diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1 b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
index f62ca9f6d72a..2c10a18ddceb 100644
--- a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
+++ b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
@@ -25,9 +25,9 @@ function Test-ManagedHsmCRUD {
New-AzResourceGroup -Name $rgName -Location $rgLocation
try {
- # Test create a default Managed HSM
- $hsm = New-AzKeyVault -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator -Hsm
- Assert-AreEqual $hsmName $hsm.VaultName
+ # Test create a default managed HSM
+ $hsm = New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
+ Assert-AreEqual $hsmName $hsm.Name
Assert-AreEqual $rgName $hsm.ResourceGroupName
Assert-AreEqual $hsmLocation $hsm.Location
Assert-AreEqual 1 $hsm.InitialAdminObjectIds.Count
@@ -37,23 +37,23 @@ function Test-ManagedHsmCRUD {
# Default retention days
Assert-AreEqual 90 $hsm.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
- # Test get Managed HSM
- $got = Get-AzKeyVault -Name $hsmName -ResourceType Hsm
+ # Test get managed HSM
+ $got = Get-AzManagedHsm -Name $hsmName
Assert-NotNull $got
- Assert-AreEqual $hsmName $got.VaultName
+ Assert-AreEqual $hsmName $got.Name
Assert-AreEqual $rgName $got.ResourceGroupName
Assert-AreEqual $hsmLocation $got.Location
- # Test throws for existing vault
- Assert-Throws { New-AzKeyVault -VaultName $hsmName -ResourceGroupName $rgname -Location $vaultLocation -Administrator $administrator -Hsm}
+ # Test throws for existing managed HSM
+ Assert-Throws { New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator }
- # Test remove Managed HSM
- Remove-AzKeyVault -InputObject $got -Hsm -Force
- $deletedMhsm = Get-AzKeyVault -VaultName $hsmName -ResourceGroupName $rgName
+ # Test remove managed HSM
+ Remove-AzManagedHsm -InputObject $got -Force
+ $deletedMhsm = Get-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName
Assert-Null $deletedMhsm
# Test throws for resourcegroup nonexistent
- Assert-Throws { New-AzKeyVault -VaultName (getAssetName) -ResourceGroupName (getAssetName) -Location $vaultLocation -Administrator $administrator -Hsm}
+ Assert-Throws { New-AzManagedHsm -Name (getAssetName) -ResourceGroupName (getAssetName) -Location $hsmLocation -Administrator $administrator }
}
finally {
diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1
index bcca888d0273..e3a3a5ef57c1 100644
--- a/src/KeyVault/KeyVault/Az.KeyVault.psd1
+++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1
@@ -88,7 +88,10 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate',
'Remove-AzKeyVaultCertificateIssuer',
'Remove-AzKeyVaultCertificateOperation',
'Set-AzKeyVaultCertificateIssuer',
- 'Set-AzKeyVaultCertificatePolicy', 'Get-AzKeyVault', 'New-AzKeyVault',
+ 'Set-AzKeyVaultCertificatePolicy',
+ 'Get-AzManagedHsm', 'New-AzManagedHsm',
+ 'Remove-AzManagedHsm', 'Update-AzManagedHsm',
+ 'Get-AzKeyVault', 'New-AzKeyVault',
'Remove-AzKeyVault', 'Undo-AzKeyVaultRemoval',
'Remove-AzKeyVaultAccessPolicy', 'Set-AzKeyVaultAccessPolicy',
'Backup-AzKeyVaultKey', 'Get-AzKeyVaultKey', 'Get-AzKeyVaultSecret',
diff --git a/src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs
index 56c30558bacf..6a83e09ebc87 100644
--- a/src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs
@@ -85,12 +85,6 @@ public class GetAzureKeyVault : KeyVaultManagementCmdletBase
HelpMessage = "Specifies whether to show the previously deleted vaults in the output.")]
public SwitchParameter InRemovedState { get; set; }
- [Parameter(Mandatory = false,
- ParameterSetName = GetVaultParameterSet,
- HelpMessage = "Specifies the type of Vault / HSM to be shown. If omitted, both will be listed.")]
- [Alias("Type")]
- public ResourceTypeName ResourceType { get; set; }
-
///
/// Tag value
///
@@ -104,68 +98,22 @@ public class GetAzureKeyVault : KeyVaultManagementCmdletBase
#endregion
public override void ExecuteCmdlet()
{
- ResourceTypeName? resourceTypeName = null;
- if (MyInvocation.BoundParameters.ContainsKey(nameof(ResourceType)))
- {
- resourceTypeName = this.ResourceType;
- }
-
switch (ParameterSetName)
{
case GetVaultParameterSet:
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
- ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName, true) : ResourceGroupName;
-
- PSKeyVaultIdentityItem vault = null;
if (ShouldGetByName(ResourceGroupName, VaultName))
{
- switch (resourceTypeName)
- {
- case ResourceTypeName.Vault:
- vault = KeyVaultManagementClient.GetVault(
- VaultName,
- ResourceGroupName,
- ActiveDirectoryClient);
- WriteObject(FilterByTag((PSKeyVault)vault, Tag));
- break;
-
- case ResourceTypeName.Hsm:
- vault = KeyVaultManagementClient.GetManagedHsm(
- VaultName,
- ResourceGroupName,
- ActiveDirectoryClient);
- WriteObject(FilterByTag((PSManagedHsm)vault, Tag));
- break;
-
- default:
- // Search both Vaults and ManagedHsms
- vault = KeyVaultManagementClient.GetVault(
- VaultName,
- ResourceGroupName,
- ActiveDirectoryClient);
- if (vault == null)
- {
- vault = KeyVaultManagementClient.GetManagedHsm(
- VaultName,
- ResourceGroupName,
- ActiveDirectoryClient);
- WriteObject(FilterByTag((PSManagedHsm)vault, Tag));
- }
- else
- {
- WriteObject(FilterByTag((PSKeyVault)vault, Tag));
- }
- break;
- }
+ PSKeyVault vault = KeyVaultManagementClient.GetVault(
+ VaultName,
+ ResourceGroupName,
+ ActiveDirectoryClient);
+ WriteObject(FilterByTag(vault, Tag));
}
else
{
- WriteObject(
- TopLevelWildcardFilter(
- ResourceGroupName, VaultName,
- ListVaults(ResourceGroupName, Tag, resourceTypeName)),
- true);
+ WriteObject(TopLevelWildcardFilter(ResourceGroupName, VaultName, ListVaults(ResourceGroupName, Tag)), true);
}
break;
diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
new file mode 100644
index 000000000000..522ecac856ad
--- /dev/null
+++ b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
@@ -0,0 +1,73 @@
+using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using System.Collections;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.KeyVault.Commands
+{
+ [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm")]
+ [OutputType(typeof(PSManagedHsm), typeof(PSKeyVaultIdentityItem))]
+ public class GetAzureManagedHsm : KeyVaultManagementCmdletBase
+ {
+ #region Input Parameter Definitions
+
+ ///
+ /// HSM name
+ ///
+ [Parameter(Mandatory = false,
+ Position = 0,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "HSM name. Cmdlet constructs the FQDN of a HSM based on the name and currently selected environment.")]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "ResourceGroupName")]
+ [Alias("HsmName")]
+ [ValidateNotNullOrEmpty]
+ [SupportsWildcards]
+ public string Name { get; set; }
+
+ ///
+ /// Resource group name
+ ///
+ [Parameter(Mandatory = false,
+ Position = 1,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "Specifies the name of the resource group associated with the managed HSM being queried.")]
+ [ResourceGroupCompleter]
+ [ValidateNotNullOrEmpty]
+ [SupportsWildcards]
+ public string ResourceGroupName { get; set; }
+
+ ///
+ /// Tag value
+ ///
+ [Parameter(
+ Mandatory = false,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "Specifies the key and optional value of the specified tag to filter the list of managed HSMs by.")]
+ public Hashtable Tag { get; set; }
+
+ #endregion
+
+ public override void ExecuteCmdlet()
+ {
+ ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(Name, true) : ResourceGroupName;
+
+ if (ShouldGetByName(ResourceGroupName, Name))
+ {
+ PSManagedHsm mhsm = KeyVaultManagementClient.GetManagedHsm(
+ Name,
+ ResourceGroupName,
+ ActiveDirectoryClient);
+ WriteObject(FilterByTag(mhsm, Tag));
+ }
+ else
+ {
+ WriteObject(
+ TopLevelWildcardFilter(
+ ResourceGroupName, Name,
+ FilterByTag(
+ KeyVaultManagementClient.ListManagedHsms(ResourceGroupName, ActiveDirectoryClient), Tag)),
+ true);
+ }
+ }
+ }
+}
diff --git a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
index 667bb39cf69b..c63e765df4f7 100644
--- a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
@@ -20,7 +20,6 @@
using Microsoft.WindowsAzure.Commands.Utilities.Common;
using System;
using System.Collections;
-using System.Collections.Generic;
using System.Linq;
using System.Management.Automation;
@@ -29,14 +28,12 @@ namespace Microsoft.Azure.Commands.KeyVault
///
/// Create a new key vault.
///
- [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVault", DefaultParameterSetName = KeyVaultParameterSet, SupportsShouldProcess = true)]
+ [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVault", SupportsShouldProcess = true)]
[OutputType(typeof(PSKeyVault))]
public class NewAzureKeyVault : KeyVaultManagementCmdletBase
{
- private const string KeyVaultParameterSet = "KeyVaultParameterSet";
- private const string ManagedHsmParameterSet = "ManagedHsmParameterSet";
+ #region Input Parameter Definitions
- #region Common Parameter Definitions
///
/// Vault name
///
@@ -73,21 +70,29 @@ public class NewAzureKeyVault : KeyVaultManagementCmdletBase
public string Location { get; set; }
[Parameter(Mandatory = false,
- // Hide out until available
- ParameterSetName = KeyVaultParameterSet,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "If specified, enables secrets to be retrieved from this key vault by the Microsoft.Compute resource provider when referenced in resource creation.")]
+ public SwitchParameter EnabledForDeployment { get; set; }
+
+ [Parameter(Mandatory = false,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "If specified, enables secrets to be retrieved from this key vault by Azure Resource Manager when referenced in templates.")]
+ public SwitchParameter EnabledForTemplateDeployment { get; set; }
+
+ [Parameter(Mandatory = false,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "If specified, enables secrets to be retrieved from this key vault by Azure Disk Encryption.")]
