schema.Resource { string(keyvault.KeyPermissionsGet), string(keyvault.KeyPermissionsImport), string(keyvault.KeyPermissionsList), + string(keyvault.KeyPermissionsPurge), + string(keyvault.KeyPermissionsRecover), string(keyvault.KeyPermissionsRestore), string(keyvault.KeyPermissionsSign), string(keyvault.KeyPermissionsUnwrapKey), @@ -149,10 +151,13 @@ func resourceArmKeyVault() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ - string(keyvault.SecretPermissionsAll), + string(keyvault.SecretPermissionsBackup), string(keyvault.SecretPermissionsDelete), string(keyvault.SecretPermissionsGet), string(keyvault.SecretPermissionsList), + string(keyvault.SecretPermissionsPurge), + string(keyvault.SecretPermissionsRecover), + string(keyvault.SecretPermissionsRestore), string(keyvault.SecretPermissionsSet), }, true), DiffSuppressFunc: ignoreCaseDiffSuppressFunc, diff --git a/azurerm/resource_arm_key_vault_migration.go b/azurerm/resource_arm_key_vault_migration.go new file mode 100644 index 000000000000..11e08275c894 --- /dev/null +++ b/azurerm/resource_arm_key_vault_migration.go @@ -0,0 +1,167 @@ +package azurerm + +import ( + "fmt" + "log" + "strings" + + "github.com/Azure/azure-sdk-for-go/arm/keyvault" + "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/terraform" +) + +func resourceAzureRMKeyVaultMigrateState(v int, is *terraform.InstanceState, meta interface{}) (*terraform.InstanceState, error) { + switch v { + case 0: + log.Println("[INFO] Found AzureRM Key Vault State v0; migrating to v1") + return migrateAzureRMKeyVaultStateV0toV1(is) + default: + return is, fmt.Errorf("Unexpected schema version: %d", v) + } +} + +func migrateAzureRMKeyVaultStateV0toV1(is *terraform.InstanceState) (*terraform.InstanceState, error) { + if is.Empty() { + log.Println("[DEBUG] Empty InstanceState; nothing to migrate.") + return is, nil + } + + log.Printf("[DEBUG] ARM Key Vault Attributes before Migration: %#v", is.Attributes) + + err := migrateAzureRMKeyVaultStateV0toV1AccessPolicies(is) + if err != nil { + return nil, err + } + + log.Printf("[DEBUG] ARM Key Vault Attributes after State Migration: %#v", is.Attributes) + + return is, nil +} + +func migrateAzureRMKeyVaultStateV0toV1AccessPolicies(is *terraform.InstanceState) error { + keyVaultSchema := resourceArmKeyVault().Schema + reader := &schema.MapFieldReader{ + Schema: keyVaultSchema, + Map: schema.BasicMapReader(is.Attributes), + } + + // parse and update the existing data + result, err := reader.ReadField([]string{"access_policy"}) + if err != nil { + return err + } + + inputAccessPolicies := result.Value.([]interface{}) + + if len(inputAccessPolicies) == 0 { + return nil + } + + outputAccessPolicies := make([]interface{}, 0) + for _, accessPolicy := range inputAccessPolicies { + policy := accessPolicy.(map[string]interface{}) + + if v, ok := policy["certificate_permissions"]; ok { + inputCertificatePermissions := v.([]interface{}) + outputCertificatePermissions := make([]string, 0) + for _, p := range inputCertificatePermissions { + permission := p.(string) + if strings.ToLower(permission) == "all" { + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Create)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Delete)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Deleteissuers)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Get)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Getissuers)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Import)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.List)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Listissuers)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Managecontacts)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Manageissuers)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Setissuers)) + outputCertificatePermissions = append(outputCertificatePermissions, string(keyvault.Update)) + break + } + } + + if len(outputCertificatePermissions) > 0 { + policy["certificate_permissions"] = outputCertificatePermissions + } + } + + if v, ok := policy["key_permissions"]; ok { + inputKeyPermissions := v.([]interface{}) + outputKeyPermissions := make([]string, 0) + for _, p := range inputKeyPermissions { + permission := p.(string) + if strings.ToLower(permission) == "all" { + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsBackup)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsCreate)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsDecrypt)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsDelete)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsEncrypt)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsGet)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsImport)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsList)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsPurge)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsRecover)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsRestore)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsSign)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsUnwrapKey)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsUpdate)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsVerify)) + outputKeyPermissions = append(outputKeyPermissions, string(keyvault.KeyPermissionsWrapKey)) + break + } + } + + if len(outputKeyPermissions) > 0 { + policy["key_permissions"] = outputKeyPermissions + } + } + + if v, ok := policy["secret_permissions"]; ok { + inputSecretPermissions := v.