diff --git a/src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.Tests.ps1 b/src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.Tests.ps1
index 17dafa82021b..a6d1fbe7dbd3 100644
--- a/src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.Tests.ps1
+++ b/src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.Tests.ps1
@@ -2,17 +2,21 @@ $here = Split-Path -Parent $MyInvocation.MyCommand.Path
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.Tests\.', '.'
. "$here\$sut"
-BeforeAll {
- . $PSScriptRoot/ManagedHsmDatePlaneTests.ps1
- ImportModules
- $hsmName = GetAzManagedHsm
-}
+. $PSScriptRoot/ManagedHsmDatePlaneTests.ps1
+# ImportModules
+$hsmName = 'yeminghsm02'
+$signInName = 'yeliu@microsoft.com'
+$storageAccount = 'yemingsa01'
+$containerName = 'hsmbackup'
+$sasToken = ConvertTo-SecureString -AsPlainText -Force 'insert sas token'
+$certs = "D:\sd1.cer", "D:\sd2.cer", "D:\sd3.cer" # for security domain
+$certsKeys = @{PublicKey = "D:\sd1.cer"; PrivateKey = "D:\sd1.key" }, @{PublicKey = "D:\sd2.cer"; PrivateKey = "D:\sd2.key" }, @{PublicKey = "D:\sd3.cer"; PrivateKey = "D:\sd3.key" }
Describe "AddAzManagedHsmKey" {
It "Create a RSA key inside a managed HSM" {
$keyName = GetRandomName -Prefix "key"
$keyType = "RSA"
- $rsaKey = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType
+ $rsaKey = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType $keyType
$rsaKey.VaultName | Should -BeExactly $hsmName
$rsaKey.Name | Should -BeExactly $keyName
$rsaKey.Attributes.KeyType | Should -Be "RSA-HSM"
@@ -22,7 +26,7 @@ Describe "AddAzManagedHsmKey" {
$keyName = GetRandomName -Prefix "key"
$keyType = "EC"
$curveName = "P-256"
- $rsaKey = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType -CurveName $curveName
+ $rsaKey = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType $keyType -CurveName $curveName
$rsaKey.VaultName | Should -BeExactly $hsmName
$rsaKey.Name | Should -BeExactly $keyName
$rsaKey.Attributes.KeyType | Should -Be "EC-HSM"
@@ -32,30 +36,30 @@ Describe "AddAzManagedHsmKey" {
It "Create an oct key inside a managed HSM" {
$keyName = GetRandomName -Prefix "key"
$keyType = "oct"
- $rsaKey = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType
+ $rsaKey = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType $keyType
$rsaKey.VaultName | Should -BeExactly $hsmName
$rsaKey.Name | Should -BeExactly $keyName
$rsaKey.Attributes.KeyType | Should -Be "oct-HSM"
}
- It "Create an oct key inside a managed HSM" {
+ It "Create an oct key inside a managed HSM" {
$keyName = GetRandomName -Prefix "key"
$keyType = "oct"
- $rsaKey = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType
+ $rsaKey = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType $keyType
$rsaKey.VaultName | Should -BeExactly $hsmName
$rsaKey.Name | Should -BeExactly $keyName
$rsaKey.Attributes.KeyType | Should -Be "oct-HSM"
}
- It "Create a key with non-default values inside a managed HSM" {
+ It "Create a key with non-default values inside a managed HSM" {
$keyName = GetRandomName -Prefix "key"
$keyType = "RSA"
$KeyOps = 'decrypt', 'verify'
# Expires & NotBefore is hard to cmpare, may add in the furture
- $Tags = @{'Severity' = 'high'; 'Accounting' = "true"}
+ $Tags = @{'Severity' = 'high'; 'Accounting' = "true" }
+
+ $key = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType $keyType -KeyOps $KeyOps -Disable -Tag $Tags
- $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType -KeyOps $KeyOps -Disable -Tag $Tags
-
$key.Attributes.KeyOps | Should -Be $KeyOps
$key.Tags.Count | Should -Be 2
$key.Enabled | Should -Be $false
@@ -65,198 +69,201 @@ Describe "AddAzManagedHsmKey" {
# $keyName = GetRandomName -Prefix "key"
# $keyFilePath = Join-Path $PSScriptRoot ../Resources/testImportKey.pfx -Resolve
# $keyFilePwd = $null
- # $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyFilePath $keyFilePath -KeyFilePassword $keyFilePwd
+ # $key = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyFilePath $keyFilePath -KeyFilePassword $keyFilePwd
# $key.Name | Should -BeExactly $keyName
# }
}
-Describe "GetAzManagedHsmKey"{
- BeforeEach{
+Describe "GetAzManagedHsmKey" {
+ BeforeEach {
# Add a key
$keyName = GetRandomName -Prefix "key"
- $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+ $key = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
}
It "List all the keys in a managed HSM" {
- $keys = Get-AzManagedHsmKey -HsmName $hsmName
+ $keys = Get-AzKeyVaultKey -HsmName $hsmName
$keys.Count | Should -BeGreaterThan 0
}
It "Get a specific key in a managed HSM" {
- $got = Get-AzManagedHsmKey -HsmName $hsmName -KeyName $keyName
+ $got = Get-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName
$got.Id | Should -Be $key.Id
}
It "List all the keys that have been deleted in a managed HSM" {
- Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Force
- $deletedKey = Get-AzManagedHsmKey -HsmName $hsmName -KeyName $keyName -InRemovedState
+ Remove-AzKeyVaultKey -HsmName $hsmName -Name $keyName -Force
+ $deletedKey = Get-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -InRemovedState
$deletedKey.Id | Should -Be $key.Id
}
-
+
It "Download a key from a managed HSM" {
$filePath = "$PSScriptRoot\public.pem"
- Get-AzManagedHsmKey -HsmName $hsmName -KeyName $keyName -OutFile $filePath
+ Get-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -OutFile $filePath
$filePath | Should -Exist
}
}
-Describe "RemoveAzManagedHsmKey"{
+Describe "RemoveAzManagedHsmKey" {
It "Remove a key from a managed HSM" {
$keyName = GetRandomName -Prefix "key"
- $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
- $deletedKey = Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Force -PassThru
+ $key = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+ $deletedKey = Remove-AzKeyVaultKey -HsmName $hsmName -Name $keyName -Force -PassThru
$deletedKey.Id | Should -Be $key.Id
}
It "Purge a deleted key from a managed HSM" {
$keyName = GetRandomName -Prefix "key"
- Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
- Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Force -PassThru
- Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -InRemovedState -Force -PassThru
- $deletedKey = Get-AzManagedHsmKey -HsmName $hsmName -Name $keyName -InRemovedState
+ Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+ Remove-AzKeyVaultKey -HsmName $hsmName -Name $keyName -Force -PassThru
+ Remove-AzKeyVaultKey -HsmName $hsmName -Name $keyName -InRemovedState -Force -PassThru
+ $deletedKey = Get-AzKeyVaultKey -HsmName $hsmName -Name $keyName -InRemovedState
$deletedKey | Should -Be $null
}
It "Remove keys by using piping" {
- Get-AzManagedHsmKey -HsmName $hsmName | Remove-AzManagedHsmKey -Force
- $keys = Get-AzManagedHsmKey -HsmName $hsmName
+ Get-AzKeyVaultKey -HsmName $hsmName | Remove-AzKeyVaultKey -Force
+ $keys = Get-AzKeyVaultKey -HsmName $hsmName
$keys.Count | Should -Be 0
}
}
-Describe "UpdateAzManagedHsmKey"{
+Describe "UpdateAzManagedHsmKey" {
It "Enable a key and set tags" {
$keyName = GetRandomName -Prefix "key"
- $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA" -Disable
- $Tags = @{'Severity' = 'high'; 'Accounting' = 'true'}
+ $key = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType "RSA" -Disable
+ $Tags = @{'Severity' = 'high'; 'Accounting' = 'true' }
+
+ $updatedKey = Update-AzKeyVaultKey -HsmName $hsmName -Name $keyName -Enable $True -Tag $Tags -PassThru
- $updatedKey = Update-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Enable $True -Tag $Tags -PassThru
-
$updatedKey.Id | Should -Be $key.Id
$updatedKey.Enabled | Should -Be $True
$updatedKey.Tags.Count | Should -Be 2
