@azure/keyvault-admin 4.6.1-alpha.20250206.1 → 4.6.1-alpha.20250211.2

package/dist/esm/accessControlClient.d.ts

@@ -19,14 +19,13 @@ export declare class KeyVaultAccessControlClient {
      * Creates an instance of the KeyVaultAccessControlClient.
      *
      * Example usage:
-     * ```ts
-     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     * ```ts snippet:ReadmeSampleCreateAccessControlClient
      * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
      *
-     * let vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
-     * let credentials = new DefaultAzureCredential();
-     *
-     * let client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
      * ```
      * @param vaultUrl - the URL of the Key Vault. It should have this shape: `https://${your-key-vault-name}.vault.azure.net`. You should validate that this URL references a valid Key Vault or Managed HSM resource. See https://aka.ms/azsdk/blog/vault-uri for details.
      * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \@azure/identity package to create a credential that suits your needs.
@@ -37,11 +36,23 @@ export declare class KeyVaultAccessControlClient {
      * Creates a role assignment in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * const client = new KeyVaultAccessControlClient(url, credentials);
-     * const roleDefinition = await client.listRoleDefinitions("/").next();
+     * ```ts snippet:ReadmeSampleCreateRoleAssignment
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
+     * const { value: roleDefinition } = await client.listRoleDefinitions("/").next();
+     *
      * const principalId = "4871f6a6-374f-4b6b-8b0c-f5d84db823f6";
-     * const result = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517", roleDefinition, principalId);
+     * const result = await client.createRoleAssignment(
+     *   "/",
+     *   "295c179b-9ad3-4117-99cd-b1aa66cf4517",
+     *   roleDefinition.id,
+     *   principalId,
+     * );
      * ```
      * Creates a new role assignment.
      * @param roleScope - The scope of the role assignment.
@@ -55,10 +66,25 @@ export declare class KeyVaultAccessControlClient {
      * Deletes role assignments previously created in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * const client = new KeyVaultAccessControlClient(url, credentials);
-     * const roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517");
-     * await client.deleteRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);
+     * ```ts snippet:ReadmeSampleDeleteRoleAssignment
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
+     * const { value: roleDefinition } = await client.listRoleDefinitions("/").next();
+     * const principalId = "4871f6a6-374f-4b6b-8b0c-f5d84db823f6";
+     *
+     * const roleAssignment = await client.createRoleAssignment(
+     *   "/",
+     *   "295c179b-9ad3-4117-99cd-b1aa66cf4517",
+     *   roleDefinition.id,
+     *   principalId,
+     * );
+     *
+     * await client.deleteRoleAssignment(roleAssignment.properties.scope, roleAssignment.name);
      * ```
      * Deletes an existing role assignment.
      * @param roleScope - The scope of the role assignment.
@@ -70,10 +96,28 @@ export declare class KeyVaultAccessControlClient {
      * Gets a role assignments previously created in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * const client = new KeyVaultAccessControlClient(url, credentials);
-     * let roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517");
-     * roleAssignment = const await client.getRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);
+     * ```ts snippet:ReadmeSampleGetRoleAssignment
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
+     * const { value: roleDefinition } = await client.listRoleDefinitions("/").next();
+     * const principalId = "4871f6a6-374f-4b6b-8b0c-f5d84db823f6";
+     *
+     * let roleAssignment = await client.createRoleAssignment(
+     *   "/",
+     *   "295c179b-9ad3-4117-99cd-b1aa66cf4517",
+     *   roleDefinition.id,
+     *   principalId,
+     * );
+     *
+     * roleAssignment = await client.getRoleAssignment(
+     *   roleAssignment.properties.scope,
+     *   roleAssignment.name,
+     * );
      * console.log(roleAssignment);
      * ```
      * Gets an existing role assignment.
@@ -86,8 +130,14 @@ export declare class KeyVaultAccessControlClient {
      * Iterates over all of the available role assignments in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * let client = new KeyVaultAccessControlClient(url, credentials);
+     * ```ts snippet:ReadmeSampleListRoleAssignments
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
      * for await (const roleAssignment of client.listRoleAssignments("/")) {
      *   console.log("Role assignment: ", roleAssignment);
      * }
@@ -101,8 +151,14 @@ export declare class KeyVaultAccessControlClient {
      * Iterates over all of the available role definitions in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * let client = new KeyVaultAccessControlClient(url, credentials);
+     * ```ts snippet:ReadmeSampleListRoleDefinitions
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
      * for await (const roleDefinitions of client.listRoleDefinitions("/")) {
      *   console.log("Role definition: ", roleDefinitions);
      * }
@@ -116,8 +172,14 @@ export declare class KeyVaultAccessControlClient {
      * Gets a role definition from Azure Key Vault.
      *
      * Example usage:
-     * ```
-     * const client = new KeyVaultAccessControlClient(url, credentials);
+     * ```ts snippet:ReadmeSampleGetRoleDefinition
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
      * const roleDefinition = await client.getRoleDefinition("/", "b86a8fe4-44ce-4948-aee5-eccb2c155cd7");
      * console.log(roleDefinition);
      * ```
@@ -130,11 +192,24 @@ export declare class KeyVaultAccessControlClient {
      * Creates or updates a role definition in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * const client = new KeyVaultAccessControlClient(url, credentials);
+     * ```ts snippet:ReadmeSampleSetRoleDefinition
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import {
+     *   KeyVaultAccessControlClient,
+     *   KnownKeyVaultDataAction,
+     *   KnownKeyVaultRoleScope,
+     * } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
      * const permissions = [{ dataActions: [KnownKeyVaultDataAction.BackupHsmKeys] }];
      * const roleDefinitionName = "23b8bb1a-39c0-4c89-a85b-dd3c99273a8a";
-     * const roleDefinition = await client.setRoleDefinition(KnownKeyVaultRoleScope.Global, { permissions, roleDefinitionName });
+     * const roleDefinition = await client.setRoleDefinition(KnownKeyVaultRoleScope.Global, {
+     *   permissions,
+     *   roleDefinitionName,
+     * });
      * console.log(roleDefinition);
      * ```
      * @param roleScope - The scope of the role definition.