([]interface{}) + outputSecretPermissions := make([]string, 0) + for _, p := range inputSecretPermissions { + permission := p.(string) + if strings.ToLower(permission) == "all" { + outputSecretPermissions = append(outputSecretPermissions, string(keyvault.SecretPermissionsBackup)) + outputSecretPermissions = append(outputSecretPermissions, string(keyvault.SecretPermissionsDelete)) + outputSecretPermissions = append(outputSecretPermissions, string(keyvault.SecretPermissionsGet)) + outputSecretPermissions = append(outputSecretPermissions, string(keyvault.SecretPermissionsList)) + outputSecretPermissions = append(outputSecretPermissions, string(keyvault.SecretPermissionsPurge)) + outputSecretPermissions = append(outputSecretPermissions, string(keyvault.SecretPermissionsRecover)) + outputSecretPermissions = append(outputSecretPermissions, string(keyvault.SecretPermissionsRestore)) + outputSecretPermissions = append(outputSecretPermissions, string(keyvault.SecretPermissionsSet)) + break + } + } + + if len(outputSecretPermissions) > 0 { + policy["secret_permissions"] = outputSecretPermissions + } + } + + outputAccessPolicies = append(outputAccessPolicies, policy) + } + + // remove the existing fields + for k := range is.Attributes { + if strings.HasPrefix(k, "access_policy.") { + delete(is.Attributes, k) + } + } + + // write this out + writer := schema.MapFieldWriter{ + Schema: keyVaultSchema, + } + if err := writer.WriteField([]string{"access_policy"}, outputAccessPolicies); err != nil { + return err + } + for k, v := range writer.Map() { + is.Attributes[k] = v + } + + return nil +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/client.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/client.go index 7bca66be4cf8..4cbb7dce641c 100755 --- a/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/client.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/client.go @@ -1,8 +1,6 @@ -// Package keyvault implements the Azure ARM Keyvault service API version -// 2015-06-01. +// Package keyvault implements the Azure ARM Keyvault service API version 2016-10-01. // -// The Azure management API provides a RESTful set of web services that -// interact with Azure Key Vault. +// The Azure management API provides a RESTful set of web services that interact with Azure Key Vault. package keyvault // Copyright (c) Microsoft and contributors. All rights reserved. @@ -19,9 +17,8 @@ package keyvault // See the License for the specific language governing permissions and // limitations under the License. // -// Code generated by Microsoft (R) AutoRest Code Generator 1.0.1.0 -// Changes may cause incorrect behavior and will be lost if the code is -// regenerated. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. import ( "github.com/Azure/go-autorest/autorest" diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/models.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/models.go index b0162c4b10b3..c0b4bee56e1f 100755 --- a/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/models.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/models.go @@ -14,14 +14,14 @@ package keyvault // See the License for the specific language governing permissions and // limitations under the License. // -// Code generated by Microsoft (R) AutoRest Code Generator 1.0.1.0 -// Changes may cause incorrect behavior and will be lost if the code is -// regenerated. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. import ( "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/date" "github.com/Azure/go-autorest/autorest/to" - "github.com/satori/uuid" + uuid "github.com/satori/go.uuid" "net/http" ) @@ -29,14 +29,11 @@ import ( type CertificatePermissions string const ( - // All specifies the all state for certificate permissions. - All CertificatePermissions = "all" // Create specifies the create state for certificate permissions. Create CertificatePermissions = "create" // Delete specifies the delete state for certificate permissions. Delete CertificatePermissions = "delete" - // Deleteissuers specifies the deleteissuers state for certificate - // permissions. + // Deleteissuers specifies the deleteissuers state for certificate permissions. Deleteissuers CertificatePermissions = "deleteissuers" // Get specifies the get state for certificate permissions. Get CertificatePermissions = "get" @@ -48,66 +45,65 @@ const ( List CertificatePermissions = "list" // Listissuers specifies the listissuers state for certificate permissions. Listissuers CertificatePermissions = "listissuers" - // Managecontacts specifies the managecontacts state for certificate - // permissions. + // Managecontacts specifies the managecontacts state for certificate permissions. Managecontacts CertificatePermissions = "managecontacts" - // Manageissuers specifies the manageissuers state for certificate - // permissions. + // Manageissuers specifies the manageissuers state for certificate