}
}
-Describe "UndoAzManagedHsmKeyRemoval"{
- It "Undo a key removal" {
+Describe "UndoAzManagedHsmKeyRemoval" {
+ It "Undo a key removal" {
$keyName = GetRandomName -Prefix "key"
- $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
- $deletedKey = Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Force -PassThru
- $recoveredKey = $deletedKey | Undo-AzManagedHsmKeyRemoval
+ $key = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+ $deletedKey = Remove-AzKeyVaultKey -HsmName $hsmName -Name $keyName -Force -PassThru
+ $recoveredKey = $deletedKey | Undo-AzKeyVaultKeyRemoval
$recoveredKey.Id | Should -Be $key.Id
}
}
-Describe "BackupAndRestoreAzManagedHsmKey"{
- It "Backup and restore a key" {
+Describe "BackupAndRestoreAzManagedHsmKey" {
+ It "Backup and restore a key" {
$keyName = GetRandomName -Prefix "key"
- $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
- $filePath = "$PSScriptRoot/backupkey.blob"
- $key | Backup-AzManagedHsmKey -OutputFile $filePath -Force
+ $key = Add-AzKeyVaultKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+ $filePath = "$PSScriptRoot/backupkey.blob"
+ $key | Backup-AzKeyVaultKey -OutputFile $filePath -Force
$filePath | Should -Exist
-
- Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Force
- Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -InRemovedState -Force
- $restoredKey = Restore-AzManagedHsmKey -HsmName $hsmName -InputFile $filePath
+
+ Remove-AzKeyVaultKey -HsmName $hsmName -Name $keyName -Force
+ Remove-AzKeyVaultKey -HsmName $hsmName -Name $keyName -InRemovedState -Force
+ $restoredKey = Restore-AzKeyVaultKey -HsmName $hsmName -InputFile $filePath
$restoredKey.Id | Should -Be $key.Id
}
}
-Describe "BackupAndRestoreAzManagedHsm"{
- BeforeEach{
- $sasToken = ConvertTo-SecureString -AsPlainText -Force "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-10-21T13:11:01Z&st=2020-10-21T05:11:01Z&spr=https&sig=******"
- $containerUri = "https://{accountName}.blob.core.windows.net/{containerName}"
- }
+Describe "BackupAndRestoreAzManagedHsm" {
+ $script:backupUri = ''
+ $containerUri = "https://$storageAccount.blob.core.windows.net/$containerName"
- It "Backup a managed HSM" {
- $uri = Backup-AzManagedHsm -Name $hsmName -StorageContainerUri $containerUri -SasToken $sasToken
- $uri | Should -Not -Be $null
+ It "Backup then restore a managed HSM" {
+ $script:backupUri = Backup-AzKeyVault -HsmName $hsmName -StorageContainerUri $containerUri -SasToken $sasToken
+ $script:backupUri | Should -Not -Be $null
}
It "Restore a managed HSM" {
- $restoreResult = Restore-AzManagedHsm -Name $hsmName -StorageContainerUri $containerUri -BackupFolder "mhsm-$hsmName-2020102105402658" -SasToken $sasToken -PassThru
+ $script:backupUri = [System.Uri]::new($script:backupUri)
+ $backupFolder = $script:backupUri.Segments[$script:backupUri.Segments.Length - 1]
+ $restoreResult = Restore-AzKeyVault -HsmName $hsmName -StorageContainerUri $containerUri -BackupFolder $backupFolder -SasToken $sasToken -PassThru
$restoreResult | Should -Be $True
}
}
-Describe "GetAzManagedHsmRoleDefinition"{
- It "List all the roles at '/keys' scope" {
- $roles = Get-AzManagedHsmRoleDefinition -HsmName $hsmName -Scope "/keys"
+Describe "GetAzManagedHsmRoleDefinition" {
+ It "List all the roles at '/' scope" {
+ $roles = Get-AzKeyVaultRoleDefinition -HsmName $hsmName -Scope "/"
$roles.Count | Should -BeGreaterThan 0
}
It "Get a specific role" {
- $backupRole = Get-AzManagedHsmRoleDefinition -HsmName $hsmName -RoleDefinitionName "managed hsm backup"
+ $backupRole = Get-AzKeyVaultRoleDefinition -HsmName $hsmName -RoleDefinitionName "managed hsm backup"
$backupRole | Should -Not -Be $null
$backupRole.Permissions | Should -Not -Be $null
$backupRole.Permissions.AllowedDataActions | Should -Not -Be $null
}
}
-Describe "NewAzManagedHsmRoleAssignment"{
- BeforeEach{
- $signInName = "user@microsoft.com"
+Describe "NewAzManagedHsmRoleAssignment" {
+ BeforeEach {
$roleDefinitionName = "Managed HSM Backup"
# Clean role
- $roleAssignment = Get-AzManagedHsmRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
- if($roleAssignment){
- Remove-AzManagedHsmRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
- }
+ $roleAssignment = Get-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
+ if ($roleAssignment) {
+ Remove-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
+ }
}
- It "Assign a role to user" {
+ It "Assign a role to user" {
# Assign role
- $roleAssignment = New-AzManagedHsmRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
+ $roleAssignment = New-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
$roleAssignment | Should -Not -Be $null
$roleAssignment.RoleDefinitionName | Should -Be $roleDefinitionName
}
}
-Describe "RemoveAzManagedHsmRoleAssignment"{
- BeforeEach{
+Describe "RemoveAzManagedHsmRoleAssignment" {
+ BeforeEach {
# Assign role
- $signInName = "user@microsoft.com"
$roleDefinitionName = "Managed HSM Backup"
- $roleAssignment = Get-AzManagedHsmRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
- if(!$roleAssignment){
- $roleAssignment = New-AzManagedHsmRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
- }
+ $roleAssignment = Get-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
+ if (!$roleAssignment) {
+ $roleAssignment = New-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
+ }
}
- It "Revoke a role from user at '/keys' scope" {
- Remove-AzManagedHsmRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName -Scope "/keys"
- $roleAssignment = Get-AzManagedHsmRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
- $roleAssignment | Should -Be $null
+ It "Revoke a role from user at '/' scope" {
+ Remove-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName -Scope "/"
+ $roleAssignment = Get-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
+ $roleAssignment | Should -Be $null
}
}
-Describe "GetAzManagedHsmRoleAssignment"{
- BeforeEach{
+Describe "GetAzManagedHsmRoleAssignment" {
+ BeforeEach {
# Assign role
- $signInName = "user@microsoft.com"
$roleDefinitionName = "Managed HSM Backup"
- $roleAssignment = Get-AzManagedHsmRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
- if(!$roleAssignment){
- $roleAssignment = New-AzManagedHsmRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
- }
+ $roleAssignment = Get-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
+ if (!$roleAssignment) {
+ $roleAssignment = New-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName $roleDefinitionName -SignInName $signInName
+ }
}
It "List all role assignmentss in a managed HSM" {
- $roleAssignments = Get-AzManagedHsmRoleAssignment -HsmName $hsmName
- $roleAssignments | Should -Not -Be $null
+ $roleAssignments = Get-AzKeyVaultRoleAssignment -HsmName $hsmName
+ $roleAssignments | Should -Not -Be $null
$roleAssignments.Count | Should -BeGreaterThan 0
}
- It "List a user's role assignments in a managed HSM on '/keys' scope" {
- $roleAssignments = Get-AzManagedHsmRoleAssignment -HsmName $hsmName -SignInName $signInName -Scope "/keys"
- $roleAssignments | Should -Not -Be $null
+ It "List a user's role assignments in a managed HSM on '/' scope" {
+ $roleAssignments = Get-AzKeyVaultRoleAssignment -HsmName $hsmName -SignInName $signInName -Scope "/"
+ $roleAssignments | Should -Not -Be $null
$roleAssignments.Count | Should -BeGreaterThan 0
}
}
-# to do: manually remove all stuffs in resource group
-# AfterAll {
- # $hsm = Get-AzManagedHsm -Name $hsmName
- # Remove-AzResourceGroup -Name $hsm.ResourceGroupName -Force
-# }
\ No newline at end of file
+Describe 'Export Import Security domain' {
