Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement KeyVault features in KeyVault provider for functional parity #6155

Open
maddieclayton opened this issue May 8, 2018 · 2 comments
Labels
Azure PS Team feature-request This issue requires a new behavior in the product in order be resolved.
Milestone

Comments

@maddieclayton
Copy link
Contributor

Finish implementing KeyVault features in KeyVault provider:

Implemented

Vaults

Get-AzureRmKeyVault

Get-AzureRmKeyVault
Get-ChildItem -Path mykv:
Get-AzureRmKeyVault -Tag @{"a"="b"}
Get-ChildItem -Path mykv: -Tag @{"a"="b"}
Get-AzureRmKeyVault -VaultName mvault
Get-Item -Path mykv:/mvault

New-AzureRmKeyVault

New-AzureRmKeyVault -Name mvault -ResourceGroupName maddie1 -Location westus -EnableSoftDelete
New-Item -Path mykv:/mvault -ResourceGroupName maddie1 -Location westus -EnableSoftDelete

Remove-AzureRmKeyVault

Remove-AzureRmKeyVault -VaultName mvault
Remove-Item -Path mykv:/mvault

Set/Remove-AzureRmKeyVaultAccessPolicy (ForVault parameter set)

Remove-AzureRmKeyVaultAccessPolicy -EnabledForDeployment
Set-Item -Path mykv:/mvault -EnabledForDeployment $false
Set-AzureRmKeyVaultAccessPolicy -EnabledForDeployment
Set-Item -Path mykv:/mvault -EnabledForDeployment $true

Certificates

Add-AzureKeyVaultCertificate

Add-AzureKeyVaultCertificate -VaultName mvault -Name cert1 -CertificatePolicy $certPolicy
New-Item -Path mykv:/mvault/Certificates/cert1 -CertificatePolicy $certPolicy

Get-AzureKeyVaultCertificate

Get-AzureKeyVaultCertificate -VaultName mvault
Get-ChildItem -Path mykv:/mvault/Certificates
Get-AzureKeyVaultCertificate -VaultName mvault -Name cert1
Get-Item -Path mykv:/mvault/Certificates/cert1 (gets all properties except X509Certificate2)
Get-Content -Path mykv:/mvault/Certificates/cert1 (get X509Certificate2)
Get-AzureKeyVaultCertificate -VaultName mvault -Name cert1 -IncludeVersions
Get-Item -Path mykv:/mvault/Certificates/cert1 -IncludeVersions
Get-AzureKeyVaultCertificate -VaultName mvault -Name cert1 -Version 123
Get-Item -Path mykv:/mvault/Certificates/cert1 -Version 123

Remove-AzureKeyVaultCertificate

Remove-AzureKeyVaultCertificate -VaultName mvault -Name cert1
Remove-Item -Path mykv:/mvault/Certificates/cert1

Update-AzureKeyVaultCertificate

Update-AzureKeyVaultCertificate -VaultName mvault -Name cert1 -Enable
Set-Item -Path mykv:/mvault/Certificates/cert1 -Enable

Keys

Add-AzureKeyVaultKey

Add-AzureKeyVaultKey -VaultName mvault -Name key1 -Destination Software
New-Item -Path mykv:/mvault/Keys/key1 -Destination Software

Get-AzureKeyVaultKey

Get-AzureKeyVaultKey -VaultName mvault
Get-ChildItem -Path mykv:/mvault/Keys
Get-AzureKeyVaultKey -VaultName mvault -Name key1
Get-Item -Path mykv:/mvault/Keys/key1 (gets all properties by JsonWebKey)
Get-Content -Path mykv:/mvault/Keys/key1 (gets JsonWebKey)
Get-AzureKeyVaultKey -VaultName mvault -Name key1 -IncludeVersions
Get-Item -Path mykv:/mvault/Keys/key1 -IncludeVersions
Get-AzureKeyVaultKey -VaultName mvault -Name key1 -Version 123
Get-Item -Path mykv:/mvault/Keys/key1 -Version 123

Remove-AzureKeyVaultKey

Remove-AzureKeyVaultKey -VaultName mvault -Name key1
Remove-Item -Path mykv:/mvault/Keys/key1

Update-AzureKeyVaultKey

Update-AzureKeyVaultKey -VaultName mvault -Name key1 -Enable
Set-Item -Path mykv:/mvault/Keys/key1 -Enable

