diff --git a/sdk/keyvault/azure-keyvault-administration/assets.json b/sdk/keyvault/azure-keyvault-administration/assets.json index 397dfc697ae6..ce48a704cc35 100644 --- a/sdk/keyvault/azure-keyvault-administration/assets.json +++ b/sdk/keyvault/azure-keyvault-administration/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "python", "TagPrefix": "python/keyvault/azure-keyvault-administration", - "Tag": "python/keyvault/azure-keyvault-administration_ab4ab43926" + "Tag": "python/keyvault/azure-keyvault-administration_0505f8d0c5" } diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index f41733a1a07a..c3102599300a 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -63,6 +63,14 @@ def create_role_assignment( :returns: The created role assignment. :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START create_role_assignment] + :end-before: [END create_role_assignment] + :language: python + :caption: Create a role assignment + :dedent: 8 """ assignment_name = name or uuid4() @@ -93,6 +101,14 @@ def delete_role_assignment( :returns: None :rtype: None + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START delete_role_assignment] + :end-before: [END delete_role_assignment] + :language: python + :caption: Delete a role assignment + :dedent: 8 """ try: self._client.role_assignments.delete( @@ -115,6 +131,14 @@ def get_role_assignment( :returns: The fetched role assignment. :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START get_role_assignment] + :end-before: [END get_role_assignment] + :language: python + :caption: Get a role assignment + :dedent: 8 """ assignment = self._client.role_assignments.get( scope=scope, role_assignment_name=str(name), **kwargs @@ -133,6 +157,14 @@ def list_role_assignments( :returns: A paged response containing the role assignments for the specified scope. :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.KeyVaultRoleAssignment] + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START list_role_assignments] + :end-before: [END list_role_assignments] + :language: python + :caption: List role assignments for a scope + :dedent: 8 """ return self._client.role_assignments.list_for_scope( scope=scope, @@ -178,6 +210,14 @@ def set_role_definition( :returns: The created or updated role definition :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START set_role_definition] + :end-before: [END set_role_definition] + :language: python + :caption: Create or update a custom role definition + :dedent: 8 """ role_permissions = [ Permission( @@ -219,6 +259,14 @@ def get_role_definition( :returns: The fetched role definition. :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START get_role_definition] + :end-before: [END get_role_definition] + :language: python + :caption: Get a role definition + :dedent: 8 """ definition = self._client.role_definitions.get( scope=scope, role_definition_name=str(name), **kwargs @@ -239,6 +287,14 @@ def delete_role_definition( :returns: None :rtype: None + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START delete_role_definition] + :end-before: [END delete_role_definition] + :language: python + :caption: Delete a custom role definition + :dedent: 8 """ try: self._client.role_definitions.delete( @@ -259,6 +315,14 @@ def list_role_definitions( :returns: A paged response containing the role definitions for the specified scope. :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.KeyVaultRoleDefinition] + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START list_role_definitions] + :end-before: [END list_role_definitions] + :language: python + :caption: List role definitions for a scope + :dedent: 8 """ return self._client.role_definitions.list( scope=scope, diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_settings_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_settings_client.py index ab4b5ffdbbff..7bcffa463987 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_settings_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_settings_client.py @@ -38,6 +38,14 @@ def get_setting(self, name: str, **kwargs: Any) -> KeyVaultSetting: :returns: The account setting, as a :class:`~azure.keyvault.administration.KeyVaultSetting`. :rtype: ~azure.keyvault.administration.KeyVaultSetting :raises ~azure.core.exceptions.HttpResponseError: + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START get_setting] + :end-before: [END get_setting] + :language: python + :caption: Get a specific setting + :dedent: 8 """ result = self._client.get_setting(setting_name=name, **kwargs) return KeyVaultSetting._from_generated(result) @@ -49,6 +57,14 @@ def list_settings(self, **kwargs: Any) -> ItemPaged[KeyVaultSetting]: :returns: A paged object containing the account's settings. :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.KeyVaultSetting] :raises ~azure.core.exceptions.HttpResponseError: + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START list_settings] + :end-before: [END list_settings] + :language: python + :caption: List all account settings + :dedent: 8 """ result = self._client.get_settings(*kwargs) converted_result = [KeyVaultSetting._from_generated(setting) for setting in result.settings] @@ -73,6 +89,14 @@ def update_setting(self, setting: KeyVaultSetting, **kwargs: Any) -> KeyVaultSet :returns: The updated account setting, as a :class:`~azure.keyvault.administration.KeyVaultSetting`. :rtype: ~azure.keyvault.administration.KeyVaultSetting :raises ~azure.core.exceptions.HttpResponseError: + + Example: + .. literalinclude:: ../tests/test_examples_administration.py + :start-after: [START update_setting] + :end-before: [END update_setting] + :language: python + :caption: Update a setting + :dedent: 8 """ parameters = UpdateSettingRequest(value=setting.value) result = self._client.update_setting( diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index b6ce9fe5cae8..db6f4c39eb30 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -64,6 +64,14 @@ async def create_role_assignment( :returns: The created role assignment. :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START create_role_assignment] + :end-before: [END create_role_assignment] + :language: python + :caption: Create a role assignment + :dedent: 8 """ assignment_name = name or uuid4() @@ -94,6 +102,14 @@ async def delete_role_assignment( :returns: None :rtype: None + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START delete_role_assignment] + :end-before: [END delete_role_assignment] + :language: python + :caption: Delete a role assignment + :dedent: 8 """ try: await self._client.role_assignments.delete( @@ -116,6 +132,14 @@ async def get_role_assignment( :returns: The fetched role assignment. :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START get_role_assignment] + :end-before: [END get_role_assignment] + :language: python + :caption: Get a role assignment + :dedent: 8 """ assignment = await self._client.role_assignments.get( scope=scope, role_assignment_name=str(name), **kwargs @@ -134,6 +158,14 @@ def list_role_assignments( :returns: A paged response containing the role assignments for the specified scope. :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration.KeyVaultRoleAssignment] + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START list_role_assignments] + :end-before: [END list_role_assignments] + :language: python + :caption: List role assignments for a scope + :dedent: 8 """ return self._client.role_assignments.list_for_scope( scope=scope, @@ -179,6 +211,14 @@ async def set_role_definition( :returns: The created or updated role definition :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START set_role_definition] + :end-before: [END set_role_definition] + :language: python + :caption: Create or update a custom role definition + :dedent: 8 """ role_permissions = [ Permission( @@ -220,6 +260,14 @@ async def get_role_definition( :returns: The fetched role definition. :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START get_role_definition] + :end-before: [END get_role_definition] + :language: python + :caption: Get a role definition + :dedent: 8 """ definition = await self._client.role_definitions.get( scope=scope, role_definition_name=str(name), **kwargs @@ -240,6 +288,14 @@ async def delete_role_definition( :returns: None :rtype: None + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START delete_role_definition] + :end-before: [END delete_role_definition] + :language: python + :caption: Delete a custom role definition + :dedent: 8 """ try: await self._client.role_definitions.delete( @@ -260,6 +316,14 @@ def list_role_definitions( :returns: A paged response containing the role