@@ -145,9 +220,25 @@ export declare class KeyVaultAccessControlClient {
      * Deletes a custom role definition previously created in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * const client = new KeyVaultAccessControlClient(url, credentials);
-     * const roleDefinition = await client.setRoleDefinition("/", "23b8bb1a-39c0-4c89-a85b-dd3c99273a8a", []);
+     * ```ts snippet:ReadmeSampleDeleteRoleDefinition
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import {
+     *   KeyVaultAccessControlClient,
+     *   KnownKeyVaultDataAction,
+     *   KnownKeyVaultRoleScope,
+     * } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
+     * const permissions = [{ dataActions: [KnownKeyVaultDataAction.BackupHsmKeys] }];
+     * const roleDefinitionName = "23b8bb1a-39c0-4c89-a85b-dd3c99273a8a";
+     * const roleDefinition = await client.setRoleDefinition(KnownKeyVaultRoleScope.Global, {
+     *   permissions,
+     *   roleDefinitionName,
+     * });
+     *
      * await client.deleteRoleDefinition("/", roleDefinition.name);
      * ```
      * @param roleScope - The scope of the role definition.

package/dist/esm/accessControlClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"accessControlClient.d.ts","sourceRoot":"","sources":["../../src/accessControlClient.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,0BAA0B,EAC1B,2BAA2B,EAC3B,2BAA2B,EAC3B,2BAA2B,EAC3B,wBAAwB,EACxB,wBAAwB,EACxB,sBAAsB,EACtB,sBAAsB,EACtB,iBAAiB,EACjB,0BAA0B,EAC1B,0BAA0B,EAC1B,wBAAwB,EACzB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAMxD;;;;GAIG;AACH,qBAAa,2BAA2B;IACtC;;OAEG;IACH,SAAgB,QAAQ,EAAE,MAAM,CAAC;IAEjC;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IAExC;;;;;;;;;;;;;;;;OAgBG;gBAED,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,eAAe,EAE3B,OAAO,GAAE,0BAA+B;IAO1C;;;;;;;;;;;;;;;;OAgBG;IACI,oBAAoB,CACzB,SAAS,EAAE,iBAAiB,EAC5B,IAAI,EAAE,MAAM,EACZ,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,sBAAsB,CAAC;IAqBlC;;;;;;;;;;;;;OAaG;IACI,oBAAoB,CACzB,SAAS,EAAE,iBAAiB,EAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,IAAI,CAAC;IAiBhB;;;;;;;;;;;;;;OAcG;IACI,iBAAiB,CACtB,SAAS,EAAE,iBAAiB,EAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,wBAA6B,GACrC,OAAO,CAAC,sBAAsB,CAAC;IAWlC;;;;;;;;;;;;;OAaG;IACI,mBAAmB,CACxB,SAAS,EAAE,iBAAiB,EAC5B,OAAO,GAAE,0BAA+B,GACvC,0BAA0B,CAAC,sBAAsB,CAAC;IAQrD;;;;;;;;;;;;;OAaG;IACI,mBAAmB,CACxB,SAAS,EAAE,iBAAiB,EAC5B,OAAO,GAAE,0BAA+B,GACvC,0BAA0B,CAAC,sBAAsB,CAAC;IAQrD;;;;;;;;;;;;OAYG;IACI,iBAAiB,CACtB,SAAS,EAAE,iBAAiB,EAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,wBAA6B,GACrC,OAAO,CAAC,sBAAsB,CAAC;IAWlC;;;;;;;;;;;;;OAaG;IACI,iBAAiB,CACtB,SAAS,EAAE,iBAAiB,EAC5B,OAAO,GAAE,wBAA6B,GACrC,OAAO,CAAC,sBAAsB,CAAC;IAwBlC;;;;;;;;;;;;OAYG;IACI,oBAAoB,CACzB,SAAS,EAAE,iBAAiB,EAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,IAAI,CAAC;CAgBjB"}
+{"version":3,"file":"accessControlClient.d.ts","sourceRoot":"","sources":["../../src/accessControlClient.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,0BAA0B,EAC1B,2BAA2B,EAC3B,2BAA2B,EAC3B,2BAA2B,EAC3B,wBAAwB,EACxB,wBAAwB,EACxB,sBAAsB,EACtB,sBAAsB,EACtB,iBAAiB,EACjB,0BAA0B,EAC1B,0BAA0B,EAC1B,wBAAwB,EACzB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAMxD;;;;GAIG;AACH,qBAAa,2BAA2B;IACtC;;OAEG;IACH,SAAgB,QAAQ,EAAE,MAAM,CAAC;IAEjC;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IAExC;;;;;;;;;;;;;;;OAeG;gBAED,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,eAAe,EAE3B,OAAO,GAAE,0BAA+B;IAO1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACI,oBAAoB,CACzB,SAAS,EAAE,iBAAiB,EAC5B,IAAI,EAAE,MAAM,EACZ,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,sBAAsB,CAAC;IAqBlC;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACI,oBAAoB,CACzB,SAAS,EAAE,iBAAiB,EAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,IAAI,CAAC;IAiBhB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACI,iBAAiB,CACtB,SAAS,EAAE,iBAAiB,EAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,wBAA6B,GACrC,OAAO,CAAC,sBAAsB,CAAC;IAWlC;;;;;;;;;;;;;;;;;;;OAmBG;IACI,mBAAmB,CACxB,SAAS,EAAE,iBAAiB,EAC5B,OAAO,GAAE,0BAA+B,GACvC,0BAA0B,CAAC,sBAAsB,CAAC;IAQrD;;;;;;;;;;;;;;;;;;;OAmBG;IACI,mBAAmB,CACxB,SAAS,EAAE,iBAAiB,EAC5B,OAAO,GAAE,0BAA+B,GACvC,0BAA0B,CAAC,sBAAsB,CAAC;IAQrD;;;;;;;;;;;;;;;;;;OAkBG;IACI,iBAAiB,CACtB,SAAS,EAAE,iBAAiB,EAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,wBAA6B,GACrC,OAAO,CAAC,sBAAsB,CAAC;IAWlC;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACI,iBAAiB,CACtB,SAAS,EAAE,iBAAiB,EAC5B,OAAO,GAAE,wBAA6B,GACrC,OAAO,CAAC,sBAAsB,CAAC;IAwBlC;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACI,oBAAoB,CACzB,SAAS,EAAE,iBAAiB,EAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,IAAI,CAAC;CAgBjB"}

package/dist/esm/accessControlClient.js

@@ -15,14 +15,13 @@ export class KeyVaultAccessControlClient {
      * Creates an instance of the KeyVaultAccessControlClient.
      *
      * Example usage:
-     * ```ts
-     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     * ```ts snippet:ReadmeSampleCreateAccessControlClient
      * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
      *
-     * let vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
-     * let credentials = new DefaultAzureCredential();
-     *
-     * let client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
      * ```
      * @param vaultUrl - the URL of the Key Vault. It should have this shape: `https://${your-key-vault-name}.vault.azure.net`. You should validate that this URL references a valid Key Vault or Managed HSM resource. See https://aka.ms/azsdk/blog/vault-uri for details.
      * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \@azure/identity package to create a credential that suits your needs.
@@ -38,11 +37,23 @@ export class KeyVaultAccessControlClient {
      * Creates a role assignment in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * const client = new KeyVaultAccessControlClient(url, credentials);
-     * const roleDefinition = await client.listRoleDefinitions("/").next();
+     * ```ts snippet:ReadmeSampleCreateRoleAssignment
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
+     * const { value: roleDefinition } = await client.listRoleDefinitions("/").next();
+     *
      * const principalId = "4871f6a6-374f-4b6b-8b0c-f5d84db823f6";
-     * const result = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517", roleDefinition, principalId);
+     * const result = await client.createRoleAssignment(
+     *   "/",
+     *   "295c179b-9ad3-4117-99cd-b1aa66cf4517",
+     *   roleDefinition.id,
+     *   principalId,
+     * );
      * ```
      * Creates a new role assignment.
      * @param roleScope - The scope of the role assignment.
@@ -66,10 +77,25 @@ export class KeyVaultAccessControlClient {
      * Deletes role assignments previously created in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * const client = new KeyVaultAccessControlClient(url, credentials);
-     * const roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517");
-     * await client.deleteRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);
+     * ```ts snippet:ReadmeSampleDeleteRoleAssignment
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
+     * const { value: roleDefinition } = await client.listRoleDefinitions("/").next();
+     * const principalId = "4871f6a6-374f-4b6b-8b0c-f5d84db823f6";
+     *
+     * const roleAssignment = await client.createRoleAssignment(
+     *   "/",
+     *   "295c179b-9ad3-4117-99cd-b1aa66cf4517",
+     *   roleDefinition.id,
+     *   principalId,
+     * );
+     *
+     * await client.deleteRoleAssignment(roleAssignment.properties.scope, roleAssignment.name);
      * ```
      * Deletes an existing role assignment.
      * @param roleScope - The scope of the role assignment.
@@ -93,10 +119,28 @@ export class KeyVaultAccessControlClient {
      * Gets a role assignments previously created in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * const client = new KeyVaultAccessControlClient(url, credentials);
-     * let roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517");
-     * roleAssignment = const await client.getRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);
+     * ```ts snippet:ReadmeSampleGetRoleAssignment
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
+     * const { value: roleDefinition } = await client.listRoleDefinitions("/").next();
+     * const principalId = "4871f6a6-374f-4b6b-8b0c-f5d84db823f6";
+     *
+     * let roleAssignment = await client.createRoleAssignment(
+     *   "/",
+     *   "295c179b-9ad3-4117-99cd-b1aa66cf4517",
+     *   roleDefinition.id,
+     *   principalId,
+     * );
+     *
+     * roleAssignment = await client.getRoleAssignment(
+     *   roleAssignment.properties.scope,
+     *   roleAssignment.name,
+     * );
      * console.log(roleAssignment);
      * ```
      * Gets an existing role assignment.
@@ -114,8 +158,14 @@ export class KeyVaultAccessControlClient {
      * Iterates over all of the available role assignments in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * let client = new KeyVaultAccessControlClient(url, credentials);
+     * ```ts snippet:ReadmeSampleListRoleAssignments
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
      * for await (const roleAssignment of client.listRoleAssignments("/")) {
      *   console.log("Role assignment: ", roleAssignment);
      * }
@@ -131,8 +181,14 @@ export class KeyVaultAccessControlClient {
      * Iterates over all of the available role definitions in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * let client = new KeyVaultAccessControlClient(url, credentials);
+     * ```ts snippet:ReadmeSampleListRoleDefinitions
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
      * for await (const roleDefinitions of client.listRoleDefinitions("/")) {
      *   console.log("Role definition: ", roleDefinitions);
      * }
@@ -148,8 +204,14 @@ export class KeyVaultAccessControlClient {
      * Gets a role definition from Azure Key Vault.
      *
      * Example usage:
-     * ```
-     * const client = new KeyVaultAccessControlClient(url, credentials);
+     * ```ts snippet:ReadmeSampleGetRoleDefinition
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import { KeyVaultAccessControlClient } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
      * const roleDefinition = await client.getRoleDefinition("/", "b86a8fe4-44ce-4948-aee5-eccb2c155cd7");
      * console.log(roleDefinition);
      * ```
@@ -167,11 +229,24 @@ export class KeyVaultAccessControlClient {
      * Creates or updates a role definition in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * const client = new KeyVaultAccessControlClient(url, credentials);
+     * ```ts snippet:ReadmeSampleSetRoleDefinition
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import {
+     *   KeyVaultAccessControlClient,
+     *   KnownKeyVaultDataAction,
+     *   KnownKeyVaultRoleScope,
+     * } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
      * const permissions = [{ dataActions: [KnownKeyVaultDataAction.BackupHsmKeys] }];
      * const roleDefinitionName = "23b8bb1a-39c0-4c89-a85b-dd3c99273a8a";
-     * const roleDefinition = await client.setRoleDefinition(KnownKeyVaultRoleScope.Global, { permissions, roleDefinitionName });
+     * const roleDefinition = await client.setRoleDefinition(KnownKeyVaultRoleScope.Global, {
+     *   permissions,
+     *   roleDefinitionName,
+     * });
      * console.log(roleDefinition);
      * ```
      * @param roleScope - The scope of the role definition.
@@ -195,9 +270,25 @@ export class KeyVaultAccessControlClient {
      * Deletes a custom role definition previously created in an Azure Key Vault.
      *
      * Example usage:
-     * ```ts
-     * const client = new KeyVaultAccessControlClient(url, credentials);
-     * const roleDefinition = await client.setRoleDefinition("/", "23b8bb1a-39c0-4c89-a85b-dd3c99273a8a", []);
+     * ```ts snippet:ReadmeSampleDeleteRoleDefinition
+     * import { DefaultAzureCredential } from "@azure/identity";
+     * import {
+     *   KeyVaultAccessControlClient,
+     *   KnownKeyVaultDataAction,
+     *   KnownKeyVaultRoleScope,
+     * } from "@azure/keyvault-admin";
+     *
+     * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;
+     * const credentials = new DefaultAzureCredential();
+     * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);
+     *
+     * const permissions = [{ dataActions: [KnownKeyVaultDataAction.BackupHsmKeys] }];
+     * const roleDefinitionName = "23b8bb1a-39c0-4c89-a85b-dd3c99273a8a";
+     * const roleDefinition = await client.setRoleDefinition(KnownKeyVaultRoleScope.Global, {
+     *   permissions,
+     *   roleDefinitionName,
+     * });
+     *
      * await client.deleteRoleDefinition("/", roleDefinition.name);
      * ```
      * @param roleScope - The scope of the role definition.

