From 95af400214927ae15630f8e83f3e24258765f2fc Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Mon, 9 Nov 2020 13:00:18 +0800 Subject: [PATCH 1/4] secret management --- .../Az.KeyVault.Extension.psd1} | 2 +- .../Az.KeyVault.Extension.psm1 | 287 ++++++++++++++++++ src/KeyVault/KeyVault/Az.KeyVault.psd1 | 2 +- src/KeyVault/KeyVault/KeyVault.csproj | 2 +- .../SecretManagementExtension.psm1 | 123 -------- tools/CleanupBuild.ps1 | 2 +- tools/NewHelpIndex.ps1 | 2 +- tools/NewOutputTypeIndex.ps1 | 4 + tools/PublishModules.psm1 | 19 +- tools/UpdateModules.psm1 | 4 + 10 files changed, 317 insertions(+), 130 deletions(-) rename src/KeyVault/KeyVault/{SecretManagementExtension/SecretManagementExtension.psd1 => Az.KeyVault.Extension/Az.KeyVault.Extension.psd1} (72%) create mode 100644 src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 delete mode 100644 src/KeyVault/KeyVault/SecretManagementExtension/SecretManagementExtension.psm1 diff --git a/src/KeyVault/KeyVault/SecretManagementExtension/SecretManagementExtension.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psd1 similarity index 72% rename from src/KeyVault/KeyVault/SecretManagementExtension/SecretManagementExtension.psd1 rename to src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psd1 index 23af8ba0bae0..fd5e34c6e36d 100644 --- a/src/KeyVault/KeyVault/SecretManagementExtension/SecretManagementExtension.psd1 +++ b/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psd1 @@ -1,5 +1,5 @@ @{ ModuleVersion = '1.0' - RootModule = '.\SecretManagementExtension.psm1' + RootModule = '.\Az.KeyVault.Extension.psm1' FunctionsToExport = @('Set-Secret','Get-Secret','Remove-Secret','Get-SecretInfo','Test-SecretVault') } diff --git a/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 b/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 new file mode 100644 index 000000000000..8433eee8dac5 --- /dev/null +++ b/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 @@ -0,0 +1,287 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + +function Check-SubscriptionLogIn +{ + param ( + [string] $SubscriptionId, + [string] $AzKVaultName + ) + + $azContext = Az.Accounts\Get-AzContext + if (($azContext -eq $null) -or ($azContext.Subscription.Id -ne $SubscriptionId)) + { + throw "To use ${AzKVaultName} Azure vault, the current user must be logged into Azure account subscription ${SubscriptionId}. Run 'Connect-AzAccount -SubscriptionId ${SubscriptionId}'." + } +} + +function Get-Secret +{ + param ( + [string] $Name, + [string] $VaultName, + [hashtable] $AdditionalParameters + ) + + Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName + + $secret = Az.KeyVault\Get-AzKeyVaultSecret -Name $Name -VaultName $AdditionalParameters.AZKVaultName + if ($secret -ne $null) + { + switch ($secret.ContentType) { + 'ByteArray' + { + $SecretValue = Get-ByteArray $Secret + } + 'String' + { + $SecretValue = Get-String $Secret + } + 'SecureString' + { + $SecretValue = Get-SecureString $Secret + } + 'PSCredential' + { + Get-PSCredential $Secret + } + 'Hashtable' + { + Get-Hashtable $Secret + } + Default + { + throw "Unknown secret type" + } + } + return $SecretValue + } +} + +function Get-ByteArray +{ + param ( + [Parameter(Mandatory=$true, Position=0)] + [object] $Secret + ) + $secretValueText = Get-String $Secret + return [System.Text.Encoding]::ASCII.GetBytes($secretValueText) +} + +function Get-String +{ + param ( + [Parameter(Mandatory=$true, Position=0)] + [object] $Secret + ) + + $ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Secret.SecretValue) + try { + $secretValueText = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr) + } finally { + [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr) + } + return $secretValueText +} + +function Get-SecureString +{ + param ( + [Parameter(Mandatory=$true, Position=0)] + [object] $Secret + ) + + return $Secret.SecretValue +} + +function Get-PSCredential +{ + param ( + [Parameter(Mandatory=$true, Position=0)] + [object] $Secret + ) + + $secretHashTable = Get-Hashtable $Secret + return [System.Management.Automation.PSCredential]::new($secretHashTable["UserName"], ($secretHashTable["Password"] | ConvertTo-SecureString -AsPlainText -Force)) +} + +function Get-Hashtable +{ + param ( + [Parameter(Mandatory=$true, Position=0)] + [object] $Secret + ) + + $secretValueText = Get-String $Secret + return ConvertFrom-Json $secretValueText -AsHashtable +} + +function Set-Secret +{ + param ( + [string] $Name, + [object] $Secret, + [string] $VaultName, + [hashtable] $AdditionalParameters + ) + + Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName + + switch ($Secret.GetType().Name) { + 'Byte[]' + { + Set-ByteArray -Name $Name -Secret $Secret -AZKVaultName $AdditionalParameters.AZKVaultName -ContentType 'ByteArray' + } + 'String' + { + Set-String -Name $Name -Secret $Secret -AZKVaultName $AdditionalParameters.AZKVaultName -ContentType 'String' + } + 'SecureString' + { + Set-SecureString -Name $Name -Secret $Secret -AZKVaultName $AdditionalParameters.AZKVaultName -ContentType 'SecureString' + } + 'PSCredential' + { + Set-PSCredential -Name $Name -Secret $Secret -AZKVaultName $AdditionalParameters.AZKVaultName -ContentType 'PSCredential' + } + 'Hashtable' + { + Set-Hashtable -Name $Name -Secret $Secret -AZKVaultName $AdditionalParameters.AZKVaultName -ContentType 'Hashtable' + } + Default + { + throw "Invalid type. Types supported: byte[], string, SecureString, PSCredential, Hashtable"; + } + } + + return $? +} + +function Set-ByteArray +{ + param ( + [string] $Name, + [Byte[]] $Secret, + [string] $AZKVaultName, + [string] $ContentType + ) + + $SecretString = [System.Text.Encoding]::ASCII.GetString($Secret) + Set-String -Name $Name -Secret $SecretString -AZKVaultName $AZKVaultName -ContentType $ContentType +} + +function Set-String +{ + param ( + [string] $Name, + [string] $Secret, + [string] $AZKVaultName, + [string] $ContentType + ) + $SecureSecret = ConvertTo-SecureString -String $Secret -AsPlainText -Force + $null = Az.KeyVault\Set-AzKeyVaultSecret -Name $Name -SecretValue $SecureSecret -VaultName $AZKVaultName -ContentType $ContentType +} + +function Set-SecureString +{ + param ( + [string] $Name, + [SecureString] $Secret, + [string] $AZKVaultName, + [string] $ContentType + ) + + $null = Az.KeyVault\Set-AzKeyVaultSecret -Name $Name -SecretValue $Secret -VaultName $AZKVaultName -ContentType $ContentType +} + +function Set-PSCredential +{ + param ( + [string] $Name, + [PSCredential] $Secret, + [string] $AZKVaultName, + [string] $ContentType + ) + $secretHashTable = @{"UserName" = $Secret.UserName; "Password" = $Secret.GetNetworkCredential().Password} + $SecretString = ConvertTo-Json $secretHashTable + Set-String -Name $Name -Secret $SecretString -AZKVaultName $AZKVaultName -ContentType $ContentType +} + +function Set-Hashtable +{ + param ( + [string] $Name, + [Hashtable] $Secret, + [string] $AZKVaultName, + [string] $ContentType + ) + $SecretString = ConvertTo-Json $Secret + Set-String -Name $Name -Secret $SecretString -AZKVaultName $AZKVaultName -ContentType $ContentType +} + +function Remove-Secret +{ + param ( + [string] $Name, + [string] $VaultName, + [hashtable] $AdditionalParameters + ) + + Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName + + $null = Az.KeyVault\Remove-AzKeyVaultSecret -Name $Name -VaultName $AdditionalParameters.AZKVaultName -Force + return $? +} + +function Get-SecretInfo +{ + param ( + [string] $Filter, + [string] $VaultName, + [hashtable] $AdditionalParameters + ) + + Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName + + if ([string]::IsNullOrEmpty($Filter)) + { + $Filter = "*" + } + + $pattern = [WildcardPattern]::new($Filter) + + $vaultSecretInfos = Az.KeyVault\Get-AzKeyVaultSecret -VaultName $AdditionalParameters.AZKVaultName + + foreach ($vaultSecretInfo in $vaultSecretInfos) + { + if ($pattern.IsMatch($vaultSecretInfo.Name)) + { + Write-Output ( + [Microsoft.PowerShell.SecretManagement.SecretInformation]::new( + $vaultSecretInfo.Name, + [Microsoft.PowerShell.SecretManagement.SecretType]::SecureString, + $VaultName) + ) + } + } +} + +function