[KeyVault] Managed HSM #13259

BethanyZhou · 2020-10-19T07:58:50Z

Description

This PR contains following feature PRs:

Enable MHSM Management via *-AzKeyVault (Enable MHSM Management via *-AzKeyVault #12575)
Record scenario test for Managed Hsm (Record scenario test for Managed Hsm #12631)
[KeyVault] Update to official SDK ([KeyVault] Update to official SDK #12767)
combine track 1&2 sdk (combine track 1&2 sdk #13018)
Detach managed hsm from key vault command (Detach managed hsm from key vault command #13187)
Support data plane of managed HSM (Support data plane of managed HSM #13216)
Limit KeyType to be required only when create managed HSM key (Limit KeyType to be required only when create managed HSM key #13242)
Security domain (Security domain #13226)
full backup restore + rbac (RBAC and full backup restore #13261)

Todo:

Wait for Add MSAL support for Az.Accounts #13225 to merge because it contains necessary changes to adapt the breaking changes introduced in common repo
Use new common build; fix conflicts

Checklist

I have read the Submitting Changes section of CONTRIBUTING.md
The title of the PR is clear and informative
The appropriate ChangeLog.md file(s) has been updated:
- For any service, the ChangeLog.md file can be found at src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md
- A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header -- no new version header should be added
The PR does not introduce breaking changes
If applicable, the changes made in the PR have proper test coverage
For public API changes to cmdlets:
- a cmdlet design review was approved for the changes in this repository (Microsoft internal only)
- the markdown help files have been regenerated using the commands listed here

* Support creating a MHSM pool. * Supporting querying MHSM objects * Support deleting MHSM * Support updating mhsm * Add test cases * Hide unavailable services * Add test cases * expose EnablePurgeProtection for MHSM * correct indent of ps1xml * upload localfeed * Hide enablePurgeProtection * Update ChangeLog.md and help.md * Modify codes according to comments * Update help.md * Update VaultCreationParameters.cs * Update get-azkeyvault.md * Update KeyVaultManagementTests.ps1

* Record scenario tests for managed hsm * add default parameter set for * Re-record scenario tests.

* local 3.1.0 sdk * Use production key vault mgmt sdk * remove security domain from format xml

* combine track 1&2 sdk * update azure.core to 1.5.0 * add exception; revert addkeyvaultkey * add dll to psd1 * fix exception

* get managed hsm * new managed hsm * remove managed hsm * update help.md * update managed hsm * add online version for new help.md * Convert mhsm test to liveonly * add test record

* create managed hsm key * get managed hsm key * remove managed hsm key * update managed hsm key * undo managed hsm key removal * back up and restore managed hsm key * add help.md * import/download managed hsm RSA key * Update help.md * Update changelog.md * suppress signature issues * Update all help markdowns * add logger for track2sdk * add metadata for oct-HSM Co-authored-by: Yeming Liu <Yeming.Liu@microsoft.com>

* limit KeyType to be required only when create managed HSM key * add pester test

* wip * wip * wip * wip * wip * wip * support securestring * wip * wip * wip * generate docs * docs & error handling * move crypto alg inside security domain * resource strings * remove extra code * write help markdown * resolve relative path to absolute path * suppress signature issues Co-authored-by: Yeming Liu <yeliu@microsoft.com> Co-authored-by: Beisi Zhou <zhoubeisi@gmail.com> Co-authored-by: Beisi Zhou <zazbs@qq.com>

Co-authored-by: Yeming Liu <yeliu@microsoft.com>

changelog; azure.core; sdk version; online version; breaking change csv; shared assembly conflict; failed tests;

BethanyZhou · 2020-10-19T17:37:09Z

/azp run

azure-pipelines · 2020-10-19T17:37:35Z

Azure Pipelines successfully started running 3 pipeline(s).

isra-fel · 2020-10-20T01:53:24Z

/azp run azure-powershell - powershell-core

azure-pipelines · 2020-10-20T01:53:34Z

Azure Pipelines successfully started running 1 pipeline(s).