+ $sd = New-TemporaryFile
+ It 'Can export security domain' {
+ Get-Content $sd | Should -BeNullOrEmpty
+ Export-AzKeyVaultSecurityDomain -HsmName $hsmName -Certificates $certs -OutputPath $sd.FullName -Quorum 3 -Force
+ Get-Content $sd | Should -Not -BeNullOrEmpty
+ }
+
+ # Cannot test importing because it needs another HSM
+ # Import-AzKeyVaultSecurityDomain -Name $hsmName -Keys $certsKeys -SecurityDomainPath $sd.FullName
+}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.ps1 b/src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.ps1
index 2a8e8c802a22..6f7ab3aad015 100644
--- a/src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.ps1
+++ b/src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.ps1
@@ -1,29 +1,29 @@
-function GetAzManagedHsm{
+function GetAzManagedHsm {
Param(
- [parameter(Mandatory=$false)]
+ [parameter(Mandatory = $false)]
[String]
$HsmName,
- [parameter(Mandatory=$false)]
+ [parameter(Mandatory = $false)]
[String]
$ResourceGroupName,
- [parameter(Mandatory=$false)]
+ [parameter(Mandatory = $false)]
[String]
$Location,
- [parameter(Mandatory=$false)]
+ [parameter(Mandatory = $false)]
[String[]]
$Administrator
)
$hsmName = GetRandomName -Prefix "hsm"
$resourceGroupName = GetRandomName -Prefix "rg"
- $Location = "eastus2euap"
- $administrator = "c1be1392-39b8-4521-aafc-819a47008545"
- $hsm = New-AzManagedHsm -Name $HsmName -ResourceGroupName $ResourceGroupName -Location $r -Administrator $Administrator
+ $Location = "eastus2"
+ $administrator = "c1be1392-39b8-4521-aafc-819a47008545", 'd7e17135-d5a7-4b8b-89e5-252aa15b7e01'
+ $hsm = New-AzKeyVaultManagedHsm -Name $HsmName -ResourceGroupName $ResourceGroupName -Location $Location -Administrator $Administrator
return $hsm
}
-function GetRandomName{
+function GetRandomName {
Param(
- [parameter(Mandatory=$false)]
+ [parameter(Mandatory = $false)]
[String]
$Prefix
)
@@ -31,7 +31,7 @@ function GetRandomName{
return "$Prefix$randomNum"
}
-function ImportModules{
+function ImportModules {
$psd1Path = Join-Path $PSScriptRoot "../../../../artifacts/Debug/" -Resolve
$accountsPsd1 = Join-Path $psd1Path "./Az.Accounts/Az.Accounts.psd1" -Resolve
$keyVaultPsd1 = Join-Path $psd1Path "./Az.KeyVault/Az.KeyVault.psd1" -Resolve
diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1 b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
index 2c10a18ddceb..c687f2a3c53a 100644
--- a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
+++ b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
@@ -26,7 +26,7 @@ function Test-ManagedHsmCRUD {
try {
# Test create a default managed HSM
- $hsm = New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
+ $hsm = New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
Assert-AreEqual $hsmName $hsm.Name
Assert-AreEqual $rgName $hsm.ResourceGroupName
Assert-AreEqual $hsmLocation $hsm.Location
@@ -38,22 +38,22 @@ function Test-ManagedHsmCRUD {
Assert-AreEqual 90 $hsm.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
# Test get managed HSM
- $got = Get-AzManagedHsm -Name $hsmName
+ $got = Get-AzKeyVaultManagedHsm -Name $hsmName
Assert-NotNull $got
Assert-AreEqual $hsmName $got.Name
Assert-AreEqual $rgName $got.ResourceGroupName
Assert-AreEqual $hsmLocation $got.Location
# Test throws for existing managed HSM
- Assert-Throws { New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator }
+ Assert-Throws { New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator }
# Test remove managed HSM
- Remove-AzManagedHsm -InputObject $got -Force
- $deletedMhsm = Get-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName
+ Remove-AzKeyVaultManagedHsm -InputObject $got -Force
+ $deletedMhsm = Get-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName
Assert-Null $deletedMhsm
# Test throws for resourcegroup nonexistent
- Assert-Throws { New-AzManagedHsm -Name (getAssetName) -ResourceGroupName (getAssetName) -Location $hsmLocation -Administrator $administrator }
+ Assert-Throws { New-AzKeyVaultManagedHsm -Name (getAssetName) -ResourceGroupName (getAssetName) -Location $hsmLocation -Administrator $administrator }
}
finally {
diff --git a/src/KeyVault/KeyVault.Test/Scripts/Common.ps1 b/src/KeyVault/KeyVault.Test/Scripts/Common.ps1
index 7302f6076f0e..61b39bf1325e 100644
--- a/src/KeyVault/KeyVault.Test/Scripts/Common.ps1
+++ b/src/KeyVault/KeyVault.Test/Scripts/Common.ps1
@@ -207,7 +207,7 @@ function Cleanup-OldCertificates
$certificatePattern = Get-CertificateName '*'
Get-AzKeyVaultCertificate $keyVault |
Where-Object {$_.Name -like $certificatePattern} |
- Remove-AzKeyVaultCertificate -Name $_.Name -VaultName $_.VaultName -Force -Confirm:$false
+ ForEach-Object { Remove-AzKeyVaultCertificate -Name $_.Name -VaultName $_.VaultName -Force -Confirm:$false }
if($global:softDeleteEnabled -eq $true)
{
diff --git a/src/KeyVault/KeyVault.Test/Scripts/RunKeyVaultTests.ps1 b/src/KeyVault/KeyVault.Test/Scripts/RunKeyVaultTests.ps1
index 918ddac08750..81f466ba9d9f 100644
--- a/src/KeyVault/KeyVault.Test/Scripts/RunKeyVaultTests.ps1
+++ b/src/KeyVault/KeyVault.Test/Scripts/RunKeyVaultTests.ps1
@@ -70,8 +70,8 @@ param(
[string] $StorageResourceId = $null
)
-. (Join-Path $PSScriptRoot "..\..\..\..\Common\Commands.ScenarioTests.Common\Common.ps1")
-. (Join-Path $PSScriptRoot "..\..\..\..\Common\Commands.ScenarioTests.Common\Assert.ps1")
+. (Join-Path $PSScriptRoot "..\..\..\..\tools\ScenarioTest.ResourceManager\Common.ps1")
+. (Join-Path $PSScriptRoot "..\..\..\..\tools\ScenarioTest.ResourceManager\Assert.ps1")
. (Join-Path $PSScriptRoot "Common.ps1")
. (Join-Path $PSScriptRoot "VaultKeyTests.ps1")
. (Join-Path $PSScriptRoot "VaultSecretTests.ps1")
@@ -79,7 +79,6 @@ param(
. (Join-Path $PSScriptRoot "VaultManagedStorageAccountTests.ps1");
. (Join-Path $PSScriptRoot "VaultManagementTests.ps1")
. (Join-Path $PSScriptRoot "ControlPlane\KeyVaultManagementTests.ps1") # Shared between PSH scenario tests and KV-specific script based tests.
-. (Join-Path $PSScriptRoot "ControlPlane\Common.ps1")
$global:totalCount = 0
$global:passedCount = 0
diff --git a/src/KeyVault/KeyVault.Test/Scripts/RunUITests.ps1 b/src/KeyVault/KeyVault.Test/Scripts/RunUITests.ps1
index b1d4e4c10d82..aad9e78b120d 100644
--- a/src/KeyVault/KeyVault.Test/Scripts/RunUITests.ps1
+++ b/src/KeyVault/KeyVault.Test/Scripts/RunUITests.ps1
@@ -7,8 +7,8 @@
[string] $StorageResourceId = $null
)
-. (Join-Path $PSScriptRoot "..\..\..\..\Common\Commands.ScenarioTests.Common\Common.ps1")
-. (Join-Path $PSScriptRoot "..\..\..\..\Common\Commands.ScenarioTests.Common\Assert.ps1")
+. (Join-Path $PSScriptRoot "..\..\..\..\tools\ScenarioTest.ResourceManager\Common.ps1")
+. (Join-Path $PSScriptRoot "..\..\..\..\tools\ScenarioTest.ResourceManager\Assert.ps1")
. (Join-Path $PSScriptRoot "Common.ps1");
. (Join-Path $PSScriptRoot "VaultUITests.ps1");
diff --git a/src/KeyVault/KeyVault.Test/Scripts/VaultCertificateTests.ps1 b/src/KeyVault/KeyVault.Test/Scripts/VaultCertificateTests.ps1
index 3c835d523317..4f9937b56130 100644
--- a/src/KeyVault/KeyVault.Test/Scripts/VaultCertificateTests.ps1
+++ b/src/KeyVault/KeyVault.Test/Scripts/VaultCertificateTests.ps1
@@ -360,7 +360,7 @@ function Test_NewCertificatePolicy
Assert-NotNull $policy
$policy = New-AzKeyVaultCertificatePolicy -SubjectName "CN=testCertificate" -Ekus "1.0","2.0" -IssuerName Self
Assert-NotNull $policy
- Assert-Throws { $policy = New-AzKeyVaultCertificatePolicy -Ekus "1.0","2.0" -SecretContentType application/x-pem-file -ReuseKeyOnRenewal -Disabled -RenewAtNumberOfDaysBeforeExpiry 10 -ValidityInMonths 10 -IssuerName Self }