+ public SwitchParameter EnabledForDiskEncryption { get; set; }
+
+ [Parameter(Mandatory = false,
HelpMessage = "If specified, 'soft delete' functionality is disabled for this key vault.")]
public SwitchParameter DisableSoftDelete { get; set; }
[Parameter(Mandatory = false,
- // Hide out until available
- ParameterSetName = KeyVaultParameterSet,
HelpMessage = "If specified, protection against immediate deletion is enabled for this vault; requires soft delete to be enabled as well. Enabling 'purge protection' on a key vault is an irreversible action. Once enabled, it cannot be changed or removed.")]
public SwitchParameter EnablePurgeProtection { get; set; }
- [Parameter(Mandatory = false,
- // Hide out until available
- ParameterSetName = KeyVaultParameterSet,
- HelpMessage = "Specifies how long deleted resources are retained, and how long until a vault or an object in the deleted state can be purged. The default is " + Constants.DefaultSoftDeleteRetentionDaysString + " days.")]
+ [Parameter(Mandatory = false, HelpMessage = "Specifies how long deleted resources are retained, and how long until a vault or an object in the deleted state can be purged. The default is " + Constants.DefaultSoftDeleteRetentionDaysString + " days.")]
[ValidateRange(Constants.MinSoftDeleteRetentionDays, Constants.MaxSoftDeleteRetentionDays)]
[ValidateNotNullOrEmpty]
public int SoftDeleteRetentionInDays { get; set; }
@@ -95,6 +100,7 @@ public class NewAzureKeyVault : KeyVaultManagementCmdletBase
[Parameter(Mandatory = false,
ValueFromPipelineByPropertyName = true,
HelpMessage = "Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).")]
+ [PSArgumentCompleter("Standard", "Premium")]
public string Sku { get; set; }
[Parameter(Mandatory = false,
@@ -103,55 +109,16 @@ public class NewAzureKeyVault : KeyVaultManagementCmdletBase
[Alias(Constants.TagsAlias)]
public Hashtable Tag { get; set; }
- [Parameter(Mandatory = false,
- // Hide out until available
- ParameterSetName = KeyVaultParameterSet,
- HelpMessage = "Specifies the network rule set of the vault. It governs the accessibility of the key vault from specific network locations. Created by `New-AzKeyVaultNetworkRuleSetObject`.")]
+ [Parameter(Mandatory = false, HelpMessage = "Specifies the network rule set of the vault. It governs the accessibility of the key vault from specific network locations. Created by `New-AzKeyVaultNetworkRuleSetObject`.")]
public PSKeyVaultNetworkRuleSet NetworkRuleSet { get; set; }
#endregion
- #region Keyvault-specified Parameter Definitions
-
- [Parameter(Mandatory = false,
- ParameterSetName = KeyVaultParameterSet,
- ValueFromPipelineByPropertyName = true,
- HelpMessage = "If specified, enables secrets to be retrieved from this key vault by the Microsoft.Compute resource provider when referenced in resource creation.")]
- public SwitchParameter EnabledForDeployment { get; set; }
-
- [Parameter(Mandatory = false,
- ParameterSetName = KeyVaultParameterSet,
- ValueFromPipelineByPropertyName = true,
- HelpMessage = "If specified, enables secrets to be retrieved from this key vault by Azure Resource Manager when referenced in templates.")]
- public SwitchParameter EnabledForTemplateDeployment { get; set; }
-
- [Parameter(Mandatory = false,
- ParameterSetName = KeyVaultParameterSet,
- ValueFromPipelineByPropertyName = true,
- HelpMessage = "If specified, enables secrets to be retrieved from this key vault by Azure Disk Encryption.")]
- public SwitchParameter EnabledForDiskEncryption { get; set; }
-
- #endregion
-
- #region Managed HSM-specified Parameter Definitions
-
- [Parameter(Mandatory = true,
- ParameterSetName = ManagedHsmParameterSet,
- HelpMessage = "Array of initial administrators object ids for this managed hsm pool.")]
- public string[] Administrator { get; set; }
-
- [Parameter(Mandatory = true,
- ParameterSetName = ManagedHsmParameterSet,
- HelpMessage = "Specifies the type of this vault as Managed HSM.")]
- public SwitchParameter Hsm { get; set; }
-
- #endregion
-
public override void ExecuteCmdlet()
{
if (ShouldProcess(Name, Properties.Resources.CreateKeyVault))
{
- if (VaultExistsInCurrentSubscription(Name, Hsm.IsPresent))
+ if (VaultExistsInCurrentSubscription(Name))
{
throw new ArgumentException(Resources.VaultAlreadyExists);
}
@@ -186,14 +153,15 @@ public override void ExecuteCmdlet()
};
}
- // Set common parameters
- var vaultCreationParameter = new VaultCreationParameters()
+ var newVault = KeyVaultManagementClient.CreateNewVault(new VaultCreationOrUpdateParameters()
{
- VaultName = this.Name,
+ Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
- SkuName = this.Sku,
- EnableSoftDelete = !this.DisableSoftDelete.IsPresent,
+ EnabledForDeployment = this.EnabledForDeployment.IsPresent,
+ EnabledForTemplateDeployment = EnabledForTemplateDeployment.IsPresent,
+ EnabledForDiskEncryption = EnabledForDiskEncryption.IsPresent,
+ EnableSoftDelete = !DisableSoftDelete.IsPresent,
EnablePurgeProtection = EnablePurgeProtection.IsPresent ? true : (bool?)null, // false is not accepted
/*
* If soft delete is enabled, but retention days is not specified, use the default value,
@@ -205,33 +173,17 @@ public override void ExecuteCmdlet()
: (this.IsParameterBound(c => c.SoftDeleteRetentionInDays)
? SoftDeleteRetentionInDays
: Constants.DefaultSoftDeleteRetentionDays),
-
+ SkuFamilyName = DefaultSkuFamily,
+ SkuName = this.Sku,
TenantId = GetTenantId(),
AccessPolicy = accessPolicy,
NetworkAcls = new NetworkRuleSet(), // New key-vault takes in default network rule set
Tags = this.Tag
- };
-
- switch (ParameterSetName)
- {
- case KeyVaultParameterSet:
- vaultCreationParameter.EnabledForDeployment = this.EnabledForDeployment.IsPresent;
- vaultCreationParameter.EnabledForTemplateDeployment = EnabledForTemplateDeployment.IsPresent;
- vaultCreationParameter.EnabledForDiskEncryption = EnabledForDiskEncryption.IsPresent;
- vaultCreationParameter.SkuFamilyName = DefaultSkuFamily;
- this.WriteObject(KeyVaultManagementClient.CreateNewVault(vaultCreationParameter, ActiveDirectoryClient, NetworkRuleSet));
- break;
-
- case ManagedHsmParameterSet:
- vaultCreationParameter.Administrator = this.Administrator;
- vaultCreationParameter.SkuFamilyName = DefaultManagedHsmSkuFamily;
- this.WriteObject(KeyVaultManagementClient.CreateNewManagedHsm(vaultCreationParameter, ActiveDirectoryClient, NetworkRuleSet));
- break;
- default:
- throw new ArgumentException(Resources.BadParameterSetName);
- }
+ },
+ ActiveDirectoryClient,
+ NetworkRuleSet);
-
+ this.WriteObject(newVault);
if (accessPolicy == null)
{
diff --git a/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
new file mode 100644
index 000000000000..904cf5600079
--- /dev/null
+++ b/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
@@ -0,0 +1,103 @@
+using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.KeyVault.Properties;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using System;
+using System.Collections;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.KeyVault.Commands
+{
+ ///
+ /// Create a new managed HSM.
+ ///
+ [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm", SupportsShouldProcess = true)]
+ [OutputType(typeof(PSManagedHsm))]
+ public class NewAzureManagedHsm : KeyVaultManagementCmdletBase
+ {
+ #region Input Parameter Definitions
+
+ ///
+ /// HSM name
+ ///
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage =
+ "Specifies a name of the managed HSM to create. The name can be any combination of letters, digits, or hyphens. The name must start and end with a letter or digit. The name must be universally unique."
+ )]
+ [ValidateNotNullOrEmpty]
+ [Alias("HsmName")]
+ public string Name { get; set; }
+
+ ///
+ /// Resource group name
+ ///
+ [Parameter(Mandatory = true,
+ Position = 1,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "Specifies the name of an existing resource group in which to create the key vault.")]
+ [ResourceGroupCompleter]
+ [ValidateNotNullOrEmpty()]
+ public string ResourceGroupName { get; set; }
+
+ ///
+ /// Location
+ ///
+ [Parameter(Mandatory = true,
+ Position = 2,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "Specifies the Azure region in which to create the key vault. Use the command Get-AzResourceProvider with the ProviderNamespace parameter to see your choices.")]
+ [LocationCompleter("Microsoft.KeyVault/managedHSMs")]
+ [ValidateNotNullOrEmpty()]
+ public string Location { get; set; }
+
+ [Parameter(Mandatory = true,
+ Position = 3,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "Initial administrator object id for this managed HSM pool.")]
+ public string[] Administrator { get; set; }
+
+ [Parameter(Mandatory = false,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "Specifies the SKU of the managed HSM instance.")]
+ [PSArgumentCompleter("StandardB1", "CustomB32")]
+ public string Sku { get; set; }
+
+ [Parameter(Mandatory = false,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "A hash table which represents resource tags.")]
+ [Alias(Constants.TagsAlias)]
+ public Hashtable Tag { get; set; }
+
+ [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
+ public SwitchParameter AsJob { get; set; }
+
+ #endregion
+
+ public override void ExecuteCmdlet()
+ {
+ if (ShouldProcess(Name, Properties.Resources.CreateKeyVault))
+ {
+ if (VaultExistsInCurrentSubscription(Name, true))
+ {
+ throw new ArgumentException(Resources.HsmAlreadyExists);
+ }
+
+ var vaultCreationParameter = new VaultCreationOrUpdateParameters()
+ {
+ Name = this.Name,
+ ResourceGroupName = this.ResourceGroupName,
+ Location = this.Location,
+ SkuName = this.Sku,
+ TenantId = GetTenantId(),
+ Tags = this.Tag,
+ Administrator = this.Administrator,
+ SkuFamilyName = DefaultManagedHsmSkuFamily
+ };
+
+ this.WriteObject(KeyVaultManagementClient.CreateNewManagedHsm(vaultCreationParameter, ActiveDirectoryClient));
+ }
+ }
+
+ }
+}
diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs
index c4bfdd0ec616..d675318357bc 100644
--- a/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs
@@ -71,10 +71,10 @@ public class RemoveAzureKeyVault : KeyVaultManagementCmdletBase
ValueFromPipeline = true,
HelpMessage = "Key Vault object to be deleted.")]
[ValidateNotNullOrEmpty]
- public PSKeyVaultIdentityItem InputObject { get; set; }
+ public PSKeyVault InputObject { get; set; }
///
- /// Vault object
+ /// Vault Resource Id
///
[Parameter(Mandatory = true,
Position = 0,
@@ -134,17 +134,6 @@ public class RemoveAzureKeyVault : KeyVaultManagementCmdletBase
HelpMessage = "Remove the previously deleted vault permanently.")]
public SwitchParameter InRemovedState { get; set; }
- [Parameter(Mandatory = false,
- ParameterSetName = RemoveVaultParameterSet,
- HelpMessage = "Specifies the type of vault as Managed HSM.")]
- [Parameter(Mandatory = false,
- ParameterSetName = InputObjectRemoveVaultParameterSet,
- HelpMessage = "Specifies the type of vault as Managed HSM.")]
- [Parameter(Mandatory = false,
- ParameterSetName = ResourceIdRemoveVaultParameterSet,
- HelpMessage = "Specifies the type of vault as Managed HSM.")]
- public SwitchParameter Hsm { get; set; }
-
///
/// If present, do not ask for confirmation
///
@@ -203,8 +192,7 @@ public override void ExecuteCmdlet()
}
else
{
- // Get resource group name for keyvault or ManagedHsm
- ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName,Hsm.IsPresent) : ResourceGroupName;
+ ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
if (string.IsNullOrWhiteSpace(ResourceGroupName))
throw new ArgumentException(string.Format(Resources.VaultNotFound, VaultName, ResourceGroupName));
ConfirmAction(
@@ -220,18 +208,9 @@ public override void ExecuteCmdlet()
VaultName,
() =>
{
- if (Hsm.IsPresent)
- {
- KeyVaultManagementClient.DeleteManagedHsm(
- managedHsm:VaultName,
- resourceGroupName: ResourceGroupName);
- }
- else
- {
- KeyVaultManagementClient.DeleteVault(
- vaultName: VaultName,
- resourceGroupName: ResourceGroupName);
- }
+ KeyVaultManagementClient.DeleteVault(
+ vaultName: VaultName,
+ resourceGroupName: this.ResourceGroupName);
if (PassThru)
{
diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs
new file mode 100644
index 000000000000..5c196e9cca0a
--- /dev/null
+++ b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs
@@ -0,0 +1,130 @@
+
+using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.KeyVault.Properties;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+using System;
+using System.Globalization;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.KeyVault
+{
+ [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm", SupportsShouldProcess = true, DefaultParameterSetName = RemoveManagedHsmByNameParameterSet)]
+ [OutputType(typeof(bool))]
+ public class RemoveAzureManagedHsm : KeyVaultManagementCmdletBase
+ {
+ #region Parameter Set Names
+
+ private const string RemoveManagedHsmByNameParameterSet = "RemoveManagedHsmByName";
+ private const string RemoveManagedHsmByInputObjectParameterSet = "RemoveManagedHsmByInputObject";
+ private const string RemoveManagedHsmByResourceIdParameterSet = "RemoveManagedHsmByResourceId";
+
+ #endregion
+
+ #region Input Parameter Definitions
+
+ ///
+ /// HSM name
+ ///
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = RemoveManagedHsmByNameParameterSet,
+ HelpMessage = "Specifies the name of the managed HSM to remove.")]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "ResourceGroupName")]
+ [ValidateNotNullOrEmpty]
+ [Alias("HsmName")]
+ public string Name { get; set; }
+
+ ///
+ /// HSM object
+ ///
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = RemoveManagedHsmByInputObjectParameterSet,
+ ValueFromPipeline = true,
+ HelpMessage = "Managed HSM object to be deleted.")]
+ [ValidateNotNullOrEmpty]
+ public PSManagedHsm InputObject { get; set; }
+
+ ///
+ /// HSM Resource Id
+ ///
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = RemoveManagedHsmByResourceIdParameterSet,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "Managed HSM Resource Id.")]
+ [ValidateNotNullOrEmpty]
+ public string ResourceId { get; set; }
+
+ ///
+ /// Resource group to which the managed HSM belongs.
+ ///
+ [Parameter(Mandatory = false,
+ Position = 1,
+ ParameterSetName = RemoveManagedHsmByNameParameterSet,
+ HelpMessage = "Specifies the name of resource group for Azure managed HSM to remove.")]
+ [ResourceGroupCompleter]
+ [ValidateNotNullOrEmpty()]
+ public string ResourceGroupName { get; set; }
+
+ ///
+ /// If present, do not ask for confirmation
+ ///
+ [Parameter(Mandatory = false,
+ HelpMessage = "Indicates that the cmdlet does not prompt you for confirmation. By default, this cmdlet prompts you to confirm that you want to delete the managed HSM.")]
+ public SwitchParameter Force { get; set; }
+
+ [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
+ public SwitchParameter AsJob { get; set; }
+
+ [Parameter(Mandatory = false,
+ HelpMessage = "This Cmdlet does not return an object by default. If this switch is specified, it returns true if successful.")]
+ public SwitchParameter PassThru { get; set; }
+
+ #endregion
+
+ public override void ExecuteCmdlet()
+ {
+ if (InputObject != null)
+ {
+ Name = InputObject.Name;
+ ResourceGroupName = InputObject.ResourceGroupName;
+ }
+ else if (ResourceId != null)
+ {
+ var resourceIdentifier = new ResourceIdentifier(ResourceId);
+ Name = resourceIdentifier.ResourceName;
+ ResourceGroupName = resourceIdentifier.ResourceGroupName;
+ }
+
+ // Get resource group name for Managed HSM
+ ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(Name, true) : ResourceGroupName;
+ if (string.IsNullOrWhiteSpace(ResourceGroupName))
+ throw new ArgumentException(string.Format(Resources.HsmNotFound, Name, ResourceGroupName));
+
+ ConfirmAction(
+ Force.IsPresent,
+ string.Format(
+ CultureInfo.InvariantCulture,
+ Resources.RemoveHsmWarning,
+ Name),
+ string.Format(
+ CultureInfo.InvariantCulture,
+ Resources.RemoveHsmWhatIfMessage,
+ Name),
+ Name,
+ () =>
+ {
+ KeyVaultManagementClient.DeleteManagedHsm(
+ managedHsm: Name,
+ resourceGroupName: ResourceGroupName);
+
+ if (PassThru)
+ {
+ WriteObject(true);
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs b/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs
index 41d33847087c..81816b476b19 100644
--- a/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs
+++ b/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs
@@ -95,9 +95,9 @@ public override void ExecuteCmdlet()
if (ShouldProcess(VaultName, Properties.Resources.RecoverVault))
{
- var newVault = KeyVaultManagementClient.CreateNewVault(new VaultCreationParameters()
+ var newVault = KeyVaultManagementClient.CreateNewVault(new VaultCreationOrUpdateParameters()
{
- VaultName = this.VaultName,
+ Name = this.VaultName,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
Tags = this.Tag,
diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs
index da1002989b13..9c1718e2e0c6 100644
--- a/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs
@@ -23,43 +23,39 @@
namespace Microsoft.Azure.Commands.KeyVault
{
- [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVault", DefaultParameterSetName = UpdateKeyVault + ByNameParameterSet, SupportsShouldProcess = true), OutputType(typeof(PSKeyVault))]
+ [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVault", DefaultParameterSetName = UpdateByNameParameterSet, SupportsShouldProcess = true), OutputType(typeof(PSKeyVault))]
public class UpdateTopLevelResourceCommand : KeyVaultManagementCmdletBase
{
- private const string UpdateKeyVault = "UpdateKeyVault";
- private const string ByNameParameterSet = "ByNameParameterSet";
- private const string ByInputObjectParameterSet = "ByInputObjectParameterSet";
- private const string ByResourceIdParameterSet = "ByResourceIdParameterSet";
+ private const string UpdateByNameParameterSet = "UpdateByNameParameterSet";
+ private const string UpdateByInputObjectParameterSet = "UpdateByInputObjectParameterSet";
+ private const string UpdateByResourceIdParameterSet = "UpdateByResourceIdParameterSet";
- [Parameter(Mandatory = true, ParameterSetName = UpdateKeyVault + ByNameParameterSet, HelpMessage = "Name of the resource group.")]
+ [Parameter(Mandatory = true, ParameterSetName = UpdateByNameParameterSet, HelpMessage = "Name of the resource group.")]
[ResourceGroupCompleter]
[ValidateNotNullOrEmpty]
public string ResourceGroupName { get; set; }
- [Parameter(Mandatory = true, ParameterSetName = UpdateKeyVault + ByNameParameterSet, HelpMessage = "Name of the key vault.")]
+ [Parameter(Mandatory = true, ParameterSetName = UpdateByNameParameterSet, HelpMessage = "Name of the key vault.")]
[ResourceNameCompleter("Microsoft.KeyVault/vaults", nameof(ResourceGroupName))]
[ValidateNotNullOrEmpty]
[Alias("Name")]
public string VaultName { get; set; }
- [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = UpdateKeyVault + ByInputObjectParameterSet, HelpMessage = "Key vault object.")]
+ [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = UpdateByInputObjectParameterSet, HelpMessage = "Key vault object.")]
[ValidateNotNull]
- public PSKeyVaultIdentityItem InputObject { get; set; }
+ public PSKeyVault InputObject { get; set; }
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = UpdateKeyVault + ByResourceIdParameterSet, HelpMessage = "Resource ID of the key vault.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = UpdateByResourceIdParameterSet, HelpMessage = "Resource ID of the key vault.")]
[ValidateNotNullOrEmpty]
public string ResourceId { get; set; }
- [Parameter(Mandatory = false,
- HelpMessage = "Enable the soft-delete functionality for this key vault. Once enabled it cannot be disabled.")]
+ [Parameter(Mandatory = false, HelpMessage = "Enable the soft-delete functionality for this key vault. Once enabled it cannot be disabled.")]
public SwitchParameter EnableSoftDelete { get; set; }
- [Parameter(Mandatory = false,
- HelpMessage = "Enable the purge protection functionality for this key vault. Once enabled it cannot be disabled. It requires soft-delete to be turned on.")]
+ [Parameter(Mandatory = false, HelpMessage = "Enable the purge protection functionality for this key vault. Once enabled it cannot be disabled. It requires soft-delete to be turned on.")]
public SwitchParameter EnablePurgeProtection { get; set; }
- [Parameter(Mandatory = false,
- HelpMessage = "Specifies how long deleted resources are retained, and how long until a vault or an object in the deleted state can be purged. The default is " + Constants.DefaultSoftDeleteRetentionDaysString + " days.")]
+ [Parameter(Mandatory = false, HelpMessage = "Specifies how long deleted resources are retained, and how long until a vault or an object in the deleted state can be purged. The default is " + Constants.DefaultSoftDeleteRetentionDaysString + " days.")]
[ValidateRange(Constants.MinSoftDeleteRetentionDays, Constants.MaxSoftDeleteRetentionDays)]
[ValidateNotNullOrEmpty]
public int SoftDeleteRetentionInDays { get; set; }
@@ -79,7 +75,7 @@ public override void ExecuteCmdlet()
this.VaultName = resourceIdentifier.ResourceName;
}
- PSKeyVaultIdentityItem existingResource = null;
+ PSKeyVault existingResource = null;
try
{
existingResource = KeyVaultManagementClient.GetVault(this.VaultName, this.ResourceGroupName);
@@ -91,23 +87,22 @@ public override void ExecuteCmdlet()
if (existingResource == null)
{
- new Exception(string.Format("A key vault with name '{0}' in resource group '{1}' does not exist. Please use New-AzKeyVault to create a key vault with these properties.", this.VaultName, this.ResourceGroupName));
+ throw new Exception(string.Format("A key vault with name '{0}' in resource group '{1}' does not exist. Please use New-AzKeyVault to create a key vault with these properties.", this.VaultName, this.ResourceGroupName));
}
if (this.ShouldProcess(this.VaultName, string.Format("Updating key vault '{0}' in resource group '{1}'.", this.VaultName, this.ResourceGroupName)))
{
- var existingKeyVaultResource = (PSKeyVault)existingResource;
- var result = KeyVaultManagementClient.UpdateVault(existingKeyVaultResource,
- existingKeyVaultResource.AccessPolicies,
- existingKeyVaultResource.EnabledForDeployment,
- existingKeyVaultResource.EnabledForTemplateDeployment,
- existingKeyVaultResource.EnabledForDiskEncryption,
+ var result = KeyVaultManagementClient.UpdateVault(existingResource,
+ existingResource.AccessPolicies,
+ existingResource.EnabledForDeployment,
+ existingResource.EnabledForTemplateDeployment,
+ existingResource.EnabledForDiskEncryption,
EnableSoftDelete.IsPresent ? (true as bool?) : null,
EnablePurgeProtection.IsPresent ? (true as bool?) : null,
this.IsParameterBound(c => c.SoftDeleteRetentionInDays)
? (SoftDeleteRetentionInDays as int?)
- : (existingKeyVaultResource.SoftDeleteRetentionInDays ?? Constants.DefaultSoftDeleteRetentionDays),
- existingKeyVaultResource.NetworkAcls
+ : (existingResource.SoftDeleteRetentionInDays ?? Constants.DefaultSoftDeleteRetentionDays),
+ existingResource.NetworkAcls
);
WriteObject(result);
}
diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs
new file mode 100644
index 000000000000..2651ca6e5bc1
--- /dev/null
+++ b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs
@@ -0,0 +1,85 @@
+using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+using Microsoft.WindowsAzure.Commands.Utilities.Common;
+using System;
+using System.Collections;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.KeyVault.Commands
+{
+ [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsm", DefaultParameterSetName = UpdateByNameParameterSet, SupportsShouldProcess = true), OutputType(typeof(PSManagedHsm))]
+ public class UpdateAzureManagedHsm : KeyVaultManagementCmdletBase
+ {
+ private const string UpdateByNameParameterSet = "UpdateByNameParameterSet";
+ private const string UpdateByInputObjectParameterSet = "UpdateByInputObjectParameterSet";
+ private const string UpdateByResourceIdParameterSet = "UpdateByResourceIdParameterSet";
+
+ [Parameter(Mandatory = true, ParameterSetName = UpdateByNameParameterSet, HelpMessage = "Name of the managed HSM.")]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", nameof(ResourceGroupName))]
+ [ValidateNotNullOrEmpty]
+ [Alias("HsmName")]
+ public string Name { get; set; }
+
+ [Parameter(Mandatory = true, ParameterSetName = UpdateByNameParameterSet, HelpMessage = "Name of the resource group.")]
+ [ResourceGroupCompleter]
+ [ValidateNotNullOrEmpty]
+ public string ResourceGroupName { get; set; }
+
+ [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = UpdateByInputObjectParameterSet, HelpMessage = "Managed HSM object.")]
+ [ValidateNotNull]
+ public PSManagedHsm InputObject { get; set; }
+
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = UpdateByResourceIdParameterSet, HelpMessage = "Resource ID of the managed HSM.")]
+ [ValidateNotNullOrEmpty]
+ public string ResourceId { get; set; }
+
+
+ [Parameter(Mandatory = false,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "A hash table which represents resource tags.")]
+ [Alias(Constants.TagsAlias)]
+ public Hashtable Tag { get; set; }
+
+ public override void ExecuteCmdlet()
+ {
+ if (this.IsParameterBound(c => c.InputObject))
+ {
+ this.ResourceGroupName = this.InputObject.ResourceGroupName;
+ this.Name = this.InputObject.Name;
+ }
+
+ if (this.IsParameterBound(c => c.ResourceId))
+ {
+ var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
+ this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
+ this.Name = resourceIdentifier.ResourceName;
+ }
+
+ PSManagedHsm existingResource = null;
+ try
+ {
+ existingResource = KeyVaultManagementClient.GetManagedHsm(this.Name, this.ResourceGroupName);
+ }
+ catch
+ {
+ existingResource = null;
+ }
+
+ if (existingResource == null)
+ {
+ throw new Exception(string.Format("A managed HSM with name '{0}' in resource group '{1}' does not exist. Please use New-AzManagedHsm to create a managed HSM with these properties.", this.Name, this.ResourceGroupName));
+ }
+
+ if (this.ShouldProcess(this.Name, string.Format("Updating managed HSM '{0}' in resource group '{1}'.", this.Name, this.ResourceGroupName)))
+ {
+ var result = KeyVaultManagementClient.UpdateManagedHsm(existingResource,
+ new VaultCreationOrUpdateParameters
+ {
+ Tags = Tag
+ }, null);
+ WriteObject(result);
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/KeyVault.format.ps1xml b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
index d484397a7940..3ffc2848e14f 100644
--- a/src/KeyVault/KeyVault/KeyVault.format.ps1xml
+++ b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
@@ -398,63 +398,119 @@
Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
- Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+ Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+
+
+
+ Left
+
+
+
+ Left
+
+
+
+ Left
+
+
+
+ Left
+
+
+
+
+
+
+
+ Left
+ Name
+
+
+ Left
+ ResourceGroupName
+
+
+ Left
+ Location
+
+
+ Left
+ Sku
+
+
+
+
+
+
+
+ Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+ Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
-
-
-
-
-
- VaultName
-
-
-
- ResourceGroupName
-
-
-
- Location
-
-
-
- ResourceId
-
-
-
- HsmPoolUri
-
-
-
- TenantName
-
-
-
- InitialAdminObjectIds
-
-
-
- Sku
-
-
-
- EnableSoftDelete
-
-
-
- EnablePurgeProtection
-
-
-
- SoftDeleteRetentionInDays
-
-
-
- TagsTable
-
-
-
-
+
+
+
+
+
+ Name
+
+
+
+ ResourceGroupName
+
+
+
+ Location
+
+
+
+ ResourceId
+
+
+
+ HsmPoolUri
+
+
+
+ TenantName
+
+
+
+ InitialAdminObjectIds
+
+
+
+ Sku
+
+
+
+ EnableSoftDelete
+
+
+
+ EnablePurgeProtection
+
+
+
+ SoftDeleteRetentionInDays
+
+
+
+ ProvisioningState
+
+
+
+ StatusMessage
+
+
+
+ TagsTable
+
+
+
+
diff --git a/src/KeyVault/KeyVault/Models/KeyVaultManagementCmdletBase.cs b/src/KeyVault/KeyVault/Models/KeyVaultManagementCmdletBase.cs
index 9eec82a93e23..9a0e69fc1fe0 100644
--- a/src/KeyVault/KeyVault/Models/KeyVaultManagementCmdletBase.cs
+++ b/src/KeyVault/KeyVault/Models/KeyVaultManagementCmdletBase.cs
@@ -101,7 +101,7 @@ public ResourceManagementClient ResourceClient
set { _resourceClient = value; }
}
- protected List FilterByTag(List listResult, Hashtable tag)
+ protected List FilterByTag(List listResult, Hashtable tag) where T : PSKeyVaultIdentityItem
{
var tagValuePair = new PSTagValuePair();
if (tag != null && tag.Count > 0)
@@ -126,30 +126,26 @@ protected List FilterByTag(List
return listResult;
}
- protected PSKeyVault FilterByTag(PSKeyVault keyVault, Hashtable tag)
+ protected T FilterByTag(T vault, Hashtable tag) where T : PSKeyVaultIdentityItem
{
- return (PSKeyVault) FilterByTag(new List { keyVault }, tag).FirstOrDefault();
+ return FilterByTag(new List { vault }, tag).FirstOrDefault();
}
- protected PSManagedHsm FilterByTag(PSManagedHsm managedHsm, Hashtable tag)
- {
- return (PSManagedHsm)FilterByTag(new List { managedHsm }, tag).FirstOrDefault();
- }
-
- protected List ListVaults(string resourceGroupName, Hashtable tag, ResourceTypeName? resourceTypeName= ResourceTypeName.Vault)
+ protected List ListVaults(string resourceGroupName, Hashtable tag, ResourceTypeName? resourceTypeName = ResourceTypeName.Vault)
{
var vaults = new List();
// List all kinds of vault resources
- if (resourceTypeName == null) {
+ if (resourceTypeName == null)
+ {
vaults.AddRange(ListVaults(resourceGroupName, tag, ResourceTypeName.Vault));
vaults.AddRange(ListVaults(resourceGroupName, tag, ResourceTypeName.Hsm));
return vaults;
}
IEnumerable listResult;
- var resourceType = resourceTypeName.Equals(ResourceTypeName.Hsm)?
- KeyVaultManagementClient.ManagedHsmResourceType: KeyVaultManagementClient.VaultsResourceType;
+ var resourceType = resourceTypeName.Equals(ResourceTypeName.Hsm) ?
+ KeyVaultManagementClient.ManagedHsmResourceType : KeyVaultManagementClient.VaultsResourceType;
if (ShouldListByResourceGroup(resourceGroupName, null))
{
listResult = ListByResourceGroup(resourceGroupName,
diff --git a/src/KeyVault/KeyVault/Models/PSManagedHsm.cs b/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
index d49695509a9d..1d2906c361cf 100644
--- a/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
@@ -4,7 +4,6 @@
using Microsoft.Azure.ActiveDirectory.GraphClient;
#endif
using System;
-using System.Collections.Generic;
using Microsoft.Azure.Management.KeyVault.Models;
using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
@@ -27,7 +26,8 @@ public PSManagedHsm(ManagedHsm managedHsm, ActiveDirectoryClient adClient)
Location = managedHsm.Location;
Tags = TagsConversionHelper.CreateTagHashtable(managedHsm.Tags);
- // PSManagedHsm's properties
+ // PSManagedHsm's properties, hides type
+ Name = managedHsm.Name;
Sku = managedHsm.Sku.Name.ToString();
TenantId = managedHsm.Properties.TenantId.Value;
TenantName = ModelExtensions.GetDisplayNameForTenant(TenantId, adClient);
@@ -36,11 +36,12 @@ public PSManagedHsm(ManagedHsm managedHsm, ActiveDirectoryClient adClient)
EnablePurgeProtection = managedHsm.Properties.EnablePurgeProtection;
EnableSoftDelete = managedHsm.Properties.EnableSoftDelete;
SoftDeleteRetentionInDays = managedHsm.Properties.SoftDeleteRetentionInDays;
- // AccessPolicies = vault.Properties.AccessPolicies.Select(s => new PSKeyVaultAccessPolicy(s, adClient)).ToArray();
- // NetworkAcls = InitNetworkRuleSet(managedHsm.Properties);
+ StatusMessage = managedHsm.Properties.StatusMessage;
+ ProvisioningState = managedHsm.Properties.ProvisioningState;
OriginalManagedHsm = managedHsm;
}
+ public string Name { get; private set; }
public string Sku { get; private set; }
public Guid TenantId { get; private set; }
public string TenantName { get; private set; }
@@ -49,6 +50,8 @@ public PSManagedHsm(ManagedHsm managedHsm, ActiveDirectoryClient adClient)
public bool? EnableSoftDelete { get; private set; }
public int? SoftDeleteRetentionInDays { get; private set; }
public bool? EnablePurgeProtection { get; private set; }
+ public string StatusMessage { get; private set; }
+ public string ProvisioningState { get; private set; }
public ManagedHsm OriginalManagedHsm { get; private set; }
}
diff --git a/src/KeyVault/KeyVault/Models/VaultCreationParameters.cs b/src/KeyVault/KeyVault/Models/VaultCreationOrUpdateParameters.cs
similarity index 95%
rename from src/KeyVault/KeyVault/Models/VaultCreationParameters.cs
rename to src/KeyVault/KeyVault/Models/VaultCreationOrUpdateParameters.cs
index 05b853dd8d9e..8a79bc93d5ac 100644
--- a/src/KeyVault/KeyVault/Models/VaultCreationParameters.cs
+++ b/src/KeyVault/KeyVault/Models/VaultCreationOrUpdateParameters.cs
@@ -18,9 +18,9 @@
namespace Microsoft.Azure.Commands.KeyVault.Models
{
- public class VaultCreationParameters
+ public class VaultCreationOrUpdateParameters
{
- public string VaultName { get; set; }
+ public string Name { get; set; }
public string ResourceGroupName { get; set; }
public string Location { get; set; }
public Hashtable Tags { get; set; }
diff --git a/src/KeyVault/KeyVault/Models/VaultManagementClient.cs b/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
index 8eceb13278e6..b22510e8c1d8 100644
--- a/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
+++ b/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
@@ -68,12 +68,12 @@ private IKeyVaultManagementClient KeyVaultManagementClient
/// vault creation parameters
/// the active directory client
///
- public PSKeyVault CreateNewVault(VaultCreationParameters parameters, ActiveDirectoryClient adClient = null, PSKeyVaultNetworkRuleSet networkRuleSet = null)
+ public PSKeyVault CreateNewVault(VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null, PSKeyVaultNetworkRuleSet networkRuleSet = null)
{
if (parameters == null)
throw new ArgumentNullException("parameters");
- if (string.IsNullOrWhiteSpace(parameters.VaultName))
- throw new ArgumentNullException("parameters.VaultName");
+ if (string.IsNullOrWhiteSpace(parameters.Name))
+ throw new ArgumentNullException("parameters.Name");
if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName))
throw new ArgumentNullException("parameters.ResourceGroupName");
if (string.IsNullOrWhiteSpace(parameters.Location))
@@ -121,7 +121,7 @@ public PSKeyVault CreateNewVault(VaultCreationParameters parameters, ActiveDirec
var response = KeyVaultManagementClient.Vaults.CreateOrUpdate(
resourceGroupName: parameters.ResourceGroupName,
- vaultName: parameters.VaultName,
+ vaultName: parameters.Name,
parameters: new VaultCreateOrUpdateParameters
{
Location = parameters.Location,
@@ -356,12 +356,12 @@ public List ListDeletedVaults()
/// vault creation parameters
/// the active directory client
///
- public PSManagedHsm CreateNewManagedHsm(VaultCreationParameters parameters, ActiveDirectoryClient adClient = null, PSKeyVaultNetworkRuleSet networkRuleSet = null)
+ public PSManagedHsm CreateNewManagedHsm(VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null)
{
if (parameters == null)
throw new ArgumentNullException("parameters");
- if (string.IsNullOrWhiteSpace(parameters.VaultName))
- throw new ArgumentNullException("parameters.VaultName");
+ if (string.IsNullOrWhiteSpace(parameters.Name))
+ throw new ArgumentNullException("parameters.Name");
if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName))
throw new ArgumentNullException("parameters.ResourceGroupName");
if (string.IsNullOrWhiteSpace(parameters.Location))
@@ -395,17 +395,6 @@ public PSManagedHsm CreateNewManagedHsm(VaultCreationParameters parameters, Acti
properties.EnableSoftDelete = parameters.EnableSoftDelete;
properties.SoftDeleteRetentionInDays = parameters.SoftDeleteRetentionInDays;
properties.EnablePurgeProtection = parameters.EnablePurgeProtection;
-
- // No sdk available to update this parapmeter
- // properties.AccessPolicies = (parameters.AccessPolicy != null) ? new[] { parameters.AccessPolicy } : new AccessPolicyEntry[] { };
-
- // properties.NetworkAcls = parameters.NetworkAcls;
- /*
- if (networkRuleSet != null)
- {
- UpdateVaultNetworkRuleSetProperties(properties, networkRuleSet);
- }
- */
}
else
{
@@ -414,7 +403,7 @@ public PSManagedHsm CreateNewManagedHsm(VaultCreationParameters parameters, Acti
var response = KeyVaultManagementClient.ManagedHsms.CreateOrUpdate(
resourceGroupName: parameters.ResourceGroupName,
- name: parameters.VaultName,
+ name: parameters.Name,
parameters: new ManagedHsm
{
Location = parameters.Location,
@@ -429,7 +418,7 @@ public PSManagedHsm CreateNewManagedHsm(VaultCreationParameters parameters, Acti
///
/// Get an existing Managed HSM. Returns null if vault is not found.
///
- /// managed hsm name
+ /// managed HSM name
/// resource group name
/// the active directory client
/// the retrieved Managed HSM
@@ -457,20 +446,70 @@ public PSManagedHsm GetManagedHsm(string managedHsmName, string resourceGroupNam
}
///
- /// Update an existing Managed HSM. Only EnablePurgeProtection can be updated currently.
+ /// List all existing Managed HSMs. Returns null if vault is not found.
///
- /// the existing Managed HSM
- /// enable purge protection
+ /// resource group name
+ /// the active directory client
+ /// the retrieved Managed HSM
+ public List ListManagedHsms(string resourceGroupName, ActiveDirectoryClient adClient = null)
+ {
+ return resourceGroupName == null ? ListManagedHsmsBySubscription(adClient) :
+ ListManagedHsmsByResourceGroup(resourceGroupName, adClient);
+ }
+
+ private List ListManagedHsmsByResourceGroup(string resourceGroupName, ActiveDirectoryClient adClient = null)
+ {
+ List managedHsms = new List(); ;
+ IPage response = KeyVaultManagementClient.ManagedHsms.ListByResourceGroupAsync(resourceGroupName).GetAwaiter().GetResult();
+ foreach (var managedHsm in response)
+ {
+ managedHsms.Add(new PSManagedHsm(managedHsm, adClient));
+ }
+
+ while (response?.NextPageLink != null)
+ {
+ response = KeyVaultManagementClient.ManagedHsms.ListByResourceGroupNextAsync(response.NextPageLink).GetAwaiter().GetResult();
+
+ foreach (var managedHsm in response)
+ {
+ managedHsms.Add(new PSManagedHsm(managedHsm, adClient));
+ }
+ }
+
+ return managedHsms;
+ }
+
+ private List ListManagedHsmsBySubscription(ActiveDirectoryClient adClient = null)
+ {
+ List managedHsms = new List(); ;
+ IPage response = KeyVaultManagementClient.ManagedHsms.ListBySubscriptionAsync().GetAwaiter().GetResult();
+
+ foreach (var managedHsm in response)
+ {
+ managedHsms.Add(new PSManagedHsm(managedHsm, adClient));
+ }
+
+ while (response?.NextPageLink != null)
+ {
+ response = KeyVaultManagementClient.ManagedHsms.ListBySubscriptionNextAsync(response.NextPageLink).GetAwaiter().GetResult();
+
+ foreach (var managedHsm in response)
+ {
+ managedHsms.Add(new PSManagedHsm(managedHsm, adClient));
+ }
+ }
+
+ return managedHsms;
+ }
+
+ ///
+ /// Update an existing Managed HSM. Only Tags can be updated currently.
+ ///
+ /// existing Managed HSM
+ /// HSM update parameters
/// the active directory client
/// the updated Managed HSM
- public PSManagedHsm UpdateManagedHsm(
- PSManagedHsm existingManagedHsm,
-// PSKeyVaultAccessPolicy[] updatedPolicies,
- bool? updatedSoftDeleteSwitch,
- bool? updatedPurgeProtectionSwitch,
- int? softDeleteRetentionInDays,
-// PSKeyVaultNetworkRuleSet updatedNetworkAcls,
- ActiveDirectoryClient adClient = null)
+ public PSManagedHsm UpdateManagedHsm(PSManagedHsm existingManagedHsm, VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null)
{
if (existingManagedHsm == null)
throw new ArgumentNullException("existingManagedHsm");
@@ -478,44 +517,14 @@ public PSManagedHsm UpdateManagedHsm(
throw new ArgumentNullException("existingManagedHsm.OriginalManagedHsm");
//Update the vault properties in the object received from server
- //Only access policies and EnabledForDeployment can be changed
var properties = existingManagedHsm.OriginalManagedHsm.Properties;
- properties.SoftDeleteRetentionInDays = softDeleteRetentionInDays;
- // soft delete flags can only be applied if they enable their respective behaviors
- // and if different from the current corresponding properties on the vault.
- if (!(properties.EnableSoftDelete.HasValue && properties.EnableSoftDelete.Value)
- && updatedSoftDeleteSwitch.HasValue
- && updatedSoftDeleteSwitch.Value)
- properties.EnableSoftDelete = updatedSoftDeleteSwitch;
-
- if (!(properties.EnablePurgeProtection.HasValue && properties.EnablePurgeProtection.Value)
- && updatedPurgeProtectionSwitch.HasValue
- && updatedPurgeProtectionSwitch.Value)
- properties.EnablePurgeProtection = updatedPurgeProtectionSwitch;
-
- /* properties.AccessPolicies = (updatedPolicies == null) ?
- new List() :
- updatedPolicies.Select(a => new AccessPolicyEntry
- {
- TenantId = a.TenantId,
- ObjectId = a.ObjectId,
- ApplicationId = a.ApplicationId,
- Permissions = new Permissions
- {
- Keys = a.PermissionsToKeys.ToArray(),
- Secrets = a.PermissionsToSecrets.ToArray(),
- Certificates = a.PermissionsToCertificates.ToArray(),
- Storage = a.PermissionsToStorage.ToArray(),
- }
- }).ToList();
-
- UpdateVaultNetworkRuleSetProperties(properties, updatedNetworkAcls);*/
+ // None property is allowed to be updated currently,
+ // Can be added here in the furture
-
- var response = KeyVaultManagementClient.ManagedHsms.CreateOrUpdate(
+ var response = KeyVaultManagementClient.ManagedHsms.Update(
resourceGroupName: existingManagedHsm.ResourceGroupName,
- name: existingManagedHsm.VaultName,
+ name: existingManagedHsm.Name,
parameters: new ManagedHsm
{
Location = existingManagedHsm.Location,
@@ -523,7 +532,7 @@ public PSManagedHsm UpdateManagedHsm(
{
Name = (ManagedHsmSkuName)Enum.Parse(typeof(ManagedHsmSkuName), existingManagedHsm.Sku)
},
- Tags = TagsConversionHelper.CreateTagDictionary(existingManagedHsm.Tags, validate: true),
+ Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
Properties = properties
});
@@ -533,12 +542,12 @@ public PSManagedHsm UpdateManagedHsm(
///
/// Delete an existing Managed HSM. Throws if vault is not found.
///
- ///
+ ///
///
public void DeleteManagedHsm(string managedHsm, string resourceGroupName)
{
if (string.IsNullOrWhiteSpace(managedHsm))
- throw new ArgumentNullException("vaultName");
+ throw new ArgumentNullException("managedHsm");
if (string.IsNullOrWhiteSpace(resourceGroupName))
throw new ArgumentNullException("resourceGroupName");
diff --git a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
index 5465a4159c9e..2767fff28a1f 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
+++ b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
@@ -342,6 +342,24 @@ internal static string FileOverwriteMessage {
}
}
+ ///
+ /// Looks up a localized string similar to The specified HSM already exists..
+ ///
+ internal static string HsmAlreadyExists {
+ get {
+ return ResourceManager.GetString("HsmAlreadyExists", resourceCulture);
+ }
+ }
+
+ ///
+ /// Looks up a localized string similar to Cannot find HSM '{0}' in resource group '{1}'..
+ ///
+ internal static string HsmNotFound {
+ get {
+ return ResourceManager.GetString("HsmNotFound", resourceCulture);
+ }
+ }
+
///
/// Looks up a localized string similar to BYOK key can not be imported as software key.
///
@@ -793,7 +811,7 @@ internal static string RemoveCertificateOperation {
}
///
- /// Looks up a localized string similar to Are you sure you want to remove certificate '{0}'..
+ /// Looks up a localized string similar to Are you sure you want to remove certificate '{0}'?.
///
internal static string RemoveCertWarning {
get {
@@ -883,7 +901,25 @@ internal static string RemoveDeletedSecretWhatIfMessage {
}
///
- /// Looks up a localized string similar to Are you sure you want to remove key '{0}'..
+ /// Looks up a localized string similar to Are you sure you want to remove HSM '{0}'?.
+ ///
+ internal static string RemoveHsmWarning {
+ get {
+ return ResourceManager.GetString("RemoveHsmWarning", resourceCulture);
+ }
+ }
+
+ ///
+ /// Looks up a localized string similar to Remove HSM.
+ ///
+ internal static string RemoveHsmWhatIfMessage {
+ get {
+ return ResourceManager.GetString("RemoveHsmWhatIfMessage", resourceCulture);
+ }
+ }
+
+ ///
+ /// Looks up a localized string similar to Are you sure you want to remove key '{0}'?.
///
internal static string RemoveKeyWarning {
get {
@@ -901,7 +937,7 @@ internal static string RemoveKeyWhatIfMessage {
}
///
- /// Looks up a localized string similar to Are you sure you want to remove managed storage account '{0}'.
+ /// Looks up a localized string similar to Are you sure you want to remove managed storage account '{0}'?.
///
internal static string RemoveManagedStorageAccountWarning {
get {
@@ -946,7 +982,7 @@ internal static string RemoveNetworkRule {
}
///
- /// Looks up a localized string similar to Are you sure you want to remove secret '{0}'.
+ /// Looks up a localized string similar to Are you sure you want to remove secret '{0}'?.
///
internal static string RemoveSecretWarning {
get {
diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx
index 7b4377973f87..11ce63688439 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.resx
+++ b/src/KeyVault/KeyVault/Properties/Resources.resx
@@ -232,25 +232,25 @@ You can find the object ID using Azure Active Directory Module for Windows Power
At least one permission should be selected for key access or secret access.
- Are you sure you want to remove certificate '{0}'.
+ Are you sure you want to remove certificate '{0}'?
Remove certificate
- Are you sure you want to remove key '{0}'.
+ Are you sure you want to remove key '{0}'?
Remove key
- Are you sure you want to remove secret '{0}'
+ Are you sure you want to remove secret '{0}'?
Remove secret
- Are you sure you want to remove managed storage account '{0}'
+ Are you sure you want to remove managed storage account '{0}'?
Remove managed storage account
@@ -282,6 +282,9 @@ You can find the object ID using Azure Active Directory Module for Windows Power
The specified vault already exists.
+
+ The specified HSM already exists.
+
Access policy is not set. No user or application have access permission to use this vault. This can happen if the vault was created by a service principal. Please use Set-AzKeyVaultAccessPolicy to set access policies.
@@ -498,4 +501,13 @@ You can find the object ID using Azure Active Directory Module for Windows Power
The "import" operation is exclusive, it cannot be combined with any other value(s).
+
+ Cannot find HSM '{0}' in resource group '{1}'.
+
+
+ Are you sure you want to remove HSM '{0}'?
+
+
+ Remove HSM
+
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/Get-AzKeyVault.md b/src/KeyVault/KeyVault/help/Get-AzKeyVault.md
index 2bd2cdd46b76..663f7be76cfb 100644
--- a/src/KeyVault/KeyVault/help/Get-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/Get-AzKeyVault.md
@@ -15,8 +15,8 @@ Gets key vaults.
### GetVaultByName (Default)
```
-Get-AzKeyVault [[-VaultName] ] [[-ResourceGroupName] ] [-ResourceType ]
- [-Tag ] [-DefaultProfile ] []
+Get-AzKeyVault [[-VaultName] ] [[-ResourceGroupName] ] [-Tag ]
+ [-DefaultProfile ] []
```
### ByDeletedVault
@@ -181,28 +181,6 @@ Tags :
This command gets all the key vaults in the subscription that start with "myvault".
-### Example 7: Get a specific managed hsm
-```powershell
-PS C:\> Get-AzKeyVault -Name 'TestManagedHsm' -ResourceType Hsm
-
-ManagedHsm Name : TestManagedHsm
-Resource Group Name : testGroup9
-Location : eastus2
-Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/testGroup9/pro
- viders/Microsoft.KeyVault/managedHSMs/TestManagedHsm
-Hsm Pool URI :
-Tenant ID : xxxxxxxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
-Security Domain ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-Initial Admin Object Ids : {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
-SKU : StandardB1
-Soft Delete Enabled? : True
-Enabled Purge Protection? :
-Soft Delete Retention Period (days) : 90
-Tags :
-```
-
-This command gets the managed hsm named TestManagedHsm in your current subscription.
-
## PARAMETERS
### -DefaultProfile
@@ -265,22 +243,6 @@ Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
```
-### -ResourceType
-Specifies the type of Vault / HSM to be shown. If omitted, both will be listed.
-
-```yaml
-Type: Microsoft.Azure.Commands.KeyVault.Models.ResourceTypeName
-Parameter Sets: GetVaultByName
-Aliases: Type
-Accepted values: Vault, Hsm
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
### -Tag
Key-value pairs in the form of a hash table. For example:
@{key0="value0";key1=$null;key2="value2"}
diff --git a/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
new file mode 100644
index 000000000000..d840141f42ae
--- /dev/null
+++ b/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
@@ -0,0 +1,158 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
+Module Name: Az.KeyVault
+online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/get-azmanagedhsm
+schema: 2.0.0
+---
+
+# Get-AzManagedHsm
+
+## SYNOPSIS
+Get managed HSMs.
+
+## SYNTAX
+
+```
+Get-AzManagedHsm [[-Name] ] [[-ResourceGroupName] ] [-Tag ]
+ [-DefaultProfile ] []
+```
+
+## DESCRIPTION
+The **Get-AzManagedHsm** cmdlet gets information about the managed HSMs in a subscription. You can
+view all managed HSMs instances in a subscription, or filter your results by a resource group or a
+particular managed HSM.
+Note that although specifying the resource group is optional for this cmdlet when you get a single
+managed HSM, you should do so for better performance.
+
+## EXAMPLES
+
+### Example 1: Get all managed HSMs in your current subscription
+```powershell
+PS C:\> Get-AzManagedHsm
+
+Name Resource Group Name Location SKU
+---- ------------------- -------- ---
+myhsm myrg1 eastus2euap StandardB1
+```
+
+This command gets all managed HSMs in your current subscription.
+
+### Example 2: Get a specific managed HSM
+```powershell
+PS C:\> Get-AzManagedHsm -Name 'myhsm'
+
+Name Resource Group Name Location SKU
+---- ------------------- -------- ---
+myhsm myrg1 eastus2euap StandardB1
+```
+
+This command gets the managed HSM named myhsm in your current subscription.
+
+### Example 3: Get managed HSMs in a resource group
+```powershell
+PS C:\> Get-AzManagedHsm -ResourceGroupName 'myrg1'
+
+Name Resource Group Name Location SKU
+---- ------------------- -------- ---
+myhsm myrg1 eastus2euap StandardB1
+```
+
+This command gets all managed HSMs in the resource group named myrg1.
+
+### Example 4: Get managed HSMs using filtering
+```powershell
+PS C:\> Get-AzManagedHsm -Name 'myhsm*'
+
+Name Resource Group Name Location SKU
+---- ------------------- -------- ---
+myhsm myrg1 eastus2euap StandardB1
+```
+
+This command gets all managed HSMs in the subscription that start with "myhsm".
+
+## PARAMETERS
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Name
+HSM name. Cmdlet constructs the FQDN of a HSM based on the name and currently selected environment.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases: HsmName
+
+Required: False
+Position: 0
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+Specifies the name of the resource group associated with the managed HSM being queried.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Tag
+Specifies the key and optional value of the specified tag to filter the list of managed HSMs by.
+
+```yaml
+Type: System.Collections.Hashtable
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### System.String
+
+### System.Collections.Hashtable
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultIdentityItem
+
+## NOTES
+
+## RELATED LINKS
+
+[New-AzManagedHsm](./New-AzManagedHsm.md)
+
+[Remove-AzManagedHsm](./Remove-AzManagedHsm.md)
+
+[Update-AzManagedHsm](./Update-AzManagedHsm.md)
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/New-AzKeyVault.md b/src/KeyVault/KeyVault/help/New-AzKeyVault.md
index 6b7c3b9ffc84..e50ccf60924f 100644
--- a/src/KeyVault/KeyVault/help/New-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/New-AzKeyVault.md
@@ -13,22 +13,14 @@ Creates a key vault.
## SYNTAX
-### KeyVaultParameterSet
```
-New-AzKeyVault [-Name] [-ResourceGroupName] [-Location] [-DisableSoftDelete]
- [-EnablePurgeProtection] [-SoftDeleteRetentionInDays ] [-Sku ] [-Tag ]
- [-NetworkRuleSet ] [-EnabledForDeployment] [-EnabledForTemplateDeployment]
- [-EnabledForDiskEncryption] [-DefaultProfile ] [-WhatIf] [-Confirm]
+New-AzKeyVault [-Name] [-ResourceGroupName] [-Location] [-EnabledForDeployment]
+ [-EnabledForTemplateDeployment] [-EnabledForDiskEncryption] [-DisableSoftDelete] [-EnablePurgeProtection]
+ [-SoftDeleteRetentionInDays ] [-Sku ] [-Tag ]
+ [-NetworkRuleSet ] [-DefaultProfile ] [-WhatIf] [-Confirm]
[]
```
-### ManagedHsmParameterSet
-```
-New-AzKeyVault [-Name] [-ResourceGroupName] [-Location] [-Sku ]
- [-Tag ] -Administrator [-Hsm] [-DefaultProfile ] [-WhatIf]
- [-Confirm] []
-```
-
## DESCRIPTION
The **New-AzKeyVault** cmdlet creates a key vault in the specified resource group. This cmdlet
also grants permissions to the currently logged on user to add, remove, or list keys and secrets in
@@ -126,47 +118,8 @@ PS C:\> New-AzKeyVault -ResourceGroupName "myRg" -VaultName "myVault" -NetworkRu
Creating a key vault and specifies network rules to allow access to the specified IP address from the virtual network identified by $myNetworkResId. See `New-AzKeyVaultNetworkRuleSetObject` for more information.
-### Example 4: Create a StandardB1 managed hsm
-```powershell
-PS C:\> New-AzKeyVault -Name 'TestManagedHsm' -ResourceGroupName 'testGroup9' -Location 'eastus2' -Administrator "xxxxxxxxxxxxxxxxxx-xxxx-xxxxxxxxxxxx" -Hsm
-
-ManagedHsm Name : TestManagedHsm
-Resource Group Name : testGroup9
-Location : eastus2
-Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/testGroup9/pro
- viders/Microsoft.KeyVault/managedHSMs/TestManagedHsm
-Hsm Pool URI :
-Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-Security Domain ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-Initial Admin Object Ids : {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
-SKU : StandardB1
-Soft Delete Enabled? : True
-Enabled Purge Protection? :
-Soft Delete Retention Period (days) : 90
-Tags
-```
-
-This command creates a managed hsm named TestManagedHsm, in the Azure region East US 2. The command
-adds the managed hsm to the resource group named testGroup9. Because the command does not specify a
-value for the *SKU* parameter, it creates a StandardB1 key vault.
-
## PARAMETERS
-### -Administrator
-Array of initial administrators object ids for this managed hsm pool.
-
-```yaml
-Type: System.String[]
-Parameter Sets: ManagedHsmParameterSet
-Aliases:
-
-Required: True
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
### -DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
@@ -187,7 +140,7 @@ If specified, 'soft delete' functionality is disabled for this key vault.
```yaml
Type: System.Management.Automation.SwitchParameter
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
Aliases:
Required: False
@@ -203,7 +156,7 @@ key vault is referenced in resource creation, for example when creating a virtua
```yaml
Type: System.Management.Automation.SwitchParameter
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
Aliases:
Required: False
@@ -218,7 +171,7 @@ Enables the Azure disk encryption service to get secrets and unwrap keys from th
```yaml
Type: System.Management.Automation.SwitchParameter
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
Aliases:
Required: False
@@ -233,7 +186,7 @@ Enables Azure Resource Manager to get secrets from this key vault when this key
```yaml
Type: System.Management.Automation.SwitchParameter
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
Aliases:
Required: False
@@ -248,7 +201,7 @@ If specified, protection against immediate deletion is enabled for this vault; r
```yaml
Type: System.Management.Automation.SwitchParameter
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
Aliases:
Required: False
@@ -258,21 +211,6 @@ Accept pipeline input: False
Accept wildcard characters: False
```
-### -Hsm
-Specifies the type of this vault as managed hsm.
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: ManagedHsmParameterSet
-Aliases:
-
-Required: True
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
### -Location
Specifies the Azure region in which to create the key vault. Use the command [Get-AzLocation](https://docs.microsoft.com/powershell/module/Azure/Get-AzLocation) to see your choices.
@@ -308,7 +246,7 @@ Specifies the network rule set of the vault. It governs the accessibility of the
```yaml
Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultNetworkRuleSet
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
Aliases:
Required: False
@@ -340,6 +278,7 @@ Specifies the SKU of the key vault instance. For information about which feature
Type: System.String
Parameter Sets: (All)
Aliases:
+Accepted values: Standard, Premium
Required: False
Position: Named
@@ -353,7 +292,7 @@ Specifies how long deleted resources are retained, and how long until a vault or
```yaml
Type: System.Int32
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
Aliases:
Required: False
diff --git a/src/KeyVault/KeyVault/help/New-AzManagedHsm.md b/src/KeyVault/KeyVault/help/New-AzManagedHsm.md
new file mode 100644
index 000000000000..cd87caf5e7cd
--- /dev/null
+++ b/src/KeyVault/KeyVault/help/New-AzManagedHsm.md
@@ -0,0 +1,235 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
+Module Name: Az.KeyVault
+online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/new-azmanagedhsm
+schema: 2.0.0
+---
+
+# New-AzManagedHsm
+
+## SYNOPSIS
+Creates a managed HSM.
+
+## SYNTAX
+
+```
+New-AzManagedHsm [-Name] [-ResourceGroupName] [-Location]
+ [-Administrator] [-Sku ] [-Tag ] [-AsJob]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+## DESCRIPTION
+The **New-AzManagedHsm** cmdlet creates a managed HSM in the specified resource group. To add,
+remove, or list keys in the managed HSM, user should grant permissions by adding user ID to
+Administrator.
+
+## EXAMPLES
+
+### Example 1: Create a StandardB1 managed HSM
+```powershell
+PS C:\> New-AzManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+
+Name Resource Group Name Location SKU
+---- ------------------- -------- ---
+myhsm myrg1 eastus2euap StandardB1
+```
+
+This command creates a managed HSM named myhsm in the location eastus2euap. The command
+adds the managed HSM to the resource group named myrg1. Because the command does not specify a
+value for the *SKU* parameter, it creates a Standard_B1 managed HSM.
+
+### Example 2: Create a CustomB32 managed HSM
+```powershell
+PS C:\>New-AzManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -Sku 'CustomB32'
+Name Resource Group Name Location SKU
+
+---- ------------------- -------- ---
+myhsm myrg1 eastus2euap CustomB32
+```
+
+
+
+This command creates a managed HSM, just like the previous example. However, it specifies a value of
+CustomB32 for the *SKU* parameter to create a CustomB32 managed HSM.
+
+## PARAMETERS
+
+### -Administrator
+Initial administrator object id for this managed HSM pool.
+
+```yaml
+Type: System.String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 3
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -AsJob
+Run cmdlet in the background
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Location
+Specifies the Azure region in which to create the key vault.
+Use the command Get-AzResourceProvider with the ProviderNamespace parameter to see your choices.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Name
+Specifies a name of the managed HSM to create.
+The name can be any combination of letters, digits, or hyphens.
+The name must start and end with a letter or digit.
+The name must be universally unique.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases: HsmName
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+Specifies the name of an existing resource group in which to create the key vault.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Sku
+Specifies the SKU of the managed HSM instance.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Tag
+A hash table which represents resource tags.
+
+```yaml
+Type: System.Collections.Hashtable
+Parameter Sets: (All)
+Aliases: Tags
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### System.String
+
+### System.String[]
+
+### System.Collections.Hashtable
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+## NOTES
+
+## RELATED LINKS
+
+[Get-AzManagedHsm](./Get-AzManagedHsm.md)
+
+[Remove-AzManagedHsm](./Remove-AzManagedHsm.md)
+
+[Update-AzManagedHsm](./Update-AzManagedHsm.md)
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/Remove-AzKeyVault.md b/src/KeyVault/KeyVault/help/Remove-AzKeyVault.md
index a6e64beac041..45acf6bc7803 100644
--- a/src/KeyVault/KeyVault/help/Remove-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/Remove-AzKeyVault.md
@@ -15,7 +15,7 @@ Deletes a key vault.
### ByAvailableVault (Default)
```
-Remove-AzKeyVault [-VaultName] [[-ResourceGroupName] ] [[-Location] ] [-Hsm] [-Force]
+Remove-AzKeyVault [-VaultName] [[-ResourceGroupName] ] [[-Location] ] [-Force]
[-AsJob] [-PassThru] [-DefaultProfile ] [-WhatIf] [-Confirm] []
```
@@ -27,19 +27,19 @@ Remove-AzKeyVault [-VaultName] [-Location] [-InRemovedState] [
### InputObjectByAvailableVault
```
-Remove-AzKeyVault [-InputObject] [-Hsm] [-Force] [-AsJob] [-PassThru]
+Remove-AzKeyVault [-InputObject] [-Force] [-AsJob] [-PassThru]
[-DefaultProfile ] [-WhatIf] [-Confirm] []
```
### InputObjectByDeletedVault
```
-Remove-AzKeyVault [-InputObject] [-InRemovedState] [-Force] [-AsJob] [-PassThru]
+Remove-AzKeyVault [-InputObject] [-InRemovedState] [-Force] [-AsJob] [-PassThru]
[-DefaultProfile ] [-WhatIf] [-Confirm] []
```
### ResourceIdByAvailableVault
```
-Remove-AzKeyVault [-ResourceId] [[-Location] ] [-Hsm] [-Force] [-AsJob] [-PassThru]
+Remove-AzKeyVault [-ResourceId] [[-Location] ] [-Force] [-AsJob] [-PassThru]
[-DefaultProfile ] [-WhatIf] [-Confirm] []
```
@@ -75,14 +75,6 @@ True
This command removes the key vault named Contoso03Vault from the named resource group.
If you do not specify the resource group name, the cmdlet searches for the named key vault to delete in your current subscription.
-### Example 3: Remove a managed hsm
-```powershell
-PS C:\> Remove-AzKeyVault -Name "testManagedHsm" -Hsm -PassThru
-
-True
-```
-This command removes the managed hsm named testManagedHsm from your current subscription.
-
## PARAMETERS
### -AsJob
@@ -131,26 +123,11 @@ Accept pipeline input: False
Accept wildcard characters: False
```
-### -Hsm
-Specifies the type of vault as managed hsm.
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: ByAvailableVault, InputObjectByAvailableVault, ResourceIdByAvailableVault
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
### -InputObject
Key Vault object to be deleted.
```yaml
-Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultIdentityItem
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVault
Parameter Sets: InputObjectByAvailableVault, InputObjectByDeletedVault
Aliases:
diff --git a/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md
new file mode 100644
index 000000000000..7d0d75b6614a
--- /dev/null
+++ b/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md
@@ -0,0 +1,235 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
+Module Name: Az.KeyVault
+online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/remove-azmanagedhsm
+schema: 2.0.0
+---
+
+# Remove-AzManagedHsm
+
+## SYNOPSIS
+Deletes a managed HSM.
+
+## SYNTAX
+
+### RemoveManagedHsmByName (Default)
+```
+Remove-AzManagedHsm [-Name] [[-ResourceGroupName] ] [-Force] [-AsJob] [-PassThru]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### RemoveManagedHsmByInputObject
+```
+Remove-AzManagedHsm [-InputObject] [-Force] [-AsJob] [-PassThru]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### RemoveManagedHsmByResourceId
+```
+Remove-AzManagedHsm [-ResourceId] [-Force] [-AsJob] [-PassThru]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+## DESCRIPTION
+The **Remove-AzManagedHsm** cmdlet deletes the specified managed HSM.
+It also deletes all keys contained in that instance.
+Note that although specifying the resource group is optional for this cmdlet, you should so for better performance.
+
+## EXAMPLES
+
+### Example 1: Remove a managed HSM
+```powershell
+PS C:\> Remove-AzManagedHsm -HsmName 'myhsm' -Force
+
+True
+```
+
+This command removes the managed hsm named myhsm from your current subscription.
+
+### Example 2: Remove a managed hsm from a specified resource group
+```powershell
+PS C:\> Remove-AzManagedHsm -HsmName 'myhsm' -ResourceGroupName "myrg1" -PassThru
+
+True
+```
+
+This command removes the managed hsm named myhsm from the resource group named myrg1.
+If you do not specify the resource group name, the cmdlet searches for the named managed HSM to delete in your current subscription.
+
+## PARAMETERS
+
+### -AsJob
+Run cmdlet in the background
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Force
+Indicates that the cmdlet does not prompt you for confirmation.
+By default, this cmdlet prompts you to confirm that you want to delete the managed HSM.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -InputObject
+Managed HSM object to be deleted.
+
+```yaml
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+Parameter Sets: RemoveManagedHsmByInputObject
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -Name
+Specifies the name of the managed HSM to remove.
+
+```yaml
+Type: System.String
+Parameter Sets: RemoveManagedHsmByName
+Aliases: HsmName
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -PassThru
+This Cmdlet does not return an object by default.
+If this switch is specified, it returns true if successful.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+Specifies the name of resource group for Azure managed HSM to remove.
+
+```yaml
+Type: System.String
+Parameter Sets: RemoveManagedHsmByName
+Aliases:
+
+Required: False
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceId
+ManagedHsm Resource Id.
+
+```yaml
+Type: System.String
+Parameter Sets: RemoveManagedHsmByResourceId
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+### System.String
+
+## OUTPUTS
+
+### System.Boolean
+
+## NOTES
+
+## RELATED LINKS
+
+[Get-AzManagedHsm](./Get-AzManagedHsm.md)
+
+[New-AzManagedHsm](./New-AzManagedHsm.md)
+
+[Update-AzManagedHsm](./Update-AzManagedHsm.md)
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/Update-AzKeyVault.md b/src/KeyVault/KeyVault/help/Update-AzKeyVault.md
index 2b564f5fceaf..b8f0c278823a 100644
--- a/src/KeyVault/KeyVault/help/Update-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/Update-AzKeyVault.md
@@ -12,21 +12,21 @@ Update the state of an Azure key vault.
## SYNTAX
-### UpdateKeyVaultByNameParameterSet (Default)
+### UpdateByNameParameterSet (Default)
```
Update-AzKeyVault -ResourceGroupName -VaultName [-EnableSoftDelete] [-EnablePurgeProtection]
[-SoftDeleteRetentionInDays ] [-DefaultProfile ] [-WhatIf] [-Confirm]
[]
```
-### UpdateKeyVaultByInputObjectParameterSet
+### UpdateByInputObjectParameterSet
```
-Update-AzKeyVault -InputObject [-EnableSoftDelete] [-EnablePurgeProtection]
+Update-AzKeyVault -InputObject [-EnableSoftDelete] [-EnablePurgeProtection]
[-SoftDeleteRetentionInDays ] [-DefaultProfile ] [-WhatIf] [-Confirm]
[]
```
-### UpdateKeyVaultByResourceIdParameterSet
+### UpdateByResourceIdParameterSet
```
Update-AzKeyVault -ResourceId [-EnableSoftDelete] [-EnablePurgeProtection]
[-SoftDeleteRetentionInDays ] [-DefaultProfile ] [-WhatIf] [-Confirm]
@@ -46,7 +46,7 @@ PS C:\> Update-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceG
Enables soft delete on the key vault named `$keyVaultName` in resource group `$resourceGroupName`.
-### Example 1
+### Example 2
```powershell
PS C:\> Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceGroupName | Update-AzKeyVault -EnablePurgeProtection
```
@@ -107,8 +107,8 @@ Accept wildcard characters: False
Key vault object.
```yaml
-Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultIdentityItem
-Parameter Sets: UpdateKeyVaultByInputObjectParameterSet
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVault
+Parameter Sets: UpdateByInputObjectParameterSet
Aliases:
Required: True
@@ -123,7 +123,7 @@ Name of the resource group.
```yaml
Type: System.String
-Parameter Sets: UpdateKeyVaultByNameParameterSet
+Parameter Sets: UpdateByNameParameterSet
Aliases:
Required: True
@@ -138,7 +138,7 @@ Resource ID of the key vault.
```yaml
Type: System.String
-Parameter Sets: UpdateKeyVaultByResourceIdParameterSet
+Parameter Sets: UpdateByResourceIdParameterSet
Aliases:
Required: True
@@ -168,7 +168,7 @@ Name of the key vault.
```yaml
Type: System.String
-Parameter Sets: UpdateKeyVaultByNameParameterSet
+Parameter Sets: UpdateByNameParameterSet
Aliases: Name
Required: True
diff --git a/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md
new file mode 100644
index 000000000000..a203836b1d8a
--- /dev/null
+++ b/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md
@@ -0,0 +1,218 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
+Module Name: Az.KeyVault
+online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/update-azmanagedhsm
+schema: 2.0.0
+---
+
+# Update-AzManagedHsm
+
+## SYNOPSIS
+Update the state of an Azure managed HSM.
+
+## SYNTAX
+
+### UpdateByNameParameterSet (Default)
+```
+Update-AzManagedHsm -Name -ResourceGroupName [-Tag ]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### UpdateByInputObjectParameterSet
+```
+Update-AzManagedHsm -InputObject [-Tag ] [-DefaultProfile ]
+ [-WhatIf] [-Confirm] []
+```
+
+### UpdateByResourceIdParameterSet
+```
+Update-AzManagedHsm -ResourceId [-Tag ] [-DefaultProfile ]
+ [-WhatIf] [-Confirm] []
+```
+
+## DESCRIPTION
+This cmdlet updates the state of an Azure managed HSM.
+
+## EXAMPLES
+
+### Example 1: Update a managed Hsm directly
+```powershell
+PS C:\> Update-AzManagedHsm -Name $hsmName -ResourceGroupName $resourceGroupName -Tag @{testKey="testValue"} | fl
+
+Managed HSM Name : testmhsm
+Resource Group Name : testmhsm
+Location : eastus2euap
+Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/testmhsm/provid
+ ers/Microsoft.KeyVault/managedHSMs/testmhsm
+HSM Pool URI :
+Tenant ID : xxxxxx-xxxx-xxxx-xxxxxxxxxxxx
+Initial Admin Object Ids : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+SKU : StandardB1
+Soft Delete Enabled? : True
+Enabled Purge Protection? : False
+Soft Delete Retention Period (days) : 90
+Provisioning State : Provisioning
+Status Message : Resource creation in progress. Starting service...
+Tags :
+ Name Value
+ ==== =====
+ testKey testValued
+
+```
+
+Updates tags for the managed Hsm named `$hsmName` in resource group `$resourceGroupName`.
+
+### Example 2: Update a managed Hsm using piping
+```powershell
+PS C:\> Get-AzManagedHsm -Name $hsmName -ResourceGroupName $resourceGroupName | Update-AzManagedHsm -Tag @{testKey="testValue"}
+```
+
+Updates tags for the managed Hsm using piping syntax.
+
+## PARAMETERS
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -InputObject
+Managed HSM object.
+
+```yaml
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+Parameter Sets: UpdateByInputObjectParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -Name
+Name of the managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateByNameParameterSet
+Aliases: HsmName
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+Name of the resource group.
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateByNameParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceId
+Resource ID of the managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateByResourceIdParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Tag
+A hash table which represents resource tags.
+
+```yaml
+Type: System.Collections.Hashtable
+Parameter Sets: (All)
+Aliases: Tags
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+### System.String
+
+### System.Collections.Hashtable
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+## NOTES
+
+## RELATED LINKS
+
+[New-AzManagedHsm](./New-AzManagedHsm.md)
+
+[Remove-AzManagedHsm](./Remove-AzManagedHsm.md)
+
+[Get-AzManagedHsm](./Get-AzManagedHsm.md)
\ No newline at end of file