package/dist/esm/accessControlClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"accessControlClient.js","sourceRoot":"","sources":["../../src/accessControlClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAClC,4CAA4C;AAmB5C,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAEjE;;;;GAIG;AACH,MAAM,OAAO,2BAA2B;IAWtC;;;;;;;;;;;;;;;;OAgBG;IACH,YACE,QAAgB,EAChB,UAA2B;IAC3B,8DAA8D;IAC9D,UAAsC,EAAE;QAExC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,MAAM,GAAG,oBAAoB,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;IACpE,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,oBAAoB,CACzB,SAA4B,EAC5B,IAAY,EACZ,gBAAwB,EACxB,WAAmB,EACnB,UAAuC,EAAE;QAEzC,OAAO,aAAa,CAAC,QAAQ,CAC3B,kDAAkD,EAClD,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CACvD,SAAS,EACT,IAAI,EACJ;gBACE,UAAU,EAAE;oBACV,gBAAgB;oBAChB,WAAW;iBACZ;aACF,EACD,cAAc,CACf,CAAC;YACF,OAAO,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;OAaG;IACI,oBAAoB,CACzB,SAA4B,EAC5B,IAAY,EACZ,UAAuC,EAAE;QAEzC,OAAO,aAAa,CAAC,QAAQ,CAC3B,kDAAkD,EAClD,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5E,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,oEAAoE;gBACpE,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAC3B,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACI,iBAAiB,CACtB,SAA4B,EAC5B,IAAY,EACZ,UAAoC,EAAE;QAEtC,OAAO,aAAa,CAAC,QAAQ,CAC3B,+CAA+C,EAC/C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YACxF,OAAO,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;OAaG;IACI,mBAAmB,CACxB,SAA4B,EAC5B,UAAsC,EAAE;QAExC,OAAO,qBAAqB,CAC1B,OAAO,EACP,CAAC,aAAa,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,YAAY,CAAC,SAAS,EAAE,aAAa,CAAC,EACrF,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAC1C,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;OAaG;IACI,mBAAmB,CACxB,SAA4B,EAC5B,UAAsC,EAAE;QAExC,OAAO,qBAAqB,CAC1B,OAAO,EACP,CAAC,aAAa,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,EAC7E,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAC1C,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,iBAAiB,CACtB,SAA4B,EAC5B,IAAY,EACZ,UAAoC,EAAE;QAEtC,OAAO,aAAa,CAAC,QAAQ,CAC3B,+CAA+C,EAC/C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YACxF,OAAO,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;OAaG;IACI,iBAAiB,CACtB,SAA4B,EAC5B,UAAoC,EAAE;QAEtC,OAAO,aAAa,CAAC,QAAQ,CAC3B,+CAA+C,EAC/C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,cAAc,CAC/D,SAAS,EACT,OAAO,CAAC,kBAAkB,IAAI,UAAU,EAAE,EAC1C;gBACE,UAAU,EAAE;oBACV,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,gBAAgB,EAAE,CAAC,SAAS,CAAC;oBAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,QAAQ,EAAE,YAAY;iBACvB;aACF,EACD,cAAc,CACf,CAAC;YACF,OAAO,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,oBAAoB,CACzB,SAA4B,EAC5B,IAAY,EACZ,UAAuC,EAAE;QAEzC,OAAO,aAAa,CAAC,QAAQ,CAC3B,kDAAkD,EAClD,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5E,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,oEAAoE;gBACpE,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAC3B,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n/// <reference lib=\"esnext.asynciterable\" />\n\nimport type {\n  AccessControlClientOptions,\n  CreateRoleAssignmentOptions,\n  DeleteRoleAssignmentOptions,\n  DeleteRoleDefinitionOptions,\n  GetRoleAssignmentOptions,\n  GetRoleDefinitionOptions,\n  KeyVaultRoleAssignment,\n  KeyVaultRoleDefinition,\n  KeyVaultRoleScope,\n  ListRoleAssignmentsOptions,\n  ListRoleDefinitionsOptions,\n  SetRoleDefinitionOptions,\n} from \"./accessControlModels.js\";\nimport type { KeyVaultClient } from \"./generated/keyVaultClient.js\";\nimport type { PagedAsyncIterableIterator } from \"@azure/core-paging\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { mapPagedAsyncIterable, mappings } from \"./mappings.js\";\nimport { tracingClient } from \"./tracing.js\";\nimport { randomUUID } from \"@azure/core-util\";\nimport { createKeyVaultClient } from \"./createKeyVaultClient.js\";\n\n/**\n * The KeyVaultAccessControlClient provides methods to manage\n * access control and role assignments in any given Azure Key Vault instance.\n * The client supports creating, retrieving and deleting roles.\n */\nexport class KeyVaultAccessControlClient {\n  /**\n   * The base URL to the vault\n   */\n  public readonly vaultUrl: string;\n\n  /**\n   * A reference to the auto-generated Key Vault HTTP client.\n   */\n  private readonly client: KeyVaultClient;\n\n  /**\n   * Creates an instance of the KeyVaultAccessControlClient.\n   *\n   * Example usage:\n   * ```ts\n   * import { KeyVaultAccessControlClient } from \"@azure/keyvault-admin\";\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   *\n   * let vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;\n   * let credentials = new DefaultAzureCredential();\n   *\n   * let client = new KeyVaultAccessControlClient(vaultUrl, credentials);\n   * ```\n   * @param vaultUrl - the URL of the Key Vault. It should have this shape: `https://${your-key-vault-name}.vault.azure.net`. You should validate that this URL references a valid Key Vault or Managed HSM resource. See https://aka.ms/azsdk/blog/vault-uri for details.\n   * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \\@azure/identity package to create a credential that suits your needs.\n   * @param options - Options used to configure Key Vault API requests. Omit this parameter to use the default configuration.\n   */\n  constructor(\n    vaultUrl: string,\n    credential: TokenCredential,\n    // eslint-disable-next-line @azure/azure-sdk/ts-naming-options\n    options: AccessControlClientOptions = {},\n  ) {\n    this.vaultUrl = vaultUrl;\n\n    this.client = createKeyVaultClient(vaultUrl, credential, options);\n  }\n\n  /**\n   * Creates a role assignment in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts\n   * const client = new KeyVaultAccessControlClient(url, credentials);\n   * const roleDefinition = await client.listRoleDefinitions(\"/\").next();\n   * const principalId = \"4871f6a6-374f-4b6b-8b0c-f5d84db823f6\";\n   * const result = await client.createRoleAssignment(\"/\", \"295c179b-9ad3-4117-99cd-b1aa66cf4517\", roleDefinition, principalId);\n   * ```\n   * Creates a new role assignment.\n   * @param roleScope - The scope of the role assignment.\n   * @param name - The name of the role assignment. Must be a UUID.\n   * @param roleDefinitionId - The role definition ID used in the role assignment.\n   * @param principalId - The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.\n   * @param options - The optional parameters.