diff --git a/src/Authentication.Abstractions/AzureEnvironment.cs b/src/Authentication.Abstractions/AzureEnvironment.cs index a074262fa9..4f087b9488 100644 --- a/src/Authentication.Abstractions/AzureEnvironment.cs +++ b/src/Authentication.Abstractions/AzureEnvironment.cs @@ -28,7 +28,7 @@ namespace Microsoft.Azure.Commands.Common.Authentication.Abstractions /// A record of metadata necessary to manage assets in a specific azure cloud, including necessary endpoints, /// location fo service-specific endpoints, and information for bootstrapping authentication /// - [Serializable] + [Serializable] public class AzureEnvironment : IAzureEnvironment, IEquatable { private const string ArmMetadataEnvVariable = "ARM_CLOUD_METADATA_URL"; @@ -238,7 +238,7 @@ private static async Task> InitializeEnvironmentsFromArm(strin /// Collection of AzureEnvironments private static void SetExtendedProperties(IDictionary azureEnvironments) { - if(azureEnvironments.ContainsKey(EnvironmentName.AzureCloud)) + if (azureEnvironments.ContainsKey(EnvironmentName.AzureCloud)) { azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.OperationalInsightsEndpoint, AzureEnvironmentConstants.AzureOperationalInsightsEndpoint); azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.OperationalInsightsEndpointResourceId, AzureEnvironmentConstants.AzureOperationalInsightsEndpointResourceId); @@ -248,28 +248,36 @@ private static void SetExtendedProperties(IDictionary azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.AzureAttestationServiceEndpointResourceId, AzureEnvironmentConstants.AzureAttestationServiceEndpointResourceId); azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.AzureSynapseAnalyticsEndpointSuffix, AzureEnvironmentConstants.AzureSynapseAnalyticsEndpointSuffix); azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId, AzureEnvironmentConstants.AzureSynapseAnalyticsEndpointResourceId); + azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointResourceId, AzureEnvironmentConstants.AzureManagedHsmServiceEndpointResourceId); + azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointSuffix, AzureEnvironmentConstants.AzureManagedHsmDnsSuffix); } - if(azureEnvironments.ContainsKey(EnvironmentName.AzureChinaCloud)) + if (azureEnvironments.ContainsKey(EnvironmentName.AzureChinaCloud)) { azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointSuffix, AzureEnvironmentConstants.ChinaAnalysisServicesEndpointSuffix); azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointResourceId, AzureEnvironmentConstants.ChinaAnalysisServicesEndpointResourceId); azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.AzureSynapseAnalyticsEndpointSuffix, AzureEnvironmentConstants.ChinaSynapseAnalyticsEndpointSuffix); azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId, AzureEnvironmentConstants.ChinaSynapseAnalyticsEndpointResourceId); + azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointResourceId, AzureEnvironmentConstants.ChineManagedHsmServiceEndpointResourceId); + azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointSuffix, AzureEnvironmentConstants.ChinaManagedHsmDnsSuffix); } - if(azureEnvironments.ContainsKey(EnvironmentName.AzureUSGovernment)) + if (azureEnvironments.ContainsKey(EnvironmentName.AzureUSGovernment)) { azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.OperationalInsightsEndpoint, AzureEnvironmentConstants.USGovernmentOperationalInsightsEndpoint); azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.OperationalInsightsEndpointResourceId, AzureEnvironmentConstants.USGovernmentOperationalInsightsEndpointResourceId); azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointSuffix, AzureEnvironmentConstants.USGovernmentAnalysisServicesEndpointSuffix); azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointResourceId, AzureEnvironmentConstants.USGovernmentAnalysisServicesEndpointResourceId); + azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointResourceId, AzureEnvironmentConstants.USGovernmeneManagedHsmServiceEndpointResourceId); + azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointSuffix, AzureEnvironmentConstants.USGovernmentManagedHsmDnsSuffix); } - if(azureEnvironments.ContainsKey(EnvironmentName.AzureGermanCloud)) + if (azureEnvironments.ContainsKey(EnvironmentName.AzureGermanCloud)) { azureEnvironments[EnvironmentName.AzureGermanCloud].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointSuffix, AzureEnvironmentConstants.GermanAnalysisServicesEndpointSuffix); azureEnvironments[EnvironmentName.AzureGermanCloud].