1# ------------------------------------ 2# Copyright (c) Microsoft Corporation. 3# Licensed under the MIT License. 4# ------------------------------------ 5import os 6from azure.identity import DefaultAzureCredential 7from azure.keyvault.certificates import AdministratorContact, CertificateClient 8from azure.core.exceptions import HttpResponseError 9 10# ---------------------------------------------------------------------------------------------------------- 11# Prerequisites: 12# 1. An Azure Key Vault (https://docs.microsoft.com/en-us/azure/key-vault/quick-create-cli) 13# 14# 2. azure-keyvault-certificates and azure-identity packages (pip install these) 15# 16# 3. Set Environment variables AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET, VAULT_URL 17# (See https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/keyvault/azure-keyvault-keys#authenticate-the-client) 18# 19# ---------------------------------------------------------------------------------------------------------- 20# Sample - demonstrates basic CRUD operations for certificate issuers. 21# 22# 1. Create an issuer (create_issuer) 23# 24# 2. Get an issuer (get_issuer) 25# 26# 3. List issuers for the key vault (list_properties_of_issuers) 27# 28# 4. Update an issuer (update_issuer) 29# 30# 5. Delete an issuer (delete_issuer) 31# ---------------------------------------------------------------------------------------------------------- 32 33# Instantiate a certificate client that will be used to call the service. 34# Notice that the client is using default Azure credentials. 35# To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', 36# 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials. 37VAULT_URL = os.environ["VAULT_URL"] 38credential = DefaultAzureCredential() 39client = CertificateClient(vault_url=VAULT_URL, credential=credential) 40try: 41 # First we specify the AdministratorContact for our issuers. 42 admin_contacts = [ 43 AdministratorContact(first_name="John", last_name="Doe", email="admin@microsoft.com", phone="4255555555") 44 ] 45 46 # Next we create an issuer with these administrator details 47 # The name field refers to the name you would like to get the issuer. There are also pre-set names, such as 'Self' and 'Unknown' 48 # The provider for your issuer must exist for your vault location and tenant id. 49 client.create_issuer( 50 issuer_name="issuer1", provider="Test", account_id="keyvaultuser", admin_contacts=admin_contacts, enabled=True 51 ) 52 53 # Now we get this issuer by name 54 issuer1 = client.get_issuer(issuer_name="issuer1") 55 56 print(issuer1.name) 57 print(issuer1.provider) 58 print(issuer1.account_id) 59 60 for contact in issuer1.admin_contacts: 61 print(contact.first_name) 62 print(contact.last_name) 63 print(contact.email) 64 print(contact.phone) 65 66 # Now we update the admnistrator contact for this issuer 67 admin_contacts = [ 68 AdministratorContact(first_name="Jane", last_name="Doe", email="admin@microsoft.com", phone="4255555555") 69 ] 70 issuer1 = client.update_issuer(issuer_name="issuer1", admin_contacts=admin_contacts) 71 72 for contact in issuer1.admin_contacts: 73 print(contact.first_name) 74 print(contact.last_name) 75 print(contact.email) 76 print(contact.phone) 77 78 # Now we will list all of the certificate issuers for this key vault. To better demonstrate this, we will first create another issuer. 79 client.create_issuer(issuer_name="issuer2", provider="Test", account_id="keyvaultuser", enabled=True) 80 81 issuers = client.list_properties_of_issuers() 82 83 for issuer in issuers: 84 print(issuer.name) 85 print(issuer.provider) 86 87 # Finally, we delete our first issuer by name. 88 client.delete_issuer("issuer1") 89 90except HttpResponseError as e: 91 print("\nrun_sample has caught an error. {0}".format(e.message)) 92 93finally: 94 print("\nrun_sample done") 95