1# ------------------------------------ 2# Copyright (c) Microsoft Corporation. 3# Licensed under the MIT License. 4# ------------------------------------ 5import os 6import asyncio 7from azure.identity.aio import DefaultAzureCredential 8from azure.keyvault.certificates.aio import CertificateClient 9from azure.keyvault.certificates import AdministratorContact 10from azure.core.exceptions import HttpResponseError 11 12# ---------------------------------------------------------------------------------------------------------- 13# Prerequisites: 14# 1. An Azure Key Vault (https://docs.microsoft.com/en-us/azure/key-vault/quick-create-cli) 15# 16# 2. azure-keyvault-certificates and azure-identity packages (pip install these) 17# 18# 3. Set Environment variables AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET, VAULT_URL 19# (See https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/keyvault/azure-keyvault-keys#authenticate-the-client) 20# 21# ---------------------------------------------------------------------------------------------------------- 22# Sample - demonstrates basic CRUD operations for certificate issuers. 23# 24# 1. Create an issuer (create_issuer) 25# 26# 2. Get an issuer (get_issuer) 27# 28# 3. List issuers for the key vault (list_properties_of_issuers) 29# 30# 4. Update an issuer (update_issuer) 31# 32# 5. Delete an issuer (delete_issuer) 33# ---------------------------------------------------------------------------------------------------------- 34 35 36async def run_sample(): 37 # Instantiate a certificate client that will be used to call the service. 38 # Notice that the client is using default Azure credentials. 39 # To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', 40 # 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials. 41 VAULT_URL = os.environ["VAULT_URL"] 42 credential = DefaultAzureCredential() 43 client = CertificateClient(vault_url=VAULT_URL, credential=credential) 44 try: 45 # First we specify the AdministratorContact for our issuers. 46 admin_contacts = [ 47 AdministratorContact(first_name="John", last_name="Doe", email="admin@microsoft.com", phone="4255555555") 48 ] 49 50 # Next we create an issuer with these administrator details 51 # The name field refers to the name you would like to get the issuer. There are also pre-set names, such as 'Self' and 'Unknown' 52 await client.create_issuer( 53 issuer_name="issuer1", provider="Test", account_id="keyvaultuser", admin_contacts=admin_contacts, enabled=True 54 ) 55 56 # Now we get this issuer by name 57 issuer1 = await client.get_issuer("issuer1") 58 59 print(issuer1.name) 60 print(issuer1.provider) 61 print(issuer1.account_id) 62 63 for contact in issuer1.admin_contacts: 64 print(contact.first_name) 65 print(contact.last_name) 66 print(contact.email) 67 print(contact.phone) 68 69 # Now we update the admnistrator contact for this issuer 70 admin_contacts = [ 71 AdministratorContact(first_name="Jane", last_name="Doe", email="admin@microsoft.com", phone="4255555555") 72 ] 73 issuer1 = await client.update_issuer(issuer_name="issuer1", admin_contacts=admin_contacts) 74 75 for contact in issuer1.admin_contacts: 76 print(contact.first_name) 77 print(contact.last_name) 78 print(contact.email) 79 print(contact.phone) 80 81 # Now we will list all of the certificate issuers for this key vault. To better demonstrate this, we will first create another issuer. 82 await client.create_issuer(issuer_name="issuer2", provider="Test", account_id="keyvaultuser", enabled=True) 83 84 issuers = client.list_properties_of_issuers() 85 86 async for issuer in issuers: 87 print(issuer.name) 88 print(issuer.provider) 89 90 # Finally, we delete our first issuer by name. 91 await client.delete_issuer("issuer1") 92 93 except HttpResponseError as e: 94 print("\nrun_sample has caught an error. {0}".format(e.message)) 95 96 finally: 97 print("\nrun_sample done") 98 await credential.close() 99 await client.close() 100 101 102if __name__ == "__main__": 103 try: 104 loop = asyncio.get_event_loop() 105 loop.run_until_complete(run_sample()) 106 loop.close() 107 108 except Exception as e: 109 print("Top level Error: {0}".format(str(e))) 110