definitions for the specified scope. :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration.KeyVaultRoleDefinition] + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START list_role_definitions] + :end-before: [END list_role_definitions] + :language: python + :caption: List role definitions for a scope + :dedent: 8 """ return self._client.role_definitions.list( scope=scope, diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_settings_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_settings_client.py index d1a96bb0bc66..3540509ee02d 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_settings_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_settings_client.py @@ -39,6 +39,14 @@ async def get_setting(self, name: str, **kwargs: Any) -> KeyVaultSetting: :returns: The account setting, as a :class:`~azure.keyvault.administration.KeyVaultSetting`. :rtype: ~azure.keyvault.administration.KeyVaultSetting :raises ~azure.core.exceptions.HttpResponseError: + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START get_setting] + :end-before: [END get_setting] + :language: python + :caption: Get a specific setting + :dedent: 8 """ result = await self._client.get_setting(setting_name=name, **kwargs) return KeyVaultSetting._from_generated(result) @@ -50,6 +58,14 @@ def list_settings(self, **kwargs: Any) -> AsyncItemPaged[KeyVaultSetting]: :returns: A paged object containing the account's settings. :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration.KeyVaultSetting] :raises ~azure.core.exceptions.HttpResponseError: + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START list_settings] + :end-before: [END list_settings] + :language: python + :caption: List all account settings + :dedent: 8 """ result = self._client.get_settings(*kwargs) @@ -76,6 +92,14 @@ async def update_setting(self, setting: KeyVaultSetting, **kwargs: Any) -> KeyVa :returns: The updated account setting, as a :class:`~azure.keyvault.administration.KeyVaultSetting`. :rtype: ~azure.keyvault.administration.KeyVaultSetting :raises ~azure.core.exceptions.HttpResponseError: + + Example: + .. literalinclude:: ../tests/test_examples_administration_async.py + :start-after: [START update_setting] + :end-before: [END update_setting] + :language: python + :caption: Update a setting + :dedent: 8 """ parameters = UpdateSettingRequest(value=setting.value) result = await self._client.update_setting( diff --git a/sdk/keyvault/azure-keyvault-administration/tests/conftest.py b/sdk/keyvault/azure-keyvault-administration/tests/conftest.py index 66f14f669a46..371748c19462 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/conftest.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/conftest.py @@ -29,7 +29,7 @@ def add_sanitizers(test_proxy): azure_attestation_uri = os.environ.get("AZURE_KEYVAULT_ATTESTATION_URL","https://Sanitized.azurewebsites.net") azure_attestation_uri = azure_attestation_uri.rstrip('/') storage_url = os.environ.get("BLOB_STORAGE_URL", "https://Sanitized.blob.core.windows.net") - client_id = os.environ.get("KEYVAULT_CLIENT_ID", "service-principal-id") + client_id = os.environ.get("CLIENT_OBJECTID", "service-principal-id") sas_token = os.environ.get("BLOB_STORAGE_SAS_TOKEN","fake-sas") add_general_string_sanitizer(target=azure_keyvault_url, value="https://Sanitized.vault.azure.net") diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration.py b/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration.py index ddcb3d8876d1..85e6acfe05b0 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration.py @@ -2,14 +2,17 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ +import os import time +import uuid import pytest +from azure.keyvault.administration import KeyVaultDataAction, KeyVaultPermission, KeyVaultRoleScope, KeyVaultSetting, KeyVaultSettingType from azure.keyvault.administration._internal.client_base import DEFAULT_VERSION -from devtools_testutils import recorded_by_proxy, set_bodiless_matcher +from devtools_testutils import add_general_regex_sanitizer, recorded_by_proxy, set_bodiless_matcher from _shared.test_case import KeyVaultTestCase -from _test_case import KeyVaultBackupClientPreparer, get_decorator +from _test_case import KeyVaultBackupClientPreparer, KeyVaultAccessControlClientPreparer, KeyVaultSettingsClientPreparer, get_decorator