Secrets

Get-AzureKeyVaultSecret

Get-AzureKeyVaultSecret -VaultName mvault
Get-ChildItem -Path mykv:/mvault/Secrets
Get-AzureKeyVaultSecret -VaultName mvault -Name secret1
Get-Item -Path mykv:/mvault/Secrets/secret1 (gets all properties except for SecretValue)
Get-Item -Path mykv:/mvault/Secrets/secret1 (returns SecretValueText)
Get-AzureKeyVaultSecret -VaultName mvault -Name secret1 -IncludeVersions
Get-Item -Path mykv:/mvault/Secrets/secret1 -IncludeVersions
Get-AzureKeyVaultSecret -VaultName mvault -Name secret1 -Version 123
Get-Item -Path mykv:/mvault/Secrets/secret1 -Version 123

Remove-AzureKeyVaultSecret

Remove-AzureKeyVaultSecret -VaultName mvault -Name secret1
Remove-Item -Path mykv:/mvault/Secrets/secret1

Set-AzureKeyVaultSecret

Set-AzureKeyVaultSecret -VaultName mvault -Name secret1 -SecretValue <SecureString>
New-Item -Path mykv:/mvault/Secrets/secret1 -SecretValue <SecureString>

Update-AzureKeyVaultSecret

Update-AzureKeyVaultSecret -VaultName mvault -Name secret1 -Enable
Set-Item -Path mykv:/mvault/Secrets/secret1 -Enable

Access Policies

Remove-AzureRmKeyVaultAccessPolicy

Remove-AzureRmKeyVaultAccessPolicy -VaultName mvault -EmailAddress [email protected]
Remove-Item -Path mykv:/mvault/AccessPolicies/<objectID>

Set-AzureRmKeyVaultAccessPolicy

Set-AzureRmKeyVaultAccessPolicy -VaultName mvault -EmailAddress [email protected]
New-Item -Path mykv:/mvault/AccessPolicies/<name will always be objectId> -EmailAddress [email protected]
Set-AzureRmKeyVaultAccessPolicy -VaultName mvault -EmailAddress [email protected] -PermissionToSecrets get, create, list
Set-Item -Path mykv:/mvault/AccessPolicies/<objectId> -PermissionsToSecrets get, create, list

Not Implemented

Certificate Contacts

Add-AzureKeyVaultCertificateContact

Add-AzureKeyVaultCertificateContact -VaultName mvault -EmailAddress [email protected]
New-Item -Path mykv:/mvault/CertificateContacts/[email protected]

Get-AzureKeyVaultCertificateContact

Get-AzureKeyVaultCertificateContact -VaultName mvault
Get-ChildItem -Path mykv:/mvault/CertificateContact

Remove-AzureKeyVaultCertificateContact

Remove-AzureKeyVaultCertificateContact -VaultName mvault -EmailAddress [email protected]
Remove-Item -Path mykv:/mvault/CertificateContacts/[email protected]

ManagedStorageAccounts

Add-AzureKeyVaultManagedStorageAccount

Add-AzureKeyVaultManagedStorageAccount -VaultName mvault -AccountName storageAccount -AccountResourceId $resourceId -ActiveKeyName key1 -RegenerationPeriod $regenerationPeriod
New-Item -Path mykv:/mvault/ManagedStorageAccounts/storageAccount -AccountResourceId $resourceId -ActiveKeyName key1 -RegenerationPeriod $regenerationPeriod

Get-AzureKeyVaultManagedStorageAccount

Get-AzureKeyVaultManagedStorageAccount -VaultName mvault
Get-ChildItem -Path mykv:/mvault/ManagedStorageAccounts
Get-AzureKeyVaultManagedStorageAccount -VaultName mvault -Name account1
Get-Item -Path mykv:/mvault/ManagedStorageAccounts/account1

Remove-AzureKeyVaultManagedStorageAccount

Remove-AzureKeyVaultManagedStorageAccount -VaultName mvault -AccountName account1
Remove-Item -Path mykv:/mvault/ManagedStorageAccounts/account1

Update-AzureKeyVaultManagedStorageAccount

Update-AzureKeyVaultManagedStorageAccount -VaultName mvault -AccountName account1 -Enable
Set-Item -Path mykv:/mvault/ManagedStorageAccounts/account1 -Enable

ManagedStorageSasDefinition

Get-AzureKeyVaultManagedStorageSasDefinition

Get-AzureKeyVaultManagedStorageSasDefinition -VaultName mvault -AccountName storageAccount
Get-ChildItem -Path mykv:/mvault/ManagedStorageAccounts/storageAccount
Get-AzureKeyVaultManagedStorageSasDefinition -VaultName mvault -AccountName storageAccount -Name definition1
Get-Item -Path mykv:/mvault/ManagedStorageAccounts/storageAccount/definition1

Remove-AzureKeyVaultManagedStorageSasDefinition

Remove-AzureKeyVaultManagedStorageSasDefinition -VaultName mvault -AccountName account1 -Name definition
Remove-Item -Path mykv:/mvault/ManagedStorageAccounts/account1/definition

Set-AzureKeyVaultManagedStorageSasDefinition (other parameter sets?)