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointResourceId, AzureEnvironmentConstants.GermanAnalysisServicesEndpointResourceId); + azureEnvironments[EnvironmentName.AzureGermanCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointResourceId, AzureEnvironmentConstants.GermanAzureManagedHsmServiceEndpointResourceId); + azureEnvironments[EnvironmentName.AzureGermanCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointSuffix, AzureEnvironmentConstants.GermanManagedHsmDnsSuffix); } } @@ -305,11 +313,11 @@ private static AzureEnvironment MapArmToAzureEnvironment(ArmMetadata armMetadata ContainerRegistryEndpointSuffix = armMetadata.Suffixes.AcrLoginServer }; - // There are mismatches between metadata built in Azure PowerShell/CLI and from ARM endpoint. + // There are mismatches between metadata built in Azure PowerShell/CLI and from ARM endpoint. // Considering compatibility, below hard coded logic accommodates those mismatches // SqlDatabaseDnsSuffix requires value leading with period // ServiceManagementUrl as audience needs to end with slash - if(azureEnvironment.SqlDatabaseDnsSuffix != null && !azureEnvironment.SqlDatabaseDnsSuffix.StartsWith(".")) + if (azureEnvironment.SqlDatabaseDnsSuffix != null && !azureEnvironment.SqlDatabaseDnsSuffix.StartsWith(".")) { azureEnvironment.SqlDatabaseDnsSuffix = "." + azureEnvironment.SqlDatabaseDnsSuffix; } @@ -635,6 +643,8 @@ public static class ExtendedEndpoint { public const string OperationalInsightsEndpointResourceId = "OperationalInsightsEndpointResourceId", OperationalInsightsEndpoint = "OperationalInsightsEndpoint", + ManagedHsmServiceEndpointSuffix = "ManagedHsmServiceEndpointSuffix", + ManagedHsmServiceEndpointResourceId = "ManagedHsmServiceEndpointResourceId", AnalysisServicesEndpointSuffix = "AzureAnalysisServicesEndpointSuffix", AnalysisServicesEndpointResourceId = "AnalysisServicesEndpointResourceId", AzureAttestationServiceEndpointSuffix = "AzureAttestationServiceEndpointSuffix", diff --git a/src/Authentication.Abstractions/AzureEnvironmentConstants.cs b/src/Authentication.Abstractions/AzureEnvironmentConstants.cs index b27e001ffa..eaaa87ddbf 100644 --- a/src/Authentication.Abstractions/AzureEnvironmentConstants.cs +++ b/src/Authentication.Abstractions/AzureEnvironmentConstants.cs @@ -112,6 +112,14 @@ public static class AzureEnvironmentConstants public const string USGovernmentKeyVaultDnsSuffix = "vault.usgovcloudapi.net"; public const string GermanKeyVaultDnsSuffix = "vault.microsoftazure.de"; + /// + /// The domain name suffix for azure keyvault managed hsms + /// + public const string AzureManagedHsmDnsSuffix = "managedhsm.azure.net"; + public const string ChinaManagedHsmDnsSuffix = "managedhsm.azure.cn"; + public const string USGovernmentManagedHsmDnsSuffix = "managedhsm.usgovcloudapi.net"; + public const string GermanManagedHsmDnsSuffix = "managedhsm.microsoftazure.de"; + /// /// The token audience for authorizing KeyVault requests /// @@ -120,6 +128,14 @@ public static class AzureEnvironmentConstants public const string USGovernmentKeyVaultServiceEndpointResourceId = "https://vault.usgovcloudapi.net"; public const string GermanAzureKeyVaultServiceEndpointResourceId = "https://vault.microsoftazure.de"; + /// + /// The token audience for authorizing managed hsm requests + /// + public const string AzureManagedHsmServiceEndpointResourceId = "https://managedhsm.azure.net"; + public const string ChineManagedHsmServiceEndpointResourceId = "https://managedhsm.azure.cn"; + public const string USGovernmeneManagedHsmServiceEndpointResourceId = "https://managedhsm.usgovcloudapi.net"; + public const string GermanAzureManagedHsmServiceEndpointResourceId = "https://managedhsm.microsoftazure.de"; + /// /// The token audience for Log Analytics Queries /// diff --git a/src/Authentication.Abstractions/Extensions/AzureEnvironmentExtensions.cs b/src/Authentication.Abstractions/Extensions/AzureEnvironmentExtensions.cs index 92b69c6d92..15be25ac59 100644 --- a/src/Authentication.Abstractions/Extensions/AzureEnvironmentExtensions.cs +++ b/src/Authentication.Abstractions/Extensions/AzureEnvironmentExtensions.cs @@ -289,6 +289,12 @@ public static void SetEndpoint(this IAzureEnvironment environment, string endpoi case AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId: environment.SetProperty(AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId, propertyValue); break; + case AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointSuffix: + environment.SetProperty(AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointSuffix, propertyValue); + break; + case AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointResourceId: + environment.SetProperty(AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointResourceId, propertyValue); + break; } } } @@ -332,6 +338,10 @@ public static string GetTokenAudience(this IAzureEnvironment environment, string case AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId: resource = AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId; break; + case AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointSuffix: + case AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointResourceId: + resource = AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointResourceId; + break; default: resource = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId; break;