\n   */\n  public createRoleAssignment(\n    roleScope: KeyVaultRoleScope,\n    name: string,\n    roleDefinitionId: string,\n    principalId: string,\n    options: CreateRoleAssignmentOptions = {},\n  ): Promise<KeyVaultRoleAssignment> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.createRoleAssignment\",\n      options,\n      async (updatedOptions) => {\n        const response = await this.client.roleAssignments.create(\n          roleScope,\n          name,\n          {\n            properties: {\n              roleDefinitionId,\n              principalId,\n            },\n          },\n          updatedOptions,\n        );\n        return mappings.roleAssignment.generatedToPublic(response);\n      },\n    );\n  }\n\n  /**\n   * Deletes role assignments previously created in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts\n   * const client = new KeyVaultAccessControlClient(url, credentials);\n   * const roleAssignment = await client.createRoleAssignment(\"/\", \"295c179b-9ad3-4117-99cd-b1aa66cf4517\");\n   * await client.deleteRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);\n   * ```\n   * Deletes an existing role assignment.\n   * @param roleScope - The scope of the role assignment.\n   * @param name - The name of the role assignment.\n   * @param options - The optional parameters.\n   */\n  public deleteRoleAssignment(\n    roleScope: KeyVaultRoleScope,\n    name: string,\n    options: DeleteRoleAssignmentOptions = {},\n  ): Promise<void> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.deleteRoleAssignment\",\n      options,\n      async (updatedOptions) => {\n        try {\n          await this.client.roleAssignments.delete(roleScope, name, updatedOptions);\n        } catch (err: any) {\n          // If the role assignment doesn't exist, we can consider it deleted.\n          if (err.statusCode !== 404) {\n            throw err;\n          }\n        }\n      },\n    );\n  }\n\n  /**\n   * Gets a role assignments previously created in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts\n   * const client = new KeyVaultAccessControlClient(url, credentials);\n   * let roleAssignment = await client.createRoleAssignment(\"/\", \"295c179b-9ad3-4117-99cd-b1aa66cf4517\");\n   * roleAssignment = const await client.getRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name);\n   * console.log(roleAssignment);\n   * ```\n   * Gets an existing role assignment.\n   * @param roleScope - The scope of the role assignment.\n   * @param name - The name of the role assignment.\n   * @param options - The optional parameters.\n   */\n  public getRoleAssignment(\n    roleScope: KeyVaultRoleScope,\n    name: string,\n    options: GetRoleAssignmentOptions = {},\n  ): Promise<KeyVaultRoleAssignment> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.getRoleAssignment\",\n      options,\n      async (updatedOptions) => {\n        const response = await this.client.roleAssignments.get(roleScope, name, updatedOptions);\n        return mappings.roleAssignment.generatedToPublic(response);\n      },\n    );\n  }\n\n  /**\n   * Iterates over all of the available role assignments in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts\n   * let client = new KeyVaultAccessControlClient(url, credentials);\n   * for await (const roleAssignment of client.listRoleAssignments(\"/\")) {\n   *   console.log(\"Role assignment: \", roleAssignment);\n   * }\n   * ```\n   * Lists all of the role assignments in a given scope.\n   * @param roleScope - The scope of the role assignments.\n   * @param options - The optional parameters.\n   */\n  public listRoleAssignments(\n    roleScope: KeyVaultRoleScope,\n    options: ListRoleAssignmentsOptions = {},\n  ): PagedAsyncIterableIterator<KeyVaultRoleAssignment> {\n    return mapPagedAsyncIterable(\n      options,\n      (mappedOptions) => this.client.roleAssignments.listForScope(roleScope, mappedOptions),\n      mappings.roleAssignment.generatedToPublic,\n    );\n  }\n\n  /**\n   * Iterates over all of the available role definitions in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts\n   * let client = new KeyVaultAccessControlClient(url, credentials);\n   * for await (const roleDefinitions of client.listRoleDefinitions(\"/\")) {\n   *   console.log(\"Role definition: \", roleDefinitions);\n   * }\n   * ```\n   * Lists all of the role definition in a given scope.\n   * @param roleScope - The scope of the role definition.\n   * @param options - The optional parameters.\n   */\n  public listRoleDefinitions(\n    roleScope: KeyVaultRoleScope,\n    options: ListRoleDefinitionsOptions = {},\n  ): PagedAsyncIterableIterator<KeyVaultRoleDefinition> {\n    return mapPagedAsyncIterable(\n      options,\n      (mappedOptions) => this.client.roleDefinitions.list(roleScope, mappedOptions),\n      mappings.roleDefinition.generatedToPublic,\n    );\n  }\n\n  /**\n   * Gets a role definition from Azure Key Vault.\n   *\n   * Example usage:\n   * ```\n   * const client = new KeyVaultAccessControlClient(url, credentials);\n   * const roleDefinition = await client.getRoleDefinition(\"/\", \"b86a8fe4-44ce-4948-aee5-eccb2c155cd7\");\n   * console.log(roleDefinition);\n   * ```\n   * @param roleScope - The scope of the role definition.\n   * @param name - The name of the role definition.\n   * @param options - The optional parameters.\n   */\n  public getRoleDefinition(\n    roleScope: KeyVaultRoleScope,\n    name: string,\n    options: GetRoleDefinitionOptions = {},\n  ): Promise<KeyVaultRoleDefinition> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.getRoleDefinition\",\n      options,\n      async (updatedOptions) => {\n        const response = await this.client.roleDefinitions.get(roleScope, name, updatedOptions);\n        return mappings.roleDefinition.generatedToPublic(response);\n      },\n    );\n  }\n\n  /**\n   * Creates or updates a role definition in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts\n   * const client = new KeyVaultAccessControlClient(url, credentials);\n   * const permissions = [{ dataActions: [KnownKeyVaultDataAction.BackupHsmKeys] }];\n   * const roleDefinitionName = \"23b8bb1a-39c0-4c89-a85b-dd3c99273a8a\";\n   * const roleDefinition = await client.setRoleDefinition(KnownKeyVaultRoleScope.Global, { permissions, roleDefinitionName });\n   * console.log(roleDefinition);\n   * ```\n   * @param roleScope - The scope of the role definition.\n   * @param options - The optional parameters.