From 803f9618e424b97e7e0e37bc9875994959e00007 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Fri, 25 Sep 2020 13:36:59 +0800 Subject: [PATCH 01/14] create managed hsm key --- src/KeyVault/KeyVault/Az.KeyVault.psd1 | 1 + .../Commands/AddAzureManagedHsmKey.cs | 246 ++++++++++++++++++ 2 files changed, 247 insertions(+) create mode 100644 src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1 index bcca888d0273..af13e8e32a82 100644 --- a/src/KeyVault/KeyVault/Az.KeyVault.psd1 +++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1 @@ -94,6 +94,7 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate', 'Backup-AzKeyVaultKey', 'Get-AzKeyVaultKey', 'Get-AzKeyVaultSecret', 'Undo-AzKeyVaultKeyRemoval', 'Undo-AzKeyVaultSecretRemoval', 'Add-AzKeyVaultKey', 'Remove-AzKeyVaultKey', 'Update-AzKeyVault', + 'Add-AzManagedHsmKey', 'New-AzKeyVaultNetworkRuleSetObject', 'Remove-AzKeyVaultSecret', 'Restore-AzKeyVaultKey', 'Update-AzKeyVaultKey', 'Set-AzKeyVaultSecret', 'Update-AzKeyVaultSecret', diff --git a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs new file mode 100644 index 000000000000..c418204d3342 --- /dev/null +++ b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs @@ -0,0 +1,246 @@ +using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using Microsoft.Azure.Management.Internal.Resources.Utilities.Models; +using System; +using System.Collections; +using Microsoft.Azure.Commands.KeyVault.Properties; +using System.Linq; +using System.Management.Automation; +using System.Security; +using System.Text; + +namespace Microsoft.Azure.Commands.KeyVault.Commands +{ /// + /// Create a new key in managed hsm. This cmdlet supports the following types of key creation. + /// 1. Create a key with default key attributes + /// 2. Create a key with given key attributes + /// 3. Create a key by importing key material with default key attributes + /// 4 .Create a key by importing key material with given key attributes + /// + [Cmdlet("Add", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = InteractiveCreateParameterSet)] + [OutputType(typeof(PSManagedHsm))] + public class AddAzureManagedHsmKey : KeyVaultCmdletBase + { + #region Parameter Set Names + + private const string InteractiveCreateParameterSet = "InteractiveCreate"; + private const string InputObjectCreateParameterSet = "InputObjectCreate"; + private const string ResourceIdCreateParameterSet = "ResourceIdCreate"; + private const string InteractiveImportParameterSet = "InteractiveImport"; + private const string InputObjectImportParameterSet = "InputObjectImport"; + private const string ResourceIdImportParameterSet = "ResourceIdImport"; + + #endregion + + #region Input Parameter Definitions + + /// + /// Vault name + /// + [Parameter(Mandatory = true, + ParameterSetName = InteractiveCreateParameterSet, + Position = 0, + HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + [Parameter(Mandatory = true, + ParameterSetName = InteractiveImportParameterSet, + Position = 0, + HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] + [ValidateNotNullOrEmpty] + public string VaultName { get; set; } + + [Parameter(Mandatory = true, + ParameterSetName = InputObjectCreateParameterSet, + Position = 0, + ValueFromPipeline = true, + HelpMessage = "Vault object.")] + [Parameter(Mandatory = true, + ParameterSetName = InputObjectImportParameterSet, + Position = 0, + ValueFromPipeline = true, + HelpMessage = "Vault object.")] + [ValidateNotNullOrEmpty] + public PSManagedHsm InputObject { get; set; } + + [Parameter(Mandatory = true, + ParameterSetName = ResourceIdCreateParameterSet, + Position = 0, + ValueFromPipelineByPropertyName = true, + HelpMessage = "Vault Resource Id.")] + [Parameter(Mandatory = true, + ParameterSetName = ResourceIdImportParameterSet, + Position = 0, + ValueFromPipelineByPropertyName = true, + HelpMessage = "Vault Resource Id.")] + [ValidateNotNullOrEmpty] + public string ResourceId { get; set; } + + /// + /// key name + /// + [Parameter(Mandatory = true, + Position = 1, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [ValidateNotNullOrEmpty] + [Alias(Constants.KeyName)] + public string Name { get; set; } + + /// + /// Path to the local file containing to-be-imported key material. + /// The supported suffix are: + /// 1. byok + /// 2. pfx + /// + [Parameter(Mandatory = true, + ParameterSetName = InteractiveImportParameterSet, + HelpMessage = "Path to the local file containing the key material to be imported.")] + [Parameter(Mandatory = true, + ParameterSetName = InputObjectImportParameterSet, + HelpMessage = "Path to the local file containing the key material to be imported.")] + [Parameter(Mandatory = true, + ParameterSetName = ResourceIdImportParameterSet, + HelpMessage = "Path to the local file containing the key material to be imported.")] + [ValidateNotNullOrEmpty] + public string KeyFilePath { get; set; } + + /// + /// Password of the imported file. + /// Required for pfx file + /// + [Parameter(Mandatory = false, + ParameterSetName = InteractiveImportParameterSet, + HelpMessage = "Password of the local file containing the key material to be imported.")] + [Parameter(Mandatory = false, + ParameterSetName = InputObjectImportParameterSet, + HelpMessage = "Password of the local file containing the key material to be imported.")] + [Parameter(Mandatory = false, + ParameterSetName = ResourceIdImportParameterSet, + HelpMessage = "Password of the local file containing the key material to be imported.")] + [ValidateNotNullOrEmpty] + public SecureString KeyFilePassword { get; set; } + + /// + /// key type + /// + [Parameter(Mandatory = true, + HelpMessage = "Specifies the key type of this key.")] + [ValidateSet("RSA", "RsaHsm", "EC", "EcHsm", "OCT")] + public string KeyType { get; set; } + + /// + /// curve name + /// + [Parameter(Mandatory = false, + HelpMessage = "Specifies the curve name of elliptic curve cryptography, this value is valid when KeyType is EC.")] + [ValidateSet("P-256", "P-256K", "P-384", "P-521")] + public string CurveName { get; set; } + + /// + /// Set key in disabled state if present + /// + [Parameter(Mandatory = false, + HelpMessage = "Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.")] + public SwitchParameter Disable { get; set; } + + /// + /// Key operations + /// + [Parameter(Mandatory = false, + HelpMessage = "The operations that can be performed with the key. If not present, all operations can be performed.")] + public string[] KeyOps { get; set; } + + /// + /// Key expires time in UTC time + /// + [Parameter(Mandatory = false, + HelpMessage = "Specifies the expiration time of the key in UTC. If not specified, key will not expire.")] + public DateTime? Expires { get; set; } + + /// + /// The UTC time before which key can't be used + /// + [Parameter(Mandatory = false, + HelpMessage = "The UTC time before which the key can't be used. If not specified, there is no limitation.")] + public DateTime? NotBefore { get; set; } + + /// + /// Key tags + /// + [Parameter(Mandatory = false, + HelpMessage = "A hashtable representing key tags.")] + [Alias(Constants.TagsAlias)] + public Hashtable Tag { get; set; } + + + [Parameter(Mandatory = false, + ParameterSetName = InputObjectCreateParameterSet, + HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")] + [Parameter(Mandatory = false, + ParameterSetName = InteractiveCreateParameterSet, + HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")] + [Parameter(Mandatory = false, + ParameterSetName = ResourceIdCreateParameterSet, + HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")] + public int? Size { get; set; } + #endregion + + public override void ExecuteCmdlet() + { + if (InputObject != null) + { + VaultName = InputObject.VaultName; + } + else if (ResourceId != null) + { + var resourceIdentifier = new ResourceIdentifier(ResourceId); + VaultName = resourceIdentifier.ResourceName; + } + + ValidateKeyExchangeKey(); + + if (ShouldProcess(Name, Properties.Resources.AddKey)) + { + PSKeyVaultKey keyBundle; + if (InputObject != null) + { + VaultName = InputObject.VaultName.ToString(); + } + + if (string.IsNullOrEmpty(KeyFilePath)) + { + keyBundle = this.Track2DataClient.CreateManagedHsmKey( + VaultName, + Name, + CreateKeyAttributes(), + Size, + CurveName); + } + else + { + throw new NotImplementedException(); + } + + this.WriteObject(keyBundle); + } + } + private void ValidateKeyExchangeKey() + { + if (KeyOps != null && KeyOps.Contains(Constants.KeyOpsImport)) + { + // "import" is exclusive, it cannot be combined with any other value(s). + if (KeyOps.Length > 1) { throw new ArgumentException(Resources.KeyOpsImportIsExclusive); } + } + } + + internal PSKeyVaultKeyAttributes CreateKeyAttributes() + { + return new Models.PSKeyVaultKeyAttributes( + !Disable.IsPresent, + Expires, + NotBefore, + KeyType, + KeyOps, + Tag); + } + } +} From 47171f6bb56d8cf18994b0627bd7d54330600ee1 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Sun, 27 Sep 2020 10:52:37 +0800 Subject: [PATCH 02/14] get managed hsm key --- src/KeyVault/KeyVault/Az.KeyVault.psd1 | 6 +- .../KeyVault/Commands/AddAzureKeyVaultKey.cs | 4 - .../Commands/AddAzureManagedHsmKey.cs | 45 ++- .../Commands/BackupAzureManagedHsmKey.cs | 115 +++++++ .../KeyVault/Commands/GetAzureKeyVaultKey.cs | 2 +- .../Commands/GetAzureManagedHsmKey.cs | 313 ++++++++++++++++++ .../Commands/RemoveAzureManagedHsmKey.cs | 109 ++++++ .../Commands/RestoreAzureManagedHsmKey.cs | 103 ++++++ .../Commands/UpdateAzureManagedHsmKey.cs | 146 ++++++++ .../Models/IKeyVaultDataServiceClient.cs | 14 +- .../Models/KeyVaultDataServiceClient.cs | 26 ++ .../KeyVault/Models/PSDeletedKeyVaultKey.cs | 34 ++ .../Models/PSKeyVaultKeyIdentityItem.cs | 18 + .../KeyVault/Properties/Resources.Designer.cs | 9 + .../KeyVault/Properties/Resources.resx | 3 + .../KeyVault/Track2Models/Track2HsmClient.cs | 177 +++++++++- .../Track2KeyVaultDataServiceClient.cs | 46 ++- .../Track2ModelConvertionExtensions.cs | 6 +- 18 files changed, 1139 insertions(+), 37 deletions(-) create mode 100644 src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs create mode 100644 src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs create mode 100644 src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs create mode 100644 src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs create mode 100644 src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1 index af13e8e32a82..55365f0567cb 100644 --- a/src/KeyVault/KeyVault/Az.KeyVault.psd1 +++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1 @@ -94,7 +94,8 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate', 'Backup-AzKeyVaultKey', 'Get-AzKeyVaultKey', 'Get-AzKeyVaultSecret', 'Undo-AzKeyVaultKeyRemoval', 'Undo-AzKeyVaultSecretRemoval', 'Add-AzKeyVaultKey', 'Remove-AzKeyVaultKey', 'Update-AzKeyVault', - 'Add-AzManagedHsmKey', + 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey', 'Remove-AzManagedHsmKey', + 'Update-AzManagedHsmKey', 'Backup-AzManagedHsmKey', 'Restore-AzManagedHsmKey', 'New-AzKeyVaultNetworkRuleSetObject', 'Remove-AzKeyVaultSecret', 'Restore-AzKeyVaultKey', 'Update-AzKeyVaultKey', 'Set-AzKeyVaultSecret', 'Update-AzKeyVaultSecret', @@ -124,7 +125,8 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate', # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export. AliasesToExport = 'Set-AzKeyVaultKey', 'Set-AzKeyVaultSecretAttribute', - 'Set-AzKeyVaultKeyAttribute', 'Set-AzKeyVaultCertificateAttribute' + 'Set-AzKeyVaultKeyAttribute', 'Set-AzKeyVaultCertificateAttribute', + 'Set-AzManagedHsmKey', 'Set-AzManagedHsmKeyAttribute' # DSC resources to export from this module # DscResourcesToExport = @() diff --git a/src/KeyVault/KeyVault/Commands/AddAzureKeyVaultKey.cs b/src/KeyVault/KeyVault/Commands/AddAzureKeyVaultKey.cs index d31dd9c92edd..b001b0da9c2b 100644 --- a/src/KeyVault/KeyVault/Commands/AddAzureKeyVaultKey.cs +++ b/src/KeyVault/KeyVault/Commands/AddAzureKeyVaultKey.cs @@ -232,10 +232,6 @@ public override void ExecuteCmdlet() if (ShouldProcess(Name, Properties.Resources.AddKey)) { PSKeyVaultKey keyBundle; - if (InputObject != null) - { - VaultName = InputObject.VaultName.ToString(); - } if (string.IsNullOrEmpty(KeyFilePath)) { diff --git a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs index c418204d3342..d52f358b4743 100644 --- a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs @@ -8,6 +8,8 @@ using System.Management.Automation; using System.Security; using System.Text; +using System.IO; +using Microsoft.Azure.KeyVault.WebKey; namespace Microsoft.Azure.Commands.KeyVault.Commands { /// @@ -40,14 +42,14 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase [Parameter(Mandatory = true, ParameterSetName = InteractiveCreateParameterSet, Position = 0, - HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] [Parameter(Mandatory = true, ParameterSetName = InteractiveImportParameterSet, Position = 0, - HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] - public string VaultName { get; set; } + public string HsmName { get; set; } [Parameter(Mandatory = true, ParameterSetName = InputObjectCreateParameterSet, @@ -124,7 +126,7 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase /// [Parameter(Mandatory = true, HelpMessage = "Specifies the key type of this key.")] - [ValidateSet("RSA", "RsaHsm", "EC", "EcHsm", "OCT")] + [ValidateSet("RSA", "EC", "oct")] public string KeyType { get; set; } /// @@ -188,12 +190,12 @@ public override void ExecuteCmdlet() { if (InputObject != null) { - VaultName = InputObject.VaultName; + HsmName = InputObject.VaultName; } else if (ResourceId != null) { var resourceIdentifier = new ResourceIdentifier(ResourceId); - VaultName = resourceIdentifier.ResourceName; + HsmName = resourceIdentifier.ResourceName; } ValidateKeyExchangeKey(); @@ -201,26 +203,25 @@ public override void ExecuteCmdlet() if (ShouldProcess(Name, Properties.Resources.AddKey)) { PSKeyVaultKey keyBundle; - if (InputObject != null) - { - VaultName = InputObject.VaultName.ToString(); - } if (string.IsNullOrEmpty(KeyFilePath)) { keyBundle = this.Track2DataClient.CreateManagedHsmKey( - VaultName, + HsmName, Name, CreateKeyAttributes(), Size, CurveName); + this.WriteObject(keyBundle); } - else - { - throw new NotImplementedException(); - } + /* else + { + *//* keyBundle = this.Track2DataClient.ImportManagedHsmKey( + HsmName, Name, + CreateKeyAttributes(), + CreateWebKeyFromFile());*//* + }*/ - this.WriteObject(keyBundle); } } private void ValidateKeyExchangeKey() @@ -242,5 +243,17 @@ internal PSKeyVaultKeyAttributes CreateKeyAttributes() KeyOps, Tag); } + + internal JsonWebKey CreateWebKeyFromFile() + { + FileInfo keyFile = new FileInfo(this.GetUnresolvedProviderPathFromPSPath(this.KeyFilePath)); + if (!keyFile.Exists) + { + throw new FileNotFoundException(string.Format(Resources.KeyFileNotFound, this.KeyFilePath)); + } + + var converterChain = WebKeyConverterFactory.CreateConverterChain(); + return converterChain.ConvertKeyFromFile(keyFile, KeyFilePassword); + } } } diff --git a/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs new file mode 100644 index 000000000000..bfd3753b4048 --- /dev/null +++ b/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs @@ -0,0 +1,115 @@ + +using System; +using System.Management.Automation; +using Microsoft.Azure.Commands.Common.Authentication; +using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Properties; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; + +namespace Microsoft.Azure.Commands.KeyVault +{ + /// + /// Requests that a backup of the specified key be downloaded and stored to a file + /// + /// + /// The cmdlet returns the path of the newly created backup file. + /// + [Cmdlet("Backup", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = ByKeyNameParameterSet)] + [OutputType(typeof(String))] + public class BackupAzureManagedHsmKey : KeyVaultCmdletBase + { + #region parameter sets + + private const string ByKeyNameParameterSet = "ByKeyName"; + private const string ByKeyObjectParameterSet = "ByKey"; + + #endregion + + #region Input Parameter Definitions + + /// + /// Vault name + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = ByKeyNameParameterSet, + HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + [ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")] + [ValidateNotNullOrEmpty] + public string VaultName { get; set; } + + /// + /// Key name + /// + [Parameter(Mandatory = true, + Position = 1, + ParameterSetName = ByKeyNameParameterSet, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [ValidateNotNullOrEmpty] + [Alias(Constants.KeyName)] + public string Name { get; set; } + + /// + /// KeyBundle object to be backed up. + /// + /// + /// Note that the backup applies to the entire family of a key (current and all its versions); + /// since a key bundle represents a single version, the intent of this parameter is to allow pipelining. + /// The backup cmdlet will use the Name and VaultName properties of the KeyBundle parameter. + /// + [Parameter(Mandatory = true, + Position = 0, + ValueFromPipeline = true, + ParameterSetName = ByKeyObjectParameterSet, + HelpMessage = "Key bundle to back up, pipelined in from the output of a retrieval call.")] + [ValidateNotNullOrEmpty] + [Alias("Key")] + public PSKeyVaultKeyIdentityItem InputObject { get; set; } + + /// + /// The output file in which the backup blob is to be stored + /// + [Parameter(Mandatory = false, + Position = 2, + HelpMessage = "Output file. The output file to store the backed up key blob in. If not present, a default filename is chosen.")] + [ValidateNotNullOrEmpty] + public string OutputFile { get; set; } + + /// + /// Instructs the cmdlet to overwrite the destination file, if it exists. + /// + [Parameter(Mandatory = false, + HelpMessage = "Overwrite the given file if it exists")] + public SwitchParameter Force { get; set; } + + #endregion Input Parameter Definition + + public override void ExecuteCmdlet() + { + if (InputObject != null) + { + Name = InputObject.Name; + VaultName = InputObject.VaultName; + } + + if (ShouldProcess(Name, Properties.Resources.BackupKey)) + { + if (string.IsNullOrEmpty(OutputFile)) + { + OutputFile = GetDefaultFileForOperation("backup", VaultName, Name); + } + + var filePath = this.GetUnresolvedProviderPathFromPSPath(OutputFile); + + // deny request if the file exists and overwrite is not authorized + if (!AzureSession.Instance.DataStore.FileExists(filePath) + || Force.IsPresent + || ShouldContinue(string.Format(Resources.FileOverwriteMessage, filePath), Resources.FileOverwriteCaption)) + { + var backupBlobPath = this.DataServiceClient.BackupKey(VaultName, Name, filePath); + this.WriteObject(backupBlobPath); + } + } + } + } +} \ No newline at end of file diff --git a/src/KeyVault/KeyVault/Commands/GetAzureKeyVaultKey.cs b/src/KeyVault/KeyVault/Commands/GetAzureKeyVaultKey.cs index 750b12221055..558766f89d81 100644 --- a/src/KeyVault/KeyVault/Commands/GetAzureKeyVaultKey.cs +++ b/src/KeyVault/KeyVault/Commands/GetAzureKeyVaultKey.cs @@ -206,7 +206,7 @@ public override void ExecuteCmdlet() if (InputObject != null) { - VaultName = InputObject.VaultName.ToString(); + VaultName = InputObject.VaultName; } else if (!string.IsNullOrEmpty(ResourceId)) { diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs new file mode 100644 index 000000000000..281b1f44b61b --- /dev/null +++ b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs @@ -0,0 +1,313 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.Common.Authentication; +using Microsoft.Azure.Commands.KeyVault.Helpers; +using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Properties; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using Microsoft.Azure.KeyVault.WebKey; +using Microsoft.Azure.Management.Internal.Resources.Utilities.Models; +using System.Linq; +using System.Management.Automation; + +namespace Microsoft.Azure.Commands.KeyVault +{ + [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", DefaultParameterSetName = ByVaultNameParameterSet)] + [OutputType(typeof(PSKeyVaultKeyIdentityItem), typeof(PSKeyVaultKey), typeof(PSDeletedKeyVaultKeyIdentityItem), typeof(PSDeletedKeyVaultKey))] + public class GetAzureManagedHsmKey : KeyVaultCmdletBase + { + + #region Parameter Set Names + + private const string ByVaultNameParameterSet = "ByVaultName"; + private const string ByKeyNameParameterSet = "ByKeyName"; + private const string ByKeyVersionsParameterSet = "ByKeyVersions"; + + private const string InputObjectByVaultNameParameterSet = "ByInputObjectVaultName"; + private const string InputObjectByKeyNameParameterSet = "ByInputObjectKeyName"; + private const string InputObjectByKeyVersionsParameterSet = "ByInputObjectKeyVersions"; + + private const string ResourceIdByVaultNameParameterSet = "ByResourceIdVaultName"; + private const string ResourceIdByKeyNameParameterSet = "ByResourceIdKeyName"; + private const string ResourceIdByKeyVersionsParameterSet = "ByResourceIdKeyVersions"; + + private readonly string[] _supportedTypesForDownload = new string[] { Constants.RSA, Constants.RSAHSM }; + + #endregion + + #region Input Parameter Definitions + + /// + /// Vault name + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = ByKeyNameParameterSet, + HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = ByVaultNameParameterSet, + HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = ByKeyVersionsParameterSet, + HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] + [ValidateNotNullOrEmpty] + public string VaultName { get; set; } + + /// + /// KeyVault object + /// + [Parameter(Mandatory = true, + Position = 0, + ValueFromPipeline = true, + ParameterSetName = InputObjectByVaultNameParameterSet, + HelpMessage = "KeyVault object.")] + [Parameter(Mandatory = true, + Position = 0, + ValueFromPipeline = true, + ParameterSetName = InputObjectByKeyNameParameterSet, + HelpMessage = "KeyVault object.")] + [Parameter(Mandatory = true, + Position = 0, + ValueFromPipeline = true, + ParameterSetName = InputObjectByKeyVersionsParameterSet, + HelpMessage = "KeyVault object.")] + [ValidateNotNullOrEmpty] + public PSKeyVaultKeyIdentityItem InputObject { get; set; } + + /// + /// KeyVault resource id + /// + [Parameter(Mandatory = true, + Position = 0, + ValueFromPipelineByPropertyName = true, + ParameterSetName = ResourceIdByVaultNameParameterSet, + HelpMessage = "KeyVault Resource Id.")] + [Parameter(Mandatory = true, + Position = 0, + ValueFromPipelineByPropertyName = true, + ParameterSetName = ResourceIdByKeyNameParameterSet, + HelpMessage = "KeyVault Resource Id.")] + [Parameter(Mandatory = true, + Position = 0, + ValueFromPipelineByPropertyName = true, + ParameterSetName = ResourceIdByKeyVersionsParameterSet, + HelpMessage = "KeyVault ResourceId.")] + [ValidateNotNullOrEmpty] + public string ResourceId { get; set; } + + /// + /// Key name. + /// + [Parameter(Mandatory = false, + ParameterSetName = ByVaultNameParameterSet, + Position = 1, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [Parameter(Mandatory = false, + ParameterSetName = InputObjectByVaultNameParameterSet, + Position = 1, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [Parameter(Mandatory = false, + ParameterSetName = ResourceIdByVaultNameParameterSet, + Position = 1, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [Parameter(Mandatory = true, + ParameterSetName = ByKeyNameParameterSet, + Position = 1, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [Parameter(Mandatory = true, + ParameterSetName = InputObjectByKeyNameParameterSet, + Position = 1, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [Parameter(Mandatory = true, + ParameterSetName = ResourceIdByKeyNameParameterSet, + Position = 1, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [Parameter(Mandatory = true, + ParameterSetName = ByKeyVersionsParameterSet, + Position = 1, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [Parameter(Mandatory = true, + ParameterSetName = InputObjectByKeyVersionsParameterSet, + Position = 1, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [Parameter(Mandatory = true, + ParameterSetName = ResourceIdByKeyVersionsParameterSet, + Position = 1, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [ValidateNotNullOrEmpty] + [Alias(Constants.KeyName)] + [SupportsWildcards] + public string Name { get; set; } + + /// + /// Key version. + /// + [Parameter(Mandatory = true, + ParameterSetName = ByKeyNameParameterSet, + Position = 2, + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")] + [Parameter(Mandatory = true, + ParameterSetName = InputObjectByKeyNameParameterSet, + Position = 2, + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")] + [Parameter(Mandatory = true, + ParameterSetName = ResourceIdByKeyNameParameterSet, + Position = 2, + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")] + [Alias("KeyVersion")] + public string Version { get; set; } + + [Parameter(Mandatory = false, + ParameterSetName = ByVaultNameParameterSet, + HelpMessage = "Specifies whether to show the previously deleted keys in the output.")] + [Parameter(Mandatory = false, + ParameterSetName = InputObjectByVaultNameParameterSet, + HelpMessage = "Specifies whether to show the previously deleted keys in the output.")] + [Parameter(Mandatory = false, + ParameterSetName = ResourceIdByVaultNameParameterSet, + HelpMessage = "Specifies whether to show the previously deleted keys in the output.")] + public SwitchParameter InRemovedState { get; set; } + + [Parameter(Mandatory = true, + ParameterSetName = ByKeyVersionsParameterSet, + HelpMessage = "Specifies whether to include the versions of the key in the output.")] + [Parameter(Mandatory = true, + ParameterSetName = InputObjectByKeyVersionsParameterSet, + HelpMessage = "Specifies whether to include the versions of the key in the output.")] + [Parameter(Mandatory = true, + ParameterSetName = ResourceIdByKeyVersionsParameterSet, + HelpMessage = "Specifies whether to include the versions of the key in the output.")] + public SwitchParameter IncludeVersions { get; set; } + + [Parameter(Mandatory = false, HelpMessage = "Specifies the output file for which this cmdlet saves the key. The public key is saved in PEM format by default.")] + [ValidateNotNullOrEmpty] + public string OutFile { get; set; } + + #endregion + + public override void ExecuteCmdlet() + { + PSKeyVaultKey keyBundle = null; + + if (InputObject != null) + { + VaultName = InputObject.VaultName; + } + else if (!string.IsNullOrEmpty(ResourceId)) + { + var parsedResourceId = new ResourceIdentifier(ResourceId); + VaultName = parsedResourceId.ResourceName; + } + + if (!string.IsNullOrEmpty(Version)) + { + // passed + keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, Version); + WriteObject(keyBundle); + } + else if (IncludeVersions) + { + // passed + keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, string.Empty); + if (keyBundle != null) + { + WriteObject(new PSKeyVaultKeyIdentityItem(keyBundle)); + GetAndWriteKeyVersions(VaultName, Name, keyBundle.Version); + } + } + else if (InRemovedState) + { + // to do: finish Remove-AzManagedHsmKey + if (string.IsNullOrEmpty(Name) || WildcardPattern.ContainsWildcardCharacters(Name)) + { + GetAndWriteDeletedKeys(VaultName, Name); + } + else + { + PSDeletedKeyVaultKey deletedKeyBundle = this.Track2DataClient.GetManagedHsmDeletedKey(VaultName, Name); + WriteObject(deletedKeyBundle); + } + } + else + { + // to do: figure out how to use class pageable + if (string.IsNullOrEmpty(Name) || WildcardPattern.ContainsWildcardCharacters(Name)) + { + GetAndWriteKeys(VaultName, Name); + } + else + { + // passed + keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, string.Empty); + WriteObject(keyBundle); + } + } + + // passed + if (!string.IsNullOrEmpty(OutFile) && keyBundle != null) + { + DownloadKey(keyBundle.Key, OutFile); + } + } + + private void GetAndWriteKeys(string vaultName, string name) => + GetAndWriteObjects(new KeyVaultObjectFilterOptions + { + VaultName = vaultName, + NextLink = null + }, + (options) => KVSubResourceWildcardFilter(name, this.Track2DataClient.GetManagedHsmKeys(options))); + + private void GetAndWriteDeletedKeys(string vaultName, string name) => + GetAndWriteObjects(new KeyVaultObjectFilterOptions + { + VaultName = vaultName, + NextLink = null + }, + (options) => KVSubResourceWildcardFilter(name, this.Track2DataClient.GetManagedHsmDeletedKeys(options))); + + private void GetAndWriteKeyVersions(string vaultName, string name, string currentKeyVersion) => + GetAndWriteObjects(new KeyVaultObjectFilterOptions + { + VaultName = vaultName, + NextLink = null, + Name = name + }, + (options) => this.Track2DataClient.GetManagedHsmKeyVersions(options).Where(k => k.Version != currentKeyVersion)); + + private void DownloadKey(JsonWebKey jwk, string path) + { + if (CanDownloadKey(jwk, out string reason)) + { + var pem = JwkHelper.ExportPublicKeyToPem(jwk); + AzureSession.Instance.DataStore.WriteFile(path, pem); + WriteDebug(string.Format(Resources.PublicKeySavedAt, path)); + } + else + { + WriteWarning(reason); + } + } + + private bool CanDownloadKey(JsonWebKey jwk, out string reason) + { + reason = string.Format(Resources.DownloadNotSupported, jwk.Kty); + return _supportedTypesForDownload.Contains(jwk.Kty); + } + } +} diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs new file mode 100644 index 000000000000..8fdf8b64c0e8 --- /dev/null +++ b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs @@ -0,0 +1,109 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.KeyVault.Models; +using System.Globalization; +using System.Management.Automation; +using Microsoft.Azure.Commands.KeyVault.Properties; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; + +namespace Microsoft.Azure.Commands.KeyVault +{ + [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = ByVaultNameParameterSet)] + [OutputType(typeof(PSDeletedKeyVaultKey))] + public class RemoveAzureManagedHsmKey : KeyVaultCmdletBase + { + #region Parameter Set Names + + private const string ByVaultNameParameterSet = "ByVaultName"; + private const string ByInputObjectParameterSet = "ByInputObject"; + + #endregion + + #region Input Parameter Definitions + + /// + /// Vault name + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = ByVaultNameParameterSet, + HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + [ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")] + [ValidateNotNullOrEmpty] + public