all_api_versions = get_decorator() only_default = get_decorator(api_versions=[DEFAULT_VERSION]) @@ -19,7 +22,21 @@ class TestExamplesTests(KeyVaultTestCase): def create_key_client(self, vault_uri, **kwargs): from azure.keyvault.keys import KeyClient credential = self.get_credential(KeyClient) - return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs ) + return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs) + + def get_replayable_uuid(self, replay_value): + if self.is_live: + value = str(uuid.uuid4()) + return value + return replay_value + + def get_service_principal_id(self): + """Helper method to get a service principal ID for testing""" + replay_value = "service-principal-id" + if self.is_live: + value = os.environ.get("CLIENT_OBJECTID") + return value or replay_value + return replay_value @pytest.mark.parametrize("api_version", only_default) @KeyVaultBackupClientPreparer() @@ -93,3 +110,156 @@ def test_example_selective_key_restore(self, client,**kwargs): if self.is_live: time.sleep(60) # additional waiting to avoid conflicts with resources in other tests + + @pytest.mark.parametrize("api_version", only_default) + @KeyVaultAccessControlClientPreparer() + @recorded_by_proxy + def test_example_role_assignments(self, client, **kwargs): + set_bodiless_matcher() + access_control_client = client + + # [START list_role_definitions] + # List all role definitions + role_definitions = [d for d in access_control_client.list_role_definitions(KeyVaultRoleScope.GLOBAL)] + + for definition in role_definitions: + print(f"Role definition: {definition.name}") + # [END list_role_definitions] + + # Get the first available role definition for the example + first_definition = role_definitions[0] + definition_id = first_definition.id + name = self.get_replayable_uuid("some-uuid") + add_general_regex_sanitizer(function_scoped=True, regex=name, value="some-uuid") + + # Get a service principal ID for testing + principal_id = self.get_service_principal_id() + + # [START create_role_assignment] + # Create a role assignment + role_assignment = access_control_client.create_role_assignment( + scope=KeyVaultRoleScope.GLOBAL, + definition_id=definition_id, + principal_id=principal_id, + name=name, + ) + + print(f"Created role assignment: {role_assignment.name}") + # [END create_role_assignment] + + assignment_name = role_assignment.name + + # [START get_role_assignment] + # Get a specific role assignment + retrieved_assignment = access_control_client.get_role_assignment( + scope=KeyVaultRoleScope.GLOBAL, + name=assignment_name + ) + + print(f"Retrieved role assignment: {retrieved_assignment.name}") + # [END get_role_assignment] + + # [START list_role_assignments] + # List all role assignments for a scope + role_assignments = access_control_client.list_role_assignments(KeyVaultRoleScope.GLOBAL) + + for assignment in role_assignments: + print(f"Role assignment: {assignment.name}") + # [END list_role_assignments] + + # [START delete_role_assignment] + # Delete a role assignment + access_control_client.delete_role_assignment( + scope=KeyVaultRoleScope.GLOBAL, + name=assignment_name + ) + + print("Role assignment deleted") + # [END delete_role_assignment] + + @pytest.mark.parametrize("api_version", only_default) + @KeyVaultAccessControlClientPreparer() + @recorded_by_proxy + def test_example_role_definitions(self, client, **kwargs): + set_bodiless_matcher() + access_control_client = client + definition_name = self.get_replayable_uuid("definition-name") + add_general_regex_sanitizer(function_scoped=True, regex=definition_name, value="definition-name") + + # [START set_role_definition] + # Create or update a custom role definition + permissions = [KeyVaultPermission(data_actions=[KeyVaultDataAction.READ_HSM_KEY])] + role_definition = access_control_client.set_role_definition( + scope=KeyVaultRoleScope.GLOBAL, + name=definition_name, + role_name="Custom Key Reader", + description="Can read HSM keys", + permissions=permissions, + ) + + print(f"Created role definition: {role_definition.name}") + # [END set_role_definition] + + definition_name = role_definition.name + + # [START get_role_definition] + # Get a specific role definition + retrieved_definition = access_control_client.get_role_definition( + scope=KeyVaultRoleScope.GLOBAL, + name=definition_name + ) + + print(f"Retrieved role