Skip to content

Commit 51ce088

Browse files
weidongxu-microsoftweidongxu-microsoft
authored
mgmt, key vault audit log (Azure#21707)
1 parent d51c9a8 commit 51ce088

File tree

1 file changed

+35
-1
lines changed

1 file changed

+35
-1
lines changed

sdk/resourcemanager/azure-resourcemanager-samples/src/main/java/com/azure/resourcemanager/storage/samples/ManageStorageAccountCustomerManagedKey.java

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,9 +19,12 @@
1919
import com.azure.resourcemanager.samples.Utils;
2020
import com.azure.resourcemanager.storage.models.PublicAccess;
2121
import com.azure.resourcemanager.storage.models.StorageAccount;
22+
import com.azure.resourcemanager.storage.models.StorageAccountSkuType;
2223
import com.azure.security.keyvault.keys.models.KeyType;
2324
import com.azure.storage.blob.BlobClient;
2425
import com.azure.storage.blob.BlobClientBuilder;
26+
import com.azure.storage.blob.BlobContainerClient;
27+
import com.azure.storage.blob.BlobContainerClientBuilder;
2528

2629
import java.time.Duration;
2730

@@ -30,6 +33,7 @@
3033
* - Create a storage account with system assigned managed service identity
3134
* - Create a key vault with purge protection enabled and access policy for managed service identity of storage account
3235
* - Create a RSA key
36+
* - Create diagnostic setting for audit logs
3337
* - Update storage account to enable encryption with customer-managed key
3438
* - Revoke customer-managed key
3539
*
@@ -50,6 +54,8 @@ public static boolean runSample(AzureResourceManager azureResourceManager, Strin
5054
final String vaultName = Utils.randomResourceName(azureResourceManager, "kv", 8);
5155
final String rgName = Utils.randomResourceName(azureResourceManager, "rg", 8);
5256
final String containerName = "container";
57+
final String auditStorageAccountName = Utils.randomResourceName(azureResourceManager, "sadiag", 12);
58+
final String diagnosticSettingName = Utils.randomResourceName(azureResourceManager, "diag", 12);
5359

5460
try {
5561
//============================================================
@@ -88,7 +94,22 @@ public static boolean runSample(AzureResourceManager azureResourceManager, Strin
8894

8995
vault.keys().define("sakey")
9096
.withKeyTypeToCreate(KeyType.RSA)
91-
.withKeySize(2048)
97+
.withKeySize(4096)
98+
.create();
99+
100+
//============================================================
101+
// Create a diagnostic setting on key vault and save audit logs to storage account
102+
103+
StorageAccount auditStorageAccount = azureResourceManager.storageAccounts().define(auditStorageAccountName)
104+
.withRegion(region)
105+
.withExistingResourceGroup(rgName)
106+
.withSku(StorageAccountSkuType.STANDARD_LRS)
107+
.create();
108+
109+
azureResourceManager.diagnosticSettings().define(diagnosticSettingName)
110+
.withResource(vault.id())
111+
.withStorageAccount(auditStorageAccount.id())
112+
.withLog("AuditEvent", 90)
92113
.create();
93114

94115
//============================================================
@@ -147,6 +168,19 @@ public static boolean runSample(AzureResourceManager azureResourceManager, Strin
147168
System.out.println("blob download fails due to: " + e);
148169
}
149170

171+
//============================================================
172+
// Browse audit logs saved in storage account
173+
174+
BlobContainerClient containerClient = new BlobContainerClientBuilder()
175+
.connectionString(
176+
ResourceManagerUtils.getStorageConnectionString(
177+
auditStorageAccountName, auditStorageAccount.getKeys().iterator().next().value(),
178+
azureResourceManager.storageAccounts().manager().environment()))
179+
.containerName("insights-logs-auditevent")
180+
.buildClient();
181+
182+
containerClient.listBlobs().forEach(item -> System.out.println("blob name: " + item.getName()));
183+
150184
} finally {
151185
try {
152186
System.out.println("Deleting Resource Group: " + rgName);

0 commit comments

Comments
 (0)