\n   */\n  public setRoleDefinition(\n    roleScope: KeyVaultRoleScope,\n    options: SetRoleDefinitionOptions = {},\n  ): Promise<KeyVaultRoleDefinition> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.setRoleDefinition\",\n      options,\n      async (updatedOptions) => {\n        const response = await this.client.roleDefinitions.createOrUpdate(\n          roleScope,\n          options.roleDefinitionName || randomUUID(),\n          {\n            properties: {\n              description: options.description,\n              permissions: options.permissions,\n              assignableScopes: [roleScope],\n              roleName: options.roleName,\n              roleType: \"CustomRole\",\n            },\n          },\n          updatedOptions,\n        );\n        return mappings.roleDefinition.generatedToPublic(response);\n      },\n    );\n  }\n\n  /**\n   * Deletes a custom role definition previously created in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts\n   * const client = new KeyVaultAccessControlClient(url, credentials);\n   * const roleDefinition = await client.setRoleDefinition(\"/\", \"23b8bb1a-39c0-4c89-a85b-dd3c99273a8a\", []);\n   * await client.deleteRoleDefinition(\"/\", roleDefinition.name);\n   * ```\n   * @param roleScope - The scope of the role definition.\n   * @param name - The name of the role definition to delete.\n   * @param options - The optional parameters.\n   */\n  public deleteRoleDefinition(\n    roleScope: KeyVaultRoleScope,\n    name: string,\n    options: DeleteRoleDefinitionOptions = {},\n  ): Promise<void> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.deleteRoleDefinition\",\n      options,\n      async (updatedOptions) => {\n        try {\n          await this.client.roleDefinitions.delete(roleScope, name, updatedOptions);\n        } catch (err: any) {\n          // If the role definition doesn't exist, we can consider it deleted.\n          if (err.statusCode !== 404) {\n            throw err;\n          }\n        }\n      },\n    );\n  }\n}\n"]}
+{"version":3,"file":"accessControlClient.js","sourceRoot":"","sources":["../../src/accessControlClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAClC,4CAA4C;AAmB5C,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAEjE;;;;GAIG;AACH,MAAM,OAAO,2BAA2B;IAWtC;;;;;;;;;;;;;;;OAeG;IACH,YACE,QAAgB,EAChB,UAA2B;IAC3B,8DAA8D;IAC9D,UAAsC,EAAE;QAExC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,CAAC,MAAM,GAAG,oBAAoB,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;IACpE,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACI,oBAAoB,CACzB,SAA4B,EAC5B,IAAY,EACZ,gBAAwB,EACxB,WAAmB,EACnB,UAAuC,EAAE;QAEzC,OAAO,aAAa,CAAC,QAAQ,CAC3B,kDAAkD,EAClD,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CACvD,SAAS,EACT,IAAI,EACJ;gBACE,UAAU,EAAE;oBACV,gBAAgB;oBAChB,WAAW;iBACZ;aACF,EACD,cAAc,CACf,CAAC;YACF,OAAO,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACI,oBAAoB,CACzB,SAA4B,EAC5B,IAAY,EACZ,UAAuC,EAAE;QAEzC,OAAO,aAAa,CAAC,QAAQ,CAC3B,kDAAkD,EAClD,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5E,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,oEAAoE;gBACpE,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAC3B,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACI,iBAAiB,CACtB,SAA4B,EAC5B,IAAY,EACZ,UAAoC,EAAE;QAEtC,OAAO,aAAa,CAAC,QAAQ,CAC3B,+CAA+C,EAC/C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YACxF,OAAO,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;OAmBG;IACI,mBAAmB,CACxB,SAA4B,EAC5B,UAAsC,EAAE;QAExC,OAAO,qBAAqB,CAC1B,OAAO,EACP,CAAC,aAAa,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,YAAY,CAAC,SAAS,EAAE,aAAa,CAAC,EACrF,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAC1C,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;OAmBG;IACI,mBAAmB,CACxB,SAA4B,EAC5B,UAAsC,EAAE;QAExC,OAAO,qBAAqB,CAC1B,OAAO,EACP,CAAC,aAAa,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,EAC7E,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAC1C,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,iBAAiB,CACtB,SAA4B,EAC5B,IAAY,EACZ,UAAoC,EAAE;QAEtC,OAAO,aAAa,CAAC,QAAQ,CAC3B,+CAA+C,EAC/C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YACxF,OAAO,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACI,iBAAiB,CACtB,SAA4B,EAC5B,UAAoC,EAAE;QAEtC,OAAO,aAAa,CAAC,QAAQ,CAC3B,+CAA+C,EAC/C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,cAAc,CAC/D,SAAS,EACT,OAAO,CAAC,kBAAkB,IAAI,UAAU,EAAE,EAC1C;gBACE,UAAU,EAAE;oBACV,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,gBAAgB,EAAE,CAAC,SAAS,CAAC;oBAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,QAAQ,EAAE,YAAY;iBACvB;aACF,EACD,cAAc,CACf,CAAC;YACF,OAAO,QAAQ,CAAC,cAAc,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACI,oBAAoB,CACzB,SAA4B,EAC5B,IAAY,EACZ,UAAuC,EAAE;QAEzC,OAAO,aAAa,CAAC,QAAQ,CAC3B,kDAAkD,EAClD,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5E,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,oEAAoE;gBACpE,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAC3B,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n/// <reference lib=\"esnext.asynciterable\" />\n\nimport type {\n  AccessControlClientOptions,\n  CreateRoleAssignmentOptions,\n  DeleteRoleAssignmentOptions,\n  DeleteRoleDefinitionOptions,\n  GetRoleAssignmentOptions,\n  GetRoleDefinitionOptions,\n  KeyVaultRoleAssignment,\n  KeyVaultRoleDefinition,\n  KeyVaultRoleScope,\n  ListRoleAssignmentsOptions,\n  ListRoleDefinitionsOptions,\n  SetRoleDefinitionOptions,\n} from \"./accessControlModels.js\";\nimport type { KeyVaultClient } from \"./generated/keyVaultClient.js\";\nimport type { PagedAsyncIterableIterator } from \"@azure/core-paging\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { mapPagedAsyncIterable, mappings } from \"./mappings.js\";\nimport { tracingClient } from \"./tracing.js\";\nimport { randomUUID } from \"@azure/core-util\";\nimport { createKeyVaultClient } from \"./createKeyVaultClient.js\";\n\n/**\n * The KeyVaultAccessControlClient provides methods to manage\n * access control and role assignments in any given Azure Key Vault instance.\n * The client supports creating, retrieving and deleting roles.\n */\nexport class KeyVaultAccessControlClient {\n  /**\n   * The base URL to the vault\n   */\n  public readonly vaultUrl: string;\n\n  /**\n   * A reference to the auto-generated Key Vault HTTP client.\n   */\n  private readonly client: KeyVaultClient;\n\n  /**\n   * Creates an instance of the KeyVaultAccessControlClient.\n   *\n   * Example usage:\n   * ```ts snippet:ReadmeSampleCreateAccessControlClient\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   * import { KeyVaultAccessControlClient } from \"@azure/keyvault-admin\";\n   *\n   * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;\n   * const credentials = new DefaultAzureCredential();\n   * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);\n   * ```\n   * @param vaultUrl - the URL of the Key Vault. It should have this shape: `https://${your-key-vault-name}.vault.azure.net`. You should validate that this URL references a valid Key Vault or Managed HSM resource. See https://aka.ms/azsdk/blog/vault-uri for details.