+ Assert-Throws { $policy = New-AzKeyVaultCertificatePolicy -SubjectName "CN=testCertificate" -Ekus "1.0","2.0" -SecretContentType application/x-pem-file -ReuseKeyOnRenewal -Disabled -RenewAtNumberOfDaysBeforeExpiry 10 -ValidityInMonths 10 -IssuerName Self }
$policy = New-AzKeyVaultCertificatePolicy -SubjectName "CN=testCertificate" -Ekus "1.0","2.0" -SecretContentType application/x-pem-file -ReuseKeyOnRenewal -Disabled -RenewAtNumberOfDaysBeforeExpiry 10 -ValidityInMonths 10 -IssuerName Self
Assert-NotNull $policy
$policy = New-AzKeyVaultCertificatePolicy -SubjectName "CN=testCertificate" -Ekus "1.0","2.0" -SecretContentType application/x-pem-file -ReuseKeyOnRenewal -Disabled -RenewAtNumberOfDaysBeforeExpiry 10 -ValidityInMonths 10 -IssuerName Self -EmailAtNumberOfDaysBeforeExpiry 15
diff --git a/src/KeyVault/KeyVault.Test/Scripts/VaultSecretTests.ps1 b/src/KeyVault/KeyVault.Test/Scripts/VaultSecretTests.ps1
index ead52f08c1a7..99b65dc675b2 100644
--- a/src/KeyVault/KeyVault.Test/Scripts/VaultSecretTests.ps1
+++ b/src/KeyVault/KeyVault.Test/Scripts/VaultSecretTests.ps1
@@ -319,6 +319,7 @@ function Test_SetSecretVersion
# create a new version
$sec=Set-AzKeyVaultSecret -VaultName $keyVault -Name $secretname -SecretValue $securedata
Assert-NotNull $sec
+ $v2 = $sec.Version
Assert-SecretAttributes $sec.Attributes $true $null $null $null $null
# Update old version
diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1
index 447173fcda79..c0201bf57b2d 100644
--- a/src/KeyVault/KeyVault/Az.KeyVault.psd1
+++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1
@@ -79,10 +79,7 @@ NestedModules = @('Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll', '.\Az.KeyVa
FunctionsToExport = @()
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-CmdletsToExport = 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey',
- 'Remove-AzManagedHsmKey', 'Undo-AzManagedHsmKeyRemoval',
- 'Update-AzManagedHsmKey', 'Backup-AzManagedHsmKey',
- 'Restore-AzManagedHsmKey', 'Add-AzKeyVaultCertificate',
+CmdletsToExport = 'Add-AzKeyVaultCertificate',
'Update-AzKeyVaultCertificate',
'Stop-AzKeyVaultCertificateOperation',
'Get-AzKeyVaultCertificateOperation',
@@ -94,13 +91,13 @@ CmdletsToExport = 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey',
'Remove-AzKeyVaultCertificateIssuer',
'Remove-AzKeyVaultCertificateOperation',
'Set-AzKeyVaultCertificateIssuer',
- 'Set-AzKeyVaultCertificatePolicy', 'Get-AzManagedHsm',
- 'New-AzManagedHsm', 'Remove-AzManagedHsm', 'Update-AzManagedHsm',
+ 'Set-AzKeyVaultCertificatePolicy', 'Get-AzKeyVaultManagedHsm',
+ 'New-AzKeyVaultManagedHsm', 'Remove-AzKeyVaultManagedHsm', 'Update-AzKeyVaultManagedHsm',
'Get-AzKeyVault', 'New-AzKeyVault', 'Remove-AzKeyVault',
- 'Undo-AzKeyVaultRemoval', 'Backup-AzManagedHsm',
- 'Restore-AzManagedHsm', 'Get-AzManagedHsmRoleDefinition',
- 'Get-AzManagedHsmRoleAssignment', 'New-AzManagedHsmRoleAssignment',
- 'Remove-AzManagedHsmRoleAssignment',
+ 'Undo-AzKeyVaultRemoval', 'Backup-AzKeyVault',
+ 'Restore-AzKeyVault', 'Get-AzKeyVaultRoleDefinition',
+ 'Get-AzKeyVaultRoleAssignment', 'New-AzKeyVaultRoleAssignment',
+ 'Remove-AzKeyVaultRoleAssignment',
'Remove-AzKeyVaultAccessPolicy', 'Set-AzKeyVaultAccessPolicy',
'Backup-AzKeyVaultKey', 'Get-AzKeyVaultKey', 'Get-AzKeyVaultSecret',
'Undo-AzKeyVaultKeyRemoval', 'Undo-AzKeyVaultSecretRemoval',
@@ -127,16 +124,15 @@ CmdletsToExport = 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey',
'Undo-AzKeyVaultManagedStorageSasDefinitionRemoval',
'Undo-AzKeyVaultManagedStorageAccountRemoval',
'Add-AzKeyVaultNetworkRule', 'Update-AzKeyVaultNetworkRuleSet',
- 'Remove-AzKeyVaultNetworkRule', 'Backup-AzManagedHsmSecurityDomain',
- 'Restore-AzManagedHsmSecurityDomain'
+ 'Remove-AzKeyVaultNetworkRule', 'Export-AzKeyVaultSecurityDomain',
+ 'Import-AzKeyVaultSecurityDomain'
# Variables to export from this module
# VariablesToExport = @()
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
AliasesToExport = 'Set-AzKeyVaultKey', 'Set-AzKeyVaultSecretAttribute',
- 'Set-AzKeyVaultKeyAttribute', 'Set-AzKeyVaultCertificateAttribute',
- 'Set-AzManagedHsmKey', 'Set-AzManagedHsmKeyAttribute'
+ 'Set-AzKeyVaultKeyAttribute', 'Set-AzKeyVaultCertificateAttribute'
# DSC resources to export from this module
# DscResourcesToExport = @()
diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md
index 34f41fc04f0f..93ef8e94e0a1 100644
--- a/src/KeyVault/KeyVault/ChangeLog.md
+++ b/src/KeyVault/KeyVault/ChangeLog.md
@@ -21,6 +21,7 @@
* Supported "all" as an option when setting key vault access policies
* Supported new version of SecretManagement module [#13366]
* Supported ByteArray, String, PSCredential and Hashtable for `SecretValue` in SecretManagementModule [#12190]
+* [Breaking change] redesigned the API surface of cmdlets related to managed HSM.
## Version 3.1.0
* Supported updating key vault tag
diff --git a/src/KeyVault/KeyVault/Commands/AddAzureKeyVaultKey.cs b/src/KeyVault/KeyVault/Commands/AddAzureKeyVaultKey.cs
index b001b0da9c2b..cdf43c829af7 100644
--- a/src/KeyVault/KeyVault/Commands/AddAzureKeyVaultKey.cs
+++ b/src/KeyVault/KeyVault/Commands/AddAzureKeyVaultKey.cs
@@ -23,6 +23,7 @@
using System.Linq;
using System.Management.Automation;
using System.Security;
+using Track2Sdk = Azure.Security.KeyVault.Keys;
namespace Microsoft.Azure.Commands.KeyVault
{
@@ -49,6 +50,12 @@ public class AddAzureKeyVaultKey : KeyVaultCmdletBase
private const string InteractiveImportParameterSet = "InteractiveImport";
private const string InputObjectImportParameterSet = "InputObjectImport";
private const string ResourceIdImportParameterSet = "ResourceIdImport";
+ private const string HsmInteractiveCreateParameterSet = "HsmInteractiveCreate";
+ private const string HsmInputObjectCreateParameterSet = "HsmInputObjectCreate";
+ private const string HsmResourceIdCreateParameterSet = "HsmResourceIdCreate";
+ private const string HsmInteractiveImportParameterSet = "HsmInteractiveImport";
+ private const string HsmInputObjectImportParameterSet = "HsmInputObjectImport";
+ private const string HsmResourceIdImportParameterSet = "HsmResourceIdImport";
private const string HsmDestination = "HSM";
private const string SoftwareDestination = "Software";
@@ -72,6 +79,20 @@ public class AddAzureKeyVaultKey : KeyVaultCmdletBase
[ValidateNotNullOrEmpty]
public string VaultName { get; set; }
+ // HsmName must not be positional
+ // otherwise the parameter set is no difference with vault parameter set
+ // when user does not specify parameter name
+ // e.g. Add-AzKeyVaultKey 'vaultOrHsmName?' 'keyName'
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInteractiveCreateParameterSet,
+ HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInteractiveImportParameterSet,
+ HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
+ [ValidateNotNullOrEmpty]
+ public string HsmName { get; set; }
+
[Parameter(Mandatory = true,
ParameterSetName = InputObjectCreateParameterSet,
Position = 0,
@@ -85,19 +106,41 @@ public class AddAzureKeyVaultKey : KeyVaultCmdletBase
[ValidateNotNullOrEmpty]
public PSKeyVault InputObject { get; set; }
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInputObjectCreateParameterSet,
+ Position = 0,
+ ValueFromPipeline = true,
+ HelpMessage = "HSM object.")]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInputObjectImportParameterSet,
+ Position = 0,
+ ValueFromPipeline = true,
+ HelpMessage = "HSM object.")]
+ [ValidateNotNullOrEmpty]
+ public PSManagedHsm HsmObject { get; set; }
+
[Parameter(Mandatory = true,
ParameterSetName = ResourceIdCreateParameterSet,
Position = 0,
ValueFromPipelineByPropertyName = true,
- HelpMessage = "Vault Resource Id.")]