string VaultName { get; set; } + + /// + /// key name + /// + [Parameter(Mandatory = true, + Position = 1, + ParameterSetName = ByVaultNameParameterSet, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [ValidateNotNullOrEmpty] + [Alias(Constants.KeyName)] + public string Name { get; set; } + + /// + /// KeyBundle object + /// + [Parameter(Mandatory = true, + Position = 0, + ValueFromPipeline = true, + ParameterSetName = ByInputObjectParameterSet, + HelpMessage = "Key Object")] + [ValidateNotNullOrEmpty] + public PSKeyVaultKeyIdentityItem InputObject { get; set; } + + /// + /// If present, do not ask for confirmation + /// + [Parameter(Mandatory = false, + HelpMessage = "Do not ask for confirmation.")] + public SwitchParameter Force { get; set; } + + [Parameter(Mandatory = false, + HelpMessage = "Cmdlet does not return an object by default. If this switch is specified, the cmdlet returns the key object that was deleted.")] + public SwitchParameter PassThru { get; set; } + + #endregion + public override void ExecuteCmdlet() + { + if (InputObject != null) + { + VaultName = InputObject.VaultName.ToString(); + Name = InputObject.Name.ToString(); + } + + PSDeletedKeyVaultKey deletedKeyBundle = null; + ConfirmAction( + Force.IsPresent, + string.Format( + CultureInfo.InvariantCulture, + Resources.RemoveKeyWarning, + Name), + string.Format( + CultureInfo.InvariantCulture, + Resources.RemoveKeyWhatIfMessage, + Name), + Name, + () => { deletedKeyBundle = DataServiceClient.DeleteKey(VaultName, Name); }); + + if (PassThru) + { + WriteObject(deletedKeyBundle); + } + } + } +} diff --git a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs new file mode 100644 index 000000000000..00cfef3e8c06 --- /dev/null +++ b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs @@ -0,0 +1,103 @@ +using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Properties; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using Microsoft.Azure.Management.Internal.Resources.Utilities.Models; +using System.IO; +using System.Management.Automation; + +namespace Microsoft.Azure.Commands.KeyVault +{ + /// + /// Restores the backup key into a vault + /// + [Cmdlet("Restore", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = ByVaultNameParameterSet)] + [OutputType(typeof(PSKeyVaultKey))] + public class RestoreAzureManagedHsmKey : KeyVaultCmdletBase + { + #region Parameter Set Names + + private const string ByVaultNameParameterSet = "ByVaultName"; + private const string ByInputObjectParameterSet = "ByInputObject"; + private const string ByResourceIdParameterSet = "ByResourceId"; + + #endregion + + #region Input Parameter Definitions + + /// + /// Vault name + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = ByVaultNameParameterSet, + HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + [ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")] + [ValidateNotNullOrEmpty] + public string VaultName { get; set; } + + /// + /// KeyVault object + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = ByInputObjectParameterSet, + ValueFromPipeline = true, + HelpMessage = "KeyVault object")] + [ValidateNotNullOrEmpty] + public PSKeyVaultKeyIdentityItem InputObject { get; set; } + + /// + /// KeyVault ResourceId + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = ByResourceIdParameterSet, + ValueFromPipelineByPropertyName = true, + HelpMessage = "KeyVault Resource Id")] + [ValidateNotNullOrEmpty] + public string ResourceId { get; set; } + + /// + /// The input file in which the backup blob is stored + /// + [Parameter(Mandatory = true, + Position = 1, + HelpMessage = "Input file. The input file containing the backed-up blob")] + [ValidateNotNullOrEmpty] + public string InputFile { get; set; } + + #endregion Input Parameter Definitions + + public override void ExecuteCmdlet() + { + if (InputObject != null) + { + VaultName = InputObject.VaultName; + } + else if (ResourceId != null) + { + var resourceIdentifier = new ResourceIdentifier(ResourceId); + VaultName = resourceIdentifier.ResourceName; + } + + if (ShouldProcess(VaultName, Properties.Resources.RestoreKey)) + { + var filePath = ResolveKeyVaultPath(InputFile); + + var restoredKeyBundle = this.DataServiceClient.RestoreKey(VaultName, filePath); + + this.WriteObject(restoredKeyBundle); + } + } + + private string ResolveKeyVaultPath(string filePath) + { + FileInfo keyFile = new FileInfo(this.ResolveUserPath(filePath)); + if (!keyFile.Exists) + { + throw new FileNotFoundException(string.Format(Resources.BackupKeyFileNotFound, filePath)); + } + return keyFile.FullName; + } + } +} \ No newline at end of file diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs new file mode 100644 index 000000000000..38e37b01f8ec --- /dev/null +++ b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs @@ -0,0 +1,146 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using System; +using System.Collections; +using System.Management.Automation; + +namespace Microsoft.Azure.Commands.KeyVault +{ + /// + /// Update attribute of a key vault key. + /// + [Alias("Set-" + ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", "Set-" + ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKeyAttribute")] + [Cmdlet("Update", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = DefaultParameterSet)] + [OutputType(typeof(PSKeyVaultKey))] + public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase + { + #region Parameter Set Names + + private const string DefaultParameterSet = "Default"; + private const string InputObjectParameterSet = "InputObject"; + + #endregion + + #region Input Parameter Definitions + + /// + /// Vault name + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = DefaultParameterSet, + HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + [ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")] + [ValidateNotNullOrEmpty] + public string VaultName { get; set; } + + /// + /// key name + /// + [Parameter(Mandatory = true, + Position = 1, + ParameterSetName = DefaultParameterSet, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [ValidateNotNullOrEmpty] + [Alias(Constants.KeyName)] + public string Name { get; set; } + + /// + /// key object + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = InputObjectParameterSet, + ValueFromPipeline = true, + HelpMessage = "Key object")] + [ValidateNotNullOrEmpty] + public PSKeyVaultKeyIdentityItem InputObject { get; set; } + + /// + /// Key version. + /// + [Parameter(Mandatory = false, + Position = 2, + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")] + [Alias("KeyVersion")] + public string Version { get; set; } + + /// + /// If present, enable a key if value is true. + /// Disable a key if value is false. + /// If not present, no change on current key enabled/disabled state. + /// + [Parameter(Mandatory = false, + HelpMessage = "Value of true enables the key and a value of false disabless the key. If not specified, the existing enabled/disabled state remains unchanged.")] + public bool? Enable { get; set; } + + /// + /// Key expires time in UTC time + /// + [Parameter(Mandatory = false, + HelpMessage = "The expiration time of a key in UTC time. If not specified, the existing expiration time of the key remains unchanged.")] + public DateTime? Expires { get; set; } + + /// + /// The UTC time before which key can't be used + /// + [Parameter(Mandatory = false, + HelpMessage = "The UTC time before which key can't be used. If not specified, the existing NotBefore attribute of the key remains unchanged.")] + public DateTime? NotBefore { get; set; } + + /// + /// Key operations + /// + [Parameter(Mandatory = false, + HelpMessage = "The operations that can be performed with the key. If not specified, the existing key operations of the key remain unchanged.")] + public string[] KeyOps { get; set; } + + [Parameter(Mandatory = false, + HelpMessage = "A hashtable represents key tags. If not specified, the existings tags of the key remain unchanged.")] + [Alias(Constants.TagsAlias)] + public Hashtable Tag { get; set; } + + [Parameter(Mandatory = false, + HelpMessage = "Cmdlet does not return an object by default. If this switch is specified, returns the updated key bundle object.")] + public SwitchParameter PassThru { get; set; } + + #endregion + + public override void ExecuteCmdlet() + { + if (InputObject != null) + { + VaultName = InputObject.VaultName; + Name = InputObject.Name; + } + + if (ShouldProcess(Name, Properties.Resources.SetKeyAttribute)) + { + var keyBundle = DataServiceClient.UpdateKey( + VaultName, + Name, + Version ?? string.Empty, + new PSKeyVaultKeyAttributes(Enable, Expires, NotBefore, null, KeyOps, Tag)); + + if (PassThru) + { + WriteObject(keyBundle); + } + } + } + } +} \ No newline at end of file diff --git a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs index 9999e00c5bdc..dc09d7d112de 100644 --- a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs @@ -19,6 +19,7 @@ using System.Security.Cryptography.X509Certificates; using Microsoft.Azure.KeyVault.Models; using Microsoft.Azure.KeyVault.WebKey; +using KeyProperties = Azure.Security.KeyVault.Keys.KeyProperties; namespace Microsoft.Azure.Commands.KeyVault.Models { @@ -34,14 +35,24 @@ public interface IKeyVaultDataServiceClient PSKeyVaultKey GetKey(string vaultName, string keyName, string keyVersion); - PSDeletedKeyVaultKey GetDeletedKey(string vaultName, string name); + PSKeyVaultKey GetManagedHsmKey(string vaultName, string keyName, string keyVersion); + + PSDeletedKeyVaultKey GetDeletedKey(string managedHsmName, string keyName); + + PSDeletedKeyVaultKey GetManagedHsmDeletedKey(string managedHsmName, string keyName); IEnumerable GetKeys(KeyVaultObjectFilterOptions options); + IEnumerable GetManagedHsmKeys(KeyVaultObjectFilterOptions options); + IEnumerable GetKeyVersions(KeyVaultObjectFilterOptions options); + IEnumerable GetManagedHsmKeyVersions(KeyVaultObjectFilterOptions options); + IEnumerable GetDeletedKeys(KeyVaultObjectFilterOptions options); + IEnumerable GetManagedHsmDeletedKeys(KeyVaultObjectFilterOptions options); + PSDeletedKeyVaultKey DeleteKey(string vaultName, string keyName); void PurgeKey(string vaultName, string name); @@ -169,6 +180,7 @@ public interface IKeyVaultDataServiceClient string BackupManagedStorageAccount(string vaultName, string managedStorageAccountName, string outputBlobPath); PSKeyVaultManagedStorageAccount RestoreManagedStorageAccount(string vaultName, string inputBlobPath); + #endregion } } diff --git a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs index 0b2b8fdf319a..b9ea9028fa5e 100644 --- a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs @@ -27,6 +27,7 @@ using Microsoft.Azure.KeyVault.WebKey; using Microsoft.Rest.Azure; using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties; +using KeyProperties = Azure.Security.KeyVault.Keys.KeyProperties; namespace Microsoft.Azure.Commands.KeyVault.Models { @@ -2006,6 +2007,31 @@ public PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, { throw new NotImplementedException("Creating keys on managed HSM is only possible in track 2 SDK."); } + + public PSKeyVaultKey GetManagedHsmKey(string managedHsmName, string keyName, string keyVersion) + { + throw new NotImplementedException("Getting keys on managed HSM is only possible in track 2 SDK."); + } + + public IEnumerable GetManagedHsmKeyVersions(KeyVaultObjectFilterOptions options) + { + throw new NotImplementedException("Getting key versions on managed HSM is only possible in track 2 SDK."); + } + + public IEnumerable GetManagedHsmKeys(KeyVaultObjectFilterOptions options) + { + throw new NotImplementedException("Getting keys on managed HSM is only possible in track 2 SDK."); + } + + public PSDeletedKeyVaultKey GetManagedHsmDeletedKey(string managedHsmName, string keyName) + { + throw new NotImplementedException("Getting deleted keys on managed HSM is only possible in track 2 SDK."); + } + + public IEnumerable GetManagedHsmDeletedKeys(KeyVaultObjectFilterOptions options) + { + throw new NotImplementedException("Getting deleted keys on managed HSM is only possible in track 2 SDK."); + } private VaultUriHelper vaultUriHelper; private KeyVaultClient keyVaultClient; diff --git a/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs b/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs index 3d65078fd62a..a0989a9038a9 100644 --- a/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs +++ b/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs @@ -16,6 +16,8 @@ using Microsoft.Azure.KeyVault.WebKey; using System; using System.Linq; +using Azure.Security.KeyVault.Keys; +using JsonWebKey = Microsoft.Azure.KeyVault.WebKey.JsonWebKey; namespace Microsoft.Azure.Commands.KeyVault.Models { @@ -59,6 +61,38 @@ internal PSDeletedKeyVaultKey(Azure.KeyVault.Models.DeletedKeyBundle deletedKeyB DeletedDate = deletedKeyBundle.DeletedDate; } + internal PSDeletedKeyVaultKey(DeletedKey deletedKey, VaultUriHelper vaultUriHelper) + { + if (deletedKey == null) + throw new ArgumentNullException("deletedKey"); + if (deletedKey.Key == null || deletedKey.Properties == null) + throw new ArgumentException(Resources.InvalidKeyBundle); + + SetObjectIdentifier(vaultUriHelper, new Microsoft.Azure.KeyVault.KeyIdentifier(deletedKey.Id.ToString())); + + Key = deletedKey.Key.ToTrack1JsonWebKey(); + Attributes = new PSKeyVaultKeyAttributes( + deletedKey.Properties.Enabled, + /// see https://docs.microsoft.com/en-us/dotnet/standard/datetime/converting-between-datetime-and-offset#conversions-from-datetimeoffset-to-datetime + deletedKey.Properties.ExpiresOn?.UtcDateTime, // time returned by key vault are UTC + deletedKey.Properties.NotBefore?.UtcDateTime, + deletedKey.KeyType.ToString(), + deletedKey.KeyOperations.Select(op => op.ToString()).ToArray(), + deletedKey.Properties.CreatedOn?.UtcDateTime, + deletedKey.Properties.UpdatedOn?.UtcDateTime, + deletedKey.Properties.RecoveryLevel, + deletedKey.Properties.Tags + ); + + Enabled = deletedKey.Properties.Enabled; + Expires = deletedKey.Properties.ExpiresOn?.UtcDateTime; + NotBefore = deletedKey.Properties.NotBefore?.UtcDateTime; + Created = deletedKey.Properties.CreatedOn?.UtcDateTime; + Updated = deletedKey.Properties.UpdatedOn?.UtcDateTime; + RecoveryLevel = deletedKey.Properties.RecoveryLevel; + Tags = deletedKey.Properties.Tags.ConvertToHashtable(); + } + public PSKeyVaultKeyAttributes Attributes { get; set; } public JsonWebKey Key { get; set; } diff --git a/src/KeyVault/KeyVault/Models/PSKeyVaultKeyIdentityItem.cs b/src/KeyVault/KeyVault/Models/PSKeyVaultKeyIdentityItem.cs index a61a2fc5a574..0c88ef3c9c1f 100644 --- a/src/KeyVault/KeyVault/Models/PSKeyVaultKeyIdentityItem.cs +++ b/src/KeyVault/KeyVault/Models/PSKeyVaultKeyIdentityItem.cs @@ -15,6 +15,7 @@ using System; using System.Collections; using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties; +using Track2Sdk = Azure.Security.KeyVault.Keys; namespace Microsoft.Azure.Commands.KeyVault.Models { @@ -60,6 +61,23 @@ internal PSKeyVaultKeyIdentityItem(PSKeyVaultKey keyBundle) RecoveryLevel = keyBundle.Attributes.RecoveryLevel; Tags = keyBundle.Attributes.Tags; } + internal PSKeyVaultKeyIdentityItem(Track2Sdk.KeyProperties keyProperties, VaultUriHelper vaultUriHelper) + { + if (keyProperties == null) + throw new ArgumentNullException("keyProperties"); + if (keyProperties.Id == null || keyProperties.Name == null) + throw new ArgumentException(KeyVaultProperties.Resources.InvalidKeyProperties); + + SetObjectIdentifier(vaultUriHelper, new Microsoft.Azure.KeyVault.KeyIdentifier(keyProperties.Id.ToString())); + + Enabled = keyProperties.Enabled; + Expires = keyProperties.ExpiresOn?.UtcDateTime; + NotBefore = keyProperties.NotBefore?.UtcDateTime; + Created = keyProperties.CreatedOn?.UtcDateTime; + Updated = keyProperties.UpdatedOn?.UtcDateTime; + RecoveryLevel = keyProperties.RecoveryLevel; + Tags = keyProperties.Tags.ConvertToHashtable(); + } public bool? Enabled { get; set; } diff --git a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs index 5465a4159c9e..eac84623e4cb 100644 --- a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs +++ b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs @@ -441,6 +441,15 @@ internal static string InvalidKeyName { } } + /// + /// Looks up a localized string similar to Invalid key properties. + /// + internal static string InvalidKeyProperties { + get { + return ResourceManager.GetString("InvalidKeyProperties", resourceCulture); + } + } + /// /// Looks up a localized string similar to Invalid key uri '{0}'.. /// diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx index 7b4377973f87..996404407922 100644 --- a/src/KeyVault/KeyVault/Properties/Resources.resx +++ b/src/KeyVault/KeyVault/Properties/Resources.resx @@ -498,4 +498,7 @@ You can find the object ID using Azure Active Directory Module for Windows Power The "import" operation is exclusive, it cannot be combined with any other value(s). + + Invalid key properties + \ No newline at end of file diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs index 8658143e3ee0..96c2bd11ac90 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs @@ -1,8 +1,16 @@ -using Azure.Security.KeyVault.Keys; +using System; +using System.Net; +using System.Collections; +using Azure.Security.KeyVault.Keys; using Microsoft.Azure.Commands.Common.Authentication.Abstractions; using Microsoft.Azure.Commands.KeyVault.Models; -using System; -using System.Collections; +using System.Collections.Generic; +using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties; +using Microsoft.Azure.KeyVault.Models; +using Azure; +using KeyProperties = Azure.Security.KeyVault.Keys.KeyProperties; +using System.Threading.Tasks; +using System.Linq; namespace Microsoft.Azure.Commands.KeyVault.Track2Models { @@ -36,7 +44,20 @@ private PSKeyVaultKey CreateKey(KeyClient client, string keyName, PSKeyVaultKeyA } else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm) { - options = new CreateEcKeyOptions(keyName, isHsm) { CurveName = string.IsNullOrEmpty(curveName) ? null : new KeyCurveName(curveName) }; + // Have no idea why still run KeyCurveName when curveName is null + //options = new CreateEcKeyOptions(keyName, isHsm) + //{ + // CurveName = string.IsNullOrEmpty(curveName) ? null : new KeyCurveName(curveName) + //}; + options = new CreateEcKeyOptions(keyName, isHsm); + if (string.IsNullOrEmpty(curveName)) + { + (options as CreateEcKeyOptions).CurveName = null; + } + else + { + (options as CreateEcKeyOptions).CurveName = new KeyCurveName(curveName); + } } else { @@ -77,5 +98,153 @@ private PSKeyVaultKey CreateKey(KeyClient client, string keyName, PSKeyVaultKeyA throw new NotSupportedException($"{keyAttributes.KeyType} is not supported"); } } + + internal PSKeyVaultKey GetKey(string managedHsmName, string keyName, string keyVersion) + { + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentNullException(nameof(managedHsmName)); + if (string.IsNullOrEmpty(keyName)) + throw new ArgumentNullException(nameof(keyName)); + + var client = CreateKeyClient(managedHsmName); + return GetKey(client, keyName, keyVersion); + } + + private PSKeyVaultKey GetKey(KeyClient client, string keyName, string keyVersion) + { + KeyVaultKey keyBundle; + try + { + keyBundle = client.GetKeyAsync(keyName, keyVersion).GetAwaiter().GetResult(); + } + catch (RequestFailedException ex) + { + if (ex.Status == (int)HttpStatusCode.NotFound) + return null; + else + throw; + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + + return new PSKeyVaultKey(client.GetKeyAsync(keyName, keyVersion).GetAwaiter().GetResult(), this._uriHelper); + } + + internal IEnumerable GetKeys(KeyVaultObjectFilterOptions options) + { + if (options == null) + throw new ArgumentNullException(nameof(options)); + if (string.IsNullOrEmpty(options.VaultName)) + throw new ArgumentException(KeyVaultProperties.Resources.InvalidVaultName); + + var client = CreateKeyClient(options.VaultName); + + try + { + IEnumerable result = client.GetPropertiesOfKeys(); + + return (result == null) ? new List() : + result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper)); + + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + } + + internal IEnumerable GetKeyVersions(KeyVaultObjectFilterOptions options) + { + if (options == null) + throw new ArgumentNullException(nameof(options)); + + if (string.IsNullOrEmpty(options.VaultName)) + throw new ArgumentException(KeyVaultProperties.Resources.InvalidVaultName); + + if (string.IsNullOrEmpty(options.Name)) + throw new ArgumentException(KeyVaultProperties.Resources.InvalidKeyName); + + var client = CreateKeyClient(options.VaultName); + return GetKeyVersions(client, options); + } + + internal PSDeletedKeyVaultKey GetDeletedKey(string managedHsmName, string keyName) + { + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentNullException(nameof(managedHsmName)); + if (string.IsNullOrEmpty(keyName)) + throw new ArgumentNullException(nameof(keyName)); + + var client = CreateKeyClient(managedHsmName); + + return GetDeletedKey(client, keyName); + } + + private PSDeletedKeyVaultKey GetDeletedKey(KeyClient client, string keyName) + { + DeletedKey deletedKeyBundle; + try + { + deletedKeyBundle = client.GetDeletedKeyAsync(keyName).GetAwaiter().GetResult(); + } + catch (RequestFailedException ex) + { + if (ex.Status == (int)HttpStatusCode.NotFound) + return null; + else + throw; + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + + return new PSDeletedKeyVaultKey(deletedKeyBundle, _uriHelper); + } + + internal IEnumerable GetDeletedKeys(KeyVaultObjectFilterOptions options) + { + if (options == null) + throw new ArgumentNullException("options"); + + if (string.IsNullOrEmpty(options.VaultName)) + throw new ArgumentException(KeyVaultProperties.Resources.InvalidVaultName); + + var client = CreateKeyClient(options.VaultName); + + try + { + IEnumerable result = client.GetDeletedKeys(); + + return (result == null) ? new List() : + result.Select((deletedKey) => new PSDeletedKeyVaultKey(deletedKey, this._uriHelper)); + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + } + + private IEnumerable GetKeyVersions(KeyClient client, KeyVaultObjectFilterOptions options) + { + try + { + IEnumerable result = client.GetPropertiesOfKeyVersions(options.Name); + return (result == null) ? new List() : + result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper)); + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + } + + private Exception GetInnerException(Exception exception) + { + while (exception.InnerException != null) exception = exception.InnerException; + return exception; + } } } diff --git a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs index 8414305ace41..e46ee933b787 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs @@ -8,6 +8,7 @@ using System.Collections.Generic; using System.Security; using System.Security.Cryptography.X509Certificates; +using KeyProperties = Azure.Security.KeyVault.Keys.KeyProperties; using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties; namespace Microsoft.Azure.Commands.KeyVault.Track2Models @@ -36,7 +37,9 @@ public Track2KeyVaultDataServiceClient(IAuthenticationFactory authFactory, IAzur private Track2VaultClient _vaultClient; private Track2HsmClient _hsmClient; - + + #region KeyVault-related methods + public string BackupCertificate(string vaultName, string certificateName, string outputBlobPath) { throw new NotImplementedException(); @@ -67,11 +70,6 @@ public PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAt return VaultClient.CreateKey(vaultName, keyName, keyAttributes, size, curveName); } - public PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName) - { - return HsmClient.CreateKey(managedHsmName, keyName, keyAttributes, size, curveName); - } - public PSDeletedKeyVaultCertificate DeleteCertificate(string vaultName, string certName) { throw new NotImplementedException(); @@ -391,5 +389,41 @@ public PSKeyVaultSecret UpdateSecret(string vaultName, string secretName, string { throw new NotImplementedException(); } + #endregion + + #region ManagedHsm-related methods + + public PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName) + { + return HsmClient.CreateKey(managedHsmName, keyName, keyAttributes, size, curveName); + } + + public PSDeletedKeyVaultKey GetManagedHsmDeletedKey(string managedHsmName, string keyName) + { + return HsmClient.GetDeletedKey(managedHsmName, keyName); + } + + public IEnumerable GetManagedHsmDeletedKeys(KeyVaultObjectFilterOptions options) + { + return HsmClient.GetDeletedKeys(options); + } + + public PSKeyVaultKey GetManagedHsmKey(string vaultName, string keyName, string keyVersion) + { + return HsmClient.GetKey(vaultName, keyName, keyVersion); + } + + public IEnumerable GetManagedHsmKeys(KeyVaultObjectFilterOptions options) + { + return HsmClient.GetKeys(options); + } + + public IEnumerable GetManagedHsmKeyVersions(KeyVaultObjectFilterOptions options) + { + return HsmClient.GetKeyVersions(options); + } + + #endregion + } } \ No newline at end of file diff --git a/src/KeyVault/KeyVault/Track2Models/Track2ModelConvertionExtensions.cs b/src/KeyVault/KeyVault/Track2Models/Track2ModelConvertionExtensions.cs index 670cbc489bf7..b506ca98a62b 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2ModelConvertionExtensions.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2ModelConvertionExtensions.cs @@ -4,6 +4,7 @@ using Track2Sdk = Azure.Security.KeyVault.Keys; using Track1Sdk = Microsoft.Azure.KeyVault.WebKey; using System.Security.Cryptography; +using System.Linq; namespace Microsoft.Azure.Commands.KeyVault { @@ -40,9 +41,8 @@ public static Track1Sdk.JsonWebKey ToTrack1JsonWebKey(this Track2Sdk.JsonWebKey // so I manually take care of the conversion // however K is always null // todo: check with Ma Bin - Aes aes = Aes.Create(); - aes.Key = track2Key.K; - track1Key = new Track1Sdk.JsonWebKey(aes); + // todo: manually add metadata + track1Key = new Track1Sdk.JsonWebKey(); } else { From 8e7643a402b237d3e1bd5c0bcf5e8da335d4a09f Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Fri, 9 Oct 2020 10:35:43 +0800 Subject: [PATCH 03/14] remove managed hsm key --- .../Commands/RemoveAzureManagedHsmKey.cs | 30 +++++++++-- .../Models/IKeyVaultDataServiceClient.cs | 4 ++ .../Models/KeyVaultDataServiceClient.cs | 12 ++++- .../KeyVault/Track2Models/Track2HsmClient.cs | 54 +++++++++++++++++-- .../Track2KeyVaultDataServiceClient.cs | 10 +++- 5 files changed, 102 insertions(+), 8 deletions(-) diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs index 8fdf8b64c0e8..3232b3c2a179 100644 --- a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs @@ -40,7 +40,7 @@ public class RemoveAzureManagedHsmKey : KeyVaultCmdletBase Position = 0, ParameterSetName = ByVaultNameParameterSet, HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] - [ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")] + [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string VaultName { get; set; } @@ -77,15 +77,39 @@ public class RemoveAzureManagedHsmKey : KeyVaultCmdletBase HelpMessage = "Cmdlet does not return an object by default. If this switch is specified, the cmdlet returns the key object that was deleted.")] public SwitchParameter PassThru { get; set; } + /// + /// If present, operate on the deleted key entity. + /// + [Parameter(Mandatory = false, + HelpMessage = "Remove the previously deleted key permanently.")] + public SwitchParameter InRemovedState { get; set; } + #endregion public override void ExecuteCmdlet() { if (InputObject != null) { - VaultName = InputObject.VaultName.ToString(); + VaultName = InputObject.VaultName; Name = InputObject.Name.ToString(); } + if (InRemovedState.IsPresent) + { + ConfirmAction( + Force.IsPresent, + string.Format( + CultureInfo.InvariantCulture, + Resources.RemoveDeletedKeyWarning, + Name), + string.Format( + CultureInfo.InvariantCulture, + Resources.RemoveDeletedKeyWhatIfMessage, + Name), + Name, + () => { this.Track2DataClient.DeleteManagedHsmKey(VaultName, Name); }); + return; + } + PSDeletedKeyVaultKey deletedKeyBundle = null; ConfirmAction( Force.IsPresent, @@ -98,7 +122,7 @@ public override void ExecuteCmdlet() Resources.RemoveKeyWhatIfMessage, Name), Name, - () => { deletedKeyBundle = DataServiceClient.DeleteKey(VaultName, Name); }); + () => { deletedKeyBundle = this.Track2DataClient.DeleteManagedHsmKey(VaultName, Name); }); if (PassThru) { diff --git a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs index dc09d7d112de..1ec51f41d159 100644 --- a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs @@ -55,8 +55,12 @@ public interface IKeyVaultDataServiceClient PSDeletedKeyVaultKey DeleteKey(string vaultName, string keyName); + PSDeletedKeyVaultKey DeleteManagedHsmKey(string ManagedHsm, string keyName); + void PurgeKey(string vaultName, string name); + void PurgeManagedHsmKey(string managedHsmName, string keyName); + PSKeyVaultKey RecoverKey(string vaultName, string keyName); PSKeyVaultSecret SetSecret(string vaultName, string secretName, SecureString secretValue, PSKeyVaultSecretAttributes secretAttributes); diff --git a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs index b9ea9028fa5e..82ba22ede79d 100644 --- a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs @@ -2007,7 +2007,12 @@ public PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, { throw new NotImplementedException("Creating keys on managed HSM is only possible in track 2 SDK."); } - + + public PSDeletedKeyVaultKey DeleteManagedHsmKey(string managedHsmName, string keyName) + { + throw new NotImplementedException("Removing keys on managed HSM is only possible in track 2 SDK."); + } + public PSKeyVaultKey GetManagedHsmKey(string managedHsmName, string keyName, string keyVersion) { throw new NotImplementedException("Getting keys on managed HSM is only possible in track 2 SDK."); @@ -2033,6 +2038,11 @@ public IEnumerable GetManagedHsmDeletedKeys(Ke throw new NotImplementedException("Getting deleted keys on managed HSM is only possible in track 2 SDK."); } + public void PurgeManagedHsmKey(string managedHsmName, string keyName) + { + throw new NotImplementedException("Purging deleted keys on managed HSM is only possible in track 2 SDK."); + } + private VaultUriHelper vaultUriHelper; private KeyVaultClient keyVaultClient; } diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs index 96c2bd11ac90..350188fabfbf 