Set-AzureKeyVaultManagedStorageSasDefinition -VaultName mvault -AccountName account1 -Name definition1 -TemplateUri $templateUri -SasType type1
New-Item -Path mykv:/mvault/ManagedStorageAccounts/account1/definition1 -TemplateUri $templateUri -SasType type1

Certificate Issuers

Get-AzureKeyVaultCertificateIssuer

Get-AzureKeyVaultCertificateIssuer -VaultName mvault
Get-ChildItem -Path mykv:/mvault/CertificateIssuers
Get-AzureKeyVaultCertificateIssuer -VaultName mvault -Name issuer1
Get-Item -Path mykv:/mvault/CertificateIssuers/issuer1

Remove-AzureKeyVaultCertificateIssuer

Remove-AzureKeyVaultCertificateIssuer -VaultName mvault -Name issuer1
Remove-Item -Path mykv:/mvault/CertificateIssuers/issuer1

Set-AzureKeyVaultCertificateIssuer

Set-AzureKeyVaultCertificateIssuer -VaultName mvault -Name issuer1 -IssuerProvider test
New-Item -Path mykv:/mvault/CertificateIssuers/issuer1 -IssuerProvider test

No implementation details

Deleted Certificates, Keys, ManagedStorageAccounts, Vaults, and Secrets

Get-AzureRmKeyVault -InRemovedState

Remove-AzureRmKeyVault -InRemovedState

Undo-AzureRmKeyVaultRemoval

Get-AzureKeyVaultCertificate -InRemovedState

Remove-AzureKeyVaultCertificate -InRemovedState

Undo-AzureKeyVaultCertificateRemoval

Get-AzureKeyVaultKey -InRemovedState

Remove-AzureKeyVaultKey -InRemovedState

Undo-AzureKeyVaultKeyRemoval

Get-AzureKeyVaultManagedStorageAccount -InRemovedState

Remove-AzureKeyVaultManagedStorageAccount -InRemovedState

Undo-AzureKeyVaultManagedStorageAccountRemoval

Get-AzureKeyVaultManagedStorageSasDefinition -InRemovedState

Undo-AzureKeyVaultManagedStorageSasDefinitionRemoval

Get-AzureKeyVaultSecret -InRemovedState

Remove-AzureKeyVaultSecret -InRemovedState

Undo-AzureKeyVaultSecretRemoval

Backup

Backup-AzureKeyVaultKey

Backup-AzureKeyVaultSecret

Backup-AzureKeyVaultCertificate

Backup-AzureKeyVaultManagedStorageAccount

Restore

Restore-AzureKeyVaultCertificate

Restore-AzureKeyVaultKey

Restore-AzureKeyVaultManagedStorageAccount

Restore-AzureKeyVaultSecret

Import

Import-AzureKeyVaultCertificate

Certificate Operations

Get-AzureKeyVaultCertificateOperation

Remove-AzureKeyVaultCertificateOperation

Stop-AzureKeyVaultCertificateOperation

Certificate Policies

Get-AzureKeyVaultCertificatePolicy

Set-AzureKeyVaultCertificatePolicy

Network Rules

Add-AzureRmKeyVaultNetworkRule

Remove-AzureRmKeyVaultNetworkRule

Update-AzureRmKeyVaultNetworkRule

In memory creation

New-AzureKeyVaultCertificateAdministratorDetails

New-AzureKeyVaultCertificateOrganizationDetails

New-AzureKeyVaultCertificatePolicy

Other

Update-AzureKeyVaultManagedStorageAccountKey

@maddieclayton
Copy link
Contributor Author

Related issues: #6152, #6154

@maddieclayton maddieclayton added this to the Backlog milestone May 10, 2018
@maddieclayton maddieclayton removed their assignment Apr 16, 2019
@maddieclayton
Copy link
Contributor Author

Branch with provider code: https://github.com/Azure/azure-powershell/tree/KVprov1

@RakeshMohanMSFT RakeshMohanMSFT added the feature-request This issue requires a new behavior in the product in order be resolved. label Oct 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Azure PS Team feature-request This issue requires a new behavior in the product in order be resolved.
Projects
None yet
Development

No branches or pull requests

2 participants