-
Notifications
You must be signed in to change notification settings - Fork 4.6k
/
KeyVaultProperties.cs
146 lines (139 loc) · 12 KB
/
KeyVaultProperties.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
// <auto-generated/>
#nullable disable
using System;
using System.Collections.Generic;
namespace Azure.ResourceManager.KeyVault.Models
{
/// <summary> Properties of the vault. </summary>
public partial class KeyVaultProperties
{
/// <summary>
/// Keeps track of any properties unknown to the library.
/// <para>
/// To assign an object to the value of this property use <see cref="BinaryData.FromObjectAsJson{T}(T, System.Text.Json.JsonSerializerOptions?)"/>.
/// </para>
/// <para>
/// To assign an already formatted json string to this property use <see cref="BinaryData.FromString(string)"/>.
/// </para>
/// <para>
/// Examples:
/// <list type="bullet">
/// <item>
/// <term>BinaryData.FromObjectAsJson("foo")</term>
/// <description>Creates a payload of "foo".</description>
/// </item>
/// <item>
/// <term>BinaryData.FromString("\"foo\"")</term>
/// <description>Creates a payload of "foo".</description>
/// </item>
/// <item>
/// <term>BinaryData.FromObjectAsJson(new { key = "value" })</term>
/// <description>Creates a payload of { "key": "value" }.</description>
/// </item>
/// <item>
/// <term>BinaryData.FromString("{\"key\": \"value\"}")</term>
/// <description>Creates a payload of { "key": "value" }.</description>
/// </item>
/// </list>
/// </para>
/// </summary>
private IDictionary<string, BinaryData> _serializedAdditionalRawData;
/// <summary> Initializes a new instance of <see cref="KeyVaultProperties"/>. </summary>
/// <param name="tenantId"> The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. </param>
/// <param name="sku"> SKU details. </param>
/// <param name="accessPolicies"> An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. </param>
/// <param name="vaultUri"> The URI of the vault for performing operations on keys and secrets. </param>
/// <param name="hsmPoolResourceId"> The resource id of HSM Pool. </param>
/// <param name="enabledForDeployment"> Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. </param>
/// <param name="enabledForDiskEncryption"> Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. </param>
/// <param name="enabledForTemplateDeployment"> Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. </param>
/// <param name="enableSoftDelete"> Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. </param>
/// <param name="softDeleteRetentionInDays"> softDelete data retention days. It accepts >=7 and <=90. </param>
/// <param name="enableRbacAuthorization"> Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. </param>
/// <param name="createMode"> The vault's create mode to indicate whether the vault need to be recovered or not. </param>
/// <param name="enablePurgeProtection"> Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. </param>
/// <param name="networkRuleSet"> Rules governing the accessibility of the key vault from specific network locations. </param>
/// <param name="provisioningState"> Provisioning state of the vault. </param>
/// <param name="privateEndpointConnections"> List of private endpoint connections associated with the key vault. </param>
/// <param name="publicNetworkAccess"> Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. </param>
/// <param name="serializedAdditionalRawData"> Keeps track of any properties unknown to the library. </param>
internal KeyVaultProperties(Guid tenantId, KeyVaultSku sku, IList<KeyVaultAccessPolicy> accessPolicies, Uri vaultUri, string hsmPoolResourceId, bool? enabledForDeployment, bool? enabledForDiskEncryption, bool? enabledForTemplateDeployment, bool? enableSoftDelete, int? softDeleteRetentionInDays, bool? enableRbacAuthorization, KeyVaultCreateMode? createMode, bool? enablePurgeProtection, KeyVaultNetworkRuleSet networkRuleSet, KeyVaultProvisioningState? provisioningState, IReadOnlyList<KeyVaultPrivateEndpointConnectionItemData> privateEndpointConnections, string publicNetworkAccess, IDictionary<string, BinaryData> serializedAdditionalRawData)
{
TenantId = tenantId;
Sku = sku;
AccessPolicies = accessPolicies;
VaultUri = vaultUri;
HsmPoolResourceId = hsmPoolResourceId;
EnabledForDeployment = enabledForDeployment;
EnabledForDiskEncryption = enabledForDiskEncryption;
EnabledForTemplateDeployment = enabledForTemplateDeployment;
EnableSoftDelete = enableSoftDelete;
SoftDeleteRetentionInDays = softDeleteRetentionInDays;
EnableRbacAuthorization = enableRbacAuthorization;
CreateMode = createMode;
EnablePurgeProtection = enablePurgeProtection;
NetworkRuleSet = networkRuleSet;
ProvisioningState = provisioningState;
PrivateEndpointConnections = privateEndpointConnections;
PublicNetworkAccess = publicNetworkAccess;
_serializedAdditionalRawData = serializedAdditionalRawData;
}
/// <summary> Initializes a new instance of <see cref="KeyVaultProperties"/> for deserialization. </summary>
internal KeyVaultProperties()
{
}
/// <summary> The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. </summary>
[WirePath("tenantId")]
public Guid TenantId { get; set; }
/// <summary> SKU details. </summary>
[WirePath("sku")]
public KeyVaultSku Sku { get; set; }
/// <summary> An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. </summary>
[WirePath("accessPolicies")]
public IList<KeyVaultAccessPolicy> AccessPolicies { get; }
/// <summary> The URI of the vault for performing operations on keys and secrets. </summary>
[WirePath("vaultUri")]
public Uri VaultUri { get; set; }
/// <summary> The resource id of HSM Pool. </summary>
[WirePath("hsmPoolResourceId")]
public string HsmPoolResourceId { get; }
/// <summary> Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. </summary>
[WirePath("enabledForDeployment")]
public bool? EnabledForDeployment { get; set; }
/// <summary> Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. </summary>
[WirePath("enabledForDiskEncryption")]
public bool? EnabledForDiskEncryption { get; set; }
/// <summary> Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. </summary>
[WirePath("enabledForTemplateDeployment")]
public bool? EnabledForTemplateDeployment { get; set; }
/// <summary> Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. </summary>
[WirePath("enableSoftDelete")]
public bool? EnableSoftDelete { get; set; }
/// <summary> softDelete data retention days. It accepts >=7 and <=90. </summary>
[WirePath("softDeleteRetentionInDays")]
public int? SoftDeleteRetentionInDays { get; set; }
/// <summary> Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. </summary>
[WirePath("enableRbacAuthorization")]
public bool? EnableRbacAuthorization { get; set; }
/// <summary> The vault's create mode to indicate whether the vault need to be recovered or not. </summary>
[WirePath("createMode")]
public KeyVaultCreateMode? CreateMode { get; set; }
/// <summary> Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. </summary>
[WirePath("enablePurgeProtection")]
public bool? EnablePurgeProtection { get; set; }
/// <summary> Rules governing the accessibility of the key vault from specific network locations. </summary>
[WirePath("networkAcls")]
public KeyVaultNetworkRuleSet NetworkRuleSet { get; set; }
/// <summary> Provisioning state of the vault. </summary>
[WirePath("provisioningState")]
public KeyVaultProvisioningState? ProvisioningState { get; set; }
/// <summary> List of private endpoint connections associated with the key vault. </summary>
[WirePath("privateEndpointConnections")]
public IReadOnlyList<KeyVaultPrivateEndpointConnectionItemData> PrivateEndpointConnections { get; }
/// <summary> Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. </summary>
[WirePath("publicNetworkAccess")]
public string PublicNetworkAccess { get; set; }
}
}