erich-wang · 2020-10-20T09:00:49Z

Force merge because of test time out on Windows

* Enable MHSM Management via *-AzKeyVault (#12575) * Support creating a MHSM pool. * Supporting querying MHSM objects * Support deleting MHSM * Support updating mhsm * Add test cases * Hide unavailable services * Add test cases * expose EnablePurgeProtection for MHSM * correct indent of ps1xml * upload localfeed * Hide enablePurgeProtection * Update ChangeLog.md and help.md * Modify codes according to comments * Update help.md * Update VaultCreationParameters.cs * Update get-azkeyvault.md * Update KeyVaultManagementTests.ps1 * Record scenario test for Managed Hsm (#12631) * Record scenario tests for managed hsm * add default parameter set for * Re-record scenario tests. * [KeyVault] Update to official SDK (#12767) * local 3.1.0 sdk * Use production key vault mgmt sdk * remove security domain from format xml * combine track 1&2 sdk (#13018) * combine track 1&2 sdk * update azure.core to 1.5.0 * add exception; revert addkeyvaultkey * add dll to psd1 * fix exception * Detach managed hsm from key vault command (#13187) * get managed hsm * new managed hsm * remove managed hsm * update help.md * update managed hsm * add online version for new help.md * Convert mhsm test to liveonly * add test record * Support data plane of managed HSM (#13216) * create managed hsm key * get managed hsm key * remove managed hsm key * update managed hsm key * undo managed hsm key removal * back up and restore managed hsm key * add help.md * import/download managed hsm RSA key * Update help.md * Update changelog.md * suppress signature issues * Update all help markdowns * add logger for track2sdk * add metadata for oct-HSM Co-authored-by: Yeming Liu <Yeming.Liu@microsoft.com> * Limit KeyType to be required only when create managed HSM key (#13242) * limit KeyType to be required only when create managed HSM key * add pester test * Security domain (#13226) * wip * wip * wip * wip * wip * wip * support securestring * wip * wip * wip * generate docs * docs & error handling * move crypto alg inside security domain * resource strings * remove extra code * write help markdown * resolve relative path to absolute path * suppress signature issues Co-authored-by: Yeming Liu <yeliu@microsoft.com> Co-authored-by: Beisi Zhou <zhoubeisi@gmail.com> Co-authored-by: Beisi Zhou <zazbs@qq.com> * remove pfx file * full backup restore + rbac (#13261) Co-authored-by: Yeming Liu <yeliu@microsoft.com> * small fixes changelog; azure.core; sdk version; online version; breaking change csv; shared assembly conflict; failed tests; * license of BouncyCastle.NetCore * remove local feed Co-authored-by: Yeming Liu <Yeming.Liu@microsoft.com> Co-authored-by: Yeming Liu <yeliu@microsoft.com>

Force merge after CI passed * [KeyVault] Managed HSM (#13259) * Enable MHSM Management via *-AzKeyVault (#12575) * Support creating a MHSM pool. * Supporting querying MHSM objects * Support deleting MHSM * Support updating mhsm * Add test cases * Hide unavailable services * Add test cases * expose EnablePurgeProtection for MHSM * correct indent of ps1xml * upload localfeed * Hide enablePurgeProtection * Update ChangeLog.md and help.md * Modify codes according to comments * Update help.md * Update VaultCreationParameters.cs * Update get-azkeyvault.md * Update KeyVaultManagementTests.ps1 * Record scenario test for Managed Hsm (#12631) * Record scenario tests for managed hsm * add default parameter set for * Re-record scenario tests. * [KeyVault] Update to official SDK (#12767) * local 3.1.0 sdk * Use production key vault mgmt sdk * remove security domain from format xml * combine track 1&2 sdk (#13018) * combine track 1&2 sdk * update azure.core to 1.5.0 * add exception; revert addkeyvaultkey * add dll to psd1 * fix exception * Detach managed hsm from key vault command (#13187) * get managed hsm * new managed hsm * remove managed hsm * update help.md * update managed hsm * add online version for new help.md * Convert mhsm test to liveonly * add test record * Support data plane of managed HSM (#13216) * create managed hsm key * get managed hsm key * remove managed hsm key * update managed hsm key * undo managed hsm key removal * back up and restore managed hsm key * add help.md * import/download managed hsm RSA key * Update help.md * Update changelog.md * suppress signature issues * Update all help markdowns * add logger for track2sdk * add metadata for oct-HSM Co-authored-by: Yeming Liu <Yeming.Liu@microsoft.com> * Limit KeyType to be required only when create managed HSM key (#13242) * limit KeyType to be required only when create managed HSM key * add pester test * Security domain (#13226) * wip * wip * wip * wip * wip * wip * support securestring * wip * wip * wip * generate docs * docs & error handling * move crypto alg inside security domain * resource strings * remove extra code * write help markdown * resolve relative path to absolute path * suppress signature issues Co-authored-by: Yeming Liu <yeliu@microsoft.com> Co-authored-by: Beisi Zhou <zhoubeisi@gmail.com> Co-authored-by: Beisi Zhou <zazbs@qq.com> * remove pfx file * full backup restore + rbac (#13261) Co-authored-by: Yeming Liu <yeliu@microsoft.com> * small fixes changelog; azure.core; sdk version; online version; breaking change csv; shared assembly conflict; failed tests; * license of BouncyCastle.NetCore * remove local feed Co-authored-by: Yeming Liu <Yeming.Liu@microsoft.com> Co-authored-by: Yeming Liu <yeliu@microsoft.com> * use portable.bouncycastle * bug fix... ...replace bouncycastle lib; fix security domain issue on windows powershell * Add pester test for RBAC and full-backup managed HSM * fix dll list * support relative path when restoring SD * update license (bouncycastle.netcore -> portable) * remove dependency Microsoft.IdentityModel.Tokens Co-authored-by: Beisi Zhou <zhoubeisi@gmail.com> Co-authored-by: Yeming Liu <yeliu@microsoft.com> Co-authored-by: Beisi Zhou <zazbs@qq.com> Co-authored-by: Dingmeng Xue <dixue@microsoft.com>