+ HelpMessage = "Resource ID of the vault.")]
[Parameter(Mandatory = true,
ParameterSetName = ResourceIdImportParameterSet,
Position = 0,
- ValueFromPipelineByPropertyName = true,
- HelpMessage = "Vault Resource Id.")]
+ ValueFromPipelineByPropertyName = true)]
[ValidateNotNullOrEmpty]
public string ResourceId { get; set; }
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmResourceIdCreateParameterSet,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "Resource ID of the HSM.")]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmResourceIdImportParameterSet,
+ ValueFromPipelineByPropertyName = true)]
+ [ValidateNotNullOrEmpty]
+ public string HsmResourceId { get; set; }
+
///
/// key name
///
@@ -118,11 +161,15 @@ public class AddAzureKeyVaultKey : KeyVaultCmdletBase
ParameterSetName = InteractiveImportParameterSet,
HelpMessage = "Path to the local file containing the key material to be imported.")]
[Parameter(Mandatory = true,
- ParameterSetName = InputObjectImportParameterSet,
- HelpMessage = "Path to the local file containing the key material to be imported.")]
+ ParameterSetName = InputObjectImportParameterSet)]
[Parameter(Mandatory = true,
- ParameterSetName = ResourceIdImportParameterSet,
- HelpMessage = "Path to the local file containing the key material to be imported.")]
+ ParameterSetName = ResourceIdImportParameterSet)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInteractiveImportParameterSet)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInputObjectImportParameterSet)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmResourceIdImportParameterSet)]
[ValidateNotNullOrEmpty]
public string KeyFilePath { get; set; }
@@ -134,11 +181,15 @@ public class AddAzureKeyVaultKey : KeyVaultCmdletBase
ParameterSetName = InteractiveImportParameterSet,
HelpMessage = "Password of the local file containing the key material to be imported.")]
[Parameter(Mandatory = false,
- ParameterSetName = InputObjectImportParameterSet,
- HelpMessage = "Password of the local file containing the key material to be imported.")]
+ ParameterSetName = InputObjectImportParameterSet)]
[Parameter(Mandatory = false,
- ParameterSetName = ResourceIdImportParameterSet,
- HelpMessage = "Password of the local file containing the key material to be imported.")]
+ ParameterSetName = ResourceIdImportParameterSet)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmInteractiveImportParameterSet)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmInputObjectImportParameterSet)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmResourceIdImportParameterSet)]
[ValidateNotNullOrEmpty]
public SecureString KeyFilePassword { get; set; }
@@ -198,7 +249,7 @@ public class AddAzureKeyVaultKey : KeyVaultCmdletBase
/// Key tags
///
[Parameter(Mandatory = false,
- HelpMessage = "A hashtable representing key tags.")]
+ HelpMessage = "A hashtable representing key tags.")]
[Alias(Constants.TagsAlias)]
public Hashtable Tag { get; set; }
@@ -207,55 +258,83 @@ public class AddAzureKeyVaultKey : KeyVaultCmdletBase
ParameterSetName = InputObjectCreateParameterSet,
HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")]
[Parameter(Mandatory = false,
- ParameterSetName = InteractiveCreateParameterSet,
- HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")]
+ ParameterSetName = InteractiveCreateParameterSet)]
[Parameter(Mandatory = false,
- ParameterSetName = ResourceIdCreateParameterSet,
- HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")]
+ ParameterSetName = ResourceIdCreateParameterSet)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmInputObjectCreateParameterSet)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmInteractiveCreateParameterSet)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmResourceIdCreateParameterSet)]
public int? Size { get; set; }
+
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInteractiveCreateParameterSet,
+ HelpMessage = "Specifies the key type of this key.")]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInputObjectCreateParameterSet)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmResourceIdCreateParameterSet)]
+ [PSArgumentCompleter("RSA", "EC", "oct")]
+ public string KeyType { get; set; }
+
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmInteractiveCreateParameterSet,
+ HelpMessage = "Specifies the curve name of elliptic curve cryptography, this value is valid when KeyType is EC.")]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmInputObjectCreateParameterSet)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmResourceIdCreateParameterSet)]
+ [PSArgumentCompleter("P-256", "P-256K", "P-384", "P-521")]
+ public string CurveName { get; set; }
#endregion
public override void ExecuteCmdlet()
{
- if (InputObject != null)
- {
- VaultName = InputObject.VaultName;
- }
- else if (ResourceId != null)
- {
- var resourceIdentifier = new ResourceIdentifier(ResourceId);
- VaultName = resourceIdentifier.ResourceName;
- }
-
+ NormalizeKeySourceParameters();
ValidateKeyExchangeKey();
-
if (ShouldProcess(Name, Properties.Resources.AddKey))
{
PSKeyVaultKey keyBundle;
-
- if (string.IsNullOrEmpty(KeyFilePath))
+ if (string.IsNullOrEmpty(HsmName))
{
- keyBundle = this.DataServiceClient.CreateKey(
- VaultName,
- Name,
- CreateKeyAttributes(),
- Size,
- null);
+ keyBundle = CreateKeyVaultKey();
}
else
{
- bool? importToHsm = null;
- keyBundle = this.DataServiceClient.ImportKey(
- VaultName, Name,
- CreateKeyAttributes(),
- CreateWebKeyFromFile(),
- string.IsNullOrEmpty(Destination) ? importToHsm : HsmDestination.Equals(Destination, StringComparison.OrdinalIgnoreCase));
+ keyBundle = CreateHsmKey();
}
-
this.WriteObject(keyBundle);
}
}
+ ///
+ /// Normalize different ways to specify a vault or HSM.
+ /// Calling this method will set or .
+ ///
+ private void NormalizeKeySourceParameters()
+ {
+ if (InputObject != null)
+ {
+ VaultName = InputObject.VaultName;
+ }
+ else if (ResourceId != null)
+ {
+ var resourceIdentifier = new ResourceIdentifier(ResourceId);
+ VaultName = resourceIdentifier.ResourceName;
+ }
+ if (HsmObject != null)
+ {
+ HsmName = HsmObject.VaultName;
+ }
+ else if (HsmResourceId != null)
+ {
+ var resourceIdentifier = new ResourceIdentifier(ResourceId);
+ HsmName = resourceIdentifier.ResourceName;
+ }
+ }
+
private void ValidateKeyExchangeKey()
{
if (KeyOps != null && KeyOps.Contains(Constants.KeyOpsImport))
@@ -267,20 +346,59 @@ private void ValidateKeyExchangeKey()
}
}
- internal PSKeyVaultKeyAttributes CreateKeyAttributes()
+ private PSKeyVaultKey CreateKeyVaultKey()
{
- string keyType = string.Empty;
+ if (string.IsNullOrEmpty(KeyFilePath))
+ {
+ return this.DataServiceClient.CreateKey(
+ VaultName,
+ Name,
+ CreateKeyAttributes(),
+ Size,
+ null);
+ }
+ else
+ {
+ bool? importToHsm = null;
+ return this.DataServiceClient.ImportKey(
+ VaultName, Name,
+ CreateKeyAttributes(),
+ CreateWebKeyFromFile(),
+ string.IsNullOrEmpty(Destination) ? importToHsm : HsmDestination.Equals(Destination, StringComparison.OrdinalIgnoreCase));
+ }
+ }
+
+ private PSKeyVaultKey CreateHsmKey()
+ {
+ if (string.IsNullOrEmpty(KeyFilePath))
+ {
+ return this.Track2DataClient.CreateManagedHsmKey(
+ HsmName,
+ Name,
+ CreateKeyAttributes(),
+ Size,
+ CurveName);
+ }
+ else
+ {
+ return this.Track2DataClient.ImportManagedHsmKey(
+ HsmName, Name,
+ CreateTrack2WebKeyFromFile());
+ }
+ }
- if (!string.IsNullOrEmpty(Destination))
+ internal PSKeyVaultKeyAttributes CreateKeyAttributes()
+ {
+ if (!string.IsNullOrEmpty(VaultName) && !string.IsNullOrEmpty(Destination))
{
- keyType = (HsmDestination.Equals(Destination, StringComparison.OrdinalIgnoreCase)) ? JsonWebKeyType.RsaHsm : JsonWebKeyType.Rsa;
+ KeyType = (HsmDestination.Equals(Destination, StringComparison.OrdinalIgnoreCase)) ? JsonWebKeyType.RsaHsm : JsonWebKeyType.Rsa;
}
return new Models.PSKeyVaultKeyAttributes(
!Disable.IsPresent,
Expires,
NotBefore,
- keyType,
+ KeyType,
KeyOps,
Tag);
}
@@ -296,5 +414,17 @@ internal JsonWebKey CreateWebKeyFromFile()
var converterChain = WebKeyConverterFactory.CreateConverterChain();
return converterChain.ConvertKeyFromFile(keyFile, KeyFilePassword);
}
+
+ internal Track2Sdk.JsonWebKey CreateTrack2WebKeyFromFile()
+ {
+ FileInfo keyFile = new FileInfo(this.GetUnresolvedProviderPathFromPSPath(this.KeyFilePath));
+ if (!keyFile.Exists)
+ {
+ throw new FileNotFoundException(string.Format(Resources.KeyFileNotFound, this.KeyFilePath));
+ }
+
+ var converterChain = WebKeyConverterFactory.CreateConverterChain();
+ return converterChain.ConvertToTrack2SdkKeyFromFile(keyFile, KeyFilePassword);
+ }
}
}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs
deleted file mode 100644
index 053bd351e0d1..000000000000
--- a/src/KeyVault/KeyVault/Commands/AddAzureManagedHsmKey.cs
+++ /dev/null
@@ -1,262 +0,0 @@
-using Microsoft.Azure.Commands.KeyVault.Models;
-using Microsoft.Azure.Commands.KeyVault.Properties;
-using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
-using System;
-using System.Collections;
-using System.IO;
-using System.Linq;
-using System.Management.Automation;
-using System.Security;
-using Track2Sdk = Azure.Security.KeyVault.Keys;
-
-namespace Microsoft.Azure.Commands.KeyVault.Commands
-{ ///
- /// Create a new key in managed HSM. This cmdlet supports the following types of key creation.
