Quickstart: Create an Azure Managed CCF resource using the Azure SDK for Go

Azure Managed CCF (Managed CCF) is a new and highly secure service for deploying confidential applications. For more information on Managed CCF, see About Azure Managed Confidential Consortium Framework.

In this quickstart, you learn how to create a Managed CCF resource using the Azure SDK for Go library.

If you don't have an Azure subscription, create an Azure free account before you begin.

API reference documentation | Library source code | Package (Go)

Prerequisites

Setup

Create a new Go application

  1. In a command shell, run the following command to create a folder named managedccf-app:
mkdir managedccf-app && cd managedccf-app

go mod init github.com/azure/resourcemanager/confidentialledger

Install the modules

  1. Install the Azure Confidential Ledger module.
go get -u github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/confidentialledger/armconfidentialledger@v1.2.0-beta.1

For this quickstart, you also need to install the Azure Identity module for Go.

go get -u github.com/Azure/azure-sdk-for-go/sdk/azidentity

Create a resource group

A resource group is a logical container into which Azure resources are deployed and managed. Use the Azure PowerShell New-AzResourceGroup cmdlet to create a resource group named myResourceGroup in the southcentralus location.

New-AzResourceGroup -Name "myResourceGroup" -Location "SouthCentralUS"

Register the resource provider

The Azure Managed CCF resource type must be registered in the subscription before creating a resource.

az feature registration create --namespace Microsoft.ConfidentialLedger --name ManagedCCF

az provider register --namespace Microsoft.ConfidentialLedger

Create members

Generate a key pair for the member. After the following commands complete, the member's public key is saved in member0_cert.pem and the private key is saved in member0_privk.pem.

openssl ecparam -out "member0_privk.pem" -name "secp384r1" -genkey
openssl req -new -key "member0_privk.pem" -x509 -nodes -days 365 -out "member0_cert.pem" -"sha384" -subj=/CN="member0"

Create the Go application

The management plane library allows operations on Managed CCF resources, such as creation and deletion, listing the resources associated with a subscription, and viewing the details of a specific resource. The following piece of code creates and views the properties of a Managed CCF resource.

Add the following directives to the top of main.go:

package main

import (
    "context"
    "log"
    
    "github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
    "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
    "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/confidentialledger/armconfidentialledger"
)

Authenticate and create a client factory

In this quickstart, logged in user is used to authenticate to Azure Managed CCF, which is the preferred method for local development. This example uses 'NewDefaultAzureCredential()' class from Azure Identity module, which allows to use the same code across different environments with different options to provide identity.

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
    log.Fatalf("Failed to obtain a credential: %v", err)
}

Create an Azure Resource Manager client factory and authenticate using the token credential.

ctx := context.Background()
clientFactory, err := armconfidentialledger.NewClientFactory("0000000-0000-0000-0000-000000000001", cred, nil)

if err != nil {
    log.Fatalf("Failed to create client: %v", err)
}

Create a Managed CCF resource

appName := "confidentialbillingapp"
rgName := "myResourceGroup"

// Create a new resource
poller, err := clientFactory.NewManagedCCFClient().BeginCreate(ctx, rgName, appName, armconfidentialledger.ManagedCCF{
    Location: to.Ptr("SouthCentralUS"),
    Tags: map[string]*string{
        "Department": to.Ptr("Contoso IT"),
    },
    Properties: &armconfidentialledger.ManagedCCFProperties{
        DeploymentType: &armconfidentialledger.DeploymentType{
            AppSourceURI:    to.Ptr(""),
            LanguageRuntime: to.Ptr(armconfidentialledger.LanguageRuntimeJS),
        },
        MemberIdentityCertificates: []*armconfidentialledger.MemberIdentityCertificate{
            {
                Certificate:   to.Ptr("-----BEGIN CERTIFICATE-----\nMIIU4G0d7....1ZtULNWo\n-----END CERTIFICATE-----"),
                Encryptionkey: to.Ptr(""),
                Tags: map[string]any{
                    "owner": "IT Admin1",
                },
            }},
        NodeCount: to.Ptr[int32](3),
    },
}, nil)

if err != nil {
    log.Fatalf("Failed to finish the request: %v", err)
}

_, err = poller.PollUntilDone(ctx, nil)

if err != nil {
    log.Fatalf("Failed to pull the result: %v", err)
}

Get the properties of the Managed CCF resource

The following piece of code retrieves the Managed CCF resource created in the previous step.

log.Println("Getting the Managed CCF resource.")

// Get the resource details and print it
getResponse, err := clientFactory.NewManagedCCFClient().Get(ctx, rgName, appName, nil)

if err != nil {
    log.Fatalf("Failed to get details of mccf instance: %v", err)
}

// Print few properties of the Managed CCF resource
log.Println("Application name:", *getResponse.ManagedCCF.Properties.AppName)
log.Println("Node Count:", *getResponse.ManagedCCF.Properties.NodeCount)

List the Managed CCF resources in a Resource Group

The following piece of code retrieves the Managed CCF resources in the resource group.

pager := clientFactory.NewManagedCCFClient().NewListByResourceGroupPager(rgName, nil)

for pager.More() {
    page, err := pager.NextPage(ctx)
    if err != nil {
        log.Fatalf("Failed to advance page: %v", err)
    }

    for _, v := range page.Value {
        log.Println("Application Name:", *v.Name)
    }
}

Delete the Managed CCF resource

The following piece of code deletes the Managed CCF resource. Other Managed CCF articles can build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you might wish to leave these resources in place.

deletePoller, err := clientFactory.NewManagedCCFClient().BeginDelete(ctx, rgName, appName, nil)

if err != nil {
    log.Fatalf("Failed to finish the delete request: %v", err)
}

_, err = deletePoller.PollUntilDone(ctx, nil)

if err != nil {
    log.Fatalf("Failed to get the delete result: %v", err)
}

Clean up resources

Other Managed CCF articles can build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you might wish to leave these resources in place.

Otherwise, when you're finished with the resources created in this article, use the Azure CLI az group delete command to delete the resource group and all its contained resources.

az group delete --resource-group contoso-rg

Next steps

In this quickstart, you created a Managed CCF resource by using the Azure Python SDK for Confidential Ledger. To learn more about Azure Managed CCF and how to integrate it with your applications, continue on to these articles: