Skip to content

Detach managed hsm from key vault command #13187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Oct 15, 2020
Merged

Detach managed hsm from key vault command #13187

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
65b9a87
get managed hsm
BethanyZhou Oct 10, 2020
1831ef9
new managed hsm
BethanyZhou Oct 12, 2020
dacef85
remove managed hsm
BethanyZhou Oct 12, 2020
88c720e
update help.md
BethanyZhou Oct 12, 2020
e946168
update managed hsm
BethanyZhou Oct 13, 2020
6268fa3
add online version for new help.md
BethanyZhou Oct 13, 2020
67529a7
Convert mhsm test to liveonly
BethanyZhou Oct 13, 2020
bdf80d7
add test record
BethanyZhou Oct 13, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 12 additions & 12 deletions src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,9 @@ function Test-ManagedHsmCRUD {
New-AzResourceGroup -Name $rgName -Location $rgLocation

try {
# Test create a default Managed HSM
$hsm = New-AzKeyVault -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator -Hsm
Assert-AreEqual $hsmName $hsm.VaultName
# Test create a default managed HSM
$hsm = New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
Assert-AreEqual $hsmName $hsm.Name
Assert-AreEqual $rgName $hsm.ResourceGroupName
Assert-AreEqual $hsmLocation $hsm.Location
Assert-AreEqual 1 $hsm.InitialAdminObjectIds.Count
Expand All @@ -37,23 +37,23 @@ function Test-ManagedHsmCRUD {
# Default retention days
Assert-AreEqual 90 $hsm.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"

# Test get Managed HSM
$got = Get-AzKeyVault -Name $hsmName -ResourceType Hsm
# Test get managed HSM
$got = Get-AzManagedHsm -Name $hsmName
Assert-NotNull $got
Assert-AreEqual $hsmName $got.VaultName
Assert-AreEqual $hsmName $got.Name
Assert-AreEqual $rgName $got.ResourceGroupName
Assert-AreEqual $hsmLocation $got.Location

# Test throws for existing vault
Assert-Throws { New-AzKeyVault -VaultName $hsmName -ResourceGroupName $rgname -Location $vaultLocation -Administrator $administrator -Hsm}
# Test throws for existing managed HSM
Assert-Throws { New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator }

# Test remove Managed HSM
Remove-AzKeyVault -InputObject $got -Hsm -Force
$deletedMhsm = Get-AzKeyVault -VaultName $hsmName -ResourceGroupName $rgName
# Test remove managed HSM
Remove-AzManagedHsm -InputObject $got -Force
$deletedMhsm = Get-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName
Assert-Null $deletedMhsm

# Test throws for resourcegroup nonexistent
Assert-Throws { New-AzKeyVault -VaultName (getAssetName) -ResourceGroupName (getAssetName) -Location $vaultLocation -Administrator $administrator -Hsm}
Assert-Throws { New-AzManagedHsm -Name (getAssetName) -ResourceGroupName (getAssetName) -Location $hsmLocation -Administrator $administrator }
}

finally {
Expand Down
5 changes: 4 additions & 1 deletion src/KeyVault/KeyVault/Az.KeyVault.psd1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,10 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate',
'Remove-AzKeyVaultCertificateIssuer',
'Remove-AzKeyVaultCertificateOperation',
'Set-AzKeyVaultCertificateIssuer',
'Set-AzKeyVaultCertificatePolicy', 'Get-AzKeyVault', 'New-AzKeyVault',
'Set-AzKeyVaultCertificatePolicy',
'Get-AzManagedHsm', 'New-AzManagedHsm',
'Remove-AzManagedHsm', 'Update-AzManagedHsm',
'Get-AzKeyVault', 'New-AzKeyVault',
'Remove-AzKeyVault', 'Undo-AzKeyVaultRemoval',
'Remove-AzKeyVaultAccessPolicy', 'Set-AzKeyVaultAccessPolicy',
'Backup-AzKeyVaultKey', 'Get-AzKeyVaultKey', 'Get-AzKeyVaultSecret',
Expand Down
64 changes: 6 additions & 58 deletions src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,12 +85,6 @@ public class GetAzureKeyVault : KeyVaultManagementCmdletBase
HelpMessage = "Specifies whether to show the previously deleted vaults in the output.")]
public SwitchParameter InRemovedState { get; set; }