permissions. Manageissuers CertificatePermissions = "manageissuers" + // Purge specifies the purge state for certificate permissions. + Purge CertificatePermissions = "purge" + // Recover specifies the recover state for certificate permissions. + Recover CertificatePermissions = "recover" // Setissuers specifies the setissuers state for certificate permissions. Setissuers CertificatePermissions = "setissuers" // Update specifies the update state for certificate permissions. Update CertificatePermissions = "update" ) +// CreateMode enumerates the values for create mode. +type CreateMode string + +const ( + // CreateModeDefault specifies the create mode default state for create mode. + CreateModeDefault CreateMode = "default" + // CreateModeRecover specifies the create mode recover state for create mode. + CreateModeRecover CreateMode = "recover" +) + // KeyPermissions enumerates the values for key permissions. type KeyPermissions string const ( - // KeyPermissionsAll specifies the key permissions all state for key - // permissions. - KeyPermissionsAll KeyPermissions = "all" - // KeyPermissionsBackup specifies the key permissions backup state for key - // permissions. + // KeyPermissionsBackup specifies the key permissions backup state for key permissions. KeyPermissionsBackup KeyPermissions = "backup" - // KeyPermissionsCreate specifies the key permissions create state for key - // permissions. + // KeyPermissionsCreate specifies the key permissions create state for key permissions. KeyPermissionsCreate KeyPermissions = "create" - // KeyPermissionsDecrypt specifies the key permissions decrypt state for - // key permissions. + // KeyPermissionsDecrypt specifies the key permissions decrypt state for key permissions. KeyPermissionsDecrypt KeyPermissions = "decrypt" - // KeyPermissionsDelete specifies the key permissions delete state for key - // permissions. + // KeyPermissionsDelete specifies the key permissions delete state for key permissions. KeyPermissionsDelete KeyPermissions = "delete" - // KeyPermissionsEncrypt specifies the key permissions encrypt state for - // key permissions. + // KeyPermissionsEncrypt specifies the key permissions encrypt state for key permissions. KeyPermissionsEncrypt KeyPermissions = "encrypt" - // KeyPermissionsGet specifies the key permissions get state for key - // permissions. + // KeyPermissionsGet specifies the key permissions get state for key permissions. KeyPermissionsGet KeyPermissions = "get" - // KeyPermissionsImport specifies the key permissions import state for key - // permissions. + // KeyPermissionsImport specifies the key permissions import state for key permissions. KeyPermissionsImport KeyPermissions = "import" - // KeyPermissionsList specifies the key permissions list state for key - // permissions. + // KeyPermissionsList specifies the key permissions list state for key permissions. KeyPermissionsList KeyPermissions = "list" - // KeyPermissionsRestore specifies the key permissions restore state for - // key permissions. + // KeyPermissionsPurge specifies the key permissions purge state for key permissions. + KeyPermissionsPurge KeyPermissions = "purge" + // KeyPermissionsRecover specifies the key permissions recover state for key permissions. + KeyPermissionsRecover KeyPermissions = "recover" + // KeyPermissionsRestore specifies the key permissions restore state for key permissions. KeyPermissionsRestore KeyPermissions = "restore" - // KeyPermissionsSign specifies the key permissions sign state for key - // permissions. + // KeyPermissionsSign specifies the key permissions sign state for key permissions. KeyPermissionsSign KeyPermissions = "sign" - // KeyPermissionsUnwrapKey specifies the key permissions unwrap key state - // for key permissions. + // KeyPermissionsUnwrapKey specifies the key permissions unwrap key state for key permissions. KeyPermissionsUnwrapKey KeyPermissions = "unwrapKey" - // KeyPermissionsUpdate specifies the key permissions update state for key - // permissions. + // KeyPermissionsUpdate specifies the key permissions update state for key permissions. KeyPermissionsUpdate KeyPermissions = "update" - // KeyPermissionsVerify specifies the key permissions verify state for key - // permissions. + // KeyPermissionsVerify specifies the key permissions verify state for key permissions. KeyPermissionsVerify KeyPermissions = "verify" - // KeyPermissionsWrapKey specifies the key permissions wrap key state for - // key permissions. + // KeyPermissionsWrapKey specifies the key permissions wrap key state for key permissions. KeyPermissionsWrapKey KeyPermissions = "wrapKey" ) @@ -115,20 +111,21 @@ const ( type SecretPermissions string const ( - // SecretPermissionsAll specifies the secret permissions all state for - // secret permissions. - SecretPermissionsAll SecretPermissions = "all" - // SecretPermissionsDelete specifies the secret permissions delete state - // for secret permissions. + // SecretPermissionsBackup specifies the secret permissions backup state for secret permissions. + SecretPermissionsBackup SecretPermissions = "backup" + // SecretPermissionsDelete specifies the secret permissions delete state for secret permissions. SecretPermissionsDelete