- /// 1. Create a key with default key attributes
- /// 2. Create a key with given key attributes
- /// 3. Create a key from a .pfx file by importing key material
- ///
- [Cmdlet("Add", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = InteractiveCreateParameterSet)]
- [OutputType(typeof(PSKeyVaultKey))]
- public class AddAzureManagedHsmKey : KeyVaultCmdletBase
- {
- #region Parameter Set Names
-
- private const string InteractiveCreateParameterSet = "InteractiveCreate";
- private const string InputObjectCreateParameterSet = "InputObjectCreate";
- private const string ResourceIdCreateParameterSet = "ResourceIdCreate";
- private const string InteractiveImportParameterSet = "InteractiveImport";
- private const string InputObjectImportParameterSet = "InputObjectImport";
- private const string ResourceIdImportParameterSet = "ResourceIdImport";
-
- #endregion
-
- #region Input Parameter Definitions
-
- ///
- /// HSM name
- ///
- [Parameter(Mandatory = true,
- ParameterSetName = InteractiveCreateParameterSet,
- Position = 0,
- HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
- [Parameter(Mandatory = true,
- ParameterSetName = InteractiveImportParameterSet,
- Position = 0,
- HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
- [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
- [ValidateNotNullOrEmpty]
- public string HsmName { get; set; }
-
- [Parameter(Mandatory = true,
- ParameterSetName = InputObjectCreateParameterSet,
- Position = 0,
- ValueFromPipeline = true,
- HelpMessage = "HSM object.")]
- [Parameter(Mandatory = true,
- ParameterSetName = InputObjectImportParameterSet,
- Position = 0,
- ValueFromPipeline = true,
- HelpMessage = "HSM object.")]
- [ValidateNotNullOrEmpty]
- public PSManagedHsm InputObject { get; set; }
-
- [Parameter(Mandatory = true,
- ParameterSetName = ResourceIdCreateParameterSet,
- Position = 0,
- ValueFromPipelineByPropertyName = true,
- HelpMessage = "HSM Resource Id.")]
- [Parameter(Mandatory = true,
- ParameterSetName = ResourceIdImportParameterSet,
- Position = 0,
- ValueFromPipelineByPropertyName = true,
- HelpMessage = "HSM Resource Id.")]
- [ValidateNotNullOrEmpty]
- public string ResourceId { get; set; }
-
- ///
- /// key name
- ///
- [Parameter(Mandatory = true,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name.")]
- [ValidateNotNullOrEmpty]
- [Alias(Constants.KeyName)]
- public string Name { get; set; }
-
- ///
- /// Path to the local file containing to-be-imported key material.
- /// The supported suffix are:
- /// 1. byok
- /// 2. pfx
- ///
- [Parameter(Mandatory = true,
- ParameterSetName = InteractiveImportParameterSet,
- HelpMessage = "Path to the local file containing the key material to be imported.")]
- [Parameter(Mandatory = true,
- ParameterSetName = InputObjectImportParameterSet,
- HelpMessage = "Path to the local file containing the key material to be imported.")]
- [Parameter(Mandatory = true,
- ParameterSetName = ResourceIdImportParameterSet,
- HelpMessage = "Path to the local file containing the key material to be imported.")]
- [ValidateNotNullOrEmpty]
- public string KeyFilePath { get; set; }
-
- ///
- /// Password of the imported file.
- /// Required for pfx file
- ///
- [Parameter(Mandatory = false,
- ParameterSetName = InteractiveImportParameterSet,
- HelpMessage = "Password of the local file containing the key material to be imported.")]
- [Parameter(Mandatory = false,
- ParameterSetName = InputObjectImportParameterSet,
- HelpMessage = "Password of the local file containing the key material to be imported.")]
- [Parameter(Mandatory = false,
- ParameterSetName = ResourceIdImportParameterSet,
- HelpMessage = "Password of the local file containing the key material to be imported.")]
- [ValidateNotNullOrEmpty]
- public SecureString KeyFilePassword { get; set; }
-
- ///
- /// key type
- ///
- [Parameter(Mandatory = true,
- ParameterSetName = InteractiveCreateParameterSet,
- HelpMessage = "Specifies the key type of this key.")]
- [Parameter(Mandatory = true,
- ParameterSetName = InputObjectCreateParameterSet,
- HelpMessage = "Specifies the key type of this key.")]
- [Parameter(Mandatory = true,
- ParameterSetName = ResourceIdCreateParameterSet,
- HelpMessage = "Specifies the key type of this key.")]
- [PSArgumentCompleter("RSA", "EC", "oct")]
- public string KeyType { get; set; }
-
- ///
- /// curve name
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "Specifies the curve name of elliptic curve cryptography, this value is valid when KeyType is EC.")]
- [PSArgumentCompleter("P-256", "P-256K", "P-384", "P-521")]
- public string CurveName { get; set; }
-
- ///
- /// Set key in disabled state if present
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "Indicates that the key you are adding is set to an initial state of disabled. Any attempt to use the key will fail. Use this parameter if you are preloading keys that you intend to enable later.")]
- public SwitchParameter Disable { get; set; }
-
- ///
- /// Key operations
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "The operations that can be performed with the key. If not present, all operations can be performed.")]
- public string[] KeyOps { get; set; }
-
- ///
- /// Key expires time in UTC time
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "Specifies the expiration time of the key in UTC. If not specified, key will not expire.")]
- public DateTime? Expires { get; set; }
-
- ///
- /// The UTC time before which key can't be used
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "The UTC time before which the key can't be used. If not specified, there is no limitation.")]
- public DateTime? NotBefore { get; set; }
-
- ///
- /// Key tags
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "A hashtable representing key tags.")]
- [Alias(Constants.TagsAlias)]
- public Hashtable Tag { get; set; }
-
-
- [Parameter(Mandatory = false,
- ParameterSetName = InputObjectCreateParameterSet,
- HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")]
- [Parameter(Mandatory = false,
- ParameterSetName = InteractiveCreateParameterSet,
- HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")]
- [Parameter(Mandatory = false,
- ParameterSetName = ResourceIdCreateParameterSet,
- HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")]
- public int? Size { get; set; }
- #endregion
-
- public override void ExecuteCmdlet()
- {
- if (InputObject != null)
- {
- HsmName = InputObject.VaultName;
- }
- else if (ResourceId != null)
- {
- var resourceIdentifier = new ResourceIdentifier(ResourceId);
- HsmName = resourceIdentifier.ResourceName;
- }
-
- ValidateKeyExchangeKey();
-
- if (ShouldProcess(Name, Properties.Resources.AddKey))
- {
- PSKeyVaultKey keyBundle;
-
- if (string.IsNullOrEmpty(KeyFilePath))
- {
- keyBundle = this.Track2DataClient.CreateManagedHsmKey(
- HsmName,
- Name,
- CreateKeyAttributes(),
- Size,
- CurveName);
- }
- else
- {
- keyBundle = this.Track2DataClient.ImportManagedHsmKey(
- HsmName, Name,
- CreateWebKeyFromFile());
- }
- this.WriteObject(keyBundle);
- }
- }
- private void ValidateKeyExchangeKey()
- {
- if (KeyOps != null && KeyOps.Contains(Constants.KeyOpsImport))
- {
- // "import" is exclusive, it cannot be combined with any other value(s).
