Quickstart: Create an Azure Managed CCF resource using the Azure SDK for Go
Azure Managed CCF (Managed CCF) is a new and highly secure service for deploying confidential applications. For more information on Managed CCF, see About Azure Managed Confidential Consortium Framework.
In this quickstart, you learn how to create a Managed CCF resource using the Azure SDK for Go library.
If you don't have an Azure subscription, create an Azure free account before you begin.
API reference documentation | Library source code | Package (Go)
Prerequisites
- An Azure subscription - create one for free.
- Go 1.18 or higher.
- OpenSSL on a computer running Windows or Linux.
Setup
Create a new Go application
- In a command shell, run the following command to create a folder named
managedccf-app:
mkdir managedccf-app && cd managedccf-app
go mod init github.com/azure/resourcemanager/confidentialledger
Install the modules
- Install the Azure Confidential Ledger module.
go get -u github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/confidentialledger/armconfidentialledger@v1.2.0-beta.1
For this quickstart, you also need to install the Azure Identity module for Go.
go get -u github.com/Azure/azure-sdk-for-go/sdk/azidentity
Create a resource group
A resource group is a logical container into which Azure resources are deployed and managed. Use the Azure PowerShell New-AzResourceGroup cmdlet to create a resource group named myResourceGroup in the southcentralus location.
New-AzResourceGroup -Name "myResourceGroup" -Location "SouthCentralUS"
Register the resource provider
The Azure Managed CCF resource type must be registered in the subscription before creating a resource.
az feature registration create --namespace Microsoft.ConfidentialLedger --name ManagedCCF
az provider register --namespace Microsoft.ConfidentialLedger
Create members
Generate a key pair for the member. After the following commands complete, the member's public key is saved in member0_cert.pem and the private key is saved in member0_privk.pem.
openssl ecparam -out "member0_privk.pem" -name "secp384r1" -genkey
openssl req -new -key "member0_privk.pem" -x509 -nodes -days 365 -out "member0_cert.pem" -"sha384" -subj=/CN="member0"
Create the Go application
The management plane library allows operations on Managed CCF resources, such as creation and deletion, listing the resources associated with a subscription, and viewing the details of a specific resource. The following piece of code creates and views the properties of a Managed CCF resource.
Add the following directives to the top of main.go:
package main
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/confidentialledger/armconfidentialledger"
)
Authenticate and create a client factory
In this quickstart, logged in user is used to authenticate to Azure Managed CCF, which is the preferred method for local development. This example uses 'NewDefaultAzureCredential()' class from Azure Identity module, which allows to use the same code across different environments with different options to provide identity.
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("Failed to obtain a credential: %v", err)
}
Create an Azure Resource Manager client factory and authenticate using the token credential.
ctx := context.Background()
clientFactory, err := armconfidentialledger.NewClientFactory("0000000-0000-0000-0000-000000000001", cred, nil)
if err != nil {
log.Fatalf("Failed to create client: %v", err)
}
Create a Managed CCF resource
appName := "confidentialbillingapp"
rgName := "myResourceGroup"
// Create a new resource
poller, err := clientFactory.NewManagedCCFClient().BeginCreate(ctx, rgName, appName, armconfidentialledger.ManagedCCF{
Location: to.Ptr("SouthCentralUS"),
Tags: map[string]*string{
"Department": to.Ptr("Contoso IT"),
},
Properties: &armconfidentialledger.ManagedCCFProperties{
DeploymentType: &armconfidentialledger.DeploymentType{
AppSourceURI: to.Ptr(""),
LanguageRuntime: to.Ptr(armconfidentialledger.LanguageRuntimeJS),
},
MemberIdentityCertificates: []*armconfidentialledger.MemberIdentityCertificate{
{
Certificate: to.Ptr("-----BEGIN CERTIFICATE-----\nMIIU4G0d7....1ZtULNWo\n-----END CERTIFICATE-----"),
Encryptionkey: to.Ptr(""),
Tags: map[string]any{
"owner": "IT Admin1",
},
}},
NodeCount: to.Ptr[int32](3),
},
}, nil)
if err != nil {
log.Fatalf("Failed to finish the request: %v", err)
}
_, err = poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("Failed to pull the result: %v", err)
}
Get the properties of the Managed CCF resource
The following piece of code retrieves the Managed CCF resource created in the previous step.
log.Println("Getting the Managed CCF resource.")
// Get the resource details and print it
getResponse, err := clientFactory.NewManagedCCFClient().Get(ctx, rgName, appName, nil)
if err != nil {
log.Fatalf("Failed to get details of mccf instance: %v", err)
}
// Print few properties of the Managed CCF resource
log.Println("Application name:", *getResponse.ManagedCCF.Properties.AppName)
log.Println("Node Count:", *getResponse.ManagedCCF.Properties.NodeCount)
List the Managed CCF resources in a Resource Group
The following piece of code retrieves the Managed CCF resources in the resource group.
pager := clientFactory.NewManagedCCFClient().NewListByResourceGroupPager(rgName, nil)
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("Failed to advance page: %v", err)
}
for _, v := range page.Value {
log.Println("Application Name:", *v.Name)
}
}
Delete the Managed CCF resource
The following piece of code deletes the Managed CCF resource. Other Managed CCF articles can build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you might wish to leave these resources in place.
deletePoller, err := clientFactory.NewManagedCCFClient().BeginDelete(ctx, rgName, appName, nil)
if err != nil {
log.Fatalf("Failed to finish the delete request: %v", err)
}
_, err = deletePoller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("Failed to get the delete result: %v", err)
}
Clean up resources
Other Managed CCF articles can build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you might wish to leave these resources in place.
Otherwise, when you're finished with the resources created in this article, use the Azure CLI az group delete command to delete the resource group and all its contained resources.
az group delete --resource-group contoso-rg
Next steps
In this quickstart, you created a Managed CCF resource by using the Azure Python SDK for Confidential Ledger. To learn more about Azure Managed CCF and how to integrate it with your applications, continue on to these articles:
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for