[Parameter(Mandatory = false,
ParameterSetName = GetVaultParameterSet,
HelpMessage = "Specifies the type of Vault / HSM to be shown. If omitted, both will be listed.")]
[Alias("Type")]
public ResourceTypeName ResourceType { get; set; }

/// <summary>
/// Tag value
/// </summary>
Expand All @@ -104,68 +98,22 @@ public class GetAzureKeyVault : KeyVaultManagementCmdletBase
#endregion
public override void ExecuteCmdlet()
{
ResourceTypeName? resourceTypeName = null;
if (MyInvocation.BoundParameters.ContainsKey(nameof(ResourceType)))
{
resourceTypeName = this.ResourceType;
}

switch (ParameterSetName)
{
case GetVaultParameterSet:
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName, true) : ResourceGroupName;

PSKeyVaultIdentityItem vault = null;

if (ShouldGetByName(ResourceGroupName, VaultName))
{
switch (resourceTypeName)
{
case ResourceTypeName.Vault:
vault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName,
ActiveDirectoryClient);
WriteObject(FilterByTag((PSKeyVault)vault, Tag));
break;

case ResourceTypeName.Hsm:
vault = KeyVaultManagementClient.GetManagedHsm(
VaultName,
ResourceGroupName,
ActiveDirectoryClient);
WriteObject(FilterByTag((PSManagedHsm)vault, Tag));
break;

default:
// Search both Vaults and ManagedHsms
vault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName,
ActiveDirectoryClient);
if (vault == null)
{
vault = KeyVaultManagementClient.GetManagedHsm(
VaultName,
ResourceGroupName,
ActiveDirectoryClient);
WriteObject(FilterByTag((PSManagedHsm)vault, Tag));
}
else
{
WriteObject(FilterByTag((PSKeyVault)vault, Tag));
}
break;
}
PSKeyVault vault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName,
ActiveDirectoryClient);
WriteObject(FilterByTag(vault, Tag));
}
else
{
WriteObject(
TopLevelWildcardFilter(
ResourceGroupName, VaultName,
ListVaults(ResourceGroupName, Tag, resourceTypeName)),
true);
WriteObject(TopLevelWildcardFilter(ResourceGroupName, VaultName, ListVaults(ResourceGroupName, Tag)), true);
}

break;
Expand Down
73 changes: 73 additions & 0 deletions src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
using Microsoft.Azure.Commands.KeyVault.Models;
using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
using System.Collections;
using System.Management.Automation;

namespace Microsoft.Azure.Commands.KeyVault.Commands
{
[Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm")]
[OutputType(typeof(PSManagedHsm), typeof(PSKeyVaultIdentityItem))]
public class GetAzureManagedHsm : KeyVaultManagementCmdletBase
{
#region Input Parameter Definitions

/// <summary>
/// HSM name
/// </summary>
[Parameter(Mandatory = false,
Position = 0,
ValueFromPipelineByPropertyName = true,
HelpMessage = "HSM name. Cmdlet constructs the FQDN of a HSM based on the name and currently selected environment.")]
[ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "ResourceGroupName")]
[Alias("HsmName")]
[ValidateNotNullOrEmpty]
[SupportsWildcards]
public string Name { get; set; }

/// <summary>
/// Resource group name
/// </summary>
[Parameter(Mandatory = false,
Position = 1,
ValueFromPipelineByPropertyName = true,
HelpMessage = "Specifies the name of the resource group associated with the managed HSM being queried.")]
[ResourceGroupCompleter]
[ValidateNotNullOrEmpty]
[SupportsWildcards]
public string ResourceGroupName { get; set; }

/// <summary>
/// Tag value
/// </summary>
[Parameter(
Mandatory = false,
ValueFromPipelineByPropertyName = true,
HelpMessage = "Specifies the key and optional value of the specified tag to filter the list of managed HSMs by.")]
public Hashtable Tag { get; set; }

#endregion

public override void ExecuteCmdlet()
{
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(Name, true) : ResourceGroupName;

if (ShouldGetByName(ResourceGroupName, Name))
{
PSManagedHsm mhsm = KeyVaultManagementClient.GetManagedHsm(
Name,
ResourceGroupName,
ActiveDirectoryClient);
WriteObject(FilterByTag(mhsm, Tag));
}
else
{
WriteObject(
TopLevelWildcardFilter(
ResourceGroupName, Name,
FilterByTag(
KeyVaultManagementClient.ListManagedHsms(ResourceGroupName, ActiveDirectoryClient), Tag)),
true);
}
}
}
}
Loading