SecretPermissions = "delete" - // SecretPermissionsGet specifies the secret permissions get state for - // secret permissions. + // SecretPermissionsGet specifies the secret permissions get state for secret permissions. SecretPermissionsGet SecretPermissions = "get" - // SecretPermissionsList specifies the secret permissions list state for - // secret permissions. + // SecretPermissionsList specifies the secret permissions list state for secret permissions. SecretPermissionsList SecretPermissions = "list" - // SecretPermissionsSet specifies the secret permissions set state for - // secret permissions. + // SecretPermissionsPurge specifies the secret permissions purge state for secret permissions. + SecretPermissionsPurge SecretPermissions = "purge" + // SecretPermissionsRecover specifies the secret permissions recover state for secret permissions. + SecretPermissionsRecover SecretPermissions = "recover" + // SecretPermissionsRestore specifies the secret permissions restore state for secret permissions. + SecretPermissionsRestore SecretPermissions = "restore" + // SecretPermissionsSet specifies the secret permissions set state for secret permissions. SecretPermissionsSet SecretPermissions = "set" ) @@ -142,9 +139,34 @@ const ( Standard SkuName = "standard" ) -// AccessPolicyEntry is an identity that have access to the key vault. All -// identities in the array must use the same tenant ID as the key vault's -// tenant ID. +// StoragePermissions enumerates the values for storage permissions. +type StoragePermissions string + +const ( + // StoragePermissionsDelete specifies the storage permissions delete state for storage permissions. + StoragePermissionsDelete StoragePermissions = "delete" + // StoragePermissionsDeletesas specifies the storage permissions deletesas state for storage permissions. + StoragePermissionsDeletesas StoragePermissions = "deletesas" + // StoragePermissionsGet specifies the storage permissions get state for storage permissions. + StoragePermissionsGet StoragePermissions = "get" + // StoragePermissionsGetsas specifies the storage permissions getsas state for storage permissions. + StoragePermissionsGetsas StoragePermissions = "getsas" + // StoragePermissionsList specifies the storage permissions list state for storage permissions. + StoragePermissionsList StoragePermissions = "list" + // StoragePermissionsListsas specifies the storage permissions listsas state for storage permissions. + StoragePermissionsListsas StoragePermissions = "listsas" + // StoragePermissionsRegeneratekey specifies the storage permissions regeneratekey state for storage permissions. + StoragePermissionsRegeneratekey StoragePermissions = "regeneratekey" + // StoragePermissionsSet specifies the storage permissions set state for storage permissions. + StoragePermissionsSet StoragePermissions = "set" + // StoragePermissionsSetsas specifies the storage permissions setsas state for storage permissions. + StoragePermissionsSetsas StoragePermissions = "setsas" + // StoragePermissionsUpdate specifies the storage permissions update state for storage permissions. + StoragePermissionsUpdate StoragePermissions = "update" +) + +// AccessPolicyEntry is an identity that have access to the key vault. All identities in the array must use the same +// tenant ID as the key vault's tenant ID. type AccessPolicyEntry struct { TenantID *uuid.UUID `json:"tenantId,omitempty"` ObjectID *string `json:"objectId,omitempty"` @@ -152,12 +174,49 @@ type AccessPolicyEntry struct { Permissions *Permissions `json:"permissions,omitempty"` } -// Permissions is permissions the identity has for keys, secrets and -// certificates. +// DeletedVault is deleted vault information with extended details. +type DeletedVault struct { + autorest.Response `json:"-"` + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` + Type *string `json:"type,omitempty"` + Properties *DeletedVaultProperties `json:"properties,omitempty"` +} + +// DeletedVaultListResult is list of vaults +type DeletedVaultListResult struct { + autorest.Response `json:"-"` + Value *[]DeletedVault `json:"value,omitempty"` + NextLink *string `json:"nextLink,omitempty"` +} + +// DeletedVaultListResultPreparer prepares a request to retrieve the next set of results. It returns +// nil if no more results exist. +func (client DeletedVaultListResult) DeletedVaultListResultPreparer() (*http.Request, error) { + if client.NextLink == nil || len(to.String(client.NextLink)) <= 0 { + return nil, nil + } + return autorest.Prepare(&http.Request{}, + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(client.NextLink))) +} + +// DeletedVaultProperties is properties of the deleted vault. +type DeletedVaultProperties struct { + VaultID *string `json:"vaultId,omitempty"` + Location *string `json:"location,omitempty"` + DeletionDate *date.Time `json:"deletionDate,omitempty"` + ScheduledPurgeDate *date.Time `json:"scheduledPurgeDate,omitempty"` + Tags *map[string]*string `json:"tags,omitempty"` +} + +// Permissions is permissions the identity has for keys, secrets, certificates and storage. type Permissions struct { Keys *[]KeyPermissions `json:"keys,omitempty"` Secrets *[]SecretPermissions `json:"secrets,omitempty"` Certificates *[]CertificatePermissions `json:"certificates,omitempty"` + Storage *[]StoragePermissions `json:"storage,omitempty"` } // Resource is key Vault resource @@ -188,7 +247,7 @@ func (client ResourceListResult) ResourceListResultPreparer() (*http.Request, er autorest.WithBaseURL(to.String(client.NextLink))) } -// Sku is sKU details +// Sku is SKU details type Sku struct { Family *string `json:"family,omitempty"` Name SkuName `json:"name,omitempty"` @@ -233,11 +292,13 @@ func (client VaultListResult) VaultListResultPreparer() (*http.Request, error) { // VaultProperties is properties of the vault type VaultProperties struct { - VaultURI *string `json:"vaultUri,omitempty"` TenantID *uuid.UUID `json:"tenantId,omitempty"` Sku *Sku `json:"sku,omitempty"` AccessPolicies *[]AccessPolicyEntry `json:"accessPolicies,omitempty"` + VaultURI *string `json:"vaultUri,omitempty"` EnabledForDeployment *bool `json:"enabledForDeployment,omitempty"` EnabledForDiskEncryption *bool `json:"enabledForDiskEncryption,omitempty"` EnabledForTemplateDeployment *bool `json:"enabledForTemplateDeployment,omitempty"` + EnableSoftDelete *bool `json:"enableSoftDelete,omitempty"` + CreateMode CreateMode `json:"createMode,omitempty"` } diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/vaults.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/vaults.go index 5b8c021ed0cf..47638d20626e 100755 --- a/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/vaults.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/vaults.go @@ -14,9 +14,8 @@ package keyvault // See the License for the specific language governing permissions and // limitations under the License. // -// Code generated by Microsoft (R) AutoRest Code Generator 1.0.1.0 -// Changes may cause incorrect behavior and will be lost if the code is -// regenerated. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. import ( "github.com/Azure/go-autorest/autorest" @@ -25,8 +24,8 @@ import ( "net/http" ) -// VaultsClient is the the Azure management API provides a RESTful set of web -// services that interact with Azure Key Vault. +// VaultsClient is the the Azure management API provides a RESTful set of web services that interact with Azure Key +// Vault. type VaultsClient struct { ManagementClient } @@ -43,9 +42,8 @@ func NewVaultsClientWithBaseURI(baseURI string, subscriptionID string) VaultsCli // CreateOrUpdate create or update a key vault in the specified subscription. // -// resourceGroupName is the name of the Resource Group to which the server -// belongs. vaultName is name of the vault parameters is parameters to create -// or update the vault +// resourceGroupName is the name of the Resource Group to which the server belongs. vaultName is name of the vault +// parameters is parameters to create or update the vault func (client VaultsClient) CreateOrUpdate(resourceGroupName string, vaultName string, parameters VaultCreateOrUpdateParameters) (result Vault, err error) { if err := validation.Validate([]validation.Validation{ {TargetValue: vaultName, @@ -56,7 +54,7 @@ func (client VaultsClient) CreateOrUpdate(resourceGroupName string, vaultName st Chain: []validation.Constraint{{Target: "parameters.Properties.TenantID", Name: validation.Null, Rule: true, Chain: nil}, {Target: "parameters.Properties.Sku", Name: validation.Null, Rule: true, Chain: []validation.Constraint{{Target: "parameters.Properties.Sku.Family", Name: validation.Null, Rule: true, Chain: nil}}}, - {Target: "parameters.Properties.AccessPolicies", Name: validation.Null, Rule: true, + {Target: "parameters.Properties.AccessPolicies", Name: validation.Null, Rule: false, Chain: []validation.Constraint{{Target: "parameters.Properties.AccessPolicies", Name: validation.MaxItems, Rule: 16, Chain: nil}}}, }}}}}); err != nil { return result, validation.NewErrorWithValidationError(err, "keyvault.VaultsClient", "CreateOrUpdate") @@ -91,7 +89,7 @@ func (client VaultsClient) CreateOrUpdatePreparer(resourceGroupName string, vaul "vaultName": autorest.Encode("path", vaultName), } - const APIVersion = "2015-06-01" + const APIVersion = "2016-10-01" queryParameters := map[string]interface{}{ "api-version": APIVersion, } @@ -127,8 +125,8 @@ func (client VaultsClient) CreateOrUpdateResponder(resp *http.Response) (result // Delete deletes the specified Azure key vault. // -// resourceGroupName is the name of the Resource Group to which the vault -// belongs. vaultName is the name of the vault to delete +// resourceGroupName is the name of the Resource Group to which the vault belongs. vaultName is the name of the vault +// to delete func (client VaultsClient) Delete(resourceGroupName string, vaultName string) (result autorest.Response, err error) { req, err := client.DeletePreparer(resourceGroupName, vaultName) if err != nil { @@ -159,7 +157,7 @@ func (client VaultsClient) DeletePreparer(resourceGroupName string, vaultName st "vaultName": autorest.Encode("path", vaultName), } - const APIVersion = "2015-06-01" + const APIVersion = "2016-10-01" queryParameters := map[string]interface{}{ "api-version": APIVersion, } @@ -192,8 +190,7 @@ func (client VaultsClient) DeleteResponder(resp *http.Response) (result autorest // Get gets the