Test-SecretVault +{ + param ( + [string] $VaultName, + [hashtable] $AdditionalParameters + ) + + try + { + Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName + } + catch + { + Write-Error $_ + return $false + } + + return $true +} \ No newline at end of file diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1 index 61c790648026..34519f43e505 100644 --- a/src/KeyVault/KeyVault/Az.KeyVault.psd1 +++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1 @@ -73,7 +73,7 @@ RequiredAssemblies = 'Microsoft.Azure.KeyVault.dll', FormatsToProcess = 'KeyVault.format.ps1xml' # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess -NestedModules = @('Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll') +NestedModules = @('Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll', '.\Az.KeyVault.Extension') # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. FunctionsToExport = @() diff --git a/src/KeyVault/KeyVault/KeyVault.csproj b/src/KeyVault/KeyVault/KeyVault.csproj index 08c173c1e4d1..99a9c0c66dba 100644 --- a/src/KeyVault/KeyVault/KeyVault.csproj +++ b/src/KeyVault/KeyVault/KeyVault.csproj @@ -28,7 +28,7 @@ - + diff --git a/src/KeyVault/KeyVault/SecretManagementExtension/SecretManagementExtension.psm1 b/src/KeyVault/KeyVault/SecretManagementExtension/SecretManagementExtension.psm1 deleted file mode 100644 index 4b3770006fc1..000000000000 --- a/src/KeyVault/KeyVault/SecretManagementExtension/SecretManagementExtension.psm1 +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. - -function Check-SubscriptionLogIn -{ - param ( - [string] $SubscriptionId, - [string] $AzKVaultName - ) - - Import-Module -Name Az.Accounts - - $azContext = Az.Accounts\Get-AzContext - if (($azContext -eq $null) -or ($azContext.Subscription.Id -ne $SubscriptionId)) - { - throw "To use ${AzKVaultName} Azure vault, the current user must be logged into Azure account subscription ${SubscriptionId}. Run 'Connect-AzAccount -SubscriptionId ${SubscriptionId}'." - } -} - -function Get-Secret -{ - param ( - [string] $Name, - [string] $VaultName, - [hashtable] $AdditionalParameters - ) - - Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName - - Import-Module -Name Az.KeyVault - - $secret = Az.KeyVault\Get-AzKeyVaultSecret -Name $Name -VaultName $AdditionalParameters.AZKVaultName - if ($secret -ne $null) - { - return $secret.SecretValue - } -} - -function Set-Secret -{ - param ( - [string] $Name, - [object] $Secret, - [string] $VaultName, - [hashtable] $AdditionalParameters - ) - - Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName - - Import-Module -Name Az.KeyVault - - $null = Az.KeyVault\Set-AzKeyVaultSecret -Name $Name -SecretValue $Secret -VaultName $AdditionalParameters.AZKVaultName - return $? -} - -function Remove-Secret -{ - param ( - [string] $Name, - [string] $VaultName, - [hashtable] $AdditionalParameters - ) - - Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName - - Import-Module -Name Az.KeyVault - - $null = Az.KeyVault\Remove-AzKeyVaultSecret -Name $Name -VaultName $AdditionalParameters.AZKVaultName -Force - return $? -} - -function Get-SecretInfo -{ - param ( - [string] $Filter, - [string] $VaultName, - [hashtable] $AdditionalParameters - ) - - Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName - - Import-Module -Name Az.KeyVault - - if ([string]::IsNullOrEmpty($Filter)) - { - $Filter = "*" - } - - $pattern = [WildcardPattern]::new($Filter) - $vaultSecretInfos = Az.KeyVault\Get-AzKeyVaultSecret -VaultName $AdditionalParameters.AZKVaultName - foreach ($vaultSecretInfo in $vaultSecretInfos) - { - if ($pattern.IsMatch($vaultSecretInfo.Name)) - { - Write-Output ( - [Microsoft.PowerShell.SecretManagement.SecretInformation]::new( - $vaultSecretInfo.Name, - [Microsoft.PowerShell.SecretManagement.SecretType]::SecureString, - $VaultName) - ) - } - } -} - -function Test-SecretVault -{ - param ( - [string] $VaultName, - [hashtable] $AdditionalParameters - ) - - try - { - Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName - } - catch - { - Write-Error $_ - return $false - } - - return $true -} diff --git a/tools/CleanupBuild.ps1 b/tools/CleanupBuild.ps1 index aa5f8eb13e95..90b1f7c907be 100644 --- a/tools/CleanupBuild.ps1 +++ b/tools/CleanupBuild.ps1 @@ -77,7 +77,7 @@ foreach($RMPath in $resourceManagerPaths) Write-Host "Removing scripts and psd1 in $($RMFolder.FullName)" $exludedPsd1 = @( "PsSwaggerUtility*.psd1", - "SecretManagementExtension.psd1" + "Az.KeyVault.Extension.psd1" ) $removedPsd1 = Get-ChildItem -Path "$($RMFolder.FullName)" -Include "*.psd1" -Exclude $exludedPsd1 -Recurse | where { $_.FullName -ne "$($RMFolder.FullName)$([IO.Path]::DirectorySeparatorChar)$($RMFolder.Name).psd1" } $removedPsd1 | % { Write-Host "Removing $($_.FullName)"; Remove-Item $_.FullName -Force } diff --git a/tools/NewHelpIndex.ps1 b/tools/NewHelpIndex.ps1 index 556e9e4838dc..08e4a66eb094 100644 --- a/tools/NewHelpIndex.ps1 +++ b/tools/NewHelpIndex.ps1 @@ -69,7 +69,7 @@ $HelpFolders = @() $resourceManagerPath = "$PSScriptRoot/../artifacts/$BuildConfig/" $RMpsd1s += Get-ChildItem -Path $resourceManagerPath -Depth 2 | Where-Object { - $_.Name -like "*.psd1" -and $_.FullName -notlike "*dll-Help*" -and $_.Name -ne "SecretManagementExtension.psd1" + $_.Name -like "*.psd1" -and $_.FullName -notlike "*dll-Help*" -and $_.Name -ne "Az.KeyVault.Extension.psd1" } .($PSScriptRoot + "\PreloadToolDll.ps1") diff --git a/tools/NewOutputTypeIndex.ps1 b/tools/NewOutputTypeIndex.ps1 index ee22892526f9..2dfe41688cd3 100644 --- a/tools/NewOutputTypeIndex.ps1 +++ b/tools/NewOutputTypeIndex.ps1 @@ -22,6 +22,10 @@ $psd1Files | ForEach { Import-LocalizedData -BindingVariable "psd1File" -BaseDirectory $_.DirectoryName -FileName $_.Name foreach ($nestedModule in $psd1File.NestedModules) { + if('.dll' -ne [System.IO.Path]::GetExtension($nestedModule)) + { + continue; + } $dllPath = Join-Path -Path $_.DirectoryName -ChildPath $nestedModule $Assembly = [Reflection.Assembly]::LoadFrom($dllPath) $exportedTypes = $Assembly.GetTypes() diff --git a/tools/PublishModules.psm1 b/tools/PublishModules.psm1 index d6c9e0ba7427..f790c2994c74 100644 --- a/tools/PublishModules.psm1 +++ b/tools/PublishModules.psm1 @@ -323,7 +323,22 @@ function Remove-ModuleDependencies { $regex = New-Object System.Text.RegularExpressions.Regex "NestedModules\s*=\s*@\([^\)]+\)" $content = (Get-Content -Path $Path) -join "`r`n" - $text = $regex.Replace($content, "NestedModules = @()") + + $file = Get-Item $Path + Import-LocalizedData -BindingVariable ModuleMetadata -BaseDirectory $file.DirectoryName -FileName $file.Name + $ReplacedNestedModules = "" + foreach ($nestedModule in $ModuleMetadata.NestedModules) + { + if('.dll' -ne [System.IO.Path]::GetExtension($nestedModule)) + { + $ReplacedNestedModules += "'$nestedModule', "; + } + } + if("" -ne $ReplacedNestedModules){ + $ReplacedNestedModules = $ReplacedNestedModules.Substring(0, $ReplacedNestedModules.Length - 2) + } + + $text = $regex.Replace($content, "NestedModules = @($ReplacedNestedModules)") Out-FileNoBom -File $Path -Text $text } } @@ -684,7 +699,7 @@ function Add-Module { } Write-Output "Removing module manifest dependencies for $unzippedManifest" - Remove-ModuleDependencies -Path (Join-Path $TempRepoPath $unzippedManifest) + Remove-ModuleDependencies -Path (Join-Path $TempRepoPath $unzippedManifest -Resolve) Remove-Item -Path $zipPath -Force diff --git a/tools/UpdateModules.psm1 b/tools/UpdateModules.psm1 index d2b60a2ae1c6..84c20b3e9b7e 100644 --- a/tools/UpdateModules.psm1 +++ b/tools/UpdateModules.psm1 @@ -157,6 +157,10 @@ function Get-Cmdlets { $nestedModules = $ModuleMetadata.NestedModules $cmdlets = @() foreach ($module in $nestedModules) { + if('.dll' -ne [System.IO.Path]::GetExtension($module)) + { + continue; + } $dllPath = Join-Path -Path $ModulePath -ChildPath $module $Assembly = [Reflection.Assembly]::LoadFrom($dllPath) $dllCmdlets = $Assembly.GetTypes() | Where-Object {$_.CustomAttributes.AttributeType.Name -contains "CmdletAttribute"} From 8f8f9b83904da018580e695872f2a85cb2c8b674 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Fri, 20 Nov 2020 17:53:24 +0800 Subject: [PATCH 2/4] update changelog.md --- src/KeyVault/KeyVault/ChangeLog.