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs @@ -99,6 +99,33 @@ private PSKeyVaultKey CreateKey(KeyClient client, string keyName, PSKeyVaultKeyA } } + internal PSDeletedKeyVaultKey DeleteKey(string managedHsmName, string keyName) + { + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentNullException(nameof(managedHsmName)); + if (string.IsNullOrEmpty(keyName)) + throw new ArgumentNullException(nameof(keyName)); + + var client = CreateKeyClient(managedHsmName); + + return DeleteKey(client, keyName); + } + private PSDeletedKeyVaultKey DeleteKey(KeyClient client, string keyName) + { + DeletedKey deletedKey; + try + { + deletedKey = client.StartDeleteKeyAsync(keyName).GetAwaiter().GetResult() + .WaitForCompletionAsync().GetAwaiter().GetResult(); + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + + return new PSDeletedKeyVaultKey(deletedKey, this._uriHelper); + } + internal PSKeyVaultKey GetKey(string managedHsmName, string keyName, string keyVersion) { if (string.IsNullOrEmpty(managedHsmName)) @@ -143,10 +170,12 @@ internal IEnumerable GetKeys(KeyVaultObjectFilterOpti try { - IEnumerable result = client.GetPropertiesOfKeys(); + var keys = client.GetPropertiesOfKeys(); - return (result == null) ? new List() : - result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper)); + + //return (result == null) ? new List() : + // result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper)); + return null; } catch (Exception ex) @@ -227,6 +256,25 @@ internal IEnumerable GetDeletedKeys(KeyVaultObjectFilterOp } } + internal void PurgeKey(string managedHsmName, string keyName) + { + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentNullException("managedHsmName"); + if (string.IsNullOrEmpty(keyName)) + throw new ArgumentNullException("keyName"); + + var client = CreateKeyClient(managedHsmName); + + try + { + client.PurgeDeletedKeyAsync(keyName).GetAwaiter().GetResult(); + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + } + private IEnumerable GetKeyVersions(KeyClient client, KeyVaultObjectFilterOptions options) { try diff --git a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs index e46ee933b787..44ac48722f64 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs @@ -398,6 +398,11 @@ public PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, return HsmClient.CreateKey(managedHsmName, keyName, keyAttributes, size, curveName); } + public PSDeletedKeyVaultKey DeleteManagedHsmKey(string managedHsmName, string keyName) + { + return HsmClient.DeleteKey(managedHsmName,keyName); + } + public PSDeletedKeyVaultKey GetManagedHsmDeletedKey(string managedHsmName, string keyName) { return HsmClient.GetDeletedKey(managedHsmName, keyName); @@ -422,7 +427,10 @@ public IEnumerable GetManagedHsmKeyVersions(KeyVaultO { return HsmClient.GetKeyVersions(options); } - + public void PurgeManagedHsmKey(string managedHsmName, string keyName) + { + HsmClient.PurgeKey(managedHsmName, keyName); + } #endregion } From 1a6fb0575856535613970b027fd9fa009a84ee2d Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Fri, 9 Oct 2020 12:57:49 +0800 Subject: [PATCH 04/14] update managed hsm key --- .../Commands/AddAzureManagedHsmKey.cs | 8 ++--- .../Commands/GetAzureManagedHsmKey.cs | 7 +--- .../Commands/RemoveAzureManagedHsmKey.cs | 2 +- .../Commands/RestoreAzureManagedHsmKey.cs | 2 +- .../Commands/UpdateAzureManagedHsmKey.cs | 22 +++--------- .../Models/IKeyVaultDataServiceClient.cs | 2 ++ .../Models/KeyVaultDataServiceClient.cs | 4 +++ .../KeyVault/Track2Models/Track2HsmClient.cs | 36 ++++++++++++++++++- .../Track2KeyVaultDataServiceClient.cs | 7 +++- 9 files changed, 58 insertions(+), 32 deletions(-) diff --git a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs index d52f358b4743..d38677585712 100644 --- a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs @@ -49,7 +49,7 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] - public string HsmName { get; set; } + public string VaultName { get; set; } [Parameter(Mandatory = true, ParameterSetName = InputObjectCreateParameterSet, @@ -190,12 +190,12 @@ public override void ExecuteCmdlet() { if (InputObject != null) { - HsmName = InputObject.VaultName; + VaultName = InputObject.VaultName; } else if (ResourceId != null) { var resourceIdentifier = new ResourceIdentifier(ResourceId); - HsmName = resourceIdentifier.ResourceName; + VaultName = resourceIdentifier.ResourceName; } ValidateKeyExchangeKey(); @@ -207,7 +207,7 @@ public override void ExecuteCmdlet() if (string.IsNullOrEmpty(KeyFilePath)) { keyBundle = this.Track2DataClient.CreateManagedHsmKey( - HsmName, + VaultName, Name, CreateKeyAttributes(), Size, diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs index 281b1f44b61b..2027231732b1 100644 --- a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs @@ -201,7 +201,7 @@ public class GetAzureManagedHsmKey : KeyVaultCmdletBase #endregion public override void ExecuteCmdlet() - { + { PSKeyVaultKey keyBundle = null; if (InputObject != null) @@ -216,13 +216,11 @@ public override void ExecuteCmdlet() if (!string.IsNullOrEmpty(Version)) { - // passed keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, Version); WriteObject(keyBundle); } else if (IncludeVersions) { - // passed keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, string.Empty); if (keyBundle != null) { @@ -232,7 +230,6 @@ public override void ExecuteCmdlet() } else if (InRemovedState) { - // to do: finish Remove-AzManagedHsmKey if (string.IsNullOrEmpty(Name) || WildcardPattern.ContainsWildcardCharacters(Name)) { GetAndWriteDeletedKeys(VaultName, Name); @@ -252,13 +249,11 @@ public override void ExecuteCmdlet() } else { - // passed keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, string.Empty); WriteObject(keyBundle); } } - // passed if (!string.IsNullOrEmpty(OutFile) && keyBundle != null) { DownloadKey(keyBundle.Key, OutFile); diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs index 3232b3c2a179..d751fc85ea64 100644 --- a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs @@ -106,7 +106,7 @@ public override void ExecuteCmdlet() Resources.RemoveDeletedKeyWhatIfMessage, Name), Name, - () => { this.Track2DataClient.DeleteManagedHsmKey(VaultName, Name); }); + () => { this.Track2DataClient.PurgeManagedHsmKey(VaultName, Name); }); return; } diff --git a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs index 00cfef3e8c06..61fd7cf9a6f6 100644 --- a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs @@ -31,7 +31,7 @@ public class RestoreAzureManagedHsmKey : KeyVaultCmdletBase Position = 0, ParameterSetName = ByVaultNameParameterSet, HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] - [ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")] + [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string VaultName { get; set; } diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs index 38e37b01f8ec..c528418002e4 100644 --- a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs @@ -44,7 +44,7 @@ public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase Position = 0, ParameterSetName = DefaultParameterSet, HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] - [ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")] + [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string VaultName { get; set; } @@ -70,15 +70,6 @@ public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase [ValidateNotNullOrEmpty] public PSKeyVaultKeyIdentityItem InputObject { get; set; } - /// - /// Key version. - /// - [Parameter(Mandatory = false, - Position = 2, - HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")] - [Alias("KeyVersion")] - public string Version { get; set; } - /// /// If present, enable a key if value is true. /// Disable a key if value is false. @@ -109,11 +100,6 @@ public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase HelpMessage = "The operations that can be performed with the key. If not specified, the existing key operations of the key remain unchanged.")] public string[] KeyOps { get; set; } - [Parameter(Mandatory = false, - HelpMessage = "A hashtable represents key tags. If not specified, the existings tags of the key remain unchanged.")] - [Alias(Constants.TagsAlias)] - public Hashtable Tag { get; set; } - [Parameter(Mandatory = false, HelpMessage = "Cmdlet does not return an object by default. If this switch is specified, returns the updated key bundle object.")] public SwitchParameter PassThru { get; set; } @@ -130,11 +116,11 @@ public override void ExecuteCmdlet() if (ShouldProcess(Name, Properties.Resources.SetKeyAttribute)) { - var keyBundle = DataServiceClient.UpdateKey( + var keyBundle = this.Track2DataClient.UpdateManagedHsmKey( VaultName, Name, - Version ?? string.Empty, - new PSKeyVaultKeyAttributes(Enable, Expires, NotBefore, null, KeyOps, Tag)); + string.Empty, + new PSKeyVaultKeyAttributes(Enable, Expires, NotBefore, null, KeyOps, null)); if (PassThru) { diff --git a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs index 1ec51f41d159..28a055d06428 100644 --- a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs @@ -33,6 +33,8 @@ public interface IKeyVaultDataServiceClient PSKeyVaultKey UpdateKey(string vaultName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes); + PSKeyVaultKey UpdateManagedHsmKey(string managedHsmName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes); + PSKeyVaultKey GetKey(string vaultName, string keyName, string keyVersion); PSKeyVaultKey GetManagedHsmKey(string vaultName, string keyName, string keyVersion); diff --git a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs index 82ba22ede79d..94c2713ceb02 100644 --- a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs @@ -2012,6 +2012,10 @@ public PSDeletedKeyVaultKey DeleteManagedHsmKey(string managedHsmName, string ke { throw new NotImplementedException("Removing keys on managed HSM is only possible in track 2 SDK."); } + public PSKeyVaultKey UpdateManagedHsmKey(string managedHsmName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes) + { + throw new NotImplementedException("Updating keys on managed HSM is only possible in track 2 SDK."); + } public PSKeyVaultKey GetManagedHsmKey(string managedHsmName, string keyName, string keyVersion) { diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs index 350188fabfbf..d65589b9a649 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs @@ -125,6 +125,40 @@ private PSDeletedKeyVaultKey DeleteKey(KeyClient client, string keyName) return new PSDeletedKeyVaultKey(deletedKey, this._uriHelper); } + internal PSKeyVaultKey UpdateKey(string managedHsmName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes) + { + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentNullException(nameof(managedHsmName)); + if (string.IsNullOrEmpty(keyName)) + throw new ArgumentNullException(nameof(keyName)); + if (keyAttributes == null) + throw new ArgumentNullException(nameof(keyAttributes)); + + var client = CreateKeyClient(managedHsmName); + + return UpdateKey(client, keyName, keyVersion, keyAttributes); + } + + private PSKeyVaultKey UpdateKey(KeyClient client, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes) + { + KeyProperties keyProperties = client.GetKey(keyName).Value.Properties; + keyProperties.Enabled = keyAttributes.Enabled; + keyProperties.ExpiresOn = keyAttributes.Expires; + keyProperties.NotBefore = keyAttributes.NotBefore; + + KeyVaultKey keyBundle; + try + { + keyBundle = client.UpdateKeyPropertiesAsync(keyProperties, keyAttributes.KeyOps.Cast().ToList()) + .GetAwaiter().GetResult(); + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + + return new PSKeyVaultKey(keyBundle, this._uriHelper); + } internal PSKeyVaultKey GetKey(string managedHsmName, string keyName, string keyVersion) { @@ -156,7 +190,7 @@ private PSKeyVaultKey GetKey(KeyClient client, string keyName, string keyVersion throw GetInnerException(ex); } - return new PSKeyVaultKey(client.GetKeyAsync(keyName, keyVersion).GetAwaiter().GetResult(), this._uriHelper); + return new PSKeyVaultKey(keyBundle, this._uriHelper); } internal IEnumerable GetKeys(KeyVaultObjectFilterOptions options) diff --git a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs index 44ac48722f64..f48929b06afa 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs @@ -400,7 +400,12 @@ public PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, public PSDeletedKeyVaultKey DeleteManagedHsmKey(string managedHsmName, string keyName) { - return HsmClient.DeleteKey(managedHsmName,keyName); + return HsmClient.DeleteKey(managedHsmName, keyName); + } + + public PSKeyVaultKey UpdateManagedHsmKey(string managedHsmName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes) + { + return HsmClient.UpdateKey(managedHsmName, keyName, keyVersion, keyAttributes); } public PSDeletedKeyVaultKey GetManagedHsmDeletedKey(string managedHsmName, string keyName) From b85f6fce9e18e3af8833205611e946e8da8715d8 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Fri, 9 Oct 2020 16:35:35 +0800 Subject: [PATCH 05/14] undo managed hsm key removal --- src/KeyVault/KeyVault/Az.KeyVault.psd1 | 1 + .../Commands/GetAzureManagedHsmKey.cs | 8 +-- .../Commands/UndoAzureManagedHsmKeyRemoval.cs | 71 +++++++++++++++++++ .../Commands/UpdateAzureManagedHsmKey.cs | 18 ++++- .../Models/IKeyVaultDataServiceClient.cs | 2 + .../Models/KeyVaultDataServiceClient.cs | 4 ++ .../PSDeletedKeyVaultKeyIdentityItem.cs | 6 ++ .../KeyVault/Track2Models/Track2HsmClient.cs | 60 ++++++++++++---- .../Track2KeyVaultDataServiceClient.cs | 5 ++ 9 files changed, 157 insertions(+), 18 deletions(-) create mode 100644 src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1 index 55365f0567cb..04c82ed781cf 100644 --- a/src/KeyVault/KeyVault/Az.KeyVault.psd1 +++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1 @@ -95,6 +95,7 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate', 'Undo-AzKeyVaultKeyRemoval', 'Undo-AzKeyVaultSecretRemoval', 'Add-AzKeyVaultKey', 'Remove-AzKeyVaultKey', 'Update-AzKeyVault', 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey', 'Remove-AzManagedHsmKey', + 'Undo-AzManagedHsmKeyRemoval', 'Update-AzManagedHsmKey', 'Backup-AzManagedHsmKey', 'Restore-AzManagedHsmKey', 'New-AzKeyVaultNetworkRuleSetObject', 'Remove-AzKeyVaultSecret', 'Restore-AzKeyVaultKey', 'Update-AzKeyVaultKey', diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs index 2027231732b1..f6c9e348c543 100644 --- a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs @@ -200,8 +200,8 @@ public class GetAzureManagedHsmKey : KeyVaultCmdletBase #endregion - public override void ExecuteCmdlet() - { + public override void ExecuteCmdlet() + { PSKeyVaultKey keyBundle = null; if (InputObject != null) @@ -219,7 +219,7 @@ public override void ExecuteCmdlet() keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, Version); WriteObject(keyBundle); } - else if (IncludeVersions) + else if (IncludeVersions.IsPresent) { keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, string.Empty); if (keyBundle != null) @@ -228,7 +228,7 @@ public override void ExecuteCmdlet() GetAndWriteKeyVersions(VaultName, Name, keyBundle.Version); } } - else if (InRemovedState) + else if (InRemovedState.IsPresent) { if (string.IsNullOrEmpty(Name) || WildcardPattern.ContainsWildcardCharacters(Name)) { diff --git a/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs b/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs new file mode 100644 index 000000000000..9988ca4eddbb --- /dev/null +++ b/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs @@ -0,0 +1,71 @@ +using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using System.Management.Automation; + +namespace Microsoft.Azure.Commands.KeyVault.Commands +{ + [Cmdlet("Undo", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKeyRemoval", SupportsShouldProcess = true, DefaultParameterSetName = DefaultParameterSet)] + [OutputType(typeof(PSKeyVaultKey))] + public class UndoAzureManagedHsmKeyRemoval : KeyVaultCmdletBase + { + #region Parameter Set Names + + private const string DefaultParameterSet = "Default"; + private const string InputObjectParameterSet = "InputObject"; + + #endregion + + #region Input Parameter Definitions + + /// + /// Vault name + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = DefaultParameterSet, + HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] + [ValidateNotNullOrEmpty] + public string VaultName { get; set; } + + /// + /// Secret name + /// + [Parameter(Mandatory = true, + Position = 1, + ParameterSetName = DefaultParameterSet, + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + [ValidateNotNullOrEmpty] + [Alias(Constants.KeyName)] + public string Name { get; set; } + + /// + /// Key object + /// + [Parameter(Mandatory = true, + Position = 0, + ParameterSetName = InputObjectParameterSet, + ValueFromPipeline = true, + HelpMessage = "Deleted key object")] + [ValidateNotNullOrEmpty] + public PSDeletedKeyVaultKeyIdentityItem InputObject { get; set; } + + #endregion + + public override void ExecuteCmdlet() + { + if (InputObject != null) + { + VaultName = InputObject.VaultName; + Name = InputObject.Name; + } + + if (ShouldProcess(Name, Properties.Resources.RecoverKey)) + { + PSKeyVaultKey recoveredKey = this.Track2DataClient.RecoverManagedHsmKey(VaultName, Name); + + WriteObject(recoveredKey); + } + } + } +} \ No newline at end of file diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs index c528418002e4..ade3ee7f0b4d 100644 --- a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs @@ -70,6 +70,15 @@ public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase [ValidateNotNullOrEmpty] public PSKeyVaultKeyIdentityItem InputObject { get; set; } + /// + /// Key version. + /// + [Parameter(Mandatory = false, + Position = 2, + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")] + [Alias("KeyVersion")] + public string Version { get; set; } + /// /// If present, enable a key if value is true. /// Disable a key if value is false. @@ -100,6 +109,11 @@ public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase HelpMessage = "The operations that can be performed with the key. If not specified, the existing key operations of the key remain unchanged.")] public string[] KeyOps { get; set; } + [Parameter(Mandatory = false, + HelpMessage = "A hashtable represents key tags. If not specified, the existings tags of the key remain unchanged.")] + [Alias(Constants.TagsAlias)] + public Hashtable Tag { get; set; } + [Parameter(Mandatory = false, HelpMessage = "Cmdlet does not return an object by default. If this switch is specified, returns the updated key bundle object.")] public SwitchParameter PassThru { get; set; } @@ -119,8 +133,8 @@ public override void ExecuteCmdlet() var keyBundle = this.Track2DataClient.UpdateManagedHsmKey( VaultName, Name, - string.Empty, - new PSKeyVaultKeyAttributes(Enable, Expires, NotBefore, null, KeyOps, null)); + Version ?? string.Empty, + new PSKeyVaultKeyAttributes(Enable, Expires, NotBefore, null, KeyOps, Tag)); if (PassThru) { diff --git a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs index 28a055d06428..e435ebae5fca 100644 --- a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs @@ -65,6 +65,8 @@ public interface IKeyVaultDataServiceClient PSKeyVaultKey RecoverKey(string vaultName, string keyName); + PSKeyVaultKey RecoverManagedHsmKey(string managedHsmName, string keyName); + PSKeyVaultSecret SetSecret(string vaultName, string secretName, SecureString secretValue, PSKeyVaultSecretAttributes secretAttributes); PSKeyVaultSecret UpdateSecret(string vaultName, string secretName, string secretVersion, PSKeyVaultSecretAttributes secretAttributes); diff --git a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs index 94c2713ceb02..25d8af1c3e6c 100644 --- a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs @@ -2016,6 +2016,10 @@ public PSKeyVaultKey UpdateManagedHsmKey(string managedHsmName, string keyName, { throw new NotImplementedException("Updating keys on managed HSM is only possible in track 2 SDK."); } + public PSKeyVaultKey RecoverManagedHsmKey(string managedHsmName, string keyName) + { + throw new NotImplementedException("Recovering keys on managed HSM is only possible in track 2 SDK."); + } public PSKeyVaultKey GetManagedHsmKey(string managedHsmName, string keyName, string keyVersion) { diff --git a/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKeyIdentityItem.cs b/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKeyIdentityItem.cs index dd7f54fc49da..0e75d5da5218 100644 --- a/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKeyIdentityItem.cs +++ b/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKeyIdentityItem.cs @@ -13,6 +13,7 @@ // ---------------------------------------------------------------------------------- using System; +using Track2Sdk = Azure.Security.KeyVault.Keys; namespace Microsoft.Azure.Commands.KeyVault.Models { @@ -26,6 +27,11 @@ internal PSDeletedKeyVaultKeyIdentityItem(Azure.KeyVault.Models.DeletedKeyItem k ScheduledPurgeDate = keyItem.ScheduledPurgeDate; DeletedDate = keyItem.DeletedDate; } + internal PSDeletedKeyVaultKeyIdentityItem(Track2Sdk.DeletedKey deletedKey, VaultUriHelper vaultUriHelper): base(deletedKey.Properties, vaultUriHelper) + { + ScheduledPurgeDate = deletedKey.ScheduledPurgeDate?.UtcDateTime; + DeletedDate = deletedKey.DeletedOn?.UtcDateTime; + } public DateTime? ScheduledPurgeDate { get; set; } diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs index d65589b9a649..97063bc0af87 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs @@ -110,13 +110,14 @@ internal PSDeletedKeyVaultKey DeleteKey(string managedHsmName, string keyName) return DeleteKey(client, keyName); } + private PSDeletedKeyVaultKey DeleteKey(KeyClient client, string keyName) { DeletedKey deletedKey; try { - deletedKey = client.StartDeleteKeyAsync(keyName).GetAwaiter().GetResult() - .WaitForCompletionAsync().GetAwaiter().GetResult(); + deletedKey = client.StartDeleteKeyAsync(keyName).ConfigureAwait(false).GetAwaiter().GetResult() + .WaitForCompletionAsync().ConfigureAwait(false).GetAwaiter().GetResult(); } catch (Exception ex) { @@ -125,6 +126,35 @@ private PSDeletedKeyVaultKey DeleteKey(KeyClient client, string keyName) return new PSDeletedKeyVaultKey(deletedKey, this._uriHelper); } + + internal PSKeyVaultKey RecoverKey(string managedHsmName, string keyName) + { + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentNullException("managedHsmName"); + if (string.IsNullOrEmpty(keyName)) + throw new ArgumentNullException("keyName"); + + var client = CreateKeyClient(managedHsmName); + + return RecoverKey(client, keyName); + } + + private PSKeyVaultKey RecoverKey(KeyClient client, string keyName) + { + KeyVaultKey recoveredKey; + try + { + recoveredKey = client.StartRecoverDeletedKeyAsync(keyName).GetAwaiter().GetResult() + .WaitForCompletionAsync().GetAwaiter().GetResult().Value; + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + + return new PSKeyVaultKey(recoveredKey, this._uriHelper); + } + internal PSKeyVaultKey UpdateKey(string managedHsmName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes) { if (string.IsNullOrEmpty(managedHsmName)) @@ -141,11 +171,20 @@ internal PSKeyVaultKey UpdateKey(string managedHsmName, string keyName, string k private PSKeyVaultKey UpdateKey(KeyClient client, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes) { - KeyProperties keyProperties = client.GetKey(keyName).Value.Properties; + KeyProperties keyProperties = client.GetKeyAsync(keyName, keyVersion).GetAwaiter().GetResult().Value.Properties; keyProperties.Enabled = keyAttributes.Enabled; keyProperties.ExpiresOn = keyAttributes.Expires; keyProperties.NotBefore = keyAttributes.NotBefore; + if (keyAttributes.Tags != null) + { + keyProperties.Tags.Clear(); + foreach (KeyValuePair entry in keyAttributes.TagsDirectionary) + { + keyProperties.Tags.Add(entry.Key, entry.Value); + } + } + KeyVaultKey keyBundle; try { @@ -204,13 +243,10 @@ internal IEnumerable GetKeys(KeyVaultObjectFilterOpti try { - var keys = client.GetPropertiesOfKeys(); - - - //return (result == null) ? new List() : - // result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper)); - return null; + IEnumerable result = client.GetPropertiesOfKeys(); + return (result == null) ? new List() : + result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper)); } catch (Exception ex) { @@ -267,7 +303,7 @@ private PSDeletedKeyVaultKey GetDeletedKey(KeyClient client, string keyName) return new PSDeletedKeyVaultKey(deletedKeyBundle, _uriHelper); } - internal IEnumerable GetDeletedKeys(KeyVaultObjectFilterOptions options) + internal IEnumerable GetDeletedKeys(KeyVaultObjectFilterOptions options) { if (options == null) throw new ArgumentNullException("options"); @@ -281,8 +317,8 @@ internal IEnumerable GetDeletedKeys(KeyVaultObjectFilterOp { IEnumerable result = client.GetDeletedKeys(); - return (result == null) ? new List() : - result.Select((deletedKey) => new PSDeletedKeyVaultKey(deletedKey, this._uriHelper)); + return (result == null) ? new List() : + result.Select((deletedKey) => new PSDeletedKeyVaultKeyIdentityItem(deletedKey, this._uriHelper)); } catch (Exception ex) { diff --git a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs index f48929b06afa..b3d7c8a4ee9d 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs @@ -408,6 +408,11 @@ public PSKeyVaultKey UpdateManagedHsmKey(string managedHsmName, string keyName, return HsmClient.UpdateKey(managedHsmName, keyName, keyVersion, keyAttributes); } + public PSKeyVaultKey RecoverManagedHsmKey(string managedHsmName, string keyName) + { + return HsmClient.RecoverKey(managedHsmName, keyName); + } + public PSDeletedKeyVaultKey GetManagedHsmDeletedKey(string managedHsmName, string keyName) { return HsmClient.GetDeletedKey(managedHsmName, keyName); From 720ae833d99756dd3bebb73f1d03616992f93520 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Fri, 9 Oct 2020 17:35:07 +0800 Subject: [PATCH 06/14] back up and restore managed hsm key --- src/KeyVault/KeyVault/Az.KeyVault.psd1 | 4 +- .../Commands/BackupAzureManagedHsmKey.cs | 4 +- .../Commands/RestoreAzureManagedHsmKey.cs | 2 +- .../Models/IKeyVaultDataServiceClient.cs | 4 ++ .../Models/KeyVaultDataServiceClient.cs | 12 +++- .../KeyVault/Track2Models/Track2HsmClient.cs | 63 ++++++++++++++++++- .../Track2KeyVaultDataServiceClient.cs | 9 +++ 7 files changed, 91 insertions(+), 7 deletions(-) diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1 index 04c82ed781cf..cb1e617f8f64 100644 --- a/src/KeyVault/KeyVault/Az.KeyVault.psd1 +++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1 @@ -95,8 +95,8 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate', 'Undo-AzKeyVaultKeyRemoval', 'Undo-AzKeyVaultSecretRemoval', 'Add-AzKeyVaultKey', 'Remove-AzKeyVaultKey', 'Update-AzKeyVault', 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey', 'Remove-AzManagedHsmKey', - 'Undo-AzManagedHsmKeyRemoval', - 'Update-AzManagedHsmKey', 'Backup-AzManagedHsmKey', 'Restore-AzManagedHsmKey', + 'Undo-AzManagedHsmKeyRemoval', 'Update-AzManagedHsmKey', + 'Backup-AzManagedHsmKey', 'Restore-AzManagedHsmKey', 'New-AzKeyVaultNetworkRuleSetObject', 'Remove-AzKeyVaultSecret', 'Restore-AzKeyVaultKey', 'Update-AzKeyVaultKey', 'Set-AzKeyVaultSecret', 'Update-AzKeyVaultSecret', diff --git a/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs index bfd3753b4048..3fbcd16d9f74 100644 --- a/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs @@ -34,7 +34,7 @@ public class BackupAzureManagedHsmKey : KeyVaultCmdletBase Position = 0, ParameterSetName = ByKeyNameParameterSet, HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] - [ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")] + [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string VaultName { get; set; } @@ -106,7 +106,7 @@ public override void ExecuteCmdlet() || Force.IsPresent || ShouldContinue(string.Format(Resources.FileOverwriteMessage, filePath), Resources.FileOverwriteCaption)) { - var backupBlobPath = this.DataServiceClient.BackupKey(VaultName, Name, filePath); + var backupBlobPath = this.Track2DataClient.BackupManagedHsmKey(VaultName, Name, filePath); this.WriteObject(backupBlobPath); } } diff --git a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs index 61fd7cf9a6f6..14518984d877 100644 --- a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs @@ -84,7 +84,7 @@ public override void ExecuteCmdlet() { var filePath = ResolveKeyVaultPath(InputFile); - var restoredKeyBundle = this.DataServiceClient.RestoreKey(VaultName, filePath); + var restoredKeyBundle = this.Track2DataClient.RestoreManagedHsmKey(VaultName, filePath); this.WriteObject(restoredKeyBundle); } diff --git a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs index e435ebae5fca..007bb4336302 100644 --- a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs @@ -89,8 +89,12 @@ public interface IKeyVaultDataServiceClient string BackupKey(string vaultName, string keyName, string outputBlobPath); + string BackupManagedHsmKey(string managedHsmName, string keyName, string outputBlobPath); + PSKeyVaultKey RestoreKey(string vaultName, string inputBlobPath); + PSKeyVaultKey RestoreManagedHsmKey(string managedHsmName, string inputBlobPath); + string BackupSecret(string vaultName, string secretName, string outputBlobPath); PSKeyVaultSecret RestoreSecret(string vaultName, string inputBlobPath); diff --git a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs index 25d8af1c3e6c..a56ec9e11325 100644 --- a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs @@ -903,7 +903,7 @@ public PSKeyVaultKey RestoreKey(string vaultName, string inputBlobPath) return new PSKeyVaultKey(keyBundle, this.vaultUriHelper); } - + public string BackupSecret( string vaultName, string secretName, string outputBlobPath ) { if ( string.IsNullOrEmpty( vaultName ) ) @@ -2003,6 +2003,16 @@ public PSKeyVaultManagedStorageAccount RestoreManagedStorageAccount(string vault return new PSKeyVaultManagedStorageAccount(storageAccountBundle, this.vaultUriHelper); } + public string BackupManagedHsmKey(string managedHsmName, string keyName, string outputBlobPath) + { + throw new NotImplementedException("Backing up a key on managed HSM is only possible in track 2 SDK."); + } + + public PSKeyVaultKey RestoreManagedHsmKey(string managedHsmName, string inputBlobPath) + { + throw new NotImplementedException("Restoring a key on managed HSM is