1# ------------------------------------
2# Copyright (c) Microsoft Corporation.
3# Licensed under the MIT License.
4# ------------------------------------
5import os
6import asyncio
7from azure.identity.aio import DefaultAzureCredential
8from azure.keyvault.certificates.aio import CertificateClient
9from azure.keyvault.certificates import AdministratorContact
10from azure.core.exceptions import HttpResponseError
11
12# ----------------------------------------------------------------------------------------------------------
13# Prerequisites:
14# 1. An Azure Key Vault (https://docs.microsoft.com/en-us/azure/key-vault/quick-create-cli)
15#
16# 2. azure-keyvault-certificates and azure-identity packages (pip install these)
17#
18# 3. Set Environment variables AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET, VAULT_URL
19#    (See https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/keyvault/azure-keyvault-keys#authenticate-the-client)
20#
21# ----------------------------------------------------------------------------------------------------------
22# Sample - demonstrates basic CRUD operations for certificate issuers.
23#
24# 1. Create an issuer (create_issuer)
25#
26# 2. Get an issuer (get_issuer)
27#
28# 3. List issuers for the key vault (list_properties_of_issuers)
29#
30# 4. Update an issuer (update_issuer)
31#
32# 5. Delete an issuer (delete_issuer)
33# ----------------------------------------------------------------------------------------------------------
34
35
36async def run_sample():
37    # Instantiate a certificate client that will be used to call the service.
38    # Notice that the client is using default Azure credentials.
39    # To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
40    # 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials.
41    VAULT_URL = os.environ["VAULT_URL"]
42    credential = DefaultAzureCredential()
43    client = CertificateClient(vault_url=VAULT_URL, credential=credential)
44    try:
45        # First we specify the AdministratorContact for our issuers.
46        admin_contacts = [
47            AdministratorContact(first_name="John", last_name="Doe", email="admin@microsoft.com", phone="4255555555")
48        ]
49
50        # Next we create an issuer with these administrator details
51        # The name field refers to the name you would like to get the issuer. There are also pre-set names, such as 'Self' and 'Unknown'
52        await client.create_issuer(
53            issuer_name="issuer1", provider="Test", account_id="keyvaultuser", admin_contacts=admin_contacts, enabled=True
54        )
55
56        # Now we get this issuer by name
57        issuer1 = await client.get_issuer("issuer1")
58
59        print(issuer1.name)
60        print(issuer1.provider)
61        print(issuer1.account_id)
62
63        for contact in issuer1.admin_contacts:
64            print(contact.first_name)
65            print(contact.last_name)
66            print(contact.email)
67            print(contact.phone)
68
69        # Now we update the admnistrator contact for this issuer
70        admin_contacts = [
71            AdministratorContact(first_name="Jane", last_name="Doe", email="admin@microsoft.com", phone="4255555555")
72        ]
73        issuer1 = await client.update_issuer(issuer_name="issuer1", admin_contacts=admin_contacts)
74
75        for contact in issuer1.admin_contacts:
76            print(contact.first_name)
77            print(contact.last_name)
78            print(contact.email)
79            print(contact.phone)
80
81        # Now we will list all of the certificate issuers for this key vault. To better demonstrate this, we will first create another issuer.
82        await client.create_issuer(issuer_name="issuer2", provider="Test", account_id="keyvaultuser", enabled=True)
83
84        issuers = client.list_properties_of_issuers()
85
86        async for issuer in issuers:
87            print(issuer.name)
88            print(issuer.provider)
89
90        # Finally, we delete our first issuer by name.
91        await client.delete_issuer("issuer1")
92
93    except HttpResponseError as e:
94        print("\nrun_sample has caught an error. {0}".format(e.message))
95
96    finally:
97        print("\nrun_sample done")
98        await credential.close()
99        await client.close()
100
101
102if __name__ == "__main__":
103    try:
104        loop = asyncio.get_event_loop()
105        loop.run_until_complete(run_sample())
106        loop.close()
107
108    except Exception as e:
109        print("Top level Error: {0}".format(str(e)))
110