specified Azure key vault. // -// resourceGroupName is the name of the Resource Group to which the vault -// belongs. vaultName is the name of the vault. +// resourceGroupName is the name of the Resource Group to which the vault belongs. vaultName is the name of the vault. func (client VaultsClient) Get(resourceGroupName string, vaultName string) (result Vault, err error) { req, err := client.GetPreparer(resourceGroupName, vaultName) if err != nil { @@ -224,7 +221,7 @@ func (client VaultsClient) GetPreparer(resourceGroupName string, vaultName strin "vaultName": autorest.Encode("path", vaultName), } - const APIVersion = "2015-06-01" + const APIVersion = "2016-10-01" queryParameters := map[string]interface{}{ "api-version": APIVersion, } @@ -256,11 +253,74 @@ func (client VaultsClient) GetResponder(resp *http.Response) (result Vault, err return } -// List the List operation gets information about the vaults associated with -// the subscription. +// GetDeleted gets the deleted Azure key vault. // -// filter is the filter to apply on the operation. top is maximum number of -// results to return. +// vaultName is the name of the vault. location is the location of the deleted vault. +func (client VaultsClient) GetDeleted(vaultName string, location string) (result DeletedVault, err error) { + req, err := client.GetDeletedPreparer(vaultName, location) + if err != nil { + err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "GetDeleted", nil, "Failure preparing request") + return + } + + resp, err := client.GetDeletedSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "GetDeleted", resp, "Failure sending request") + return + } + + result, err = client.GetDeletedResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "GetDeleted", resp, "Failure responding to request") + } + + return +} + +// GetDeletedPreparer prepares the GetDeleted request. +func (client VaultsClient) GetDeletedPreparer(vaultName string, location string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "location": autorest.Encode("path", location), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "vaultName": autorest.Encode("path", vaultName), + } + + const APIVersion = "2016-10-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/locations/{location}/deletedVaults/{vaultName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// GetDeletedSender sends the GetDeleted request. The method will close the +// http.Response Body if it receives an error. +func (client VaultsClient) GetDeletedSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// GetDeletedResponder handles the response to the GetDeleted request. The method always +// closes the http.Response Body. +func (client VaultsClient) GetDeletedResponder(resp *http.Response) (result DeletedVault, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List the List operation gets information about the vaults associated with the subscription. +// +// filter is the filter to apply on the operation. top is maximum number of results to return. func (client VaultsClient) List(filter string, top *int32) (result ResourceListResult, err error) { req, err := client.ListPreparer(filter, top) if err != nil { @@ -349,11 +409,56 @@ func (client VaultsClient) ListNextResults(lastResults ResourceListResult) (resu return } -// ListByResourceGroup the List operation gets information about the vaults -// associated with the subscription and within the specified resource group. +// ListComplete gets all elements from the list without paging. +func (client VaultsClient) ListComplete(filter string, top *int32, cancel <-chan struct{}) (<-chan Resource, <-chan error) { + resultChan := make(chan Resource) + errChan := make(chan error, 1) + go func() { + defer func() { + close(resultChan) + close(errChan) + }() + list, err := client.List(filter, top) + if err != nil { + errChan <- err + return + } + if list.Value != nil { + for _, item := range *list.Value { + select { + case <-cancel: + return + case resultChan <- item: + // Intentionally left blank + } + } + } + for list.NextLink != nil { + list, err = client.ListNextResults(list) + if err != nil { + errChan <- err + return + } + if list.Value != nil { + for _, item := range *list.Value { + select { + case <-cancel: + return + case resultChan <- item: + // Intentionally left blank + } + } + } + } + }() + return resultChan, errChan +} + +// ListByResourceGroup the List operation gets information about the vaults associated with the subscription and within +// the specified resource group. // -// resourceGroupName is the name of the Resource Group to which the vault -// belongs. top is maximum number of results to return. +// resourceGroupName is the name of the Resource Group to which the vault belongs. top is maximum number of results to +// return. func (client VaultsClient) ListByResourceGroup(resourceGroupName string, top *int32) (result VaultListResult, err error) { req, err := client.ListByResourceGroupPreparer(resourceGroupName, top) if err != nil { @@ -383,7 +488,7 @@ func (client VaultsClient) ListByResourceGroupPreparer(resourceGroupName string, "subscriptionId": autorest.Encode("path", client.SubscriptionID), } - const APIVersion = "2015-06-01" + const