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md index 4021c26a70b9..d2f516e70a1e 100644 --- a/src/KeyVault/KeyVault/ChangeLog.md +++ b/src/KeyVault/KeyVault/ChangeLog.md @@ -18,6 +18,8 @@ - Additional information about change #1 --> ## Upcoming Release +* Supported new version of SecretManagement module [#13366] +* Supported ByteArray, String, PSCredential and Hashtable for `SecretValue` in SecretManagementModule [#12190] ## Version 3.0.0 * [Breaking Change] Deprecated parameter DisableSoftDelete in `New-AzKeyVault` and EnableSoftDelete in `Update-AzKeyVault` From 4df24ce8329095a78005b455a707bd3ba4811f28 Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Mon, 23 Nov 2020 15:53:05 +0800 Subject: [PATCH 3/4] remove -AsHashtable from ConvertFrom-Json to compatible with windows powershell --- .../Az.KeyVault.Extension.psm1 | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 b/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 index 8433eee8dac5..9e22925e86ed 100644 --- a/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 +++ b/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 @@ -37,10 +37,7 @@ function Get-Secret { $SecretValue = Get-String $Secret } - 'SecureString' - { - $SecretValue = Get-SecureString $Secret - } + 'PSCredential' { Get-PSCredential $Secret @@ -51,7 +48,7 @@ function Get-Secret } Default { - throw "Unknown secret type" + $SecretValue = Get-SecureString $Secret } } return $SecretValue @@ -112,8 +109,10 @@ function Get-Hashtable [object] $Secret ) - $secretValueText = Get-String $Secret - return ConvertFrom-Json $secretValueText -AsHashtable + $jsonObject = Get-String $Secret | ConvertFrom-Json + $hashtable = @{} + $jsonObject.psobject.Properties | foreach { $hashtable[$_.Name] = $_.Value } + return $hashtable } function Set-Secret @@ -240,10 +239,10 @@ function Get-SecretInfo [string] $VaultName, [hashtable] $AdditionalParameters ) - - Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName - if ([string]::IsNullOrEmpty($Filter)) + Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName + + if ([string]::IsNullOrEmpty($Filter)) { $Filter = "*" } @@ -256,10 +255,14 @@ function Get-SecretInfo { if ($pattern.IsMatch($vaultSecretInfo.Name)) { + if($vaultSecretInfo.ContentType -eq $null) + { + $vaultSecretInfo.ContentType = 'Unknown' + } Write-Output ( [Microsoft.PowerShell.SecretManagement.SecretInformation]::new( $vaultSecretInfo.Name, - [Microsoft.PowerShell.SecretManagement.SecretType]::SecureString, + [System.Enum]::Parse([Microsoft.PowerShell.SecretManagement.SecretType], $vaultSecretInfo.ContentType), $VaultName) ) } From 2206f763a8fc661b5950ac355b982aa7364426aa Mon Sep 17 00:00:00 2001 From: Beisi Zhou Date: Mon, 23 Nov 2020 16:34:34 +0800 Subject: [PATCH 4/4] try to set subscription to vault subscription --- .../Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 b/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 index 9e22925e86ed..cea5688ee690 100644 --- a/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 +++ b/src/KeyVault/KeyVault/Az.KeyVault.Extension/Az.KeyVault.Extension.psm1 @@ -11,7 +11,14 @@ function Check-SubscriptionLogIn $azContext = Az.Accounts\Get-AzContext if (($azContext -eq $null) -or ($azContext.Subscription.Id -ne $SubscriptionId)) { - throw "To use ${AzKVaultName} Azure vault, the current user must be logged into Azure account subscription ${SubscriptionId}. Run 'Connect-AzAccount -SubscriptionId ${SubscriptionId}'." + try + { + Set-AzContext -SubscriptionId ${SubscriptionId} -ErrorAction Stop + } + catch + { + throw "To use ${AzKVaultName} Azure vault, the current user must be logged into Azure account subscription ${SubscriptionId}. Run 'Connect-AzAccount -SubscriptionId ${SubscriptionId}'." + } } }