\n   * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \\@azure/identity package to create a credential that suits your needs.\n   * @param options - Options used to configure Key Vault API requests. Omit this parameter to use the default configuration.\n   */\n  constructor(\n    vaultUrl: string,\n    credential: TokenCredential,\n    // eslint-disable-next-line @azure/azure-sdk/ts-naming-options\n    options: AccessControlClientOptions = {},\n  ) {\n    this.vaultUrl = vaultUrl;\n\n    this.client = createKeyVaultClient(vaultUrl, credential, options);\n  }\n\n  /**\n   * Creates a role assignment in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts snippet:ReadmeSampleCreateRoleAssignment\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   * import { KeyVaultAccessControlClient } from \"@azure/keyvault-admin\";\n   *\n   * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;\n   * const credentials = new DefaultAzureCredential();\n   * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);\n   *\n   * const { value: roleDefinition } = await client.listRoleDefinitions(\"/\").next();\n   *\n   * const principalId = \"4871f6a6-374f-4b6b-8b0c-f5d84db823f6\";\n   * const result = await client.createRoleAssignment(\n   *   \"/\",\n   *   \"295c179b-9ad3-4117-99cd-b1aa66cf4517\",\n   *   roleDefinition.id,\n   *   principalId,\n   * );\n   * ```\n   * Creates a new role assignment.\n   * @param roleScope - The scope of the role assignment.\n   * @param name - The name of the role assignment. Must be a UUID.\n   * @param roleDefinitionId - The role definition ID used in the role assignment.\n   * @param principalId - The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group.\n   * @param options - The optional parameters.\n   */\n  public createRoleAssignment(\n    roleScope: KeyVaultRoleScope,\n    name: string,\n    roleDefinitionId: string,\n    principalId: string,\n    options: CreateRoleAssignmentOptions = {},\n  ): Promise<KeyVaultRoleAssignment> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.createRoleAssignment\",\n      options,\n      async (updatedOptions) => {\n        const response = await this.client.roleAssignments.create(\n          roleScope,\n          name,\n          {\n            properties: {\n              roleDefinitionId,\n              principalId,\n            },\n          },\n          updatedOptions,\n        );\n        return mappings.roleAssignment.generatedToPublic(response);\n      },\n    );\n  }\n\n  /**\n   * Deletes role assignments previously created in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts snippet:ReadmeSampleDeleteRoleAssignment\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   * import { KeyVaultAccessControlClient } from \"@azure/keyvault-admin\";\n   *\n   * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;\n   * const credentials = new DefaultAzureCredential();\n   * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);\n   *\n   * const { value: roleDefinition } = await client.listRoleDefinitions(\"/\").next();\n   * const principalId = \"4871f6a6-374f-4b6b-8b0c-f5d84db823f6\";\n   *\n   * const roleAssignment = await client.createRoleAssignment(\n   *   \"/\",\n   *   \"295c179b-9ad3-4117-99cd-b1aa66cf4517\",\n   *   roleDefinition.id,\n   *   principalId,\n   * );\n   *\n   * await client.deleteRoleAssignment(roleAssignment.properties.scope, roleAssignment.name);\n   * ```\n   * Deletes an existing role assignment.\n   * @param roleScope - The scope of the role assignment.\n   * @param name - The name of the role assignment.\n   * @param options - The optional parameters.\n   */\n  public deleteRoleAssignment(\n    roleScope: KeyVaultRoleScope,\n    name: string,\n    options: DeleteRoleAssignmentOptions = {},\n  ): Promise<void> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.deleteRoleAssignment\",\n      options,\n      async (updatedOptions) => {\n        try {\n          await this.client.roleAssignments.delete(roleScope, name, updatedOptions);\n        } catch (err: any) {\n          // If the role assignment doesn't exist, we can consider it deleted.\n          if (err.statusCode !== 404) {\n            throw err;\n          }\n        }\n      },\n    );\n  }\n\n  /**\n   * Gets a role assignments previously created in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts snippet:ReadmeSampleGetRoleAssignment\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   * import { KeyVaultAccessControlClient } from \"@azure/keyvault-admin\";\n   *\n   * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;\n   * const credentials = new DefaultAzureCredential();\n   * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);\n   *\n   * const { value: roleDefinition } = await client.listRoleDefinitions(\"/\").next();\n   * const principalId = \"4871f6a6-374f-4b6b-8b0c-f5d84db823f6\";\n   *\n   * let roleAssignment = await client.createRoleAssignment(\n   *   \"/\",\n   *   \"295c179b-9ad3-4117-99cd-b1aa66cf4517\",\n   *   roleDefinition.id,\n   *   principalId,\n   * );\n   *\n   * roleAssignment = await client.getRoleAssignment(\n   *   roleAssignment.properties.scope,\n   *   roleAssignment.name,\n   * );\n   * console.log(roleAssignment);\n   * ```\n   * Gets an existing role assignment.\n   * @param roleScope - The scope of the role assignment.\n   * @param name - The name of the role assignment.\n   * @param options - The optional parameters.\n   */\n  public getRoleAssignment(\n    roleScope: KeyVaultRoleScope,\n    name: string,\n    options: GetRoleAssignmentOptions = {},\n  ): Promise<KeyVaultRoleAssignment> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.getRoleAssignment\",\n      options,\n      async (updatedOptions) => {\n        const response = await this.client.roleAssignments.get(roleScope, name, updatedOptions);\n        return mappings.roleAssignment.generatedToPublic(response);\n      },\n    );\n  }\n\n  /**\n   * Iterates over all of the available role assignments in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts snippet:ReadmeSampleListRoleAssignments\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   * import { KeyVaultAccessControlClient } from \"@azure/keyvault-admin\";\n   *\n   * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;\n   * const credentials = new DefaultAzureCredential();\n   * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);\n   *\n   * for await (const roleAssignment of client.listRoleAssignments(\"/\")) {\n   *   console.log(\"Role assignment: \", roleAssignment);\n   * }\n   * ```\n   * Lists all of the role assignments in a given scope.