-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Key Vault] Add support for custom role definitions #16063
Changes from 10 commits
d24ecaa
8b3acbd
cc4717f
baf412e
b632199
93461c2
b38a0d2
00481f3
4738f4a
25be3af
c3ab528
f6dd2a9
f0c5d83
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
# ------------------------------------ | ||
# Copyright (c) Microsoft Corporation. | ||
# Licensed under the MIT License. | ||
# ------------------------------------ | ||
from enum import Enum | ||
|
||
|
||
class KeyVaultRoleScope(str, Enum): | ||
"""Collection of well known role scopes. This list is not exhaustive.""" | ||
|
||
GLOBAL = "/" #: use this if you want role assignments to apply to everything on the resource | ||
|
||
KEYS = "/keys" #: use this if you want role assignments to apply to all keys | ||
|
||
|
||
class KeyVaultDataAction(str, Enum): | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. How do we feel with this enum name? |
||
"""Supported permissions for data actions.""" | ||
|
||
#: Read HSM key metadata. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Make sure these names align with what @christothes defined in the swagger PR (not merged just yet but should be soon). |
||
READ_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/read/action" | ||
#: Update an HSM key. | ||
WRITE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/write/action" | ||
#: Read deleted HSM key. | ||
READ_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action" | ||
#: Recover deleted HSM key. | ||
RECOVER_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action" | ||
#: Backup HSM keys. | ||
BACKUP_HSM_KEYS = "Microsoft.KeyVault/managedHsm/keys/backup/action" | ||
#: Restore HSM keys. | ||
RESTORE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/restore/action" | ||
#: Delete role assignment. | ||
DELETE_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" | ||
#: Get role assignment. | ||
GET_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/read/action" | ||
#: Create or update role assignment. | ||
WRITE_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/write/action" | ||
#: Get role definition. | ||
READ_ROLE_DEFINITION = "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action" | ||
#: Encrypt using an HSM key. | ||
ENCRYPT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/encrypt/action" | ||
#: Decrypt using an HSM key. | ||
DECRYPT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/decrypt/action" | ||
#: Wrap using an HSM key. | ||
WRAP_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/wrap/action" | ||
#: Unwrap using an HSM key. | ||
UNWRAP_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/unwrap/action" | ||
#: Sign using an HSM key. | ||
SIGN_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/sign/action" | ||
#: Verify using an HSM key. | ||
VERIFY_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/verify/action" | ||
#: Create an HSM key. | ||
CREATE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/create" | ||
#: Delete an HSM key. | ||
DELETE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/delete" | ||
#: Export an HSM key. | ||
EXPORT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/export/action" | ||
#: Import an HSM key. | ||
IMPORT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/import/action" | ||
#: Purge a deleted HSM key. | ||
PURGE_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete" | ||
#: Download an HSM security domain. | ||
DOWNLOAD_HSM_SECURITY_DOMAIN = "Microsoft.KeyVault/managedHsm/securitydomain/download/action" | ||
#: Upload an HSM security domain. | ||
UPLOAD_HSM_SECURITY_DOMAIN = "Microsoft.KeyVault/managedHsm/securitydomain/upload/action" | ||
#: Check the status of the HSM security domain exchange file. | ||
READ_HSM_SECURITY_DOMAIN_STATUS = "Microsoft.KeyVault/managedHsm/securitydomain/upload/read" | ||
#: Download an HSM security domain transfer key. | ||
READ_HSM_SECURITY_DOMAIN_TRANSFER_KEY = "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read" | ||
#: Start an HSM backup. | ||
START_HSM_BACKUP = "Microsoft.KeyVault/managedHsm/backup/start/action" | ||
#: Start an HSM restore. | ||
START_HSM_RESTORE = "Microsoft.KeyVault/managedHsm/restore/start/action" | ||
#: Read an HSM backup status. | ||
READ_HSM_BACKUP_STATUS = "Microsoft.KeyVault/managedHsm/backup/status/action" | ||
#: Read an HSM restore status. | ||
READ_HSM_RESTORE_STATUS = "Microsoft.KeyVault/managedHsm/restore/status/action" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,15 @@ | ||
# coding=utf-8 | ||
# -------------------------------------------------------------------------- | ||
# Copyright (c) Microsoft Corporation. All rights reserved. | ||
# Licensed under the MIT License. See License.txt in the project root for license information. | ||
# Code generated by Microsoft (R) AutoRest Code Generator. | ||
# Code generated by Microsoft (R) AutoRest Code Generator (autorest: 3.0.6306, generator: {generator}) | ||
# Changes may cause incorrect behavior and will be lost if the code is regenerated. | ||
# -------------------------------------------------------------------------- | ||
|
||
from ._key_vault_client_operations_async import KeyVaultClientOperationsMixin | ||
from ._role_definitions_operations_async import RoleDefinitionsOperations | ||
from ._role_assignments_operations_async import RoleAssignmentsOperations | ||
from ._key_vault_client_operations_async import KeyVaultClientOperationsMixin | ||
|
||
__all__ = [ | ||
'KeyVaultClientOperationsMixin', | ||
'RoleDefinitionsOperations', | ||
'RoleAssignmentsOperations', | ||
'KeyVaultClientOperationsMixin', | ||
] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thinking the form of the name isn't interesting because this role definition already exists and so must have a compliant name.