- if (KeyOps.Length > 1) { throw new ArgumentException(Resources.KeyOpsImportIsExclusive); }
- }
- }
-
- internal PSKeyVaultKeyAttributes CreateKeyAttributes()
- {
- return new Models.PSKeyVaultKeyAttributes(
- !Disable.IsPresent,
- Expires,
- NotBefore,
- KeyType,
- KeyOps,
- Tag);
- }
-
- internal Track2Sdk.JsonWebKey CreateWebKeyFromFile()
- {
- FileInfo keyFile = new FileInfo(this.GetUnresolvedProviderPathFromPSPath(this.KeyFilePath));
- if (!keyFile.Exists)
- {
- throw new FileNotFoundException(string.Format(Resources.KeyFileNotFound, this.KeyFilePath));
- }
-
- var converterChain = WebKeyConverterFactory.CreateConverterChain();
- return converterChain.ConvertToTrack2SdkKeyFromFile(keyFile, KeyFilePassword);
- }
- }
-}
diff --git a/src/KeyVault/KeyVault/Commands/BackupAzureKeyVaultKey.cs b/src/KeyVault/KeyVault/Commands/BackupAzureKeyVaultKey.cs
index 7b10822fe91c..a327e5aad82a 100644
--- a/src/KeyVault/KeyVault/Commands/BackupAzureKeyVaultKey.cs
+++ b/src/KeyVault/KeyVault/Commands/BackupAzureKeyVaultKey.cs
@@ -27,7 +27,7 @@ namespace Microsoft.Azure.Commands.KeyVault
///
/// The cmdlet returns the path of the newly created backup file.
///
- [Cmdlet("Backup", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKey",SupportsShouldProcess = true,DefaultParameterSetName = ByKeyNameParameterSet)]
+ [Cmdlet("Backup", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKey", SupportsShouldProcess = true, DefaultParameterSetName = ByKeyNameParameterSet)]
[OutputType(typeof(String))]
public class BackupAzureKeyVaultKey : KeyVaultCmdletBase
{
@@ -35,6 +35,7 @@ public class BackupAzureKeyVaultKey : KeyVaultCmdletBase
private const string ByKeyNameParameterSet = "ByKeyName";
private const string ByKeyObjectParameterSet = "ByKey";
+ private const string HsmByKeyNameParameterSet = "HsmByKeyName";
#endregion
@@ -43,22 +44,32 @@ public class BackupAzureKeyVaultKey : KeyVaultCmdletBase
///
/// Vault name
///
- [Parameter( Mandatory = true,
- Position = 0,
- ParameterSetName = ByKeyNameParameterSet,
- HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")]
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = ByKeyNameParameterSet,
+ HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")]
[ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")]
- [ValidateNotNullOrEmpty]
+ [ValidateNotNullOrEmpty]
public string VaultName { get; set; }
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByKeyNameParameterSet,
+ HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
+ [ValidateNotNullOrEmpty]
+ public string HsmName { get; set; }
+
///
/// Key name
///
- [Parameter( Mandatory = true,
- Position = 1,
- ParameterSetName = ByKeyNameParameterSet,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
- [ValidateNotNullOrEmpty]
+ [Parameter(Mandatory = true,
+ Position = 1,
+ ParameterSetName = ByKeyNameParameterSet,
+ HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ [Parameter(Mandatory = true,
+ Position = 1,
+ ParameterSetName = HsmByKeyNameParameterSet)]
+ [ValidateNotNullOrEmpty]
[Alias(Constants.KeyName)]
public string Name { get; set; }
@@ -66,15 +77,15 @@ public class BackupAzureKeyVaultKey : KeyVaultCmdletBase
/// KeyBundle object to be backed up.
///
///
- /// Note that the backup applies to the entire family of a key (current and all its versions);
+ /// Note that the backup applies to the entire family of a key (current and all its versions);
/// since a key bundle represents a single version, the intent of this parameter is to allow pipelining.
/// The backup cmdlet will use the Name and VaultName properties of the KeyBundle parameter.
///
[Parameter(Mandatory = true,
- Position = 0,
- ValueFromPipeline = true,
- ParameterSetName = ByKeyObjectParameterSet,
- HelpMessage = "Key bundle to back up, pipelined in from the output of a retrieval call.")]
+ Position = 0,
+ ValueFromPipeline = true,
+ ParameterSetName = ByKeyObjectParameterSet,
+ HelpMessage = "Key bundle to back up, pipelined in from the output of a retrieval call.")]
[ValidateNotNullOrEmpty]
[Alias("Key")]
public PSKeyVaultKeyIdentityItem InputObject { get; set; }
@@ -82,30 +93,54 @@ public class BackupAzureKeyVaultKey : KeyVaultCmdletBase
///
/// The output file in which the backup blob is to be stored
///
- [Parameter( Mandatory = false,
- Position = 2,
- HelpMessage = "Output file. The output file to store the backed up key blob in. If not present, a default filename is chosen.")]
+ [Parameter(Mandatory = false,
+ Position = 2,
+ HelpMessage = "Output file. The output file to store the backed up key blob in. If not present, a default filename is chosen.")]
[ValidateNotNullOrEmpty]
public string OutputFile { get; set; }
///
/// Instructs the cmdlet to overwrite the destination file, if it exists.
///
- [Parameter( Mandatory = false,
- HelpMessage = "Overwrite the given file if it exists" )]
+ [Parameter(Mandatory = false,
+ HelpMessage = "Overwrite the given file if it exists")]
public SwitchParameter Force { get; set; }
#endregion Input Parameter Definition
public override void ExecuteCmdlet()
+ {
+ NormalizeParameterSets();
+
+ if (string.IsNullOrEmpty(HsmName))
+ {
+ BackupKeyVaultKey();
+ }
+ else
+ {
+ BackupHsmKey();
+ }
+ }
+
+ private void NormalizeParameterSets()
{
if (InputObject != null)
{
Name = InputObject.Name;
- VaultName = InputObject.VaultName;
+ if (InputObject.IsHsm)
+ {
+ HsmName = InputObject.VaultName;
+ }
+ else
+ {
+ VaultName = InputObject.VaultName;
+ }
}
+ }
- if ( ShouldProcess(Name, Properties.Resources.BackupKey))
+ private void BackupKeyVaultKey()
+ {
+ if (ShouldProcess(Name, Properties.Resources.BackupKey))
{
if (string.IsNullOrEmpty(OutputFile))
{
@@ -115,12 +150,34 @@ public override void ExecuteCmdlet()
var filePath = this.GetUnresolvedProviderPathFromPSPath(OutputFile);
// deny request if the file exists and overwrite is not authorized
- if ( !AzureSession.Instance.DataStore.FileExists( filePath )
+ if (!AzureSession.Instance.DataStore.FileExists(filePath)
|| Force.IsPresent
- || ShouldContinue( string.Format(Resources.FileOverwriteMessage, filePath ), Resources.FileOverwriteCaption ) )
+ || ShouldContinue(string.Format(Resources.FileOverwriteMessage, filePath), Resources.FileOverwriteCaption))
{
var backupBlobPath = this.DataServiceClient.BackupKey(VaultName, Name, filePath);
- this.WriteObject( backupBlobPath );
+ this.WriteObject(backupBlobPath);
+ }
+ }
+ }
+
+ private void BackupHsmKey()
+ {
+ if (ShouldProcess(Name, Properties.Resources.BackupKey))
+ {
+ if (string.IsNullOrEmpty(OutputFile))
+ {
+ OutputFile = GetDefaultFileForOperation("backup", HsmName, Name);
+ }
+
+ var filePath = this.GetUnresolvedProviderPathFromPSPath(OutputFile);
+
+ // deny request if the file exists and overwrite is not authorized
+ if (!AzureSession.Instance.DataStore.FileExists(filePath)
+ || Force.IsPresent
+ || ShouldContinue(string.Format(Resources.FileOverwriteMessage, filePath), Resources.FileOverwriteCaption))
+ {
+ var backupBlobPath = this.Track2DataClient.BackupManagedHsmKey(HsmName, Name, filePath);
+ this.WriteObject(backupBlobPath);
}
}
}
diff --git a/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs
deleted file mode 100644
index bc67c0997fd5..000000000000
--- a/src/KeyVault/KeyVault/Commands/BackupAzureManagedHsmKey.cs
+++ /dev/null
@@ -1,114 +0,0 @@
-using Microsoft.Azure.Commands.Common.Authentication;
-using Microsoft.Azure.Commands.KeyVault.Models;
-using Microsoft.Azure.Commands.KeyVault.Properties;
-using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using System;
-using System.Management.Automation;
-
-namespace Microsoft.Azure.Commands.KeyVault
-{
- ///
- /// Requests that a backup of the specified key be downloaded and stored to a file
- ///
- ///
- /// The cmdlet returns the path of the newly created backup file.
