mgmt, support convenience API for publicNetworkAccess in Vault

sdk/resourcemanager/azure-resourcemanager-keyvault/CHANGELOG.md

@@ -4,11 +4,7 @@
 
 ### Features Added
 
-### Breaking Changes
-
-### Bugs Fixed
-
-### Other Changes
+- Supported disabling public network access in `Vault` via `disablePublicNetworkAccess()`, for private link feature.
 
 ## 2.36.0 (2024-02-29)
 

sdk/resourcemanager/azure-resourcemanager-keyvault/assets.json

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "java",
   "TagPrefix": "java/resourcemanager/azure-resourcemanager-keyvault",
-  "Tag": "java/resourcemanager/azure-resourcemanager-keyvault_a24b8fea25"
+  "Tag": "java/resourcemanager/azure-resourcemanager-keyvault_1a7324e6c1"
 }

sdk/resourcemanager/azure-resourcemanager-keyvault/src/main/java/com/azure/resourcemanager/keyvault/implementation/VaultImpl.java

@@ -25,6 +25,7 @@
 import com.azure.resourcemanager.keyvault.models.NetworkRuleSet;
 import com.azure.resourcemanager.keyvault.models.PrivateEndpointServiceConnectionStatus;
 import com.azure.resourcemanager.keyvault.models.PrivateLinkServiceConnectionState;
+import com.azure.resourcemanager.keyvault.models.PublicNetworkAccess;
 import com.azure.resourcemanager.keyvault.models.Secrets;
 import com.azure.resourcemanager.keyvault.models.Sku;
 import com.azure.resourcemanager.keyvault.models.SkuFamily;
@@ -173,6 +174,13 @@ public boolean roleBasedAccessControlEnabled() {
         return ResourceManagerUtils.toPrimitiveBoolean(innerModel().properties().enableRbacAuthorization());
     }
 
+    @Override
+    public PublicNetworkAccess publicNetworkAccess() {
+        return (innerModel().properties() == null || innerModel().properties().publicNetworkAccess() == null)
+            ? null
+            : PublicNetworkAccess.fromString(innerModel().properties().publicNetworkAccess());
+    }
+
     @Override
     public boolean enabledForDeployment() {
         if (innerModel().properties() == null) {
@@ -415,6 +423,24 @@ public NetworkRuleSet networkRuleSet() {
         return innerModel().properties().networkAcls();
     }
 
+    @Override
+    public VaultImpl enablePublicNetworkAccess() {
+        if (innerModel().properties() == null) {
+            innerModel().withProperties(new VaultProperties());
+        }
+        this.innerModel().properties().withPublicNetworkAccess(PublicNetworkAccess.ENABLED.toString());
+        return this;
+    }
+
+    @Override
+    public VaultImpl disablePublicNetworkAccess() {
+        if (innerModel().properties() == null) {
+            innerModel().withProperties(new VaultProperties());
+        }
+        this.innerModel().properties().withPublicNetworkAccess(PublicNetworkAccess.DISABLED.toString());
+        return this;
+    }
+
     @Override
     public VaultImpl withAccessFromAllNetworks() {
         if (innerModel().properties().networkAcls() == null) {

sdk/resourcemanager/azure-resourcemanager-keyvault/src/main/java/com/azure/resourcemanager/keyvault/models/Vault.java

@@ -62,6 +62,13 @@ public interface Vault
      */
     boolean roleBasedAccessControlEnabled();
 
+    /**
+     * Whether the vault can be accessed from public network.
+     *
+     * @return whether the vault can be accessed from public network.
+     */
+    PublicNetworkAccess publicNetworkAccess();
+
     /**
      * @return whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key
      *     vault.
@@ -166,6 +173,12 @@ interface WithAccessPolicy {
 
         /** A key vault definition allowing the networkAcl to be set. */
         interface WithNetworkRuleSet {
+            /**
+             * Disables public network access for the vault, for private link feature.
+             *
+             * @return the next stage of the definition
+             */
+            WithCreate disablePublicNetworkAccess();
 
             /**
              * Specifies that by default access to key vault should be allowed from all networks.
@@ -362,6 +375,19 @@ interface WithAccessPolicy {
 
         /** A key vault update allowing the NetworkRuleSet to be set. */
         interface WithNetworkRuleSet {
+            /**
+             * Enables public network access for the vault.
+             *
+             * @return the next stage of the update
+             */
+            Update enablePublicNetworkAccess();
+
+            /**
+             * Disables public network access for the vault, for private link feature.
+             *
+             * @return the next stage of the update
+             */
+            Update disablePublicNetworkAccess();
 
             /**
              * Specifies that by default access to key vault should be allowed from all networks.

sdk/resourcemanager/azure-resourcemanager-keyvault/src/test/java/com/azure/resourcemanager/keyvault/VaultTests.java

@@ -11,6 +11,7 @@
 import com.azure.resourcemanager.keyvault.models.CertificatePermissions;
 import com.azure.resourcemanager.keyvault.models.KeyPermissions;
 import com.azure.resourcemanager.keyvault.models.NetworkRuleBypassOptions;
+import com.azure.resourcemanager.keyvault.models.PublicNetworkAccess;
 import com.azure.resourcemanager.keyvault.models.SecretPermissions;
 import com.azure.resourcemanager.keyvault.models.Vault;
 import com.azure.core.management.Region;
@@ -282,6 +283,26 @@ public void canEnableSoftDeleteAndPurge() throws InterruptedException {
         }
     }
 
+    @Test
+    public void canDisablePublicNetworkAccess() {
+        Vault vault = keyVaultManager.vaults().define(vaultName)
+            .withRegion(Region.US_WEST)
+            .withNewResourceGroup(rgName)
+            .withEmptyAccessPolicy()
+            .disablePublicNetworkAccess()
+            .create();
+
+        Assertions.assertEquals(PublicNetworkAccess.DISABLED, vault.publicNetworkAccess());
+        Assertions.assertEquals(PublicNetworkAccess.DISABLED, keyVaultManager.vaults().getById(vault.id()).publicNetworkAccess());
+
+        vault.update()
+            .enablePublicNetworkAccess()
+            .apply();
+
+        Assertions.assertEquals(PublicNetworkAccess.ENABLED, vault.publicNetworkAccess());
+        Assertions.assertEquals(PublicNetworkAccess.ENABLED, keyVaultManager.vaults().getById(vault.id()).publicNetworkAccess());
+    }
+
     private void assertVaultDeleted(String name, String location) {
         boolean deleted = false;
         try {

sdk/resourcemanager/azure-resourcemanager/assets.json

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "java",
   "TagPrefix": "java/resourcemanager/azure-resourcemanager",
-  "Tag": "java/resourcemanager/azure-resourcemanager_e04fb35c26"
+  "Tag": "java/resourcemanager/azure-resourcemanager_b75c83930c"
 }

sdk/resourcemanager/azure-resourcemanager/src/test/java/com/azure/resourcemanager/PrivateLinkTests.java

@@ -377,6 +377,7 @@ public void testPrivateEndpointVault() {
             .withRegion(region)
             .withNewResourceGroup(rgName)
             .withEmptyAccessPolicy()
+            .disablePublicNetworkAccess()
             .create();
 
         validatePrivateLinkResource(vault, subResourceName.toString());