BethanyZhou and others added 7 commits August 7, 2020 11:14

Record scenario test for Managed Hsm (#12631)

206674d

* Record scenario tests for managed hsm * add default parameter set for * Re-record scenario tests.

[KeyVault] Update to official SDK (#12767)

8267d73

* local 3.1.0 sdk * Use production key vault mgmt sdk * remove security domain from format xml

combine track 1&2 sdk (#13018)

063d567

* combine track 1&2 sdk * update azure.core to 1.5.0 * add exception; revert addkeyvaultkey * add dll to psd1 * fix exception

Detach managed hsm from key vault command (#13187)

4992ff8

* get managed hsm * new managed hsm * remove managed hsm * update help.md * update managed hsm * add online version for new help.md * Convert mhsm test to liveonly * add test record

Limit KeyType to be required only when create managed HSM key (#13242)

70394c9

* limit KeyType to be required only when create managed HSM key * add pester test

azuresdkci added the needs-review label Oct 19, 2020

BethanyZhou and others added 2 commits October 19, 2020 16:39

Merge branch 'master' into bez/managedHsm

5f93519

BethanyZhou changed the title ~~Bez/managed hsm~~ Support managed Hsm management plane, date plane, security domain, full-backup and RBAC model2 Oct 19, 2020

BethanyZhou and others added 2 commits October 19, 2020 18:10

remove pfx file

24637d2

full backup restore + rbac (#13261)

7c90a10

Co-authored-by: Yeming Liu <yeliu@microsoft.com>

isra-fel marked this pull request as ready for review October 19, 2020 11:06

isra-fel requested review from MS-syh2qs, Sandido, bilaakpan-ms, dkulkarni-ms, grizzlytheodore, haagha and madewithsmiles as code owners October 19, 2020 11:06

isra-fel removed request for MS-syh2qs, Sandido, bilaakpan-ms, dkulkarni-ms, grizzlytheodore, haagha and madewithsmiles October 19, 2020 12:27

isra-fel changed the title ~~Support managed Hsm management plane, date plane, security domain, full-backup and RBAC model2~~ [KeyVault] Managed HSM Oct 19, 2020

isra-fel force-pushed the bez/managedHsm branch from 892f285 to 18213a8 Compare October 19, 2020 13:14

isra-fel force-pushed the bez/managedHsm branch 2 times, most recently from f5be023 to 1982c40 Compare October 19, 2020 16:03

small fixes

56eade0

changelog; azure.core; sdk version; online version; breaking change csv; shared assembly conflict; failed tests;

isra-fel force-pushed the bez/managedHsm branch from 1982c40 to 56eade0 Compare October 19, 2020 16:10

BethanyZhou requested a review from MikhailTryakhov as a code owner October 19, 2020 16:10

BethanyZhou removed the request for review from MikhailTryakhov October 19, 2020 17:22

isra-fel added 3 commits October 20, 2020 13:59

Merge branch 'master' into bez/managedHsm

2449bc5

license of BouncyCastle.NetCore

46aa855

remove local feed

0202c83

erich-wang merged commit 12b7118 into master Oct 20, 2020

isra-fel deleted the bez/managedHsm branch October 21, 2020 02:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[KeyVault] Managed HSM #13259

[KeyVault] Managed HSM #13259

Uh oh!

BethanyZhou commented Oct 19, 2020 •

edited by isra-fel

Loading

Uh oh!

BethanyZhou commented Oct 19, 2020

Uh oh!

azure-pipelines bot commented Oct 19, 2020

Uh oh!

isra-fel commented Oct 20, 2020

Uh oh!

azure-pipelines bot commented Oct 20, 2020

Uh oh!

erich-wang commented Oct 20, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

[KeyVault] Managed HSM #13259

[KeyVault] Managed HSM #13259

Uh oh!

Conversation

BethanyZhou commented Oct 19, 2020 • edited by isra-fel Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Checklist

Uh oh!

BethanyZhou commented Oct 19, 2020

Uh oh!

azure-pipelines bot commented Oct 19, 2020

Uh oh!

isra-fel commented Oct 20, 2020

Uh oh!

azure-pipelines bot commented Oct 20, 2020

Uh oh!

erich-wang commented Oct 20, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

BethanyZhou commented Oct 19, 2020 •

edited by isra-fel

Loading