only possible in track 2 SDK."); + } + public PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName) { throw new NotImplementedException("Creating keys on managed HSM is only possible in track 2 SDK."); diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs index 97063bc0af87..55ba506883f4 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs @@ -11,6 +11,7 @@ using KeyProperties = Azure.Security.KeyVault.Keys.KeyProperties; using System.Threading.Tasks; using System.Linq; +using System.IO; namespace Microsoft.Azure.Commands.KeyVault.Track2Models { @@ -26,6 +27,66 @@ public Track2HsmClient(IAuthenticationFactory authFactory, IAzureContext context _uriHelper = new VaultUriHelper(context.Environment.GetEndpoint(AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointSuffix)); } + internal string BackupKey(string managedHsmName, string keyName, string outputBlobPath) + { + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentNullException(nameof(managedHsmName)); + if (string.IsNullOrEmpty(keyName)) + throw new ArgumentNullException(nameof(keyName)); + if (string.IsNullOrEmpty(outputBlobPath)) + throw new ArgumentNullException(nameof(outputBlobPath)); + + var client = CreateKeyClient(managedHsmName); + + return BackupKey(client, keyName, outputBlobPath); + } + + private string BackupKey(KeyClient client, string keyName, string outputBlobPath) + { + BackupKeyResult backupKeyResult; + try + { + backupKeyResult = new BackupKeyResult(client.BackupKeyAsync(keyName).GetAwaiter().GetResult()); + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + + File.WriteAllBytes(outputBlobPath, backupKeyResult.Value); + + return outputBlobPath; + } + + internal PSKeyVaultKey RestoreKey(string managedHsmName, string inputBlobPath) + { + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentNullException(nameof(managedHsmName)); + if (string.IsNullOrEmpty(inputBlobPath)) + throw new ArgumentNullException(nameof(inputBlobPath)); + + var client = CreateKeyClient(managedHsmName); + + return RestoreKey(client, inputBlobPath); + } + + private PSKeyVaultKey RestoreKey(KeyClient client, string inputBlobPath) + { + var backupBlob = File.ReadAllBytes(inputBlobPath); + + KeyVaultKey keyBundle; + try + { + keyBundle = client.RestoreKeyBackupAsync(backupBlob).GetAwaiter().GetResult(); + } + catch (Exception ex) + { + throw GetInnerException(ex); + } + + return new PSKeyVaultKey(keyBundle, this._uriHelper); + } + internal PSKeyVaultKey CreateKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName) { var client = CreateKeyClient(managedHsmName); @@ -188,7 +249,7 @@ private PSKeyVaultKey UpdateKey(KeyClient client, string keyName, string keyVers KeyVaultKey keyBundle; try { - keyBundle = client.UpdateKeyPropertiesAsync(keyProperties, keyAttributes.KeyOps.Cast().ToList()) + keyBundle = client.UpdateKeyPropertiesAsync(keyProperties, keyAttributes.KeyOps?.Cast().ToList()) .GetAwaiter().GetResult(); } catch (Exception ex) diff --git a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs index b3d7c8a4ee9d..7245c18fc43d 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs @@ -393,6 +393,15 @@ public PSKeyVaultSecret UpdateSecret(string vaultName, string secretName, string #region ManagedHsm-related methods + public string BackupManagedHsmKey(string managedHsmName, string keyName, string outputBlobPath) + { + return HsmClient.BackupKey(managedHsmName, keyName, outputBlobPath); + } + public PSKeyVaultKey RestoreManagedHsmKey(string managedHsmName, string inputBlobPath) + { + return HsmClient.RestoreKey(managedHsmName, inputBlobPath); + } + public PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName) { return HsmClient.CreateKey(managedHsmName, keyName, keyAttributes, size, curveName); From da88a6b7b609772c41623f2e58cb4cad18bb2add Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Tue, 13 Oct 2020 12:41:53 +0800 Subject: [PATCH 07/14] add help.md --- .../Commands/AddAzureManagedHsmKey.cs | 38 +- .../Commands/BackupAzureManagedHsmKey.cs | 14 +- .../Commands/GetAzureManagedHsmKey.cs | 191 ++++----- .../Commands/RemoveAzureManagedHsmKey.cs | 28 +- .../Commands/RestoreAzureManagedHsmKey.cs | 34 +- .../Commands/UndoAzureKeyVaultKeyRemoval.cs | 2 +- .../Commands/UndoAzureManagedHsmKeyRemoval.cs | 12 +- .../Commands/UpdateAzureManagedHsmKey.cs | 14 +- .../Models/IKeyVaultDataServiceClient.cs | 10 +- .../Models/KeyVaultDataServiceClient.cs | 12 +- .../KeyVault/Properties/Resources.Designer.cs | 9 + .../KeyVault/Properties/Resources.resx | 3 + .../KeyVault/Track2Models/Track2HsmClient.cs | 69 ++-- .../Track2KeyVaultDataServiceClient.cs | 23 +- .../KeyVault/help/Add-AzManagedHsmKey.md | 372 ++++++++++++++++++ .../KeyVault/help/Backup-AzManagedHsmKey.md | 178 +++++++++ .../KeyVault/help/Get-AzManagedHsmKey.md | 254 ++++++++++++ .../KeyVault/help/Remove-AzManagedHsmKey.md | 192 +++++++++ .../KeyVault/help/Restore-AzManagedHsmKey.md | 169 ++++++++ .../help/Undo-AzManagedHsmKeyRemoval.md | 146 +++++++ .../KeyVault/help/Update-AzManagedHsmKey.md | 260 ++++++++++++ 21 files changed, 1797 insertions(+), 233 deletions(-) create mode 100644 src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md create mode 100644 src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md create mode 100644 src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md create mode 100644 src/KeyVault/KeyVault/help/Remove-AzManagedHsmKey.md create mode 100644 src/KeyVault/KeyVault/help/Restore-AzManagedHsmKey.md create mode 100644 src/KeyVault/KeyVault/help/Undo-AzManagedHsmKeyRemoval.md create mode 100644 src/KeyVault/KeyVault/help/Update-AzManagedHsmKey.md diff --git a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs index d38677585712..6411c5b04f84 100644 --- a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs @@ -37,30 +37,30 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Vault name + /// Hsm name /// [Parameter(Mandatory = true, ParameterSetName = InteractiveCreateParameterSet, Position = 0, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] [Parameter(Mandatory = true, ParameterSetName = InteractiveImportParameterSet, Position = 0, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] - public string VaultName { get; set; } + public string HsmName { get; set; } [Parameter(Mandatory = true, ParameterSetName = InputObjectCreateParameterSet, Position = 0, ValueFromPipeline = true, - HelpMessage = "Vault object.")] + HelpMessage = "Hsm object.")] [Parameter(Mandatory = true, ParameterSetName = InputObjectImportParameterSet, Position = 0, ValueFromPipeline = true, - HelpMessage = "Vault object.")] + HelpMessage = "Hsm object.")] [ValidateNotNullOrEmpty] public PSManagedHsm InputObject { get; set; } @@ -68,12 +68,12 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase ParameterSetName = ResourceIdCreateParameterSet, Position = 0, ValueFromPipelineByPropertyName = true, - HelpMessage = "Vault Resource Id.")] + HelpMessage = "Hsm Resource Id.")] [Parameter(Mandatory = true, ParameterSetName = ResourceIdImportParameterSet, Position = 0, ValueFromPipelineByPropertyName = true, - HelpMessage = "Vault Resource Id.")] + HelpMessage = "Hsm Resource Id.")] [ValidateNotNullOrEmpty] public string ResourceId { get; set; } @@ -82,7 +82,7 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase /// [Parameter(Mandatory = true, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed hsm name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] public string Name { get; set; } @@ -190,12 +190,12 @@ public override void ExecuteCmdlet() { if (InputObject != null) { - VaultName = InputObject.VaultName; + HsmName = InputObject.VaultName; } else if (ResourceId != null) { var resourceIdentifier = new ResourceIdentifier(ResourceId); - VaultName = resourceIdentifier.ResourceName; + HsmName = resourceIdentifier.ResourceName; } ValidateKeyExchangeKey(); @@ -207,20 +207,20 @@ public override void ExecuteCmdlet() if (string.IsNullOrEmpty(KeyFilePath)) { keyBundle = this.Track2DataClient.CreateManagedHsmKey( - VaultName, + HsmName, Name, CreateKeyAttributes(), Size, CurveName); this.WriteObject(keyBundle); } - /* else - { - *//* keyBundle = this.Track2DataClient.ImportManagedHsmKey( - HsmName, Name, - CreateKeyAttributes(), - CreateWebKeyFromFile());*//* - }*/ + else + { + keyBundle = this.Track2DataClient.ImportManagedHsmKey( + HsmName, Name, + CreateKeyAttributes(), + CreateWebKeyFromFile()); + } } } diff --git a/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs index 3fbcd16d9f74..e563f6525894 100644 --- a/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs @@ -28,15 +28,15 @@ public class BackupAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Vault name + /// Hsm name /// [Parameter(Mandatory = true, Position = 0, ParameterSetName = ByKeyNameParameterSet, - HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] - public string VaultName { get; set; } + public string HsmName { get; set; } /// /// Key name @@ -44,7 +44,7 @@ public class BackupAzureManagedHsmKey : KeyVaultCmdletBase [Parameter(Mandatory = true, Position = 1, ParameterSetName = ByKeyNameParameterSet, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed hsm name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] public string Name { get; set; } @@ -89,14 +89,14 @@ public override void ExecuteCmdlet() if (InputObject != null) { Name = InputObject.Name; - VaultName = InputObject.VaultName; + HsmName = InputObject.VaultName; } if (ShouldProcess(Name, Properties.Resources.BackupKey)) { if (string.IsNullOrEmpty(OutputFile)) { - OutputFile = GetDefaultFileForOperation("backup", VaultName, Name); + OutputFile = GetDefaultFileForOperation("backup", HsmName, Name); } var filePath = this.GetUnresolvedProviderPathFromPSPath(OutputFile); @@ -106,7 +106,7 @@ public override void ExecuteCmdlet() || Force.IsPresent || ShouldContinue(string.Format(Resources.FileOverwriteMessage, filePath), Resources.FileOverwriteCaption)) { - var backupBlobPath = this.Track2DataClient.BackupManagedHsmKey(VaultName, Name, filePath); + var backupBlobPath = this.Track2DataClient.BackupManagedHsmKey(HsmName, Name, filePath); this.WriteObject(backupBlobPath); } } diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs index f6c9e348c543..4b0aaec5af7e 100644 --- a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs @@ -24,24 +24,20 @@ namespace Microsoft.Azure.Commands.KeyVault { - [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", DefaultParameterSetName = ByVaultNameParameterSet)] + [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", DefaultParameterSetName = SpecifyHsmByHsmName + GetKeyWithoutConstraint)] [OutputType(typeof(PSKeyVaultKeyIdentityItem), typeof(PSKeyVaultKey), typeof(PSDeletedKeyVaultKeyIdentityItem), typeof(PSDeletedKeyVaultKey))] public class GetAzureManagedHsmKey : KeyVaultCmdletBase { #region Parameter Set Names - private const string ByVaultNameParameterSet = "ByVaultName"; - private const string ByKeyNameParameterSet = "ByKeyName"; - private const string ByKeyVersionsParameterSet = "ByKeyVersions"; + private const string SpecifyHsmByHsmName = "SpecifyHsmByHsmName"; + private const string SpecifyHsmByInputObject = "SpecifyHsmByInputObject"; + private const string SpecifyHsmByResourceId = "SpecifyHsmByResourceId"; - private const string InputObjectByVaultNameParameterSet = "ByInputObjectVaultName"; - private const string InputObjectByKeyNameParameterSet = "ByInputObjectKeyName"; - private const string InputObjectByKeyVersionsParameterSet = "ByInputObjectKeyVersions"; - - private const string ResourceIdByVaultNameParameterSet = "ByResourceIdVaultName"; - private const string ResourceIdByKeyNameParameterSet = "ByResourceIdKeyName"; - private const string ResourceIdByKeyVersionsParameterSet = "ByResourceIdKeyVersions"; + private const string GetKeyWithoutConstraint = "GetKeyWithoutConstraint"; + private const string GetKeyWithSpecifiedVersion = "GetKeyWithSpecifiedVersion"; + private const string GetKeyIncludeAllVersions = "GetKeyIncludeAllVersions"; private readonly string[] _supportedTypesForDownload = new string[] { Constants.RSA, Constants.RSAHSM }; @@ -50,63 +46,63 @@ public class GetAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Vault name + /// Hsm name /// [Parameter(Mandatory = true, Position = 0, - ParameterSetName = ByKeyNameParameterSet, - HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + ParameterSetName = SpecifyHsmByHsmName + GetKeyWithoutConstraint, + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] [Parameter(Mandatory = true, Position = 0, - ParameterSetName = ByVaultNameParameterSet, - HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + ParameterSetName = SpecifyHsmByHsmName + GetKeyWithSpecifiedVersion, + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] [Parameter(Mandatory = true, Position = 0, - ParameterSetName = ByKeyVersionsParameterSet, - HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + ParameterSetName = SpecifyHsmByHsmName + GetKeyIncludeAllVersions, + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] - public string VaultName { get; set; } + public string HsmName { get; set; } /// - /// KeyVault object + /// Hsm object /// [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, - ParameterSetName = InputObjectByVaultNameParameterSet, - HelpMessage = "KeyVault object.")] + ParameterSetName = SpecifyHsmByInputObject + GetKeyWithoutConstraint, + HelpMessage = "Hsm object.")] [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, - ParameterSetName = InputObjectByKeyNameParameterSet, - HelpMessage = "KeyVault object.")] + ParameterSetName = SpecifyHsmByInputObject + GetKeyWithSpecifiedVersion, + HelpMessage = "Hsm object.")] [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, - ParameterSetName = InputObjectByKeyVersionsParameterSet, - HelpMessage = "KeyVault object.")] + ParameterSetName = SpecifyHsmByInputObject + GetKeyIncludeAllVersions, + HelpMessage = "Hsm object.")] [ValidateNotNullOrEmpty] - public PSKeyVaultKeyIdentityItem InputObject { get; set; } + public PSManagedHsm InputObject { get; set; } /// - /// KeyVault resource id + /// Hsm resource id /// [Parameter(Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true, - ParameterSetName = ResourceIdByVaultNameParameterSet, - HelpMessage = "KeyVault Resource Id.")] + ParameterSetName = SpecifyHsmByResourceId + GetKeyWithoutConstraint, + HelpMessage = "Hsm Resource Id.")] [Parameter(Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true, - ParameterSetName = ResourceIdByKeyNameParameterSet, - HelpMessage = "KeyVault Resource Id.")] + ParameterSetName = SpecifyHsmByResourceId + GetKeyWithSpecifiedVersion, + HelpMessage = "Hsm Resource Id.")] [Parameter(Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true, - ParameterSetName = ResourceIdByKeyVersionsParameterSet, - HelpMessage = "KeyVault ResourceId.")] + ParameterSetName = SpecifyHsmByResourceId + GetKeyIncludeAllVersions, + HelpMessage = "Hsm ResourceId.")] [ValidateNotNullOrEmpty] public string ResourceId { get; set; } @@ -114,41 +110,41 @@ public class GetAzureManagedHsmKey : KeyVaultCmdletBase /// Key name. /// [Parameter(Mandatory = false, - ParameterSetName = ByVaultNameParameterSet, + ParameterSetName = SpecifyHsmByHsmName + GetKeyWithoutConstraint, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] [Parameter(Mandatory = false, - ParameterSetName = InputObjectByVaultNameParameterSet, + ParameterSetName = SpecifyHsmByInputObject + GetKeyWithoutConstraint, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] [Parameter(Mandatory = false, - ParameterSetName = ResourceIdByVaultNameParameterSet, + ParameterSetName = SpecifyHsmByResourceId + GetKeyWithoutConstraint, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] [Parameter(Mandatory = true, - ParameterSetName = ByKeyNameParameterSet, + ParameterSetName = SpecifyHsmByHsmName + GetKeyWithSpecifiedVersion, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] [Parameter(Mandatory = true, - ParameterSetName = InputObjectByKeyNameParameterSet, + ParameterSetName = SpecifyHsmByInputObject + GetKeyWithSpecifiedVersion, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] [Parameter(Mandatory = true, - ParameterSetName = ResourceIdByKeyNameParameterSet, + ParameterSetName = SpecifyHsmByResourceId + GetKeyWithSpecifiedVersion, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] [Parameter(Mandatory = true, - ParameterSetName = ByKeyVersionsParameterSet, + ParameterSetName = SpecifyHsmByHsmName + GetKeyIncludeAllVersions, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] [Parameter(Mandatory = true, - ParameterSetName = InputObjectByKeyVersionsParameterSet, + ParameterSetName = SpecifyHsmByInputObject + GetKeyIncludeAllVersions, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] [Parameter(Mandatory = true, - ParameterSetName = ResourceIdByKeyVersionsParameterSet, + ParameterSetName = SpecifyHsmByResourceId + GetKeyIncludeAllVersions, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] [SupportsWildcards] @@ -158,42 +154,42 @@ public class GetAzureManagedHsmKey : KeyVaultCmdletBase /// Key version. /// [Parameter(Mandatory = true, - ParameterSetName = ByKeyNameParameterSet, + ParameterSetName = SpecifyHsmByHsmName + GetKeyWithSpecifiedVersion, Position = 2, - HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")] + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment, key name and key version.")] [Parameter(Mandatory = true, - ParameterSetName = InputObjectByKeyNameParameterSet, + ParameterSetName = SpecifyHsmByInputObject + GetKeyWithSpecifiedVersion, Position = 2, - HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")] + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment, key name and key version.")] [Parameter(Mandatory = true, - ParameterSetName = ResourceIdByKeyNameParameterSet, + ParameterSetName = SpecifyHsmByResourceId + GetKeyWithSpecifiedVersion, Position = 2, - HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")] + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment, key name and key version.")] [Alias("KeyVersion")] public string Version { get; set; } - [Parameter(Mandatory = false, - ParameterSetName = ByVaultNameParameterSet, - HelpMessage = "Specifies whether to show the previously deleted keys in the output.")] - [Parameter(Mandatory = false, - ParameterSetName = InputObjectByVaultNameParameterSet, - HelpMessage = "Specifies whether to show the previously deleted keys in the output.")] - [Parameter(Mandatory = false, - ParameterSetName = ResourceIdByVaultNameParameterSet, - HelpMessage = "Specifies whether to show the previously deleted keys in the output.")] - public SwitchParameter InRemovedState { get; set; } - [Parameter(Mandatory = true, - ParameterSetName = ByKeyVersionsParameterSet, + ParameterSetName = SpecifyHsmByHsmName + GetKeyIncludeAllVersions, HelpMessage = "Specifies whether to include the versions of the key in the output.")] [Parameter(Mandatory = true, - ParameterSetName = InputObjectByKeyVersionsParameterSet, + ParameterSetName = SpecifyHsmByInputObject + GetKeyIncludeAllVersions, HelpMessage = "Specifies whether to include the versions of the key in the output.")] [Parameter(Mandatory = true, - ParameterSetName = ResourceIdByKeyVersionsParameterSet, + ParameterSetName = SpecifyHsmByResourceId + GetKeyIncludeAllVersions, HelpMessage = "Specifies whether to include the versions of the key in the output.")] public SwitchParameter IncludeVersions { get; set; } + [Parameter(Mandatory = false, + ParameterSetName = SpecifyHsmByHsmName + GetKeyWithoutConstraint, + HelpMessage = "Specifies whether to show the previously deleted keys in the output.")] + [Parameter(Mandatory = false, + ParameterSetName = SpecifyHsmByInputObject + GetKeyWithoutConstraint, + HelpMessage = "Specifies whether to show the previously deleted keys in the output.")] + [Parameter(Mandatory = false, + ParameterSetName = SpecifyHsmByResourceId + GetKeyWithoutConstraint, + HelpMessage = "Specifies whether to show the previously deleted keys in the output.")] + public SwitchParameter InRemovedState { get; set; } + [Parameter(Mandatory = false, HelpMessage = "Specifies the output file for which this cmdlet saves the key. The public key is saved in PEM format by default.")] [ValidateNotNullOrEmpty] public string OutFile { get; set; } @@ -206,50 +202,48 @@ public override void ExecuteCmdlet() if (InputObject != null) { - VaultName = InputObject.VaultName; + HsmName = InputObject.VaultName; } else if (!string.IsNullOrEmpty(ResourceId)) { var parsedResourceId = new ResourceIdentifier(ResourceId); - VaultName = parsedResourceId.ResourceName; + HsmName = parsedResourceId.ResourceName; } if (!string.IsNullOrEmpty(Version)) { - keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, Version); + keyBundle = this.Track2DataClient.GetManagedHsmKey(HsmName, Name, Version); WriteObject(keyBundle); } else if (IncludeVersions.IsPresent) { - keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, string.Empty); - if (keyBundle != null) - { - WriteObject(new PSKeyVaultKeyIdentityItem(keyBundle)); - GetAndWriteKeyVersions(VaultName, Name, keyBundle.Version); - } + WriteObject(this.Track2DataClient.GetManagedHsmKeyAllVersions(HsmName, Name), true); } else if (InRemovedState.IsPresent) { if (string.IsNullOrEmpty(Name) || WildcardPattern.ContainsWildcardCharacters(Name)) { - GetAndWriteDeletedKeys(VaultName, Name); + WriteObject(KVSubResourceWildcardFilter( + Name, this.Track2DataClient.GetManagedHsmDeletedKeys(HsmName)), + true); } else { - PSDeletedKeyVaultKey deletedKeyBundle = this.Track2DataClient.GetManagedHsmDeletedKey(VaultName, Name); + PSDeletedKeyVaultKey deletedKeyBundle = this.Track2DataClient.GetManagedHsmDeletedKey(HsmName, Name); WriteObject(deletedKeyBundle); } } else { - // to do: figure out how to use class pageable if (string.IsNullOrEmpty(Name) || WildcardPattern.ContainsWildcardCharacters(Name)) { - GetAndWriteKeys(VaultName, Name); + WriteObject(KVSubResourceWildcardFilter( + Name, this.Track2DataClient.GetManagedHsmKeys(HsmName)), + true); } else { - keyBundle = this.Track2DataClient.GetManagedHsmKey(VaultName, Name, string.Empty); + keyBundle = this.Track2DataClient.GetManagedHsmKey(HsmName, Name, string.Empty); WriteObject(keyBundle); } } @@ -260,31 +254,6 @@ public override void ExecuteCmdlet() } } - private void GetAndWriteKeys(string vaultName, string name) => - GetAndWriteObjects(new KeyVaultObjectFilterOptions - { - VaultName = vaultName, - NextLink = null - }, - (options) => KVSubResourceWildcardFilter(name, this.Track2DataClient.GetManagedHsmKeys(options))); - - private void GetAndWriteDeletedKeys(string vaultName, string name) => - GetAndWriteObjects(new KeyVaultObjectFilterOptions - { - VaultName = vaultName, - NextLink = null - }, - (options) => KVSubResourceWildcardFilter(name, this.Track2DataClient.GetManagedHsmDeletedKeys(options))); - - private void GetAndWriteKeyVersions(string vaultName, string name, string currentKeyVersion) => - GetAndWriteObjects(new KeyVaultObjectFilterOptions - { - VaultName = vaultName, - NextLink = null, - Name = name - }, - (options) => this.Track2DataClient.GetManagedHsmKeyVersions(options).Where(k => k.Version != currentKeyVersion)); - private void DownloadKey(JsonWebKey jwk, string path) { if (CanDownloadKey(jwk, out string reason)) diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs index d751fc85ea64..fdf26957b0d6 100644 --- a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs @@ -20,48 +20,48 @@ namespace Microsoft.Azure.Commands.KeyVault { - [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = ByVaultNameParameterSet)] + [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = RemoveByKeyNameParameterSet)] [OutputType(typeof(PSDeletedKeyVaultKey))] public class RemoveAzureManagedHsmKey : KeyVaultCmdletBase { #region Parameter Set Names - private const string ByVaultNameParameterSet = "ByVaultName"; - private const string ByInputObjectParameterSet = "ByInputObject"; + private const string RemoveByKeyNameParameterSet = "RemoveByKeyNameParameterSet"; + private const string RemoveByInputObjectParameterSet = "RemoveByInputObjectParameterSet"; #endregion #region Input Parameter Definitions /// - /// Vault name + /// Hsm name /// [Parameter(Mandatory = true, Position = 0, - ParameterSetName = ByVaultNameParameterSet, - HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + ParameterSetName = RemoveByKeyNameParameterSet, + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] - public string VaultName { get; set; } + public string HsmName { get; set; } /// /// key name /// [Parameter(Mandatory = true, Position = 1, - ParameterSetName = ByVaultNameParameterSet, + ParameterSetName = RemoveByKeyNameParameterSet, HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] public string Name { get; set; } /// - /// KeyBundle object + /// Key object /// [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, - ParameterSetName = ByInputObjectParameterSet, + ParameterSetName = RemoveByInputObjectParameterSet, HelpMessage = "Key Object")] [ValidateNotNullOrEmpty] public PSKeyVaultKeyIdentityItem InputObject { get; set; } @@ -89,8 +89,8 @@ public override void ExecuteCmdlet() { if (InputObject != null) { - VaultName = InputObject.VaultName; - Name = InputObject.Name.ToString(); + HsmName = InputObject.VaultName; + Name = InputObject.Name; } if (InRemovedState.IsPresent) @@ -106,7 +106,7 @@ public override void ExecuteCmdlet() Resources.RemoveDeletedKeyWhatIfMessage, Name), Name, - () => { this.Track2DataClient.PurgeManagedHsmKey(VaultName, Name); }); + () => { this.Track2DataClient.PurgeManagedHsmKey(HsmName, Name); }); return; } @@ -122,7 +122,7 @@ public override void ExecuteCmdlet() Resources.RemoveKeyWhatIfMessage, Name), Name, - () => { deletedKeyBundle = this.Track2DataClient.DeleteManagedHsmKey(VaultName, Name); }); + () => { deletedKeyBundle = this.Track2DataClient.DeleteManagedHsmKey(HsmName, Name); }); if (PassThru) { diff --git a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs index 14518984d877..8804401dd406 100644 --- a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs @@ -10,13 +10,13 @@ namespace Microsoft.Azure.Commands.KeyVault /// /// Restores the backup key into a vault /// - [Cmdlet("Restore", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = ByVaultNameParameterSet)] + [Cmdlet("Restore", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = ByHsmNameParameterSet)] [OutputType(typeof(PSKeyVaultKey))] public class RestoreAzureManagedHsmKey : KeyVaultCmdletBase { #region Parameter Set Names - private const string ByVaultNameParameterSet = "ByVaultName"; + private const string ByHsmNameParameterSet = "ByHsmName"; private const string ByInputObjectParameterSet = "ByInputObject"; private const string ByResourceIdParameterSet = "ByResourceId"; @@ -25,35 +25,35 @@ public class RestoreAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Vault name + /// Hsm name /// [Parameter(Mandatory = true, Position = 0, - ParameterSetName = ByVaultNameParameterSet, - HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + ParameterSetName = ByHsmNameParameterSet, + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] - public string VaultName { get; set; } + public string HsmName { get; set; } /// - /// KeyVault object + /// Hsm object /// [Parameter(Mandatory = true, Position = 0, ParameterSetName = ByInputObjectParameterSet, ValueFromPipeline = true, - HelpMessage = "KeyVault object")] + HelpMessage = "Hsm object")] [ValidateNotNullOrEmpty] - public PSKeyVaultKeyIdentityItem InputObject { get; set; } + public PSManagedHsm InputObject { get; set; } /// - /// KeyVault ResourceId + /// Hsm ResourceId /// [Parameter(Mandatory = true, Position = 0, ParameterSetName = ByResourceIdParameterSet, ValueFromPipelineByPropertyName = true, - HelpMessage = "KeyVault Resource Id")] + HelpMessage = "Hsm Resource Id")] [ValidateNotNullOrEmpty] public string ResourceId { get; set; } @@ -72,25 +72,25 @@ public override void ExecuteCmdlet() { if (InputObject != null) { - VaultName = InputObject.VaultName; + HsmName = InputObject.VaultName; } else if (ResourceId != null) { var resourceIdentifier = new ResourceIdentifier(ResourceId); - VaultName = resourceIdentifier.ResourceName; + HsmName = resourceIdentifier.ResourceName; } - if (ShouldProcess(VaultName, Properties.Resources.RestoreKey)) + if (ShouldProcess(HsmName, Properties.Resources.RestoreKey)) { - var filePath = ResolveKeyVaultPath(InputFile); + var filePath = ResolveKeyPath(InputFile); - var restoredKeyBundle = this.Track2DataClient.RestoreManagedHsmKey(VaultName, filePath); + var restoredKeyBundle = this.Track2DataClient.RestoreManagedHsmKey(HsmName, filePath); this.WriteObject(restoredKeyBundle); } } - private string ResolveKeyVaultPath(string filePath) + private string ResolveKeyPath(string filePath) { FileInfo keyFile = new FileInfo(this.ResolveUserPath(filePath)); if (!keyFile.Exists) diff --git a/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultKeyRemoval.cs b/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultKeyRemoval.cs index 7b7dc3d612d8..48db2cd68523 100644 --- a/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultKeyRemoval.cs +++ b/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultKeyRemoval.cs @@ -43,7 +43,7 @@ public class UndoAzureKeyVaultKeyRemoval : KeyVaultCmdletBase public string VaultName { get; set; } /// - /// Secret name + /// Key name /// [Parameter(Mandatory = true, Position = 1, diff --git a/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs b/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs index 9988ca4eddbb..3bd9dd693145 100644 --- a/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs +++ b/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs @@ -18,7 +18,7 @@ public class UndoAzureManagedHsmKeyRemoval : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Vault name + /// Hsm name /// [Parameter(Mandatory = true, Position = 0, @@ -26,15 +26,15 @@ public class UndoAzureManagedHsmKeyRemoval : KeyVaultCmdletBase HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] - public string VaultName { get; set; } + public string HsmName { get; set; } /// - /// Secret name + /// Key name /// [Parameter(Mandatory = true, Position = 1, ParameterSetName = DefaultParameterSet, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] public string Name { get; set; } @@ -56,13 +56,13 @@ public override void ExecuteCmdlet() { if (InputObject != null) { - VaultName = InputObject.VaultName; + HsmName = InputObject.VaultName; Name = InputObject.Name; } if (ShouldProcess(Name, Properties.Resources.RecoverKey)) { - PSKeyVaultKey recoveredKey = this.Track2DataClient.RecoverManagedHsmKey(VaultName, Name); + PSKeyVaultKey recoveredKey = this.Track2DataClient.RecoverManagedHsmKey(HsmName, Name); WriteObject(recoveredKey); } diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs index ade3ee7f0b4d..d331ccf790b2 100644 --- a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs @@ -21,7 +21,7 @@ namespace Microsoft.Azure.Commands.KeyVault { /// - /// Update attribute of a key vault key. + /// Update attribute of a managed hsm key. /// [Alias("Set-" + ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", "Set-" + ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKeyAttribute")] [Cmdlet("Update", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = DefaultParameterSet)] @@ -38,15 +38,15 @@ public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Vault name + /// Hsm name /// [Parameter(Mandatory = true, Position = 0, ParameterSetName = DefaultParameterSet, - HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] - public string VaultName { get; set; } + public string HsmName { get; set; } /// /// key name @@ -54,7 +54,7 @@ public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase [Parameter(Mandatory = true, Position = 1, ParameterSetName = DefaultParameterSet, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed hsm name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] public string Name { get; set; } @@ -124,14 +124,14 @@ public override void ExecuteCmdlet() { if (InputObject != null) { - VaultName = InputObject.VaultName; + HsmName = InputObject.VaultName; Name = InputObject.Name; } if (ShouldProcess(Name, Properties.Resources.SetKeyAttribute)) { var keyBundle = this.Track2DataClient.UpdateManagedHsmKey( - VaultName, + HsmName, Name, Version ?? string.Empty, new PSKeyVaultKeyAttributes(Enable, Expires, NotBefore, null, KeyOps, Tag)); diff --git a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs index 007bb4336302..ba9580bada39 100644 --- a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs @@ -31,13 +31,15 @@ public interface IKeyVaultDataServiceClient PSKeyVaultKey ImportKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, JsonWebKey webKey, bool? importToHsm); + PSKeyVaultKey ImportManagedHsmKey(string managedHsmName, string keyName, JsonWebKey webKey); + PSKeyVaultKey UpdateKey(string vaultName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes); PSKeyVaultKey UpdateManagedHsmKey(string managedHsmName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes); PSKeyVaultKey GetKey(string vaultName, string keyName, string keyVersion); - PSKeyVaultKey GetManagedHsmKey(string vaultName, string keyName, string keyVersion); + PSKeyVaultKey GetManagedHsmKey(string managedHsmName, string keyName, string keyVersion); PSDeletedKeyVaultKey GetDeletedKey(string managedHsmName, string keyName); @@ -45,15 +47,15 @@ public interface IKeyVaultDataServiceClient IEnumerable GetKeys(KeyVaultObjectFilterOptions options); - IEnumerable GetManagedHsmKeys(KeyVaultObjectFilterOptions options); + IEnumerable GetManagedHsmKeys(string managedHsmName); IEnumerable GetKeyVersions(KeyVaultObjectFilterOptions options); - IEnumerable GetManagedHsmKeyVersions(KeyVaultObjectFilterOptions options); + IEnumerable GetManagedHsmKeyAllVersions(string managedHsmName, string keyName); IEnumerable GetDeletedKeys(KeyVaultObjectFilterOptions options); - IEnumerable GetManagedHsmDeletedKeys(KeyVaultObjectFilterOptions options); + IEnumerable GetManagedHsmDeletedKeys(string managedHsmName); PSDeletedKeyVaultKey DeleteKey(string vaultName, string keyName); diff --git a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs index a56ec9e11325..61c513ec6ee0 100644 --- a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs @@ -2022,6 +2022,12 @@ public PSDeletedKeyVaultKey DeleteManagedHsmKey(string managedHsmName, string ke { throw new NotImplementedException("Removing keys on managed HSM is only possible in track 2 SDK."); } + + public PSKeyVaultKey ImportManagedHsmKey(string managedHsmName, string keyName, JsonWebKey webKey) + { + throw new NotImplementedException("Importing keys on managed HSM is only possible in track 2 SDK."); + } + public PSKeyVaultKey UpdateManagedHsmKey(string managedHsmName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes) { throw new NotImplementedException("Updating keys on managed HSM is only possible in track 2 SDK."); @@ -2036,12 +2042,12 @@ public PSKeyVaultKey GetManagedHsmKey(string managedHsmName, string keyName, str throw new NotImplementedException("Getting keys on managed HSM is only possible in track 2 SDK."); } - public IEnumerable GetManagedHsmKeyVersions(KeyVaultObjectFilterOptions options) + public IEnumerable GetManagedHsmKeyAllVersions(string managedHsmName, string keyName) { throw new NotImplementedException("Getting key versions on managed HSM is only possible in track 2 SDK."); } - public IEnumerable GetManagedHsmKeys(KeyVaultObjectFilterOptions options) + public IEnumerable GetManagedHsmKeys(string managedHsmName) { throw new NotImplementedException("Getting keys on managed HSM is only possible in track 2 SDK."); } @@ -2051,7 +2057,7 @@ public PSDeletedKeyVaultKey GetManagedHsmDeletedKey(string managedHsmName, strin throw new NotImplementedException("Getting deleted keys on managed HSM is only possible in track 2 SDK."); } - public IEnumerable GetManagedHsmDeletedKeys(KeyVaultObjectFilterOptions options) + public IEnumerable GetManagedHsmDeletedKeys(string managedHsmNam) { throw new NotImplementedException("Getting deleted keys on managed HSM is only possible in track 2 SDK."); } diff --git a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs index eac84623e4cb..9f7864e149d5 100644 --- a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs +++ b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs @@ -387,6 +387,15 @@ internal static string InvalidCurrentSubscription { } } + /// + /// Looks up a localized string similar to Invalid hsm name.. + /// + internal static string InvalidHsmName { + get { + return ResourceManager.GetString("InvalidHsmName", resourceCulture); + } + } + /// /// Looks up a localized string similar to Invalid key attributes. /// diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx index 996404407922..c0013a8ebd21 100644 --- a/src/KeyVault/KeyVault/Properties/Resources.resx +++ b/src/KeyVault/KeyVault/Properties/Resources.resx @@ -501,4 +501,7 @@ You can find the object ID using Azure Active Directory Module for Windows Power Invalid key properties + + Invalid hsm name. + \ No newline at end of file diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs index 55ba506883f4..e2233e118fef 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs @@ -293,14 +293,12 @@ private PSKeyVaultKey GetKey(KeyClient client, string keyName, string keyVersion return new PSKeyVaultKey(keyBundle, this._uriHelper); } - internal IEnumerable GetKeys(KeyVaultObjectFilterOptions options) + internal IEnumerable GetKeys(string managedHsmName) { - if (options == null) - throw new ArgumentNullException(nameof(options)); - if (string.IsNullOrEmpty(options.VaultName)) - throw new ArgumentException(KeyVaultProperties.Resources.InvalidVaultName); + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentException(KeyVaultProperties.Resources.InvalidHsmName); - var client = CreateKeyClient(options.VaultName); + var client = CreateKeyClient(managedHsmName); try { @@ -315,19 +313,30 @@ internal IEnumerable GetKeys(KeyVaultObjectFilterOpti } } - internal IEnumerable GetKeyVersions(KeyVaultObjectFilterOptions options) - { - if (options == null) - throw new ArgumentNullException(nameof(options)); - - if (string.IsNullOrEmpty(options.VaultName)) - throw new ArgumentException(KeyVaultProperties.Resources.InvalidVaultName); + internal IEnumerable GetKeyAllVersions(string managedHsmName, string keyName) + { + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentException(KeyVaultProperties.Resources.InvalidHsmName); - if (string.IsNullOrEmpty(options.Name)) + if (string.IsNullOrEmpty(keyName)) throw new ArgumentException(KeyVaultProperties.Resources.InvalidKeyName); - var client = CreateKeyClient(options.VaultName); - return GetKeyVersions(client, options); + var client = CreateKeyClient(managedHsmName); + return GetAllVersionKeys(client, keyName); + } + + private IEnumerable GetAllVersionKeys(KeyClient client, string keyName) + { + try + { + IEnumerable result = client.GetPropertiesOfKeyVersions(keyName); + return (result == null) ? new List() : + result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper)); + } + catch (Exception ex) + { + throw GetInnerException(ex); + } } internal PSDeletedKeyVaultKey GetDeletedKey(string managedHsmName, string keyName) @@ -364,15 +373,12 @@ private PSDeletedKeyVaultKey GetDeletedKey(KeyClient client, string keyName) return new PSDeletedKeyVaultKey(deletedKeyBundle, _uriHelper); } - internal IEnumerable GetDeletedKeys(KeyVaultObjectFilterOptions options) + internal IEnumerable GetDeletedKeys(string managedHsmName) { - if (options == null) - throw new ArgumentNullException("options"); - - if (string.IsNullOrEmpty(options.VaultName)) + if (string.IsNullOrEmpty(managedHsmName)) throw new ArgumentException(KeyVaultProperties.Resources.InvalidVaultName); - var client = CreateKeyClient(options.VaultName); + var client = CreateKeyClient(managedHsmName); try { @@ -387,6 +393,11 @@ internal IEnumerable GetDeletedKeys(KeyVaultOb } } + internal PSKeyVaultKey ImportManagedHsmKey(string managedHsmName, string keyName, JsonWebKey webKey) + { + return + } + internal void PurgeKey(string managedHsmName, string keyName) { if (string.IsNullOrEmpty(managedHsmName)) @@ -406,20 +417,6 @@ internal void PurgeKey(string managedHsmName, string keyName) } } - private IEnumerable GetKeyVersions(KeyClient client, KeyVaultObjectFilterOptions options) - { - try - { - IEnumerable result = client.GetPropertiesOfKeyVersions(options.Name); - return (result == null) ? new List() : - result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper)); - } - catch (Exception ex) - { - throw GetInnerException(ex); - } - } - private Exception GetInnerException(Exception exception) { while (exception.InnerException != null) exception = exception.InnerException; diff --git a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs index 7245c18fc43d..05824fe1daf9 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs @@ -427,29 +427,36 @@ public PSDeletedKeyVaultKey GetManagedHsmDeletedKey(string managedHsmName, strin return HsmClient.GetDeletedKey(managedHsmName, keyName); } - public IEnumerable GetManagedHsmDeletedKeys(KeyVaultObjectFilterOptions options) + public IEnumerable GetManagedHsmDeletedKeys(string managedHsmName) { - return HsmClient.GetDeletedKeys(options); + return HsmClient.GetDeletedKeys(managedHsmName); } - public PSKeyVaultKey GetManagedHsmKey(string vaultName, string keyName, string keyVersion) + public PSKeyVaultKey GetManagedHsmKey(string managedHsmName, string keyName, string keyVersion) { - return HsmClient.GetKey(vaultName, keyName, keyVersion); + return HsmClient.GetKey(managedHsmName, keyName, keyVersion); } - public IEnumerable GetManagedHsmKeys(KeyVaultObjectFilterOptions options) + public IEnumerable GetManagedHsmKeys(string managedHsmName) { - return HsmClient.GetKeys(options); + return HsmClient.GetKeys(managedHsmName); } - public IEnumerable GetManagedHsmKeyVersions(KeyVaultObjectFilterOptions options) + public IEnumerable GetManagedHsmKeyAllVersions(string managedHsmName, string keyName) { - return HsmClient.GetKeyVersions(options); + return HsmClient.GetKeyAllVersions(managedHsmName, keyName); } + public void PurgeManagedHsmKey(string managedHsmName, string keyName) { HsmClient.PurgeKey(managedHsmName, keyName); } + + public PSKeyVaultKey ImportManagedHsmKey(string managedHsmName, string keyName, JsonWebKey webKey) + { + HsmClient.ImportKey(managedHsmName, keyName, webKey); + } + #endregion } diff --git a/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md new file mode 100644 index 000000000000..3969919d5d6d --- /dev/null +++ b/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md @@ -0,0 +1,372 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml +Module Name: Az.KeyVault +online version: +schema: 2.0.0 +--- + +# Add-AzManagedHsmKey + +## SYNOPSIS +Creates a key in a managed hsm or imports a key into a managed hsm. + +## SYNTAX + +### InteractiveCreate (Default) +``` +Add-AzManagedHsmKey [-HsmName] [-Name] -KeyType [-CurveName ] [-Disable] + [-KeyOps ] [-Expires ] [-NotBefore ] [-Tag ] [-Size ] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### InteractiveImport +``` +Add-AzManagedHsmKey [-HsmName] [-Name] -KeyFilePath + [-KeyFilePassword ] -KeyType [-CurveName ] [-Disable] [-KeyOps ] + [-Expires ] [-NotBefore ] [-Tag ] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### InputObjectCreate +``` +Add-AzManagedHsmKey [-InputObject] [-Name] -KeyType [-CurveName ] + [-Disable] [-KeyOps ] [-Expires ] [-NotBefore ] [-Tag ] + [-Size ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### InputObjectImport +``` +Add-AzManagedHsmKey [-InputObject] [-Name] -KeyFilePath + [-KeyFilePassword ] -KeyType [-CurveName ] [-Disable] [-KeyOps ] + [-Expires ] [-NotBefore ] [-Tag ] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### ResourceIdCreate +``` +Add-AzManagedHsmKey [-ResourceId] [-Name] -KeyType [-CurveName ] [-Disable] + [-KeyOps ] [-Expires ] [-NotBefore ] [-Tag ] [-Size ] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### ResourceIdImport +``` +Add-AzManagedHsmKey [-ResourceId] [-Name] -KeyFilePath + [-KeyFilePassword ] -KeyType [-CurveName ] [-Disable] [-KeyOps ] + [-Expires ] [-NotBefore ] [-Tag ] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Add-AzManagedHsmKey** cmdlet creates a key in a managed hsm in Azure Managed Hsm or imports a key into a managed hsm. +Use this cmdlet to add keys by using any of the following methods: +- Create a key with default key attributes +- Create a key with given key attributes +- Import a key by importing key material with default key attributes +- Import a key by importing key material with given key attributes +For any of these operations, you can provide key attributes or accept default settings. +If you create or import a key that has the same name as an existing key in your key vault, the +original key is updated with the values that you specify for the new key. You can access the +previous values by using the version-specific URI for that version of the key. To learn about key +versions and the URI structure, see [About Keys and Secrets](http://go.microsoft.com/fwlink/?linkid=518560) +in the Key Vault REST API documentation. +Note: To import a key from your own hardware security module, you must first generate a BYOK +package (a file with a .byok file name extension) by using the Azure Key Vault BYOK toolset. For +more information, see +[How to Generate and Transfer HSM-Protected Keys for Azure Key Vault](http://go.microsoft.com/fwlink/?LinkId=522252). +As a best practice, back up your key after it is created or updated, by using the +Backup-AzKeyVaultKey cmdlet. There is no undelete functionality, so if you accidentally delete +your key or delete it and then change your mind, the key is not recoverable unless you have a +backup of it that you can restore. +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -CurveName +Specifies the curve name of elliptic curve cryptography, this value is valid when KeyType is EC. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: +Accepted values: P-256, P-256K, P-384, P-521 + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Disable +Indicates that the key you are adding is set to an initial state of disabled. +Any attempt to use the key will fail. +Use this parameter if you are preloading keys that you intend to enable later. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Expires +Specifies the expiration time of the key in UTC. +If not specified, key will not expire. + +```yaml +Type: System.Nullable`1[System.DateTime] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HsmName +Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. + +```yaml +Type: System.String +Parameter Sets: InteractiveCreate, InteractiveImport +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Vault object. + +```yaml +Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm +Parameter Sets: InputObjectCreate, InputObjectImport +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -KeyFilePassword +Password of the local file containing the key material to be imported. + +```yaml +Type: System.Security.SecureString +Parameter Sets: InteractiveImport, InputObjectImport, ResourceIdImport +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KeyFilePath +Path to the local file containing the key material to be imported. + +```yaml +Type: System.String +Parameter Sets: InteractiveImport, InputObjectImport, ResourceIdImport +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KeyOps +The operations that can be performed with the key. +If not present, all operations can be performed. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -KeyType +Specifies the key type of this key. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: +Accepted values: RSA, EC, oct + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Key name. +Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: KeyName + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotBefore +The UTC time before which the key can't be used. +If not specified, there is no limitation. + +```yaml +Type: System.Nullable`1[System.DateTime] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceId +Vault Resource Id. + +```yaml +Type: System.String +Parameter Sets: ResourceIdCreate, ResourceIdImport +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Size +RSA key size, in bits. +If not specified, the service will provide a safe default. + +```yaml +Type: System.Nullable`1[System.Int32] +Parameter Sets: InteractiveCreate, InputObjectCreate, ResourceIdCreate +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Tag +A hashtable representing key tags. + +```yaml +Type: System.Collections.Hashtable +Parameter Sets: (All) +Aliases: Tags + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm + +### System.String + +## OUTPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm + +## NOTES + +## RELATED LINKS diff --git a/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md new file mode 100644 index 000000000000..334bc3684678 --- /dev/null +++ b/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md @@ -0,0 +1,178 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml +Module Name: Az.KeyVault +online version: +schema: 2.0.0 +--- + +# Backup-AzManagedHsmKey + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +### ByKeyName (Default) +``` +Backup-AzManagedHsmKey [-HsmName] [-Name] [[-OutputFile] ] [-Force] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### ByKey +``` +Backup-AzManagedHsmKey [-InputObject] [[-OutputFile] ] [-Force] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Overwrite the given file if it exists + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HsmName +Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. + +```yaml +Type: System.String +Parameter Sets: ByKeyName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Key bundle to back up, pipelined in from the output of a retrieval call. + +```yaml +Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem +Parameter Sets: ByKey +Aliases: Key + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +Key name. +Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. + +```yaml +Type: System.String +Parameter Sets: ByKeyName +Aliases: KeyName + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OutputFile +Output file. +The output file to store the backed up key blob in. +If not present, a default filename is chosen. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem + +## OUTPUTS + +### System.String + +## NOTES + +## RELATED LINKS diff --git a/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md new file mode 100644 index 000000000000..69ec1de57ee1 --- /dev/null +++ b/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md @@ -0,0 +1,254 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml +Module Name: Az.KeyVault +online version: +schema: 2.0.0 +--- + +# Get-AzManagedHsmKey + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +### SpecifyHsmByHsmNameGetKeyWithoutConstraint (Default) +``` +Get-AzManagedHsmKey [-HsmName] [[-Name] ] [-InRemovedState] [-OutFile ] + [-DefaultProfile ] [] +``` + +### SpecifyHsmByHsmNameGetKeyWithSpecifiedVersion +``` +Get-AzManagedHsmKey [-HsmName] [-Name] [-Version] [-OutFile ] + [-DefaultProfile ] [] +``` + +### SpecifyHsmByHsmNameGetKeyIncludeAllVersions +``` +Get-AzManagedHsmKey [-HsmName] [-Name] [-IncludeVersions] [-OutFile ] + [-DefaultProfile ] [] +``` + +### SpecifyHsmByInputObjectGetKeyWithoutConstraint +``` +Get-AzManagedHsmKey [-InputObject] [[-Name] ] [-InRemovedState] [-OutFile ] + [-DefaultProfile ] [] +``` + +### SpecifyHsmByInputObjectGetKeyWithSpecifiedVersion +``` +Get-AzManagedHsmKey [-InputObject] [-Name] [-Version] [-OutFile ] + [-DefaultProfile ] [] +``` + +### SpecifyHsmByInputObjectGetKeyIncludeAllVersions +``` +Get-AzManagedHsmKey [-InputObject] [-Name] [-IncludeVersions] [-OutFile ] + [-DefaultProfile ] [] +``` + +### SpecifyHsmByResourceIdGetKeyWithoutConstraint +``` +Get-AzManagedHsmKey [-ResourceId] [[-Name] ] [-InRemovedState] [-OutFile ] + [-DefaultProfile ] [] +``` + +### SpecifyHsmByResourceIdGetKeyWithSpecifiedVersion +``` +Get-AzManagedHsmKey [-ResourceId] [-Name] [-Version] [-OutFile ] + [-DefaultProfile ] [] +``` + +### SpecifyHsmByResourceIdGetKeyIncludeAllVersions +``` +Get-AzManagedHsmKey [-ResourceId] [-Name] [-IncludeVersions] [-OutFile ] + [-DefaultProfile ] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HsmName +Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. + +```yaml +Type: System.String +Parameter Sets: SpecifyHsmByHsmNameGetKeyWithoutConstraint, SpecifyHsmByHsmNameGetKeyWithSpecifiedVersion, SpecifyHsmByHsmNameGetKeyIncludeAllVersions +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeVersions +Specifies whether to include the versions of the key in the output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: SpecifyHsmByHsmNameGetKeyIncludeAllVersions, SpecifyHsmByInputObjectGetKeyIncludeAllVersions, SpecifyHsmByResourceIdGetKeyIncludeAllVersions +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +KeyVault object. + +```yaml +Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm +Parameter Sets: SpecifyHsmByInputObjectGetKeyWithoutConstraint, SpecifyHsmByInputObjectGetKeyWithSpecifiedVersion, SpecifyHsmByInputObjectGetKeyIncludeAllVersions +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -InRemovedState +Specifies whether to show the previously deleted keys in the output. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: SpecifyHsmByHsmNameGetKeyWithoutConstraint, SpecifyHsmByInputObjectGetKeyWithoutConstraint, SpecifyHsmByResourceIdGetKeyWithoutConstraint +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Key name. +Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. + +```yaml +Type: System.String +Parameter Sets: SpecifyHsmByHsmNameGetKeyWithoutConstraint, SpecifyHsmByInputObjectGetKeyWithoutConstraint, SpecifyHsmByResourceIdGetKeyWithoutConstraint +Aliases: KeyName + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +```yaml +Type: System.String +Parameter Sets: SpecifyHsmByHsmNameGetKeyWithSpecifiedVersion, SpecifyHsmByHsmNameGetKeyIncludeAllVersions, SpecifyHsmByInputObjectGetKeyWithSpecifiedVersion, SpecifyHsmByInputObjectGetKeyIncludeAllVersions, SpecifyHsmByResourceIdGetKeyWithSpecifiedVersion, SpecifyHsmByResourceIdGetKeyIncludeAllVersions +Aliases: KeyName + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OutFile +Specifies the output file for which this cmdlet saves the key. +The public key is saved in PEM format by default. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceId +KeyVault Resource Id. + +```yaml +Type: System.String +Parameter Sets: SpecifyHsmByResourceIdGetKeyWithoutConstraint, SpecifyHsmByResourceIdGetKeyWithSpecifiedVersion, SpecifyHsmByResourceIdGetKeyIncludeAllVersions +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Version +Key version. +Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version. + +```yaml +Type: System.String +Parameter Sets: SpecifyHsmByHsmNameGetKeyWithSpecifiedVersion, SpecifyHsmByInputObjectGetKeyWithSpecifiedVersion, SpecifyHsmByResourceIdGetKeyWithSpecifiedVersion +Aliases: KeyVersion + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem + +### System.String + +## OUTPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem + +### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKey + +### Microsoft.Azure.Commands.KeyVault.Models.PSDeletedKeyVaultKeyIdentityItem + +### Microsoft.Azure.Commands.KeyVault.Models.PSDeletedKeyVaultKey + +## NOTES + +## RELATED LINKS diff --git a/src/KeyVault/KeyVault/help/Remove-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Remove-AzManagedHsmKey.md new file mode 100644 index 000000000000..2b3e822c38c9 --- /dev/null +++ b/src/KeyVault/KeyVault/help/Remove-AzManagedHsmKey.md @@ -0,0 +1,192 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml +Module Name: Az.KeyVault +online version: +schema: 2.0.0 +--- + +# Remove-AzManagedHsmKey + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +### RemoveByKeyNameParameterSet (Default) +``` +Remove-AzManagedHsmKey [-HsmName] [-Name] [-Force] [-PassThru] [-InRemovedState] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### RemoveByInputObjectParameterSet +``` +Remove-AzManagedHsmKey [-InputObject] [-Force] [-PassThru] [-InRemovedState] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Do not ask for confirmation. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HsmName +Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. + +```yaml +Type: System.String +Parameter Sets: RemoveByKeyNameParameterSet +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Key Object + +```yaml +Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem +Parameter Sets: RemoveByInputObjectParameterSet +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -InRemovedState +Remove the previously deleted key permanently. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Key name. +Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. + +```yaml +Type: System.String +Parameter Sets: RemoveByKeyNameParameterSet +Aliases: KeyName + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Cmdlet does not return an object by default. +If this switch is specified, the cmdlet returns the key object that was deleted. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem + +## OUTPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSDeletedKeyVaultKey + +## NOTES + +## RELATED LINKS diff --git a/src/KeyVault/KeyVault/help/Restore-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Restore-AzManagedHsmKey.md new file mode 100644 index 000000000000..b8158d66146c --- /dev/null +++ b/src/KeyVault/KeyVault/help/Restore-AzManagedHsmKey.md @@ -0,0 +1,169 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml +Module Name: Az.KeyVault +online version: +schema: 2.0.0 +--- + +# Restore-AzManagedHsmKey + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +### ByHsmName (Default) +``` +Restore-AzManagedHsmKey [-HsmName] [-InputFile] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### ByInputObject +``` +Restore-AzManagedHsmKey [-InputObject] [-InputFile] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### ByResourceId +``` +Restore-AzManagedHsmKey [-ResourceId] [-InputFile] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HsmName +Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. + +```yaml +Type: System.String +Parameter Sets: ByHsmName +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputFile +Input file. +The input file containing the backed-up blob + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +KeyVault object + +```yaml +Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm +Parameter Sets: ByInputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -ResourceId +KeyVault Resource Id + +```yaml +Type: System.String +Parameter Sets: ByResourceId +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem + +### System.String + +## OUTPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKey + +## NOTES + +## RELATED LINKS diff --git a/src/KeyVault/KeyVault/help/Undo-AzManagedHsmKeyRemoval.md b/src/KeyVault/KeyVault/help/Undo-AzManagedHsmKeyRemoval.md new file mode 100644 index 000000000000..c01904512dd3 --- /dev/null +++ b/src/KeyVault/KeyVault/help/Undo-AzManagedHsmKeyRemoval.md @@ -0,0 +1,146 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml +Module Name: Az.KeyVault +online version: +schema: 2.0.0 +--- + +# Undo-AzManagedHsmKeyRemoval + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +### Default (Default) +``` +Undo-AzManagedHsmKeyRemoval [-HsmName] [-Name] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Undo-AzManagedHsmKeyRemoval [-InputObject] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HsmName +Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment. + +```yaml +Type: System.String +Parameter Sets: Default +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Deleted key object + +```yaml +Type: Microsoft.Azure.Commands.KeyVault.Models.PSDeletedKeyVaultKeyIdentityItem +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +Key name. +Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. + +```yaml +Type: System.String +Parameter Sets: Default +Aliases: KeyName + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSDeletedKeyVaultKeyIdentityItem + +## OUTPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKey + +## NOTES + +## RELATED LINKS diff --git a/src/KeyVault/KeyVault/help/Update-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Update-AzManagedHsmKey.md new file mode 100644 index 000000000000..be1d555aebb1 --- /dev/null +++ b/src/KeyVault/KeyVault/help/Update-AzManagedHsmKey.md @@ -0,0 +1,260 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml +Module Name: Az.KeyVault +online version: +schema: 2.0.0 +--- + +# Update-AzManagedHsmKey + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +### Default (Default) +``` +Update-AzManagedHsmKey [-HsmName] [-Name] [[-Version] ] [-Enable ] + [-Expires ] [-NotBefore ] [-KeyOps ] [-Tag ] [-PassThru] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### InputObject +``` +Update-AzManagedHsmKey [-InputObject] [[-Version] ] [-Enable ] + [-Expires ] [-NotBefore ] [-KeyOps ] [-Tag ] [-PassThru] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enable +Value of true enables the key and a value of false disabless the key. +If not specified, the existing enabled/disabled state remains unchanged. + +```yaml +Type: System.Nullable`1[System.Boolean] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Expires +The expiration time of a key in UTC time. +If not specified, the existing expiration time of the key remains unchanged. + +```yaml +Type: System.Nullable`1[System.DateTime] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HsmName +Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. + +```yaml +Type: System.String +Parameter Sets: Default +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Key object + +```yaml +Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem +Parameter Sets: InputObject +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -KeyOps +The operations that can be performed with the key. +If not specified, the existing key operations of the key remain unchanged. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Key name. +Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. + +```yaml +Type: System.String +Parameter Sets: Default +Aliases: KeyName + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NotBefore +The UTC time before which key can't be used. +If not specified, the existing NotBefore attribute of the key remains unchanged. + +```yaml +Type: System.Nullable`1[System.DateTime] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Cmdlet does not return an object by default. +If this switch is specified, returns the updated key bundle object. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Tag +A hashtable represents key tags. +If not specified, the existings tags of the key remain unchanged. + +```yaml +Type: System.Collections.Hashtable +Parameter Sets: (All) +Aliases: Tags + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Version +Key version. +Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: KeyVersion + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem + +## OUTPUTS + +### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKey + +## NOTES + +## RELATED LINKS From 04299d7e1702a4dd3dc180f593c26a318ca19a48 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Tue, 13 Oct 2020 21:49:39 +0800 Subject: [PATCH 08/14] import/download managed hsm RSA key --- .../Commands/AddAzureManagedHsmKey.cs | 13 ++- .../KeyVault/Models/ByokWebKeyConverter.cs | 36 ++++++- .../Models/IKeyVaultDataServiceClient.cs | 4 +- .../KeyVault/Models/IWebKeyConverter.cs | 10 +- .../Models/KeyVaultDataServiceClient.cs | 4 +- .../KeyVault/Models/PfxWebKeyConverter.cs | 99 +++++++++++++++++-- .../KeyVault/Properties/Resources.Designer.cs | 9 ++ .../KeyVault/Properties/Resources.resx | 3 + .../KeyVault/Track2Models/Track2HsmClient.cs | 20 +++- .../Track2KeyVaultDataServiceClient.cs | 4 +- 10 files changed, 171 insertions(+), 31 deletions(-) diff --git a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs index 6411c5b04f84..ac4b25a28e05 100644 --- a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs @@ -1,15 +1,15 @@ using Microsoft.Azure.Commands.KeyVault.Models; +using Microsoft.Azure.Commands.KeyVault.Properties; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using Microsoft.Azure.KeyVault.WebKey; using Microsoft.Azure.Management.Internal.Resources.Utilities.Models; using System; using System.Collections; -using Microsoft.Azure.Commands.KeyVault.Properties; +using System.IO; using System.Linq; using System.Management.Automation; using System.Security; -using System.Text; -using System.IO; -using Microsoft.Azure.KeyVault.WebKey; +using Track2Sdk = Azure.Security.KeyVault.Keys; namespace Microsoft.Azure.Commands.KeyVault.Commands { /// @@ -218,7 +218,6 @@ public override void ExecuteCmdlet() { keyBundle = this.Track2DataClient.ImportManagedHsmKey( HsmName, Name, - CreateKeyAttributes(), CreateWebKeyFromFile()); } @@ -244,7 +243,7 @@ internal PSKeyVaultKeyAttributes CreateKeyAttributes() Tag); } - internal JsonWebKey CreateWebKeyFromFile() + internal Track2Sdk.JsonWebKey CreateWebKeyFromFile() { FileInfo keyFile = new FileInfo(this.GetUnresolvedProviderPathFromPSPath(this.KeyFilePath)); if (!keyFile.Exists) @@ -253,7 +252,7 @@ internal JsonWebKey CreateWebKeyFromFile() } var converterChain = WebKeyConverterFactory.CreateConverterChain(); - return converterChain.ConvertKeyFromFile(keyFile, KeyFilePassword); + return converterChain.ConvertToTrack2SdkKeyFromFile(keyFile, KeyFilePassword); } } } diff --git a/src/KeyVault/KeyVault/Models/ByokWebKeyConverter.cs b/src/KeyVault/KeyVault/Models/ByokWebKeyConverter.cs index c5ec5fd35084..5994f62039a3 100644 --- a/src/KeyVault/KeyVault/Models/ByokWebKeyConverter.cs +++ b/src/KeyVault/KeyVault/Models/ByokWebKeyConverter.cs @@ -12,11 +12,13 @@ // limitations under the License. // ---------------------------------------------------------------------------------- -using Microsoft.Azure.KeyVault.WebKey; using System; using System.IO; using System.Security; using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties; +using Track2Sdk = Azure.Security.KeyVault.Keys; +using Track1Sdk = Microsoft.Azure.KeyVault.WebKey; +using System.Security.Cryptography; namespace Microsoft.Azure.Commands.KeyVault.Models { @@ -30,7 +32,7 @@ public ByokWebKeyConverter(IWebKeyConverter next = null) this.next = next; } - public JsonWebKey ConvertKeyFromFile(FileInfo fileInfo, SecureString password) + public Track1Sdk.JsonWebKey ConvertKeyFromFile(FileInfo fileInfo, SecureString password) { if (CanProcess(fileInfo)) return Convert(fileInfo.FullName); @@ -40,6 +42,16 @@ public JsonWebKey ConvertKeyFromFile(FileInfo fileInfo, SecureString password) throw new ArgumentException(string.Format(KeyVaultProperties.Resources.UnsupportedFileFormat, fileInfo.Name)); } + public Track2Sdk.JsonWebKey ConvertToTrack2SdkKeyFromFile(FileInfo fileInfo, SecureString password) + { + if (CanProcess(fileInfo)) + return ConvertToTrack2SdkJsonWebKey(fileInfo.FullName); + else if (next != null) + return next.ConvertToTrack2SdkKeyFromFile(fileInfo, password); + else + throw new ArgumentException(string.Format(KeyVaultProperties.Resources.UnsupportedFileFormat, fileInfo.Name)); + } + private bool CanProcess(FileInfo fileInfo) { if (fileInfo == null || string.IsNullOrEmpty(fileInfo.Extension)) @@ -48,18 +60,32 @@ private bool CanProcess(FileInfo fileInfo) return ByokFileExtension.Equals(fileInfo.Extension, StringComparison.OrdinalIgnoreCase); } - private JsonWebKey Convert(string byokFileName) + private Track1Sdk.JsonWebKey Convert(string byokFileName) { byte[] byokBlob = File.ReadAllBytes(byokFileName); if (byokBlob == null || byokBlob.Length == 0) throw new ArgumentException(string.Format(KeyVaultProperties.Resources.InvalidKeyBlob, "BYOK")); - return new JsonWebKey() + return new Track1Sdk.JsonWebKey() { - Kty = JsonWebKeyType.RsaHsm, + Kty = Track1Sdk.JsonWebKeyType.RsaHsm, T = byokBlob, }; } + + private Track2Sdk.JsonWebKey ConvertToTrack2SdkJsonWebKey(string byokFileName) + { + byte[] byokBlob = File.ReadAllBytes(byokFileName); + + if (byokBlob == null || byokBlob.Length == 0) + throw new ArgumentException(string.Format(KeyVaultProperties.Resources.InvalidKeyBlob, "BYOK")); + + return new Track2Sdk.JsonWebKey(new RSACryptoServiceProvider()) + { + KeyType = Track2Sdk.KeyType.RsaHsm, + T = byokBlob, + }; + } private IWebKeyConverter next; private const string ByokFileExtension = ".byok"; diff --git a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs index ba9580bada39..19cb8881b8e8 100644 --- a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs @@ -19,7 +19,7 @@ using System.Security.Cryptography.X509Certificates; using Microsoft.Azure.KeyVault.Models; using Microsoft.Azure.KeyVault.WebKey; -using KeyProperties = Azure.Security.KeyVault.Keys.KeyProperties; +using Track2Sdk = Azure.Security.KeyVault.Keys; namespace Microsoft.Azure.Commands.KeyVault.Models { @@ -31,7 +31,7 @@ public interface IKeyVaultDataServiceClient PSKeyVaultKey ImportKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, JsonWebKey webKey, bool? importToHsm); - PSKeyVaultKey ImportManagedHsmKey(string managedHsmName, string keyName, JsonWebKey webKey); + PSKeyVaultKey ImportManagedHsmKey(string managedHsmName, string keyName, Track2Sdk.JsonWebKey webKey); PSKeyVaultKey UpdateKey(string vaultName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes); diff --git a/src/KeyVault/KeyVault/Models/IWebKeyConverter.cs b/src/KeyVault/KeyVault/Models/IWebKeyConverter.cs index f46962cb92f0..37abcd1c6b93 100644 --- a/src/KeyVault/KeyVault/Models/IWebKeyConverter.cs +++ b/src/KeyVault/KeyVault/Models/IWebKeyConverter.cs @@ -12,15 +12,19 @@ // limitations under the License. // ---------------------------------------------------------------------------------- -using Microsoft.Azure.KeyVault.WebKey; using System.IO; using System.Security; -using Microsoft.Azure.KeyVault.Models; +using Track2Sdk = Azure.Security.KeyVault.Keys; +using Track1Sdk = Microsoft.Azure.KeyVault.WebKey; namespace Microsoft.Azure.Commands.KeyVault.Models { internal interface IWebKeyConverter { - JsonWebKey ConvertKeyFromFile(FileInfo fileInfo, SecureString password); + Track1Sdk.JsonWebKey ConvertKeyFromFile(FileInfo fileInfo, SecureString password); + + Track2Sdk.JsonWebKey ConvertToTrack2SdkKeyFromFile(FileInfo fileInfo, SecureString password); } + + } diff --git a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs index 61c513ec6ee0..9aabaea0c8f0 100644 --- a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs @@ -27,7 +27,7 @@ using Microsoft.Azure.KeyVault.WebKey; using Microsoft.Rest.Azure; using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties; -using KeyProperties = Azure.Security.KeyVault.Keys.KeyProperties; +using Track2Sdk = Azure.Security.KeyVault.Keys; namespace Microsoft.Azure.Commands.KeyVault.Models { @@ -2023,7 +2023,7 @@ public PSDeletedKeyVaultKey DeleteManagedHsmKey(string managedHsmName, string ke throw new NotImplementedException("Removing keys on managed HSM is only possible in track 2 SDK."); } - public PSKeyVaultKey ImportManagedHsmKey(string managedHsmName, string keyName, JsonWebKey webKey) + public PSKeyVaultKey ImportManagedHsmKey(string managedHsmName, string keyName, Track2Sdk.JsonWebKey webKey) { throw new NotImplementedException("Importing keys on managed HSM is only possible in track 2 SDK."); } diff --git a/src/KeyVault/KeyVault/Models/PfxWebKeyConverter.cs b/src/KeyVault/KeyVault/Models/PfxWebKeyConverter.cs index 770f78d7b9ef..d4514d52f961 100644 --- a/src/KeyVault/KeyVault/Models/PfxWebKeyConverter.cs +++ b/src/KeyVault/KeyVault/Models/PfxWebKeyConverter.cs @@ -12,14 +12,15 @@ // limitations under the License. // ---------------------------------------------------------------------------------- -using Microsoft.Azure.KeyVault.WebKey; using System; using System.IO; using System.Security; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties; -using Microsoft.Azure.KeyVault.Models; +using Track2Sdk = Azure.Security.KeyVault.Keys; +using Track1Sdk = Microsoft.Azure.KeyVault.WebKey; +using Microsoft.Azure.KeyVault.WebKey; namespace Microsoft.Azure.Commands.KeyVault.Models { @@ -30,7 +31,7 @@ public PfxWebKeyConverter(IWebKeyConverter next = null) this.next = next; } - public JsonWebKey ConvertKeyFromFile(FileInfo fileInfo, SecureString password) + public Track1Sdk.JsonWebKey ConvertKeyFromFile(FileInfo fileInfo, SecureString password) { if (CanProcess(fileInfo)) return Convert(fileInfo.FullName, password); @@ -39,6 +40,15 @@ public JsonWebKey ConvertKeyFromFile(FileInfo fileInfo, SecureString password) throw new ArgumentException(string.Format(KeyVaultProperties.Resources.UnsupportedFileFormat, fileInfo.Name)); } + public Track2Sdk.JsonWebKey ConvertToTrack2SdkKeyFromFile(FileInfo fileInfo, SecureString password) + { + if (CanProcess(fileInfo)) + return ConvertToTrack2SdkJsonWebKey(fileInfo.FullName, password); + if (next != null) + return next.ConvertToTrack2SdkKeyFromFile(fileInfo, password); + throw new ArgumentException(string.Format(KeyVaultProperties.Resources.UnsupportedFileFormat, fileInfo.Name)); + } + private bool CanProcess(FileInfo fileInfo) { if (fileInfo == null || @@ -50,7 +60,7 @@ private bool CanProcess(FileInfo fileInfo) return PfxFileExtension.Equals(fileInfo.Extension, StringComparison.OrdinalIgnoreCase); } - private JsonWebKey Convert(string pfxFileName, SecureString pfxPassword) + private Track1Sdk.JsonWebKey Convert(string pfxFileName, SecureString pfxPassword) { X509Certificate2 certificate; @@ -69,15 +79,41 @@ private JsonWebKey Convert(string pfxFileName, SecureString pfxPassword) return CreateJWK(key); } + + private Track2Sdk.JsonWebKey ConvertToTrack2SdkJsonWebKey(string pfxFileName, SecureString pfxPassword) + { + X509Certificate2 certificate; - private static JsonWebKey CreateJWK(RSA rsa) + if (pfxPassword != null) + certificate = new X509Certificate2(pfxFileName, pfxPassword, X509KeyStorageFlags.Exportable); + else + certificate = new X509Certificate2(pfxFileName); + + if (!certificate.HasPrivateKey) + throw new ArgumentException(string.Format(KeyVaultProperties.Resources.InvalidKeyBlob, "pfx")); + + var rsaKey = certificate.PrivateKey as RSA; + if (rsaKey != null) + return CreateTrack2SdkJWK(rsaKey); + + var ecKey = certificate.PrivateKey as ECDsa; + if(ecKey != null) + return CreateTrack2SdkJWK(ecKey); + + // to do: support converting oct to jsonwebKey + + throw new ArgumentException(string.Format(KeyVaultProperties.Resources.ImportNotSupported, "oct-HSM")); + + } + + private static Track1Sdk.JsonWebKey CreateJWK(RSA rsa) { if (rsa == null) throw new ArgumentNullException("rsa"); RSAParameters rsaParameters = rsa.ExportParameters(true); - var webKey = new JsonWebKey() + var webKey = new Track1Sdk.JsonWebKey() { - Kty = JsonWebKeyType.Rsa, + Kty = Track1Sdk.JsonWebKeyType.Rsa, E = rsaParameters.Exponent, N = rsaParameters.Modulus, D = rsaParameters.D, @@ -91,6 +127,55 @@ private static JsonWebKey CreateJWK(RSA rsa) return webKey; } + private static Track2Sdk.JsonWebKey CreateTrack2SdkJWK(RSA rsa) + { + if (rsa == null) + throw new ArgumentNullException("rsa"); + RSAParameters rsaParameters = rsa.ExportParameters(true); + var webKey = new Track2Sdk.JsonWebKey(rsa) + { + // note: Keyvault need distinguish RSA and RSA-HSM + KeyType = Track2Sdk.KeyType.RsaHsm, + N = rsaParameters.Modulus, + E = rsaParameters.Exponent, + DP = rsaParameters.DP, + DQ = rsaParameters.DQ, + QI = rsaParameters.InverseQ, + Q = rsaParameters.Q, + D = rsaParameters.D, + P = rsaParameters.P + }; + + return webKey; + } + + private static Track2Sdk.JsonWebKey CreateTrack2SdkJWK(ECDsa ecdSa) + { + if (ecdSa == null) + { + throw new ArgumentNullException("ecdSa"); + } + + System.Security.Cryptography.ECParameters ecParameters = ecdSa.ExportParameters(true); + var webKey = new Track2Sdk.JsonWebKey(ecdSa) + { + // note: Keyvault need distinguish EC and EC-HSM + KeyType = Track2Sdk.KeyType.EcHsm, + CurveName = ecParameters.Curve.CurveType.ToString(), + D = ecParameters.D, + X = ecParameters.Q.X, + Y = ecParameters.Q.Y + }; + + return webKey; + + } + + private static Track2Sdk.JsonWebKey CreateTrack2SdkJWK(Aes aes) + { + throw new NotImplementedException(); + } + private IWebKeyConverter next; private const string PfxFileExtension = ".pfx"; } diff --git a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs index 9f7864e149d5..ef66ab1f25cf 100644 --- a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs +++ b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs @@ -360,6 +360,15 @@ internal static string ImportCertificate { } } + /// + /// Looks up a localized string similar to Key type '{0}' is not supported for importing. (Supported types: RSA-HSM). + /// + internal static string ImportNotSupported { + get { + return ResourceManager.GetString("ImportNotSupported", resourceCulture); + } + } + /// /// Looks up a localized string similar to Invalid application Id.. /// diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx index c0013a8ebd21..0ddbdf9be230 100644 --- a/src/KeyVault/KeyVault/Properties/Resources.resx +++ b/src/KeyVault/KeyVault/Properties/Resources.resx @@ -504,4 +504,7 @@ You can find the object ID using Azure Active Directory Module for Windows Power Invalid hsm name. + + Key type '{0}' is not supported for importing. (Supported types: RSA-HSM) + \ No newline at end of file diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs index e2233e118fef..bb6c81412e5c 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs @@ -393,9 +393,25 @@ internal IEnumerable GetDeletedKeys(string man } } - internal PSKeyVaultKey ImportManagedHsmKey(string managedHsmName, string keyName, JsonWebKey webKey) + internal PSKeyVaultKey ImportKey(string managedHsmName, string keyName, JsonWebKey webKey) { - return + if (string.IsNullOrEmpty(managedHsmName)) + throw new ArgumentNullException(nameof(managedHsmName)); + if (string.IsNullOrEmpty(keyName)) + throw new ArgumentNullException(nameof(keyName)); + if (webKey == null) + throw new ArgumentNullException(nameof(webKey)); + var client = CreateKeyClient(managedHsmName); + + try + { + var key = client.ImportKeyAsync(keyName, webKey).GetAwaiter().GetResult(); + return new PSKeyVaultKey(key, this._uriHelper); + } + catch (Exception ex) + { + throw GetInnerException(ex); + } } internal void PurgeKey(string managedHsmName, string keyName) diff --git a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs index 05824fe1daf9..84b5dc09ef8a 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs @@ -1,14 +1,12 @@ using Azure.Security.KeyVault.Keys; using Microsoft.Azure.Commands.Common.Authentication.Abstractions; using Microsoft.Azure.Commands.KeyVault.Models; -using Microsoft.Azure.Commands.KeyVault.Track2Models; using Microsoft.Azure.KeyVault.Models; using System; using System.Collections; using System.Collections.Generic; using System.Security; using System.Security.Cryptography.X509Certificates; -using KeyProperties = Azure.Security.KeyVault.Keys.KeyProperties; using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties; namespace Microsoft.Azure.Commands.KeyVault.Track2Models @@ -454,7 +452,7 @@ public void PurgeManagedHsmKey(string managedHsmName, string keyName) public PSKeyVaultKey ImportManagedHsmKey(string managedHsmName, string keyName, JsonWebKey webKey) { - HsmClient.ImportKey(managedHsmName, keyName, webKey); + return HsmClient.ImportKey(managedHsmName, keyName, webKey); } #endregion From 1e6ef7bcbae192656fc2aaf381d9c84e9047c6c0 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Wed, 14 Oct 2020 18:31:35 +0800 Subject: [PATCH 09/14] Update help.md --- src/KeyVault/KeyVault/Az.KeyVault.psd1 | 10 +- .../Commands/AddAzureManagedHsmKey.cs | 26 +-- .../Commands/BackupAzureManagedHsmKey.cs | 13 +- .../Commands/GetAzureManagedHsmKey.cs | 64 ++--- .../Commands/RemoveAzureManagedHsmKey.cs | 6 +- .../Commands/RestoreAzureManagedHsmKey.cs | 8 +- .../Commands/UndoAzureManagedHsmKeyRemoval.cs | 6 +- .../Commands/UpdateAzureManagedHsmKey.cs | 10 +- src/KeyVault/KeyVault/KeyVault.format.ps1xml | 4 +- .../KeyVault/Models/PSDeletedKeyVaultKey.cs | 2 + .../KeyVault/Properties/Resources.Designer.cs | 2 +- .../KeyVault/Properties/Resources.resx | 2 +- .../KeyVault/Track2Models/Track2HsmClient.cs | 21 +- .../KeyVault/help/Add-AzManagedHsmKey.md | 112 +++++++-- .../KeyVault/help/Backup-AzManagedHsmKey.md | 38 ++- .../KeyVault/help/Get-AzKeyVaultKey.md | 4 +- .../KeyVault/help/Get-AzManagedHsmKey.md | 219 +++++++++++++++++- .../KeyVault/help/Remove-AzManagedHsmKey.md | 68 +++++- .../KeyVault/help/Restore-AzManagedHsmKey.md | 46 +++- .../help/Undo-AzManagedHsmKeyRemoval.md | 40 +++- .../KeyVault/help/Update-AzManagedHsmKey.md | 51 +++- 21 files changed, 582 insertions(+), 170 deletions(-) diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1 index cb1e617f8f64..aff423cbacd1 100644 --- a/src/KeyVault/KeyVault/Az.KeyVault.psd1 +++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1 @@ -77,7 +77,10 @@ NestedModules = @('Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll') FunctionsToExport = @() # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. -CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate', +CmdletsToExport = 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey', 'Remove-AzManagedHsmKey', + 'Undo-AzManagedHsmKeyRemoval', 'Update-AzManagedHsmKey', + 'Backup-AzManagedHsmKey', 'Restore-AzManagedHsmKey', + 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate', 'Stop-AzKeyVaultCertificateOperation', 'Get-AzKeyVaultCertificateOperation', 'Import-AzKeyVaultCertificate', 'Add-AzKeyVaultCertificateContact', @@ -94,9 +97,6 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate', 'Backup-AzKeyVaultKey', 'Get-AzKeyVaultKey', 'Get-AzKeyVaultSecret', 'Undo-AzKeyVaultKeyRemoval', 'Undo-AzKeyVaultSecretRemoval', 'Add-AzKeyVaultKey', 'Remove-AzKeyVaultKey', 'Update-AzKeyVault', - 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey', 'Remove-AzManagedHsmKey', - 'Undo-AzManagedHsmKeyRemoval', 'Update-AzManagedHsmKey', - 'Backup-AzManagedHsmKey', 'Restore-AzManagedHsmKey', 'New-AzKeyVaultNetworkRuleSetObject', 'Remove-AzKeyVaultSecret', 'Restore-AzKeyVaultKey', 'Update-AzKeyVaultKey', 'Set-AzKeyVaultSecret', 'Update-AzKeyVaultSecret', @@ -127,7 +127,7 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate', # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export. AliasesToExport = 'Set-AzKeyVaultKey', 'Set-AzKeyVaultSecretAttribute', 'Set-AzKeyVaultKeyAttribute', 'Set-AzKeyVaultCertificateAttribute', - 'Set-AzManagedHsmKey', 'Set-AzManagedHsmKeyAttribute' + 'Set-AzManagedHsmKey', 'Set-AzManagedHsmKeyAttribute' # DSC resources to export from this module # DscResourcesToExport = @() diff --git a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs index ac4b25a28e05..e67e2a516100 100644 --- a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs @@ -1,7 +1,6 @@ using Microsoft.Azure.Commands.KeyVault.Models; using Microsoft.Azure.Commands.KeyVault.Properties; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; -using Microsoft.Azure.KeyVault.WebKey; using Microsoft.Azure.Management.Internal.Resources.Utilities.Models; using System; using System.Collections; @@ -13,11 +12,10 @@ namespace Microsoft.Azure.Commands.KeyVault.Commands { /// - /// Create a new key in managed hsm. This cmdlet supports the following types of key creation. + /// Create a new key in managed HSM. This cmdlet supports the following types of key creation. /// 1. Create a key with default key attributes /// 2. Create a key with given key attributes - /// 3. Create a key by importing key material with default key attributes - /// 4 .Create a key by importing key material with given key attributes + /// 3. Create a key from a .pfx file by importing key material /// [Cmdlet("Add", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = InteractiveCreateParameterSet)] [OutputType(typeof(PSManagedHsm))] @@ -37,16 +35,16 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Hsm name + /// HSM name /// [Parameter(Mandatory = true, ParameterSetName = InteractiveCreateParameterSet, Position = 0, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] + HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")] [Parameter(Mandatory = true, ParameterSetName = InteractiveImportParameterSet, Position = 0, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] + HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string HsmName { get; set; } @@ -55,12 +53,12 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase ParameterSetName = InputObjectCreateParameterSet, Position = 0, ValueFromPipeline = true, - HelpMessage = "Hsm object.")] + HelpMessage = "HSM object.")] [Parameter(Mandatory = true, ParameterSetName = InputObjectImportParameterSet, Position = 0, ValueFromPipeline = true, - HelpMessage = "Hsm object.")] + HelpMessage = "HSM object.")] [ValidateNotNullOrEmpty] public PSManagedHsm InputObject { get; set; } @@ -68,12 +66,12 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase ParameterSetName = ResourceIdCreateParameterSet, Position = 0, ValueFromPipelineByPropertyName = true, - HelpMessage = "Hsm Resource Id.")] + HelpMessage = "HSM Resource Id.")] [Parameter(Mandatory = true, ParameterSetName = ResourceIdImportParameterSet, Position = 0, ValueFromPipelineByPropertyName = true, - HelpMessage = "Hsm Resource Id.")] + HelpMessage = "HSM Resource Id.")] [ValidateNotNullOrEmpty] public string ResourceId { get; set; } @@ -82,7 +80,7 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase /// [Parameter(Mandatory = true, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] public string Name { get; set; } @@ -126,7 +124,7 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase /// [Parameter(Mandatory = true, HelpMessage = "Specifies the key type of this key.")] - [ValidateSet("RSA", "EC", "oct")] + [PSArgumentCompleter("RSA", "EC", "oct")] public string KeyType { get; set; } /// @@ -134,7 +132,7 @@ public class AddAzureManagedHsmKey : KeyVaultCmdletBase /// [Parameter(Mandatory = false, HelpMessage = "Specifies the curve name of elliptic curve cryptography, this value is valid when KeyType is EC.")] - [ValidateSet("P-256", "P-256K", "P-384", "P-521")] + [PSArgumentCompleter("P-256", "P-256K", "P-384", "P-521")] public string CurveName { get; set; } /// diff --git a/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs index e563f6525894..bc67c0997fd5 100644 --- a/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs @@ -1,10 +1,9 @@ - -using System; -using System.Management.Automation; -using Microsoft.Azure.Commands.Common.Authentication; +using Microsoft.Azure.Commands.Common.Authentication; using Microsoft.Azure.Commands.KeyVault.Models; using Microsoft.Azure.Commands.KeyVault.Properties; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using System; +using System.Management.Automation; namespace Microsoft.Azure.Commands.KeyVault { @@ -28,12 +27,12 @@ public class BackupAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Hsm name + /// HSM name /// [Parameter(Mandatory = true, Position = 0, ParameterSetName = ByKeyNameParameterSet, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] + HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string HsmName { get; set; } @@ -44,7 +43,7 @@ public class BackupAzureManagedHsmKey : KeyVaultCmdletBase [Parameter(Mandatory = true, Position = 1, ParameterSetName = ByKeyNameParameterSet, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] public string Name { get; set; } diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs index 4b0aaec5af7e..087aec66b7a4 100644 --- a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs @@ -1,18 +1,4 @@ -// ---------------------------------------------------------------------------------- -// -// Copyright Microsoft Corporation -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// ---------------------------------------------------------------------------------- - -using Microsoft.Azure.Commands.Common.Authentication; +using Microsoft.Azure.Commands.Common.Authentication; using Microsoft.Azure.Commands.KeyVault.Helpers; using Microsoft.Azure.Commands.KeyVault.Models; using Microsoft.Azure.Commands.KeyVault.Properties; @@ -46,63 +32,63 @@ public class GetAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Hsm name + /// HSM name /// [Parameter(Mandatory = true, Position = 0, ParameterSetName = SpecifyHsmByHsmName + GetKeyWithoutConstraint, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] + HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")] [Parameter(Mandatory = true, Position = 0, ParameterSetName = SpecifyHsmByHsmName + GetKeyWithSpecifiedVersion, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] + HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")] [Parameter(Mandatory = true, Position = 0, ParameterSetName = SpecifyHsmByHsmName + GetKeyIncludeAllVersions, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] + HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string HsmName { get; set; } /// - /// Hsm object + /// HSM object /// [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, ParameterSetName = SpecifyHsmByInputObject + GetKeyWithoutConstraint, - HelpMessage = "Hsm object.")] + HelpMessage = "HSM object.")] [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, ParameterSetName = SpecifyHsmByInputObject + GetKeyWithSpecifiedVersion, - HelpMessage = "Hsm object.")] + HelpMessage = "HSM object.")] [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, ParameterSetName = SpecifyHsmByInputObject + GetKeyIncludeAllVersions, - HelpMessage = "Hsm object.")] + HelpMessage = "HSM object.")] [ValidateNotNullOrEmpty] public PSManagedHsm InputObject { get; set; } /// - /// Hsm resource id + /// HSM resource id /// [Parameter(Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true, ParameterSetName = SpecifyHsmByResourceId + GetKeyWithoutConstraint, - HelpMessage = "Hsm Resource Id.")] + HelpMessage = "HSM Resource Id.")] [Parameter(Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true, ParameterSetName = SpecifyHsmByResourceId + GetKeyWithSpecifiedVersion, - HelpMessage = "Hsm Resource Id.")] + HelpMessage = "HSM Resource Id.")] [Parameter(Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true, ParameterSetName = SpecifyHsmByResourceId + GetKeyIncludeAllVersions, - HelpMessage = "Hsm ResourceId.")] + HelpMessage = "HSM ResourceId.")] [ValidateNotNullOrEmpty] public string ResourceId { get; set; } @@ -112,39 +98,39 @@ public class GetAzureManagedHsmKey : KeyVaultCmdletBase [Parameter(Mandatory = false, ParameterSetName = SpecifyHsmByHsmName + GetKeyWithoutConstraint, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")] [Parameter(Mandatory = false, ParameterSetName = SpecifyHsmByInputObject + GetKeyWithoutConstraint, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")] [Parameter(Mandatory = false, ParameterSetName = SpecifyHsmByResourceId + GetKeyWithoutConstraint, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")] [Parameter(Mandatory = true, ParameterSetName = SpecifyHsmByHsmName + GetKeyWithSpecifiedVersion, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")] [Parameter(Mandatory = true, ParameterSetName = SpecifyHsmByInputObject + GetKeyWithSpecifiedVersion, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")] [Parameter(Mandatory = true, ParameterSetName = SpecifyHsmByResourceId + GetKeyWithSpecifiedVersion, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")] [Parameter(Mandatory = true, ParameterSetName = SpecifyHsmByHsmName + GetKeyIncludeAllVersions, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")] [Parameter(Mandatory = true, ParameterSetName = SpecifyHsmByInputObject + GetKeyIncludeAllVersions, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")] [Parameter(Mandatory = true, ParameterSetName = SpecifyHsmByResourceId + GetKeyIncludeAllVersions, Position = 1, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] [SupportsWildcards] @@ -156,15 +142,15 @@ public class GetAzureManagedHsmKey : KeyVaultCmdletBase [Parameter(Mandatory = true, ParameterSetName = SpecifyHsmByHsmName + GetKeyWithSpecifiedVersion, Position = 2, - HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment, key name and key version.")] + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment, key name and key version.")] [Parameter(Mandatory = true, ParameterSetName = SpecifyHsmByInputObject + GetKeyWithSpecifiedVersion, Position = 2, - HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment, key name and key version.")] + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment, key name and key version.")] [Parameter(Mandatory = true, ParameterSetName = SpecifyHsmByResourceId + GetKeyWithSpecifiedVersion, Position = 2, - HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment, key name and key version.")] + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment, key name and key version.")] [Alias("KeyVersion")] public string Version { get; set; } diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs index fdf26957b0d6..a441f4dcff97 100644 --- a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs @@ -34,12 +34,12 @@ public class RemoveAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Hsm name + /// HSM name /// [Parameter(Mandatory = true, Position = 0, ParameterSetName = RemoveByKeyNameParameterSet, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] + HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string HsmName { get; set; } @@ -50,7 +50,7 @@ public class RemoveAzureManagedHsmKey : KeyVaultCmdletBase [Parameter(Mandatory = true, Position = 1, ParameterSetName = RemoveByKeyNameParameterSet, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] public string Name { get; set; } diff --git a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs index 8804401dd406..0b22602ea77f 100644 --- a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs @@ -25,18 +25,18 @@ public class RestoreAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Hsm name + /// HSM name /// [Parameter(Mandatory = true, Position = 0, ParameterSetName = ByHsmNameParameterSet, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] + HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string HsmName { get; set; } /// - /// Hsm object + /// HSM object /// [Parameter(Mandatory = true, Position = 0, @@ -47,7 +47,7 @@ public class RestoreAzureManagedHsmKey : KeyVaultCmdletBase public PSManagedHsm InputObject { get; set; } /// - /// Hsm ResourceId + /// HSM ResourceId /// [Parameter(Mandatory = true, Position = 0, diff --git a/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs b/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs index 3bd9dd693145..df12b92bb3c1 100644 --- a/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs +++ b/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs @@ -18,12 +18,12 @@ public class UndoAzureManagedHsmKeyRemoval : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Hsm name + /// HSM name /// [Parameter(Mandatory = true, Position = 0, ParameterSetName = DefaultParameterSet, - HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")] + HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string HsmName { get; set; } @@ -34,7 +34,7 @@ public class UndoAzureManagedHsmKeyRemoval : KeyVaultCmdletBase [Parameter(Mandatory = true, Position = 1, ParameterSetName = DefaultParameterSet, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] public string Name { get; set; } diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs index d331ccf790b2..c298cc06acab 100644 --- a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs +++ b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs @@ -21,7 +21,7 @@ namespace Microsoft.Azure.Commands.KeyVault { /// - /// Update attribute of a managed hsm key. + /// Update attribute of a managed HSM key. /// [Alias("Set-" + ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", "Set-" + ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKeyAttribute")] [Cmdlet("Update", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = DefaultParameterSet)] @@ -38,12 +38,12 @@ public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase #region Input Parameter Definitions /// - /// Hsm name + /// HSM name /// [Parameter(Mandatory = true, Position = 0, ParameterSetName = DefaultParameterSet, - HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment.")] + HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")] [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] [ValidateNotNullOrEmpty] public string HsmName { get; set; } @@ -54,7 +54,7 @@ public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase [Parameter(Mandatory = true, Position = 1, ParameterSetName = DefaultParameterSet, - HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed hsm name, currently selected environment and key name.")] + HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name.")] [ValidateNotNullOrEmpty] [Alias(Constants.KeyName)] public string Name { get; set; } @@ -75,7 +75,7 @@ public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase /// [Parameter(Mandatory = false, Position = 2, - HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")] + HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment, key name and key version.")] [Alias("KeyVersion")] public string Version { get; set; } diff --git a/src/KeyVault/KeyVault/KeyVault.format.ps1xml b/src/KeyVault/KeyVault/KeyVault.format.ps1xml index d484397a7940..a61290c754e8 100644 --- a/src/KeyVault/KeyVault/KeyVault.format.ps1xml +++ b/src/KeyVault/KeyVault/KeyVault.format.ps1xml @@ -11,7 +11,7 @@ - + VaultName @@ -69,7 +69,7 @@ - + VaultName diff --git a/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs b/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs index a0989a9038a9..58b949b38c4c 100644 --- a/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs +++ b/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs @@ -91,6 +91,8 @@ internal PSDeletedKeyVaultKey(DeletedKey deletedKey, VaultUriHelper vaultUriHelp Updated = deletedKey.Properties.UpdatedOn?.UtcDateTime; RecoveryLevel = deletedKey.Properties.RecoveryLevel; Tags = deletedKey.Properties.Tags.ConvertToHashtable(); + ScheduledPurgeDate = deletedKey.ScheduledPurgeDate?.UtcDateTime; + DeletedDate = deletedKey.DeletedOn?.UtcDateTime; } public PSKeyVaultKeyAttributes Attributes { get; set; } diff --git a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs index ef66ab1f25cf..4345b80e1b00 100644 --- a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs +++ b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs @@ -397,7 +397,7 @@ internal static string InvalidCurrentSubscription { } /// - /// Looks up a localized string similar to Invalid hsm name.. + /// Looks up a localized string similar to Invalid HSM name.. /// internal static string InvalidHsmName { get { diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx index 0ddbdf9be230..b79f69a598a1 100644 --- a/src/KeyVault/KeyVault/Properties/Resources.resx +++ b/src/KeyVault/KeyVault/Properties/Resources.resx @@ -502,7 +502,7 @@ You can find the object ID using Azure Active Directory Module for Windows Power Invalid key properties - Invalid hsm name. + Invalid HSM name. Key type '{0}' is not supported for importing. (Supported types: RSA-HSM) diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs index bb6c81412e5c..3b1d73aaa2be 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs @@ -1,17 +1,16 @@ -using System; -using System.Net; -using System.Collections; +using Azure; using Azure.Security.KeyVault.Keys; using Microsoft.Azure.Commands.Common.Authentication.Abstractions; using Microsoft.Azure.Commands.KeyVault.Models; -using System.Collections.Generic; -using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties; using Microsoft.Azure.KeyVault.Models; -using Azure; -using KeyProperties = Azure.Security.KeyVault.Keys.KeyProperties; -using System.Threading.Tasks; -using System.Linq; +using System; +using System.Collections; +using System.Collections.Generic; using System.IO; +using System.Linq; +using System.Net; +using KeyProperties = Azure.Security.KeyVault.Keys.KeyProperties; +using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties; namespace Microsoft.Azure.Commands.KeyVault.Track2Models { @@ -232,7 +231,8 @@ internal PSKeyVaultKey UpdateKey(string managedHsmName, string keyName, string k private PSKeyVaultKey UpdateKey(KeyClient client, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes) { - KeyProperties keyProperties = client.GetKeyAsync(keyName, keyVersion).GetAwaiter().GetResult().Value.Properties; + KeyVaultKey keyBundle = client.GetKeyAsync(keyName, keyVersion).GetAwaiter().GetResult(); + KeyProperties keyProperties = keyBundle.Properties; keyProperties.Enabled = keyAttributes.Enabled; keyProperties.ExpiresOn = keyAttributes.Expires; keyProperties.NotBefore = keyAttributes.NotBefore; @@ -246,7 +246,6 @@ private PSKeyVaultKey UpdateKey(KeyClient client, string keyName, string keyVers } } - KeyVaultKey keyBundle; try { keyBundle = client.UpdateKeyPropertiesAsync(keyProperties, keyAttributes.KeyOps?.Cast().ToList()) diff --git a/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md index 3969919d5d6d..a31135b792e1 100644 --- a/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md +++ b/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md @@ -1,14 +1,14 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml Module Name: Az.KeyVault -online version: +online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/add-azmanagedhsmkey schema: 2.0.0 --- # Add-AzManagedHsmKey ## SYNOPSIS -Creates a key in a managed hsm or imports a key into a managed hsm. +Creates a key in a managed HSM or imports a key into a managed HSM. ## SYNTAX @@ -58,35 +58,91 @@ Add-AzManagedHsmKey [-ResourceId] [-Name] -KeyFilePath {{ Add example code here }} +PS C:\> Add-AzManagedHsmKey -HsmName testmhsm -Name testkey -KeyType RSA + +Vault/HSM Name : testmhsm +Name : testkey +Version : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +Id : https://bezmhsm.managedhsm.azure.net:443/keys/testkey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +Enabled : True +Expires : +Not Before : +Created : 10/14/2020 7:55:43 AM +Updated : 10/14/2020 7:55:43 AM +Recovery Level : Recoverable+Purgeable +Tags : ``` -{{ Add example description here }} +This command creates a RSA-HSM key named testkey in the managed HSM testkey named testmhsm. +### Example 2: Create a EC-HSM key +```powershell +PS C:\> Add-AzManagedHsmKey -HsmName testmhsm -Name testkey -KeyType EC -CurveName P-256 + +Vault/HSM Name : testmhsm +Name : testkey +Version : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +Id : https://bezmhsm.managedhsm.azure.net:443/keys/testkey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +Enabled : True +Expires : +Not Before : +Created : 10/14/2020 8:06:26 AM +Updated : 10/14/2020 8:06:26 AM +Recovery Level : Recoverable+Purgeable +Tags : +``` + +This command creates a EC-HSM key named testkey using P-256 curve in the managed HSM testkey named testmhsm. + +### Example 3: Create a key with non-default values +```powershell +PS C:\> $KeyOperations = 'decrypt', 'verify' +PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime() +PS C:\> $NotBefore = (Get-Date).ToUniversalTime() +PS C:\> $Tags = @{'Severity' = 'high'; 'Accounting' = "true"} +PS C:\> Add-AzManagedHsmKey -HsmName testmhsm -Name testkey -KeyType oct -Expires $Expires -NotBefore $NotBefore -KeyOps $KeyOperations -Disable -Tag $Tags + +Vault/HSM Name : testmhsm +Name : testkey +Version : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +Id : https://bezmhsm.managedhsm.azure.net:443/keys/testkey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +Enabled : False +Expires : 10/14/2022 8:13:29 AM +Not Before : 10/14/2020 8:13:33 AM +Created : 10/14/2020 8:14:01 AM +Updated : 10/14/2020 8:14:01 AM +Recovery Level : Recoverable+Purgeable +Tags : Name Value + Severity high + Accounting true +``` + +The first command stores the values decrypt and verify in the $KeyOperations variable. +The second command creates a **DateTime** object, defined in UTC, by using the **Get-Date** cmdlet. +That object specifies a time two years in the future. The command stores that date in the $Expires +variable. For more information, type `Get-Help Get-Date`. +The third command creates a **DateTime** object by using the **Get-Date** cmdlet. That object +specifies current UTC time. The command stores that date in the $NotBefore variable. +The final command creates a key named testkey that is an oct-HSM key. The command specifies +values for allowed key operations stored $KeyOperations. The command specifies times for +the *Expires* and *NotBefore* parameters created in the previous commands, and tags for high +severity and IT. The new key is disabled. You can enable it by using the **Update-AzManagedHsmKey** +cmdlet. ## PARAMETERS ### -CurveName @@ -154,7 +210,7 @@ Accept wildcard characters: False ``` ### -HsmName -Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. +HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment. ```yaml Type: System.String @@ -169,7 +225,7 @@ Accept wildcard characters: False ``` ### -InputObject -Vault object. +HSM object. ```yaml Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm @@ -247,7 +303,7 @@ Accept wildcard characters: False ### -Name Key name. -Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. +Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name. ```yaml Type: System.String @@ -278,7 +334,7 @@ Accept wildcard characters: False ``` ### -ResourceId -Vault Resource Id. +HSM Resource Id. ```yaml Type: System.String @@ -370,3 +426,15 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS + +[Backup-AzManagedHsmKey](./Backup-AzManagedHsmKey.md) + +[Get-AzManagedHsmKey](./Get-AzManagedHsmKey.md) + +[Remove-AzManagedHsmKey](./Remove-AzManagedHsmKey.md) + +[Undo-AzManagedHsmKeyRemoval](./Undo-AzManagedHsmKeyRemoval.md) + +[Update-AzManagedHsmKey](./Update-AzManagedHsmKey.md) + +[Restore-AzManagedHsmKey](./Restore-AzManagedHsmKey.md) diff --git a/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md index 334bc3684678..bc0fc19d71e4 100644 --- a/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md +++ b/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md @@ -1,14 +1,14 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml Module Name: Az.KeyVault -online version: +online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/backup-azmanagedhsmkey schema: 2.0.0 --- # Backup-AzManagedHsmKey ## SYNOPSIS -{{ Fill in the Synopsis }} +Backs up a key in a managed HSM. ## SYNTAX @@ -25,16 +25,26 @@ Backup-AzManagedHsmKey [-InputObject] [[-OutputFile] ``` ## DESCRIPTION -{{ Fill in the Description }} +The **Backup-AzManagedHsmKey** cmdlet backs up a specified key in a managed HSM by downloading it and storing it in a file. +If there are multiple versions of the key, all versions are included in the backup. +Because the downloaded content is encrypted, it cannot be used outside of Azure Managed HSM. +You can restore a backed-up key to any managed HSM in the subscription that it was backed up from. +Typical reasons to use this cmdlet are: +- You want to escrow a copy of your key, so that you have an offline copy in case you accidentally delete your key in your managed HSM. + +- You created a key using Managed HSM and now want to clone the key into a different Azure region, so that you can use it from all instances of your distributed application. +Use the **Backup-AzManagedHsmKey** cmdlet to retrieve the key in encrypted format and then use the Restore-AzManagedHsmKey cmdlet and specify a managed HSM in the second region. ## EXAMPLES ### Example 1 -```powershell -PS C:\> {{ Add example code here }} +```powershell: Back up a key with an automatically generated file name +PS C:\Users\username\> Backup-AzManagedHsmKey -HsmName testmhsm -Name testkey + +C:\Users\username\testmhsm-testkey-1602664728.7106073 ``` -{{ Add example description here }} +This command retrieves the key named testkey from the managed HSM named testmhsm and saves a backup of that key to a file that is automatically named for you, and displays the file name. ## PARAMETERS @@ -69,7 +79,7 @@ Accept wildcard characters: False ``` ### -HsmName -Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. +HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment. ```yaml Type: System.String @@ -100,7 +110,7 @@ Accept wildcard characters: False ### -Name Key name. -Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. +Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name. ```yaml Type: System.String @@ -176,3 +186,15 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS + +[Add-AzManagedHsmKey](./Add-AzManagedHsmKey.md) + +[Get-AzManagedHsmKey](./Get-AzManagedHsmKey.md) + +[Remove-AzManagedHsmKey](./Remove-AzManagedHsmKey.md) + +[Undo-AzManagedHsmKeyRemoval](./Undo-AzManagedHsmKeyRemoval.md) + +[Update-AzManagedHsmKey](./Update-AzManagedHsmKey.md) + +[Restore-AzManagedHsmKey](./Restore-AzManagedHsmKey.md) \ No newline at end of file diff --git a/src/KeyVault/KeyVault/help/Get-AzKeyVaultKey.md b/src/KeyVault/KeyVault/help/Get-AzKeyVaultKey.md index 4695f049439c..d5d1314fb56f 100644 --- a/src/KeyVault/KeyVault/help/Get-AzKeyVaultKey.md +++ b/src/KeyVault/KeyVault/help/Get-AzKeyVaultKey.md @@ -152,7 +152,7 @@ Purge Disabled : False Tags : ``` -This command gets all versions the key named ITPfx in the key vaultnamed Contoso. +This command gets all versions the key named ITPfx in the key vault named Contoso. ### Example 4: Get a specific version of a key ```powershell @@ -174,7 +174,7 @@ Tags : This command gets a specific version of the key named test1 in the key vault named Contoso. After running this command, you can inspect various properties of the key by navigating the $Key object. -### Example 5: Get all the keys that have been deleted but not purged for this key vault. +### Example 5: Get all the keys that have been deleted but not purged for this key vault ```powershell PS C:\> Get-AzKeyVaultKey -VaultName 'contoso' -InRemovedState diff --git a/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md index 69ec1de57ee1..e40ac663f094 100644 --- a/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md +++ b/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md @@ -1,14 +1,14 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml Module Name: Az.KeyVault -online version: +online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/get-azmanagedhsmkey schema: 2.0.0 --- # Get-AzManagedHsmKey ## SYNOPSIS -{{ Fill in the Synopsis }} +Gets Managed Hsm keys. ## SYNTAX @@ -67,16 +67,201 @@ Get-AzManagedHsmKey [-ResourceId] [-Name] [-IncludeVersions] [ ``` ## DESCRIPTION -{{ Fill in the Description }} +The **Get-AzManagedHsmKey** cmdlet gets Azure Managed Hsm keys. +This cmdlet gets a specific **Microsoft.Azure.Commands.KeyVault.Models.KeyBundle** or a list of all **KeyBundle** objects in a managed Hsm or by version. ## EXAMPLES -### Example 1 +### Example 1: Get all the keys in a managed HSM ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-AzManagedHsmKey -HsmName testmhsm ``` -{{ Add example description here }} +Vault/HSM Name : testmhsm +Name : testkey001 +Version : +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey001 +Enabled : True +Expires : +Not Before : +Created : 10/14/2020 3:39:16 AM +Updated : 10/14/2020 3:39:16 AM +Recovery Level : Recoverable+Purgeable +Tags : + +Vault/HSM Name : testmhsm +Name : testkey002 +Version : +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey002 +Enabled : False +Expires : 10/14/2022 8:13:29 AM +Not Before : 10/14/2020 8:13:33 AM +Created : 10/14/2020 8:14:01 AM +Updated : 10/14/2020 8:14:01 AM +Recovery Level : Recoverable+Purgeable +Tags : Name Value + Severity high + Accounting true + +This command gets all the keys in the managed HSM named testmhsm. + +### Example 2: Get the current version of a key +```powershell +PS C:\>$hsm = Get-AzManagedHsmKey -HsmName testmhsm -KeyName testkey001 +PS C:\>$hsm + +Vault/HSM Name : testmhsm +Name : testkey001 +Version : 9a9de2bcec540c3b160cd54cbae71339 +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey/9a9de2bcec540c3b160cd54cbae71339 +Enabled : False +Expires : 10/14/2022 8:13:29 AM +Not Before : 10/14/2020 8:13:33 AM +Created : 10/14/2020 8:14:01 AM +Updated : 10/14/2020 8:14:01 AM +Recovery Level : Recoverable+Purgeable +Tags : Name Value + Severity high + Accounting true +``` + +This command gets the current version of the key named testkey001 in the managed HSM named testmhsm. +Note: Hsm Name can be obtained by $hsm.VaultName + +### Example 3: Get all versions of a key +```powershell +PS C:\> Get-AzManagedHsmKey -HsmName testmhsm -KeyName testkey001 -IncludeVersions + +Vault/HSM Name : testmhsm +Name : testkey001 +Version : 80fd43e31e8649873520053c91148418 +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey001/80fd43e31e8649873520053c91148418 +Enabled : True +Expires : +Not Before : +Created : 10/14/2020 8:06:26 AM +Updated : 10/14/2020 8:06:26 AM +Recovery Level : Recoverable+Purgeable +Tags : + +Vault/HSM Name : testmhsm +Name : testkey001 +Version : 9a9de2bcec540c3b160cd54cbae71339 +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey001/9a9de2bcec540c3b160cd54cbae71339 +Enabled : False +Expires : 10/14/2022 8:13:29 AM +Not Before : 10/14/2020 8:13:33 AM +Created : 10/14/2020 8:14:01 AM +Updated : 10/14/2020 8:14:01 AM +Recovery Level : Recoverable+Purgeable +Tags : Name Value + Severity high + Accounting true +``` + +This command gets all versions the key named testkey001 in the managed HSM named testmhsm. + +### Example 4: Get a specific version of a key +```powershell +PS C:\> Get-AzManagedHsmKey -HsmName testmhsm -KeyName testkey -Version 80fd43e31e8649873520053c91148418 + +Vault/HSM Name : testmhsm +Name : testkey +Version : 80fd43e31e8649873520053c91148418 +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey/80fd43e31e8649873520053c91148418 +Enabled : True +Expires : +Not Before : +Created : 10/14/2020 8:06:26 AM +Updated : 10/14/2020 8:06:26 AM +Recovery Level : Recoverable+Purgeable +Tags : +``` + +This command gets a specific version of the key named testkey in the managed HSM named testmhsm. +After running this command, you can inspect various properties of the key by navigating the $Key object. + +### Example 5: Get all the keys that have been deleted but not purged for this managed HSM +```powershell +PS C:\> Get-AzManagedHsmKey -HsmName testmhsm -InRemovedState + +Vault/HSM Name : testmhsm +Name : testkey +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey +Deleted Date : 10/14/2020 9:10:42 AM +Scheduled Purge Date : 1/12/2021 9:10:42 AM +Enabled : False +Expires : 10/14/2022 8:13:29 AM +Not Before : 10/14/2020 8:13:33 AM +Created : 10/14/2020 8:14:01 AM +Updated : 10/14/2020 8:14:01 AM +Recovery Level : Recoverable+Purgeable +Tags : Name Value + Severity high + Accounting true : +``` + +This command gets all the keys that have been previously deleted, but not purged, in the managed HSM named testmhsm. + +### Example 6: Gets the key testkey that has been deleted but not purged for this managed HSM +```powershell +PS C:\> Get-AzManagedHsmKey -HsmName testmhsm -Name testkey -InRemovedState + +Vault/HSM Name : testmhsm +Name : testkey +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey/9a9de2bcec540c3b160cd54cbae71339 +Deleted Date : 10/14/2020 9:10:42 AM +Scheduled Purge Date : 1/12/2021 9:10:42 AM +Enabled : False +Expires : 10/14/2022 8:13:29 AM +Not Before : 10/14/2020 8:13:33 AM +Created : 10/14/2020 8:14:01 AM +Updated : 10/14/2020 8:14:01 AM +Recovery Level : Recoverable+Purgeable +Tags : +``` + +This command gets the key testkey that has been previously deleted, but not purged, in the managed HSM named testmhsm. +This command will return metadata such as the deletion date, and the scheduled purging date of this deleted key. + +### Example 7: Get all the keys in a managed HSM using filtering +```powershell +PS C:\> Get-AzManagedHsmKey -HsmName testmhsm -KeyName "test*" + +Vault/HSM Name : testmhsm +Name : testkey +Version : +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey +Enabled : False +Expires : 10/14/2022 8:13:29 AM +Not Before : 10/14/2020 8:13:33 AM +Created : 10/14/2020 8:14:01 AM +Updated : 10/14/2020 8:14:01 AM +Recovery Level : Recoverable+Purgeable +Tags : +``` + +This command gets all the keys in the managed HSM named testmhsm that start with "test". + +### Example 8: Download a public key as a .pem file + +```powershell +PS C:\> Get-AzManagedHsmKey -HsmName bezmhsm -Name testkey -OutFile "C:\public.pem" + +Vault/HSM Name : testmhsm +Name : testkey +Version : +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey +Enabled : False +Expires : 10/14/2022 8:13:29 AM +Not Before : 10/14/2020 8:13:33 AM +Created : 10/14/2020 8:14:01 AM +Updated : 10/14/2020 8:14:01 AM +Recovery Level : Recoverable+Purgeable +Tags : +``` + +You can download the public key of a RSA key by specifying the `-OutFile` parameter. ## PARAMETERS @@ -96,7 +281,7 @@ Accept wildcard characters: False ``` ### -HsmName -Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. +HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment. ```yaml Type: System.String @@ -126,7 +311,7 @@ Accept wildcard characters: False ``` ### -InputObject -KeyVault object. +HSM object. ```yaml Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm @@ -157,7 +342,7 @@ Accept wildcard characters: False ### -Name Key name. -Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. +Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name. ```yaml Type: System.String @@ -200,7 +385,7 @@ Accept wildcard characters: False ``` ### -ResourceId -KeyVault Resource Id. +HSM Resource Id. ```yaml Type: System.String @@ -216,7 +401,7 @@ Accept wildcard characters: False ### -Version Key version. -Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version. +Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment, key name and key version. ```yaml Type: System.String @@ -252,3 +437,15 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS + +[Add-AzManagedHsmKey](./Add-AzManagedHsmKey.md) + +[Backup-AzManagedHsmKey](./Backup-AzManagedHsmKey.md) + +[Remove-AzManagedHsmKey](./Remove-AzManagedHsmKey.md) + +[Undo-AzManagedHsmKeyRemoval](./Undo-AzManagedHsmKeyRemoval.md) + +[Update-AzManagedHsmKey](./Update-AzManagedHsmKey.md) + +[Restore-AzManagedHsmKey](./Restore-AzManagedHsmKey.md) \ No newline at end of file diff --git a/src/KeyVault/KeyVault/help/Remove-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Remove-AzManagedHsmKey.md index 2b3e822c38c9..6b0d63d973c7 100644 --- a/src/KeyVault/KeyVault/help/Remove-AzManagedHsmKey.md +++ b/src/KeyVault/KeyVault/help/Remove-AzManagedHsmKey.md @@ -1,14 +1,14 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml Module Name: Az.KeyVault -online version: +online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/remove-azmanagedhsmkey schema: 2.0.0 --- # Remove-AzManagedHsmKey ## SYNOPSIS -{{ Fill in the Synopsis }} +Deletes a key in a managed HSM. ## SYNTAX @@ -25,16 +25,56 @@ Remove-AzManagedHsmKey [-InputObject] [-Force] [-Pas ``` ## DESCRIPTION -{{ Fill in the Description }} +The Remove-AzManagedHsmKey cmdlet deletes a key in a managed HSM. +If the key was accidentally deleted the key can be recovered using Undo-AzManagedHsmKeyRemoval by a user with special 'recover' permissions. +This cmdlet has a value of high for the **ConfirmImpact** property. ## EXAMPLES -### Example 1 +### Example 1: Remove a key from a managed HSM ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Remove-AzManagedHsmKey -HsmName testmhsm -Name testkey -PassThru + +Vault/HSM Name : testmhsm +Name : testkey +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey/9a9de2bcec540c3b160cd54cbae71339 +Deleted Date : 10/14/2020 9:35:06 AM +Scheduled Purge Date : 1/12/2021 9:35:06 AM +Enabled : False +Expires : 10/14/2022 8:13:29 AM +Not Before : 10/14/2020 8:13:33 AM +Created : 10/14/2020 8:14:01 AM +Updated : 10/14/2020 8:14:01 AM +Recovery Level : Recoverable+Purgeable +Tags : ``` -{{ Add example description here }} +This command removes the key named testkey from the managed HSM named testmhsm. + +### Example 2: Remove a key without user confirmation +```powershell +PS C:\> Remove-AzManagedHsmKey -HsmName testmhsm -Name testkey -Force +``` + +This command removes the key named testkey from the managed HSM named testmhsm. +The command specifies the *Force* parameter, and, therefore, the cmdlet does not prompt you for confirmation. + +### Example 3: Purge a deleted key from the managed HSM permanently +```powershell +PS C:\> Remove-AzManagedHsmKey -HsmName testmhsm -Name testkey -InRemovedState +``` + +This command removes the key named testkey from the managed HSM named testmhsm permanently. +Executing this cmdlet requires the 'purge' permission, which must have