APIVersion = "2016-10-01" queryParameters := map[string]interface{}{ "api-version": APIVersion, } @@ -441,3 +546,259 @@ func (client VaultsClient) ListByResourceGroupNextResults(lastResults VaultListR return } + +// ListByResourceGroupComplete gets all elements from the list without paging. +func (client VaultsClient) ListByResourceGroupComplete(resourceGroupName string, top *int32, cancel <-chan struct{}) (<-chan Vault, <-chan error) { + resultChan := make(chan Vault) + errChan := make(chan error, 1) + go func() { + defer func() { + close(resultChan) + close(errChan) + }() + list, err := client.ListByResourceGroup(resourceGroupName, top) + if err != nil { + errChan <- err + return + } + if list.Value != nil { + for _, item := range *list.Value { + select { + case <-cancel: + return + case resultChan <- item: + // Intentionally left blank + } + } + } + for list.NextLink != nil { + list, err = client.ListByResourceGroupNextResults(list) + if err != nil { + errChan <- err + return + } + if list.Value != nil { + for _, item := range *list.Value { + select { + case <-cancel: + return + case resultChan <- item: + // Intentionally left blank + } + } + } + } + }() + return resultChan, errChan +} + +// ListDeleted gets information about the deleted vaults in a subscription. +func (client VaultsClient) ListDeleted() (result DeletedVaultListResult, err error) { + req, err := client.ListDeletedPreparer() + if err != nil { + err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "ListDeleted", nil, "Failure preparing request") + return + } + + resp, err := client.ListDeletedSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "ListDeleted", resp, "Failure sending request") + return + } + + result, err = client.ListDeletedResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "ListDeleted", resp, "Failure responding to request") + } + + return +} + +// ListDeletedPreparer prepares the ListDeleted request. +func (client VaultsClient) ListDeletedPreparer() (*http.Request, error) { + pathParameters := map[string]interface{}{ + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + } + + const APIVersion = "2016-10-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/deletedVaults", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{}) +} + +// ListDeletedSender sends the ListDeleted request. The method will close the +// http.Response Body if it receives an error. +func (client VaultsClient) ListDeletedSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, req) +} + +// ListDeletedResponder handles the response to the ListDeleted request. The method always +// closes the http.Response Body. +func (client VaultsClient) ListDeletedResponder(resp *http.Response) (result DeletedVaultListResult, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListDeletedNextResults retrieves the next set of results, if any. +func (client VaultsClient) ListDeletedNextResults(lastResults DeletedVaultListResult) (result DeletedVaultListResult, err error) { + req, err := lastResults.DeletedVaultListResultPreparer() + if err != nil { + return result, autorest.NewErrorWithError(err, "keyvault.VaultsClient", "ListDeleted", nil, "Failure preparing next results request") + } + if req == nil { + return + } + + resp, err := client.ListDeletedSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "keyvault.VaultsClient", "ListDeleted", resp, "Failure sending next results request") + } + + result, err = client.ListDeletedResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "ListDeleted", resp, "Failure responding to next results request") + } + + return +} + +// ListDeletedComplete gets all elements from the list without paging. +func (client VaultsClient) ListDeletedComplete(cancel <-chan struct{}) (<-chan DeletedVault, <-chan error) { + resultChan := make(chan DeletedVault) + errChan := make(chan error, 1) + go func() { + defer func() { + close(resultChan) + close(errChan) + }() + list, err := client.ListDeleted() + if err != nil { + errChan <- err + return + } + if list.Value != nil { + for _, item := range *list.Value { + select { + case <-cancel: + return + case resultChan <- item: + // Intentionally left blank + } + } + } + for list.NextLink != nil { + list, err = client.ListDeletedNextResults(list) + if err != nil { + errChan <- err + return + } + if list.Value != nil { + for _, item := range *list.Value { + select { + case <-cancel: + return + case resultChan <- item: + // Intentionally left blank + } + } + } + } + }() + return resultChan, errChan +} + +// PurgeDeleted permanently deletes the specified vault. aka Purges the deleted Azure key vault. This method may poll +// for completion. Polling can be canceled by passing the cancel channel argument. The channel will be used to cancel +// polling and any outstanding HTTP requests. +// +// vaultName is the name of the soft-deleted vault. location is the location of the soft-deleted vault. +func (client VaultsClient) PurgeDeleted(vaultName string, location string, cancel <-chan struct{}) (<-chan autorest.Response, <-chan error) { + resultChan := make(chan autorest.Response, 1) + errChan := make(chan error, 1) + go func() { + var err error + var result autorest.Response + defer func() { + if