\n   * @param roleScope - The scope of the role assignments.\n   * @param options - The optional parameters.\n   */\n  public listRoleAssignments(\n    roleScope: KeyVaultRoleScope,\n    options: ListRoleAssignmentsOptions = {},\n  ): PagedAsyncIterableIterator<KeyVaultRoleAssignment> {\n    return mapPagedAsyncIterable(\n      options,\n      (mappedOptions) => this.client.roleAssignments.listForScope(roleScope, mappedOptions),\n      mappings.roleAssignment.generatedToPublic,\n    );\n  }\n\n  /**\n   * Iterates over all of the available role definitions in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts snippet:ReadmeSampleListRoleDefinitions\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   * import { KeyVaultAccessControlClient } from \"@azure/keyvault-admin\";\n   *\n   * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;\n   * const credentials = new DefaultAzureCredential();\n   * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);\n   *\n   * for await (const roleDefinitions of client.listRoleDefinitions(\"/\")) {\n   *   console.log(\"Role definition: \", roleDefinitions);\n   * }\n   * ```\n   * Lists all of the role definition in a given scope.\n   * @param roleScope - The scope of the role definition.\n   * @param options - The optional parameters.\n   */\n  public listRoleDefinitions(\n    roleScope: KeyVaultRoleScope,\n    options: ListRoleDefinitionsOptions = {},\n  ): PagedAsyncIterableIterator<KeyVaultRoleDefinition> {\n    return mapPagedAsyncIterable(\n      options,\n      (mappedOptions) => this.client.roleDefinitions.list(roleScope, mappedOptions),\n      mappings.roleDefinition.generatedToPublic,\n    );\n  }\n\n  /**\n   * Gets a role definition from Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts snippet:ReadmeSampleGetRoleDefinition\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   * import { KeyVaultAccessControlClient } from \"@azure/keyvault-admin\";\n   *\n   * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;\n   * const credentials = new DefaultAzureCredential();\n   * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);\n   *\n   * const roleDefinition = await client.getRoleDefinition(\"/\", \"b86a8fe4-44ce-4948-aee5-eccb2c155cd7\");\n   * console.log(roleDefinition);\n   * ```\n   * @param roleScope - The scope of the role definition.\n   * @param name - The name of the role definition.\n   * @param options - The optional parameters.\n   */\n  public getRoleDefinition(\n    roleScope: KeyVaultRoleScope,\n    name: string,\n    options: GetRoleDefinitionOptions = {},\n  ): Promise<KeyVaultRoleDefinition> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.getRoleDefinition\",\n      options,\n      async (updatedOptions) => {\n        const response = await this.client.roleDefinitions.get(roleScope, name, updatedOptions);\n        return mappings.roleDefinition.generatedToPublic(response);\n      },\n    );\n  }\n\n  /**\n   * Creates or updates a role definition in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts snippet:ReadmeSampleSetRoleDefinition\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   * import {\n   *   KeyVaultAccessControlClient,\n   *   KnownKeyVaultDataAction,\n   *   KnownKeyVaultRoleScope,\n   * } from \"@azure/keyvault-admin\";\n   *\n   * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;\n   * const credentials = new DefaultAzureCredential();\n   * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);\n   *\n   * const permissions = [{ dataActions: [KnownKeyVaultDataAction.BackupHsmKeys] }];\n   * const roleDefinitionName = \"23b8bb1a-39c0-4c89-a85b-dd3c99273a8a\";\n   * const roleDefinition = await client.setRoleDefinition(KnownKeyVaultRoleScope.Global, {\n   *   permissions,\n   *   roleDefinitionName,\n   * });\n   * console.log(roleDefinition);\n   * ```\n   * @param roleScope - The scope of the role definition.\n   * @param options - The optional parameters.\n   */\n  public setRoleDefinition(\n    roleScope: KeyVaultRoleScope,\n    options: SetRoleDefinitionOptions = {},\n  ): Promise<KeyVaultRoleDefinition> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.setRoleDefinition\",\n      options,\n      async (updatedOptions) => {\n        const response = await this.client.roleDefinitions.createOrUpdate(\n          roleScope,\n          options.roleDefinitionName || randomUUID(),\n          {\n            properties: {\n              description: options.description,\n              permissions: options.permissions,\n              assignableScopes: [roleScope],\n              roleName: options.roleName,\n              roleType: \"CustomRole\",\n            },\n          },\n          updatedOptions,\n        );\n        return mappings.roleDefinition.generatedToPublic(response);\n      },\n    );\n  }\n\n  /**\n   * Deletes a custom role definition previously created in an Azure Key Vault.\n   *\n   * Example usage:\n   * ```ts snippet:ReadmeSampleDeleteRoleDefinition\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   * import {\n   *   KeyVaultAccessControlClient,\n   *   KnownKeyVaultDataAction,\n   *   KnownKeyVaultRoleScope,\n   * } from \"@azure/keyvault-admin\";\n   *\n   * const vaultUrl = `https://<MY KEY VAULT HERE>.vault.azure.net`;\n   * const credentials = new DefaultAzureCredential();\n   * const client = new KeyVaultAccessControlClient(vaultUrl, credentials);\n   *\n   * const permissions = [{ dataActions: [KnownKeyVaultDataAction.BackupHsmKeys] }];\n   * const roleDefinitionName = \"23b8bb1a-39c0-4c89-a85b-dd3c99273a8a\";\n   * const roleDefinition = await client.setRoleDefinition(KnownKeyVaultRoleScope.Global, {\n   *   permissions,\n   *   roleDefinitionName,\n   * });\n   *\n   * await client.deleteRoleDefinition(\"/\", roleDefinition.name);\n   * ```\n   * @param roleScope - The scope of the role definition.\n   * @param name - The name of the role definition to delete.\n   * @param options - The optional parameters.\n   */\n  public deleteRoleDefinition(\n    roleScope: KeyVaultRoleScope,\n    name: string,\n    options: DeleteRoleDefinitionOptions = {},\n  ): Promise<void> {\n    return tracingClient.withSpan(\n      \"KeyVaultAccessControlClient.deleteRoleDefinition\",\n      options,\n      async (updatedOptions) => {\n        try {\n          await this.client.roleDefinitions.delete(roleScope, name, updatedOptions);\n        } catch (err: any) {\n          // If the role definition doesn't exist, we can consider it deleted.\n          if (err.statusCode !== 404) {\n            throw err;\n          }\n        }\n      },\n    );\n  }\n}\n"]}