been previously and explicitly granted to the user for this managed HSM. + +### Example 4: Remove keys by using the pipeline operator +```powershell +PS C:\> Get-AzManagedHsmKey -HsmName testmhsm | Where-Object {$_.Attributes.Enabled -eq $False} | Remove-AzManagedHsmKey +``` + +This command gets all the keys in the managed HSM named testmhsm and passes them to the **Where-Object** cmdlet by using the pipeline operator. +That cmdlet passes the keys that have a value of $False for the **Enabled** attribute to the current cmdlet. +That cmdlet removes those keys. ## PARAMETERS @@ -69,7 +109,7 @@ Accept wildcard characters: False ``` ### -HsmName -Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. +HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment. ```yaml Type: System.String @@ -115,7 +155,7 @@ Accept wildcard characters: False ### -Name Key name. -Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. +Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name. ```yaml Type: System.String @@ -190,3 +230,15 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS + +[Add-AzManagedHsmKey](./Add-AzManagedHsmKey.md) + +[Backup-AzManagedHsmKey](./Backup-AzManagedHsmKey.md) + +[Get-AzManagedHsmKey](./Get-AzManagedHsmKey.md) + +[Undo-AzManagedHsmKeyRemoval](./Undo-AzManagedHsmKeyRemoval.md) + +[Update-AzManagedHsmKey](./Update-AzManagedHsmKey.md) + +[Restore-AzManagedHsmKey](./Restore-AzManagedHsmKey.md) \ No newline at end of file diff --git a/src/KeyVault/KeyVault/help/Restore-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Restore-AzManagedHsmKey.md index b8158d66146c..cde27cda638f 100644 --- a/src/KeyVault/KeyVault/help/Restore-AzManagedHsmKey.md +++ b/src/KeyVault/KeyVault/help/Restore-AzManagedHsmKey.md @@ -1,14 +1,14 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml Module Name: Az.KeyVault -online version: +online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/restore-azmanagedhsmkey schema: 2.0.0 --- # Restore-AzManagedHsmKey ## SYNOPSIS -{{ Fill in the Synopsis }} +Creates a key in a managed HSM from a backed-up key. ## SYNTAX @@ -31,16 +31,34 @@ Restore-AzManagedHsmKey [-ResourceId] [-InputFile] [-DefaultPr ``` ## DESCRIPTION -{{ Fill in the Description }} +The **Restore-AzManagedHsmKey** cmdlet creates a key in the specified managed HSM. +This key is a replica of the backed-up key in the input file and has the same name as the original key. +If the managed HSM already has a key by the same name, this cmdlet fails instead of overwriting the original key. +If the backup contains multiple versions of a key, all versions are restored. +The managed HSM that you restore the key into can be different from the managed HSM that you backed up the key from. +However, the managed HSM must use the same subscription and be in an Azure region in the same geography (for example, North America). +See the Microsoft Azure Trust Center (https://azure.microsoft.com/support/trust-center/) for the mapping of Azure regions to geographies. ## EXAMPLES ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Restore-AzManagedHsmKey -HsmName testmhsm -InputFile "C:\Backup.blob" + +Vault/HSM Name : testmhsm +Name : testkey001 +Version : 7cff8510da04433b98144a3e33ad2bae +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey001/7cff8510da04433b98144a3e33ad2bae +Enabled : True +Expires : +Not Before : +Created : 10/14/2020 10:13:03 AM +Updated : 10/14/2020 10:13:03 AM +Recovery Level : Recoverable+Purgeable +Tags : ``` -{{ Add example description here }} +This command restores a key, including all of its versions, from the backup file named Backup.blob into the managed HSM named testmhsm. ## PARAMETERS @@ -60,7 +78,7 @@ Accept wildcard characters: False ``` ### -HsmName -Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. +HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment. ```yaml Type: System.String @@ -91,7 +109,7 @@ Accept wildcard characters: False ``` ### -InputObject -KeyVault object +HSM object ```yaml Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm @@ -106,7 +124,7 @@ Accept wildcard characters: False ``` ### -ResourceId -KeyVault Resource Id +HSM Resource Id ```yaml Type: System.String @@ -167,3 +185,15 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS + +[Add-AzManagedHsmKey](./Add-AzManagedHsmKey.md) + +[Backup-AzManagedHsmKey](./Backup-AzManagedHsmKey.md) + +[Remove-AzManagedHsmKey](./Remove-AzManagedHsmKey.md) + +[Undo-AzManagedHsmKeyRemoval](./Undo-AzManagedHsmKeyRemoval.md) + +[Get-AzManagedHsmKey](./Get-AzManagedHsmKey.md) + +[Update-AzManagedHsmKey](./Update-AzManagedHsmKey.md) \ No newline at end of file diff --git a/src/KeyVault/KeyVault/help/Undo-AzManagedHsmKeyRemoval.md b/src/KeyVault/KeyVault/help/Undo-AzManagedHsmKeyRemoval.md index c01904512dd3..14343e0e574e 100644 --- a/src/KeyVault/KeyVault/help/Undo-AzManagedHsmKeyRemoval.md +++ b/src/KeyVault/KeyVault/help/Undo-AzManagedHsmKeyRemoval.md @@ -1,14 +1,14 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml Module Name: Az.KeyVault -online version: +online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/undo-azmanagedhsmkeyremoval schema: 2.0.0 --- # Undo-AzManagedHsmKeyRemoval ## SYNOPSIS -{{ Fill in the Synopsis }} +Recovers a deleted key in a managed HSM into an active state. ## SYNTAX @@ -25,16 +25,30 @@ Undo-AzManagedHsmKeyRemoval [-InputObject] ``` ## DESCRIPTION -{{ Fill in the Description }} +The **Undo-AzManagedHsmKeyRemoval** cmdlet will recover a previously deleted key. +The recovered key will be active and can be used for all normal key operations. +Caller needs to have 'recover' permission in order to perform this operation. ## EXAMPLES ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Undo-AzManagedHsmKeyRemoval -HsmName testmhsm -Name testkey001 + +Vault/HSM Name : testmhsm +Name : testkey001 +Version : 7cff8510da04433b98144a3e33ad2bae +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey001/7cff8510da04433b98144a3e33ad2bae +Enabled : True +Expires : +Not Before : +Created : 10/14/2020 10:13:03 AM +Updated : 10/14/2020 10:13:03 AM +Recovery Level : Recoverable+Purgeable +Tags : ``` -{{ Add example description here }} +This command will recover the key 'testkey001' that was previously deleted, into an active and usable state. ## PARAMETERS @@ -54,7 +68,7 @@ Accept wildcard characters: False ``` ### -HsmName -Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment. +HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment. ```yaml Type: System.String @@ -85,7 +99,7 @@ Accept wildcard characters: False ### -Name Key name. -Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. +Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name. ```yaml Type: System.String @@ -144,3 +158,15 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS + +[Add-AzManagedHsmKey](./Add-AzManagedHsmKey.md) + +[Backup-AzManagedHsmKey](./Backup-AzManagedHsmKey.md) + +[Remove-AzManagedHsmKey](./Remove-AzManagedHsmKey.md) + +[Restore-AzManagedHsmKey](./Restore-AzManagedHsmKey.md) + +[Get-AzManagedHsmKey](./Get-AzManagedHsmKey.md) + +[Update-AzManagedHsmKey](./Update-AzManagedHsmKey.md) \ No newline at end of file diff --git a/src/KeyVault/KeyVault/help/Update-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Update-AzManagedHsmKey.md index be1d555aebb1..cd18ddd5140c 100644 --- a/src/KeyVault/KeyVault/help/Update-AzManagedHsmKey.md +++ b/src/KeyVault/KeyVault/help/Update-AzManagedHsmKey.md @@ -1,14 +1,14 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml Module Name: Az.KeyVault -online version: +online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/update-azmanagedhsmkey schema: 2.0.0 --- # Update-AzManagedHsmKey ## SYNOPSIS -{{ Fill in the Synopsis }} +Updates the attributes of a key in a managed HSM. ## SYNTAX @@ -27,16 +27,37 @@ Update-AzManagedHsmKey [-InputObject] [[-Version] {{ Add example code here }} +PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime() +PS C:\> $Tags = @{'Severity' = 'high'; 'Accounting' = 'true'} +PS C:\> Update-AzManagedHsmKey -HsmName testmhsm -Name testkey001 -Expires $Expires -Enable $True -Tag $Tags -PassThru + +Vault/HSM Name : testmhsm +Name : testkey001 +Version : 49b74a39dab605bd336628dc094dc31b +Id : https://testmhsm.managedhsm.azure.net:443/keys/testkey001/49b74a39dab605bd336628dc094dc31b +Enabled : True +Expires : 10/14/2022 9:46:55 AM +Not Before : +Created : 10/14/2020 3:39:16 AM +Updated : 10/14/2020 9:47:06 AM +Recovery Level : Recoverable+Purgeable +Tags : Name Value + Severity high + Accounting true ``` -{{ Add example description here }} +The first command creates a **DateTime** object by using the **Get-Date** cmdlet. That object +specifies a time two years in the future. The command stores that date in the $Expires variable. +For more information, type `Get-Help Get-Date`. +The second command creates a variable to store tag values of high severity and Accounting. +The final command modifies a key named testkey001. The command enables the key, sets its expiration +time to the time stored in $Expires, and sets the tags that are stored in $Tags. ## PARAMETERS @@ -88,7 +109,7 @@ Accept wildcard characters: False ``` ### -HsmName -Hsm name. Cmdlet constructs the FQDN of a managed hsm based on the name and currently selected environment. +HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment. ```yaml Type: System.String @@ -135,7 +156,7 @@ Accept wildcard characters: False ### -Name Key name. -Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name. +Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name. ```yaml Type: System.String @@ -199,7 +220,7 @@ Accept wildcard characters: False ### -Version Key version. -Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version. +Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment, key name and key version. ```yaml Type: System.String @@ -258,3 +279,15 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS + +[Add-AzManagedHsmKey](./Add-AzManagedHsmKey.md) + +[Backup-AzManagedHsmKey](./Backup-AzManagedHsmKey.md) + +[Remove-AzManagedHsmKey](./Remove-AzManagedHsmKey.md) + +[Undo-AzManagedHsmKeyRemoval](./Undo-AzManagedHsmKeyRemoval.md) + +[Get-AzManagedHsmKey](./Get-AzManagedHsmKey.md) + +[Restore-AzManagedHsmKey](./Restore-AzManagedHsmKey.md) \ No newline at end of file From 06d43665dcf7045ca086ec2eca662d872fda9d0e Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Wed, 14 Oct 2020 19:16:11 +0800 Subject: [PATCH 10/14] Update changelog.md --- src/KeyVault/KeyVault/ChangeLog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md index c2951ba399eb..de98936d679c 100644 --- a/src/KeyVault/KeyVault/ChangeLog.md +++ b/src/KeyVault/KeyVault/ChangeLog.md @@ -18,6 +18,7 @@ - Additional information about change #1 --> ## Upcoming Release +* Supported creating, removing, updating, getting, restoring, backup and undoing removal key inside managed HSM * Enabled Managed HSM Management via *-AzKeyVault ## Version 2.0.0 From d9082a8b57847ba79e17d7489f3af75b0e85970e Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Thu, 15 Oct 2020 11:29:01 +0800 Subject: [PATCH 11/14] suppress signature issues --- src/KeyVault/KeyVault/Properties/Resources.resx | 1 + .../Exceptions/Az.KeyVault/SignatureIssues.csv | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx index 76e500566171..36550644bb9b 100644 --- a/src/KeyVault/KeyVault/Properties/Resources.resx +++ b/src/KeyVault/KeyVault/Properties/Resources.resx @@ -509,6 +509,7 @@ You can find the object ID using Azure Active Directory Module for Windows Power Key type '{0}' is not supported for importing. (Supported types: RSA-HSM) + Cannot find HSM '{0}' in resource group '{1}'. diff --git a/tools/StaticAnalysis/Exceptions/Az.KeyVault/SignatureIssues.csv b/tools/StaticAnalysis/Exceptions/Az.KeyVault/SignatureIssues.csv index d487291581a3..d01bd03ea014 100644 --- a/tools/StaticAnalysis/Exceptions/Az.KeyVault/SignatureIssues.csv +++ b/tools/StaticAnalysis/Exceptions/Az.KeyVault/SignatureIssues.csv @@ -1,4 +1,9 @@ "AssemblyFileName","ClassName","Target","Severity","ProblemId","Description","Remediation" +"Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll","Microsoft.Azure.Commands.KeyVault.GetAzureManagedHsmKey","Get-AzManagedHsmKey","1","8410","Parameter IncludeVersions of cmdlet Get-AzManagedHsmKey does not follow the enforced naming convention of using a singular noun for a parameter name.","Consider using a singular noun for the parameter name." +"Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll","Microsoft.Azure.Commands.KeyVault.UpdateAzureManagedHsmKey","Update-AzManagedHsmKey","1","8410","Parameter Expires of cmdlet Update-AzManagedHsmKey does not follow the enforced naming convention of using a singular noun for a parameter name.","Consider using a singular noun for the parameter name." +"Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll","Microsoft.Azure.Commands.KeyVault.UpdateAzureManagedHsmKey","Update-AzManagedHsmKey","1","8410","Parameter KeyOps of cmdlet Update-AzManagedHsmKey does not follow the enforced naming convention of using a singular noun for a parameter name.","Consider using a singular noun for the parameter name." +"Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll","Microsoft.Azure.Commands.KeyVault.Commands.AddAzureManagedHsmKey","Add-AzManagedHsmKey","1","8410","Parameter KeyOps of cmdlet Add-AzManagedHsmKey does not follow the enforced naming convention of using a singular noun for a parameter name.","Consider using a singular noun for the parameter name." +"Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll","Microsoft.Azure.Commands.KeyVault.Commands.AddAzureManagedHsmKey","Add-AzManagedHsmKey","1","8410","Parameter Expires of cmdlet Add-AzManagedHsmKey does not follow the enforced naming convention of using a singular noun for a parameter name.","Consider using a singular noun for the parameter name." "Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll","Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultManagedStorageSasDefinition","Set-AzKeyVaultManagedStorageSasDefinition","1","8420","Parameter set 'Default' of cmdlet 'Set-AzKeyVaultManagedStorageSasDefinition' contains at least one parameter with a position larger than four, which is discouraged.","Limit the number of positional parameters in a single parameter set to four or fewer." "Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll","Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultManagedStorageSasDefinition","Set-AzKeyVaultManagedStorageSasDefinition","1","8420","Parameter set 'ByInputObject' of cmdlet 'Set-AzKeyVaultManagedStorageSasDefinition' contains at least one parameter with a position larger than four, which is discouraged.","Limit the number of positional parameters in a single parameter set to four or fewer." "Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll","Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultManagedStorageSasDefinition","Set-AzKeyVaultManagedStorageSasDefinition","1","8420","Parameter set '__AllParameterSets' of cmdlet 'Set-AzKeyVaultManagedStorageSasDefinition' contains at least one parameter with a position larger than four, which is discouraged.","Limit the number of positional parameters in a single parameter set to four or fewer." From 7f356a044769fa2934594f0519620827083dc4b2 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Thu, 15 Oct 2020 16:03:55 +0800 Subject: [PATCH 12/14] Update all help markdowns --- .../KeyVault.Test/KeyVault.Test.csproj | 4 +++ .../ManagedHsmDatePlaneTests.Tests.ps1 | 9 +++++ .../PesterTests/ManagedHsmDatePlaneTests.ps1 | 22 +++++++++++++ .../help/Add-AzKeyVaultNetworkRule.md | 2 +- .../KeyVault/help/Add-AzManagedHsmKey.md | 4 +-- src/KeyVault/KeyVault/help/Az.KeyVault.md | 33 +++++++++++++++++++ .../KeyVault/help/Backup-AzManagedHsmKey.md | 4 +-- .../KeyVault/help/Get-AzManagedHsmKey.md | 6 ++-- src/KeyVault/KeyVault/help/New-AzKeyVault.md | 1 - .../KeyVault/help/Update-AzManagedHsm.md | 3 +- 10 files changed, 77 insertions(+), 11 deletions(-) create mode 100644 src/KeyVault/KeyVault.Test/ScenarioTests/PesterTests/ManagedHsmDatePlaneTests.Tests.ps1 create mode 100644 src/KeyVault/KeyVault.Test/ScenarioTests/PesterTests/ManagedHsmDatePlaneTests.ps1 diff --git a/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj b/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj index 4bbae8e7cc75..105bd56f5245 100644 --- a/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj +++ b/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj @@ -26,5 +26,9 @@ + + + + diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/PesterTests/ManagedHsmDatePlaneTests.Tests.ps1 b/src/KeyVault/KeyVault.Test/ScenarioTests/PesterTests/ManagedHsmDatePlaneTests.Tests.ps1 new file mode 100644 index 000000000000..098f3d04daa2 --- /dev/null +++ b/src/KeyVault/KeyVault.Test/ScenarioTests/PesterTests/ManagedHsmDatePlaneTests.Tests.ps1 @@ -0,0 +1,9 @@ +$here = Split-Path -Parent $MyInvocation.MyCommand.Path +$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.Tests\.', '.' +. "$here\$sut" + +Describe "ManagedHsmDatePlaneTests" { + It "does something useful" { + $true | Should Be $false + } +} diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/PesterTests/ManagedHsmDatePlaneTests.ps1 b/src/KeyVault/KeyVault.Test/ScenarioTests/PesterTests/ManagedHsmDatePlaneTests.ps1 new file mode 100644 index 000000000000..86b7fbebb88f --- /dev/null +++ b/src/KeyVault/KeyVault.Test/ScenarioTests/PesterTests/ManagedHsmDatePlaneTests.ps1 @@ -0,0 +1,22 @@ +function Test-AddAzManagedHsmKey { + Param( + [parameter(Mandatory=$true)] + [String] + $hsmName, + [parameter(Mandatory=$true)] + [String] + $keyName, + [parameter(Mandatory=$true)] + [String] + $keyType, + [parameter(Mandatory=$false)] + [String] + $curveName + ) + if($keyType -eq "EC" || $keyType -eq "EC-HSM"){ + Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType -CurveName $curveName + } + else { + Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType + } +} diff --git a/src/KeyVault/KeyVault/help/Add-AzKeyVaultNetworkRule.md b/src/KeyVault/KeyVault/help/Add-AzKeyVaultNetworkRule.md index 1e315bdaec09..6c1d7806c035 100644 --- a/src/KeyVault/KeyVault/help/Add-AzKeyVaultNetworkRule.md +++ b/src/KeyVault/KeyVault/help/Add-AzKeyVaultNetworkRule.md @@ -36,7 +36,7 @@ Add-AzKeyVaultNetworkRule [-ResourceId] [-IpAddressRange ] ## DESCRIPTION The **Add-AzKeyVaultNetworkRule** cmdlet grants or restricts access to a key vault to a set of caller designated by their IP addresses or the virtual network to which they belong. The rule has the potential to restrict access for other users, applications, or security groups which have been granted permissions via the access policy. -Please note that any IP range inside `10.0.0.0–10.255.255.255` (private IP addresses) cannot be used to add network rules. +Please note that any IP range inside `10.0.0.0-10.255.255.255` (private IP addresses) cannot be used to add network rules. ## EXAMPLES diff --git a/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md index a31135b792e1..b7cd69fd6360 100644 --- a/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md +++ b/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md @@ -69,6 +69,7 @@ original key is updated with the values that you specify for the new key. You ca previous values by using the version-specific URI for that version of the key. To learn about key versions and the URI structure, see [About Keys and Secrets](http://go.microsoft.com/fwlink/?linkid=518560) in the Managed HSM REST API documentation. + ## EXAMPLES ### Example 1: Create a RSA-HSM key @@ -143,6 +144,7 @@ values for allowed key operations stored $KeyOperations. The command specifies t the *Expires* and *NotBefore* parameters created in the previous commands, and tags for high severity and IT. The new key is disabled. You can enable it by using the **Update-AzManagedHsmKey** cmdlet. + ## PARAMETERS ### -CurveName @@ -152,7 +154,6 @@ Specifies the curve name of elliptic curve cryptography, this value is valid whe Type: System.String Parameter Sets: (All) Aliases: -Accepted values: P-256, P-256K, P-384, P-521 Required: False Position: Named @@ -292,7 +293,6 @@ Specifies the key type of this key. Type: System.String Parameter Sets: (All) Aliases: -Accepted values: RSA, EC, oct Required: True Position: Named diff --git a/src/KeyVault/KeyVault/help/Az.KeyVault.md b/src/KeyVault/KeyVault/help/Az.KeyVault.md index c2e5eaf06ef3..37332c13328c 100644 --- a/src/KeyVault/KeyVault/help/Az.KeyVault.md +++ b/src/KeyVault/KeyVault/help/Az.KeyVault.md @@ -26,6 +26,9 @@ Adds an existing Azure Storage Account to the specified key vault for its keys t ### [Add-AzKeyVaultNetworkRule](Add-AzKeyVaultNetworkRule.md) Adds a rule meant to restrict access to a key vault based on the client's internet address. +### [Add-AzManagedHsmKey](Add-AzManagedHsmKey.md) +Creates a key in a managed HSM or imports a key into a managed HSM. + ### [Backup-AzKeyVaultCertificate](Backup-AzKeyVaultCertificate.md) Backs up a certificate in a key vault. @@ -38,6 +41,9 @@ Backs up a KeyVault-managed storage account. ### [Backup-AzKeyVaultSecret](Backup-AzKeyVaultSecret.md) Backs up a secret in a key vault. +### [Backup-AzManagedHsmKey](Backup-AzManagedHsmKey.md) +Backs up a key in a managed HSM. + ### [Get-AzKeyVault](Get-AzKeyVault.md) Gets key vaults. @@ -68,6 +74,12 @@ Gets Key Vault managed Storage SAS Definitions. ### [Get-AzKeyVaultSecret](Get-AzKeyVaultSecret.md) Gets the secrets in a key vault. +### [Get-AzManagedHsm](Get-AzManagedHsm.md) +Get managed HSMs. + +### [Get-AzManagedHsmKey](Get-AzManagedHsmKey.md) +Gets Managed Hsm keys. + ### [Import-AzKeyVaultCertificate](Import-AzKeyVaultCertificate.md) Imports a certificate to a key vault. @@ -86,6 +98,9 @@ Creates an in-memory certificate policy object. ### [New-AzKeyVaultNetworkRuleSetObject](New-AzKeyVaultNetworkRuleSetObject.md) Create an object representing the network rule settings. +### [New-AzManagedHsm](New-AzManagedHsm.md) +Creates a managed HSM. + ### [Remove-AzKeyVault](Remove-AzKeyVault.md) Deletes a key vault. @@ -119,6 +134,12 @@ Removes a network rule from a key vault. ### [Remove-AzKeyVaultSecret](Remove-AzKeyVaultSecret.md) Deletes a secret in a key vault. +### [Remove-AzManagedHsm](Remove-AzManagedHsm.md) +Deletes a managed HSM. + +### [Remove-AzManagedHsmKey](Remove-AzManagedHsmKey.md) +Deletes a key in a managed HSM. + ### [Restore-AzKeyVaultCertificate](Restore-AzKeyVaultCertificate.md) Restores a certificate in a key vault from a backup file. @@ -131,6 +152,9 @@ Restores a managed storage account in a key vault from a backup file. ### [Restore-AzKeyVaultSecret](Restore-AzKeyVaultSecret.md) Creates a secret in a key vault from a backed-up secret. +### [Restore-AzManagedHsmKey](Restore-AzManagedHsmKey.md) +Creates a key in a managed HSM from a backed-up key. + ### [Set-AzKeyVaultAccessPolicy](Set-AzKeyVaultAccessPolicy.md) Grants or modifies existing permissions for a user, application, or security group to perform operations with a key vault. @@ -167,6 +191,9 @@ Recovers a deleted key vault into an active state. ### [Undo-AzKeyVaultSecretRemoval](Undo-AzKeyVaultSecretRemoval.md) Recovers a deleted secret in a key vault into an active state. +### [Undo-AzManagedHsmKeyRemoval](Undo-AzManagedHsmKeyRemoval.md) +Recovers a deleted key in a managed HSM into an active state. + ### [Update-AzKeyVault](Update-AzKeyVault.md) Update the state of an Azure key vault. @@ -188,3 +215,9 @@ Updates the network rule set on a key vault. ### [Update-AzKeyVaultSecret](Update-AzKeyVaultSecret.md) Updates attributes of a secret in a key vault. +### [Update-AzManagedHsm](Update-AzManagedHsm.md) +Update the state of an Azure managed HSM. + +### [Update-AzManagedHsmKey](Update-AzManagedHsmKey.md) +Updates the attributes of a key in a managed HSM. + diff --git a/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md index bc0fc19d71e4..f524a47576de 100644 --- a/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md +++ b/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md @@ -37,8 +37,8 @@ Use the **Backup-AzManagedHsmKey** cmdlet to retrieve the key in encrypted forma ## EXAMPLES -### Example 1 -```powershell: Back up a key with an automatically generated file name +### Example 1: Back up a key with an automatically generated file name +```powershell PS C:\Users\username\> Backup-AzManagedHsmKey -HsmName testmhsm -Name testkey C:\Users\username\testmhsm-testkey-1602664728.7106073 diff --git a/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md index e40ac663f094..a33abac37f70 100644 --- a/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md +++ b/src/KeyVault/KeyVault/help/Get-AzManagedHsmKey.md @@ -218,7 +218,7 @@ Not Before : 10/14/2020 8:13:33 AM Created : 10/14/2020 8:14:01 AM Updated : 10/14/2020 8:14:01 AM Recovery Level : Recoverable+Purgeable -Tags : +Tags : ``` This command gets the key testkey that has been previously deleted, but not purged, in the managed HSM named testmhsm. @@ -238,7 +238,7 @@ Not Before : 10/14/2020 8:13:33 AM Created : 10/14/2020 8:14:01 AM Updated : 10/14/2020 8:14:01 AM Recovery Level : Recoverable+Purgeable -Tags : +Tags : ``` This command gets all the keys in the managed HSM named testmhsm that start with "test". @@ -258,7 +258,7 @@ Not Before : 10/14/2020 8:13:33 AM Created : 10/14/2020 8:14:01 AM Updated : 10/14/2020 8:14:01 AM Recovery Level : Recoverable+Purgeable -Tags : +Tags : ``` You can download the public key of a RSA key by specifying the `-OutFile` parameter. diff --git a/src/KeyVault/KeyVault/help/New-AzKeyVault.md b/src/KeyVault/KeyVault/help/New-AzKeyVault.md index e50ccf60924f..d563bc7e60d4 100644 --- a/src/KeyVault/KeyVault/help/New-AzKeyVault.md +++ b/src/KeyVault/KeyVault/help/New-AzKeyVault.md @@ -278,7 +278,6 @@ Specifies the SKU of the key vault instance. For information about which feature Type: System.String Parameter Sets: (All) Aliases: -Accepted values: Standard, Premium Required: False Position: Named diff --git a/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md index a203836b1d8a..de5d6784a1fc 100644 --- a/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md +++ b/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md @@ -1,4 +1,4 @@ ---- +--- external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml Module Name: Az.KeyVault online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/update-azmanagedhsm @@ -57,7 +57,6 @@ Tags : Name Value ==== ===== testKey testValued - ``` Updates tags for the managed Hsm named `$hsmName` in resource group `$resourceGroupName`. From c7fbc27e26cff1f89a88419b5c0e68fbbcb20e20 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Thu, 15 Oct 2020 17:14:09 +0800 Subject: [PATCH 13/14] add logger for track2sdk --- src/KeyVault/KeyVault/Models/KeyVaultCmdletBase.cs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/KeyVault/KeyVault/Models/KeyVaultCmdletBase.cs b/src/KeyVault/KeyVault/Models/KeyVaultCmdletBase.cs index c12a7b0a0874..fb9d8afddef6 100644 --- a/src/KeyVault/KeyVault/Models/KeyVaultCmdletBase.cs +++ b/src/KeyVault/KeyVault/Models/KeyVaultCmdletBase.cs @@ -14,8 +14,10 @@ using System; using System.Collections.Generic; +using System.Diagnostics.Tracing; using System.Linq; using System.Management.Automation; +using Azure.Core.Diagnostics; using Microsoft.Azure.Commands.Common.Authentication; using Microsoft.Azure.Commands.KeyVault.Track2Models; using Microsoft.Azure.Commands.ResourceManager.Common; @@ -25,6 +27,7 @@ namespace Microsoft.Azure.Commands.KeyVault.Models public class KeyVaultCmdletBase : AzureRMCmdlet { public static readonly DateTime EpochDate = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); + private AzureEventSourceListener _azureEventSourceListener; internal IKeyVaultDataServiceClient DataServiceClient { @@ -55,6 +58,7 @@ internal IKeyVaultDataServiceClient Track2DataClient _track2DataServiceClient = new Track2KeyVaultDataServiceClient( AzureSession.Instance.AuthenticationFactory, DefaultContext); + _azureEventSourceListener = AzureEventSourceListener.CreateTraceLogger(EventLevel.Verbose); } return _track2DataServiceClient; @@ -125,5 +129,15 @@ private object GetPropertyValue(T resource, string property) return null; } + + protected override void Dispose(bool disposing) + { + base.Dispose(disposing); + if (disposing && _azureEventSourceListener != null) + { + _azureEventSourceListener.Dispose(); + _azureEventSourceListener = null; + } + } } } From ad40d3b649fd6de2a3f4da0037381ef3220b49b1 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Thu, 15 Oct 2020 18:02:38 +0800 Subject: [PATCH 14/14] add metadata for oct-HSM --- src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs | 5 ----- .../Track2Models/Track2ModelConvertionExtensions.cs | 6 +----- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs index 3b1d73aaa2be..b50caf16c210 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs @@ -104,11 +104,6 @@ private PSKeyVaultKey CreateKey(KeyClient client, string keyName, PSKeyVaultKeyA } else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm) { - // Have no idea why still run KeyCurveName when curveName is null - //options = new CreateEcKeyOptions(keyName, isHsm) - //{ - // CurveName = string.IsNullOrEmpty(curveName) ? null : new KeyCurveName(curveName) - //}; options = new CreateEcKeyOptions(keyName, isHsm); if (string.IsNullOrEmpty(curveName)) { diff --git a/src/KeyVault/KeyVault/Track2Models/Track2ModelConvertionExtensions.cs b/src/KeyVault/KeyVault/Track2Models/Track2ModelConvertionExtensions.cs index b506ca98a62b..4227bcdb4fde 100644 --- a/src/KeyVault/KeyVault/Track2Models/Track2ModelConvertionExtensions.cs +++ b/src/KeyVault/KeyVault/Track2Models/Track2ModelConvertionExtensions.cs @@ -37,12 +37,8 @@ public static Track1Sdk.JsonWebKey ToTrack1JsonWebKey(this Track2Sdk.JsonWebKey // SDK doesn't have a definition of OctHSM, so I need to use string comparison else if (track2Key.KeyType == Track2Sdk.KeyType.Oct || track2Key.KeyType.ToString() == @"oct-HSM") { - // Track2 JsonWebKey.ToAes() requires key type to be oct only, but hsm always return the type as oct-HSM - // so I manually take care of the conversion - // however K is always null - // todo: check with Ma Bin - // todo: manually add metadata track1Key = new Track1Sdk.JsonWebKey(); + track1Key.Kty = track2Key.KeyType.ToString(); } else {