err != nil { + errChan <- err + } + resultChan <- result + close(resultChan) + close(errChan) + }() + req, err := client.PurgeDeletedPreparer(vaultName, location, cancel) + if err != nil { + err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "PurgeDeleted", nil, "Failure preparing request") + return + } + + resp, err := client.PurgeDeletedSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "PurgeDeleted", resp, "Failure sending request") + return + } + + result, err = client.PurgeDeletedResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "PurgeDeleted", resp, "Failure responding to request") + } + }() + return resultChan, errChan +} + +// PurgeDeletedPreparer prepares the PurgeDeleted request. +func (client VaultsClient) PurgeDeletedPreparer(vaultName string, location string, cancel <-chan struct{}) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "location": autorest.Encode("path", location), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "vaultName": autorest.Encode("path", vaultName), + } + + const APIVersion = "2016-10-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.KeyVault/locations/{location}/deletedVaults/{vaultName}/purge", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare(&http.Request{Cancel: cancel}) +} + +// PurgeDeletedSender sends the PurgeDeleted request. The method will close the +// http.Response Body if it receives an error. +func (client VaultsClient) PurgeDeletedSender(req *http.Request) (*http.Response, error) { + return autorest.SendWithSender(client, + req, + azure.DoPollForAsynchronous(client.PollingDelay)) +} + +// PurgeDeletedResponder handles the response to the PurgeDeleted request. The method always +// closes the http.Response Body. +func (client VaultsClient) PurgeDeletedResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusAccepted), + autorest.ByClosing()) + result.Response = resp + return +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/version.go b/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/version.go index 979552df2718..64ff8541e0e5 100755 --- a/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/version.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/arm/keyvault/version.go @@ -14,15 +14,15 @@ package keyvault // See the License for the specific language governing permissions and // limitations under the License. // -// Code generated by Microsoft (R) AutoRest Code Generator 1.2.2.0 +// Code generated by Microsoft (R) AutoRest Code Generator. // Changes may cause incorrect behavior and will be lost if the code is regenerated. // UserAgent returns the UserAgent string to use when sending http.Requests. func UserAgent() string { - return "Azure-SDK-For-Go/v10.3.0-beta arm-keyvault/2016-10-01" + return "Azure-SDK-For-Go/v11.0.0-beta arm-keyvault/2016-10-01" } // Version returns the semantic version (see http://semver.org) of the client. func Version() string { - return "v10.3.0-beta" + return "v11.0.0-beta" } diff --git a/vendor/vendor.json b/vendor/vendor.json index ad4a5a5f3295..81032e83e44f 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -115,12 +115,12 @@ "versionExact": "v10.3.0-beta" }, { - "checksumSHA1": "FloEh78hgEozkpt0y4SPWK23/wI=", + "checksumSHA1": "ALyRCjT78W2bC4r8R/wexKF8ASQ=", "path": "github.com/Azure/azure-sdk-for-go/arm/keyvault", - "revision": "57db66900881e9fd21fd041a9d013514700ecab3", - "revisionTime": "2017-08-18T20:19:01Z", - "version": "=v10.3.0-beta", - "versionExact": "v10.3.0-beta" + "revision": "80f6cbcb1d6295ebb8fbeb5afab826a94aa67d11", + "revisionTime": "2017-10-06T17:43:09Z", + "version": "v11.1.0-beta", + "versionExact": "v11.1.0-beta" }, { "checksumSHA1": "md3J29HhVMZt1cNLTn539Neo+ic=", diff --git a/website/docs/d/key_vault_access_policy.html.markdown b/website/docs/d/key_vault_access_policy.html.markdown new file mode 100644 index 000000000000..b702d4dc90ac --- /dev/null +++ b/website/docs/d/key_vault_access_policy.html.markdown @@ -0,0 +1,40 @@ +--- +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_key_vault_access_policy" +sidebar_current: "docs-azurerm-datasource-azurerm_key_vault_access_policy" +description: |- + Get information about the templated Access Policies for Key Vault. +--- + +# azurerm_key_vault_access_policy + +Use this data source to access information about the permissions from the Management Key Vault Templates. + +## Example Usage + +```hcl +data "azurerm_key_vault_access_policy" "contributor" { + name = "Key Management" +} + +output "access_policy_key_permissions" { + value = "${data.azurerm_key_vault_access_policy.key_permissions}" +} +``` + +## Argument Reference + +* `name` - (Required) Specifies the name of the Management Tempalte. Possible values are: `Key Management`, +`Secret Management`, `Certificate Management`, `Key & Secret Management`, `Key & Certificate Management`, +`Secret & Certificate Management`, `Key, Secret, & Certificate Management` + + +## Attributes Reference + +* `id` - the ID of the Key Vault Access Policy + +* `key_permissions` - the key permissions for the access policy + +* `secret_permissions` - the secret permissions for the access policy + +* `certificate_permissions` - the certificate permissions for the access policy