definition: {retrieved_definition.role_name}") + # [END get_role_definition] + + # [START delete_role_definition] + # Delete a custom role definition + access_control_client.delete_role_definition( + scope=KeyVaultRoleScope.GLOBAL, + name=definition_name + ) + + print("Role definition deleted") + # [END delete_role_definition] + + @pytest.mark.parametrize("api_version", only_default) + @KeyVaultSettingsClientPreparer() + @recorded_by_proxy + def test_example_settings(self, client, **kwargs): + set_bodiless_matcher() + settings_client = client + + # [START list_settings] + # List all account settings + settings = settings_client.list_settings() + + for setting in settings: + print(f"Setting: {setting.name} = {setting.value}") + # [END list_settings] + + # [START get_setting] + # Get a specific setting + setting = settings_client.get_setting("AllowKeyManagementOperationsThroughARM") + + print(f"Setting value: {setting.value}") + # [END get_setting] + + # [START update_setting] + # Update a setting + updated_setting = KeyVaultSetting( + name=setting.name, + value=not setting.getboolean(), + setting_type=KeyVaultSettingType.BOOLEAN + ) + + result = settings_client.update_setting(updated_setting) + print(f"Updated setting: {result.name} = {result.value}") + + # Restore original value + original_setting = KeyVaultSetting( + name=setting.name, + value=setting.value, + setting_type=setting.setting_type + ) + settings_client.update_setting(original_setting) + # [END update_setting] diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration_async.py index 31748fab87fe..1734b6f7e27f 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration_async.py @@ -3,13 +3,16 @@ # Licensed under the MIT License. # ------------------------------------ import asyncio +import os +import uuid import pytest +from azure.keyvault.administration import KeyVaultDataAction, KeyVaultPermission, KeyVaultRoleScope, KeyVaultSetting, KeyVaultSettingType from azure.keyvault.administration._internal.client_base import DEFAULT_VERSION -from devtools_testutils import set_bodiless_matcher +from devtools_testutils import add_general_regex_sanitizer, set_bodiless_matcher from devtools_testutils.aio import recorded_by_proxy_async -from _async_test_case import KeyVaultBackupClientPreparer, get_decorator +from _async_test_case import KeyVaultBackupClientPreparer, KeyVaultAccessControlClientPreparer, KeyVaultSettingsClientPreparer, get_decorator from _shared.test_case_async import KeyVaultTestCase all_api_versions = get_decorator(is_async=True) @@ -20,7 +23,21 @@ class TestExamplesTests(KeyVaultTestCase): def create_key_client(self, vault_uri, **kwargs): from azure.keyvault.keys.aio import KeyClient credential = self.get_credential(KeyClient, is_async=True) - return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs ) + return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs) + + def get_replayable_uuid(self, replay_value): + if self.is_live: + value = str(uuid.uuid4()) + return value + return replay_value + + def get_service_principal_id(self): + """Helper method to get a service principal ID for testing""" + replay_value = "service-principal-id" + if self.is_live: + value = os.environ.get("CLIENT_OBJECTID") + return value or replay_value + return replay_value @pytest.mark.asyncio @pytest.mark.parametrize("api_version", only_default) @@ -96,3 +113,165 @@ async def test_example_selective_key_restore(self, client, **kwargs): if self.is_live: await asyncio.sleep(60) # additional waiting to avoid conflicts with resources in other tests + + @pytest.mark.asyncio + @pytest.mark.parametrize("api_version", only_default) + @KeyVaultAccessControlClientPreparer() + @recorded_by_proxy_async + async def test_example_role_assignments(self, client, **kwargs): + set_bodiless_matcher() + access_control_client = client + + # [START list_role_definitions] + # List all role definitions + role_definitions = [] + paged_response = access_control_client.list_role_definitions(KeyVaultRoleScope.GLOBAL) + + async for definition in paged_response: + print(f"Role definition: {definition.name}") + role_definitions.append(definition) + # [END list_role_definitions] + + # Get the first available role definition for the example + first_definition = role_definitions[0] + definition_id = first_definition.id + name = self.get_replayable_uuid("some-uuid") + add_general_regex_sanitizer(function_scoped=True, regex=name, value="some-uuid") + + # Get a service principal ID for testing + principal_id = self.get_service_principal_id() + + # [START create_role_assignment] + # Create a role assignment + role_assignment = await access_control_client.create_role_assignment( + scope=KeyVaultRoleScope.GLOBAL, + definition_id=definition_id, + principal_id=principal_id, + name=name, + ) + + print(f"Created role assignment: {role_assignment.name}") + # [END create_role_assignment] + + assignment_name = role_assignment.name + + # [START get_role_assignment] + # Get a specific role assignment + retrieved_assignment = await access_control_client.get_role_assignment( + scope=KeyVaultRoleScope.GLOBAL, + name=assignment_name + ) + + print(f"Retrieved role assignment: {retrieved_assignment.name}") + # [END get_role_assignment] + + # [START list_role_assignments] + # List all role assignments for a scope + role_assignments = access_control_client.list_role_assignments(KeyVaultRoleScope.GLOBAL) + + async for assignment in role_assignments: + print(f"Role assignment: {assignment.name}") + # [END list_role_assignments] + + # [START delete_role_assignment] + # Delete a role assignment + await access_control_client.delete_role_assignment( + scope=KeyVaultRoleScope.GLOBAL, + name=assignment_name + ) + + print("Role assignment deleted") + # [END delete_role_assignment] + + @pytest.mark.asyncio + @pytest.mark.parametrize("api_version", only_default) + @KeyVaultAccessControlClientPreparer() + @recorded_by_proxy_async + async def test_example_role_definitions(self, client, **kwargs): + set_bodiless_matcher() + access_control_client = client + definition_name = self.get_replayable_uuid("definition-name") + add_general_regex_sanitizer(function_scoped=True, regex=definition_name, value="definition-name") + + # [START set_role_definition] + # Create or update a custom role definition + permissions = [KeyVaultPermission(data_actions=[KeyVaultDataAction.READ_HSM_KEY])] + role_definition = await access_control_client.set_role_definition( + scope=KeyVaultRoleScope.GLOBAL, + name=definition_name, + role_name="Custom Key Reader", + description="Can read HSM keys", + permissions=permissions, + ) + + print(f"Created role definition: {role_definition.name}") + # [END set_role_definition] + + definition_name = role_definition.name + + # [START get_role_definition] + # Get a specific role definition + retrieved_definition = await access_control_client.get_role_definition( + scope=KeyVaultRoleScope.GLOBAL, + name=definition_name + ) + + print(f"Retrieved role definition: {retrieved_definition.role_name}") + # [END get_role_definition] + + # [START delete_role_definition] + # Delete a custom role definition + await access_control_client.delete_role_definition( + scope=KeyVaultRoleScope.GLOBAL, + name=definition_name + ) + + print("Role definition deleted") + # [END delete_role_definition] + + @pytest.mark.asyncio + @pytest.mark.parametrize("api_version", only_default) + @KeyVaultSettingsClientPreparer() + @recorded_by_proxy_async + async def test_example_settings(self, client, **kwargs): + set_bodiless_matcher() + settings_client = client + + # [START list_settings] + # List all account settings + settings = settings_client.list_settings() + + # Get first setting for the get_setting example + first_setting = None + async for setting in settings: + print(f"Setting: {setting.name} = {setting.value}") + if first_setting is None: + first_setting = setting + # [END list_settings] + + # [START get_setting] + # Get a specific setting + setting = await settings_client.get_setting("AllowKeyManagementOperationsThroughARM") + + print(f"Setting value: {setting.value}") + # [END get_setting] + + # [START update_setting] + # Update a setting + updated_setting = KeyVaultSetting( + name=setting.name, + value=not setting.getboolean(), + setting_type=KeyVaultSettingType.BOOLEAN + ) + + result = await settings_client.update_setting(updated_setting) + print(f"Updated setting: {result.name} = {result.value}") + + # Restore original value + original_setting = KeyVaultSetting( + name=setting.name, + value=setting.value, + setting_type=setting.setting_type + ) + await settings_client.update_setting(original_setting) + # [END update_setting]