- ///
- [Cmdlet("Backup", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = ByKeyNameParameterSet)]
- [OutputType(typeof(String))]
- public class BackupAzureManagedHsmKey : KeyVaultCmdletBase
- {
- #region parameter sets
-
- private const string ByKeyNameParameterSet = "ByKeyName";
- private const string ByKeyObjectParameterSet = "ByKey";
-
- #endregion
-
- #region Input Parameter Definitions
-
- ///
- /// HSM name
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = ByKeyNameParameterSet,
- HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
- [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
- [ValidateNotNullOrEmpty]
- public string HsmName { get; set; }
-
- ///
- /// Key name
- ///
- [Parameter(Mandatory = true,
- Position = 1,
- ParameterSetName = ByKeyNameParameterSet,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name.")]
- [ValidateNotNullOrEmpty]
- [Alias(Constants.KeyName)]
- public string Name { get; set; }
-
- ///
- /// KeyBundle object to be backed up.
- ///
- ///
- /// Note that the backup applies to the entire family of a key (current and all its versions);
- /// since a key bundle represents a single version, the intent of this parameter is to allow pipelining.
- /// The backup cmdlet will use the Name and VaultName properties of the KeyBundle parameter.
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ValueFromPipeline = true,
- ParameterSetName = ByKeyObjectParameterSet,
- HelpMessage = "Key bundle to back up, pipelined in from the output of a retrieval call.")]
- [ValidateNotNullOrEmpty]
- [Alias("Key")]
- public PSKeyVaultKeyIdentityItem InputObject { get; set; }
-
- ///
- /// The output file in which the backup blob is to be stored
- ///
- [Parameter(Mandatory = false,
- Position = 2,
- HelpMessage = "Output file. The output file to store the backed up key blob in. If not present, a default filename is chosen.")]
- [ValidateNotNullOrEmpty]
- public string OutputFile { get; set; }
-
- ///
- /// Instructs the cmdlet to overwrite the destination file, if it exists.
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "Overwrite the given file if it exists")]
- public SwitchParameter Force { get; set; }
-
- #endregion Input Parameter Definition
-
- public override void ExecuteCmdlet()
- {
- if (InputObject != null)
- {
- Name = InputObject.Name;
- HsmName = InputObject.VaultName;
- }
-
- if (ShouldProcess(Name, Properties.Resources.BackupKey))
- {
- if (string.IsNullOrEmpty(OutputFile))
- {
- OutputFile = GetDefaultFileForOperation("backup", HsmName, Name);
- }
-
- var filePath = this.GetUnresolvedProviderPathFromPSPath(OutputFile);
-
- // deny request if the file exists and overwrite is not authorized
- if (!AzureSession.Instance.DataStore.FileExists(filePath)
- || Force.IsPresent
- || ShouldContinue(string.Format(Resources.FileOverwriteMessage, filePath), Resources.FileOverwriteCaption))
- {
- var backupBlobPath = this.Track2DataClient.BackupManagedHsmKey(HsmName, Name, filePath);
- this.WriteObject(backupBlobPath);
- }
- }
- }
- }
-}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Commands/Constants.cs b/src/KeyVault/KeyVault/Commands/Constants.cs
index cb7990f61565..05a6d9440c56 100644
--- a/src/KeyVault/KeyVault/Commands/Constants.cs
+++ b/src/KeyVault/KeyVault/Commands/Constants.cs
@@ -55,10 +55,9 @@ public static class CmdletNoun
public const string AzureKeyVaultManagedStorageQueueSasParameters = "AzureKeyVaultManagedStorageQueueSasParameters";
public const string AzureKeyVaultManagedStorageShareSasParameters = "AzureKeyVaultManagedStorageShareSasParameters";
public const string AzureKeyVaultManagedStorageTableSasParameters = "AzureKeyVaultManagedStorageTableSasParameters";
-
- public const string ManagedHsm = "ManagedHsm";
- public const string ManagedHsmRoleDefinition = ManagedHsm + "RoleDefinition";
- public const string ManagedHsmRoleAssignment = ManagedHsm + "RoleAssignment";
+ public const string KeyVault = "KeyVault";
+ public const string KeyVaultHsmRoleDefinition = KeyVault + "RoleDefinition";
+ public const string KeyVaultRoleAssignment = KeyVault + "RoleAssignment";
}
public static class ResourceType
diff --git a/src/KeyVault/KeyVault/Commands/FullBackupRestore/BackupAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/FullBackupRestore/BackupAzureManagedHsm.cs
index 8e495c3fa8f9..54353083a3bb 100644
--- a/src/KeyVault/KeyVault/Commands/FullBackupRestore/BackupAzureManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Commands/FullBackupRestore/BackupAzureManagedHsm.cs
@@ -7,7 +7,7 @@
namespace Microsoft.Azure.Commands.KeyVault.Commands
{
- [Cmdlet("Backup", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.ManagedHsm, SupportsShouldProcess = true, DefaultParameterSetName = InteractiveStorageName)]
+ [Cmdlet("Backup", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.KeyVault, SupportsShouldProcess = true, DefaultParameterSetName = InteractiveStorageName)]
[OutputType(typeof(string))]
public class BackupAzureManagedHsm : FullBackupRestoreCmdletBase
{
@@ -16,15 +16,15 @@ public override void DoExecuteCmdlet()
ConfirmAction(
string.Format(Resources.DoFullBackup, StorageContainerUri),
- Name, () =>
+ HsmName, () =>
{
try
{
- WriteObject(Track2DataClient.BackupHsm(Name, StorageContainerUri, SasToken.ConvertToString()).AbsoluteUri);
+ WriteObject(Track2DataClient.BackupHsm(HsmName, StorageContainerUri, SasToken.ConvertToString()).AbsoluteUri);
}
catch (Exception ex)
{
- throw new Exception(string.Format(Resources.FullBackupFailed, Name), ex);
+ throw new Exception(string.Format(Resources.FullBackupFailed, HsmName), ex);
}
});
}
diff --git a/src/KeyVault/KeyVault/Commands/FullBackupRestore/FullBackupRestoreCmdletBase.cs b/src/KeyVault/KeyVault/Commands/FullBackupRestore/FullBackupRestoreCmdletBase.cs
index 762591997ea4..3e40a2dfe1fb 100644
--- a/src/KeyVault/KeyVault/Commands/FullBackupRestore/FullBackupRestoreCmdletBase.cs
+++ b/src/KeyVault/KeyVault/Commands/FullBackupRestore/FullBackupRestoreCmdletBase.cs
@@ -19,8 +19,7 @@ public abstract class FullBackupRestoreCmdletBase : KeyVaultCmdletBase
HelpMessage = "Name of the HSM.")]
[Parameter(ParameterSetName = InteractiveStorageName, Mandatory = true, Position = 1,
HelpMessage = "Name of the HSM.")]
- [Alias("HsmName")]
- public string Name { get; set; }
+ public string HsmName { get; set; }
[Parameter(ParameterSetName = InteractiveStorageUri, Mandatory = true,
HelpMessage = "URI of the storage container where the backup is going to be stored.")]
@@ -60,7 +59,7 @@ private void PreprocessParameterSet()
{
if (this.IsParameterBound(c => c.HsmObject))
{
- Name = HsmObject.Name;
+ HsmName = HsmObject.Name;
}
if (this.IsParameterBound(c => c.StorageAccountName))
diff --git a/src/KeyVault/KeyVault/Commands/FullBackupRestore/RestoreAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/FullBackupRestore/RestoreAzureManagedHsm.cs
index e5eb62760d11..5d06d3068aa0 100644
--- a/src/KeyVault/KeyVault/Commands/FullBackupRestore/RestoreAzureManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Commands/FullBackupRestore/RestoreAzureManagedHsm.cs
@@ -7,7 +7,7 @@
namespace Microsoft.Azure.Commands.KeyVault.Commands
{
- [Cmdlet("Restore", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsm", SupportsShouldProcess = true, DefaultParameterSetName = InteractiveStorageName)]
+ [Cmdlet("Restore", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.KeyVault, SupportsShouldProcess = true, DefaultParameterSetName = InteractiveStorageName)]
[OutputType(typeof(bool))]
public class RestoreAzureManagedHsm : FullBackupRestoreCmdletBase
{
@@ -21,15 +21,15 @@ public override void DoExecuteCmdlet()
{
ConfirmAction(
string.Format(Resources.DoFullRestore, StorageContainerUri),
- Name, () =>
+ HsmName, () =>
{
try
{
- Track2DataClient.RestoreHsm(Name, StorageContainerUri, SasToken.ConvertToString(), BackupFolder);
+ Track2DataClient.RestoreHsm(HsmName, StorageContainerUri, SasToken.ConvertToString(), BackupFolder);
}
catch (Exception ex)
{
- throw new Exception(string.Format(Resources.FullRestoreFailed, Name), ex);
+ throw new Exception(string.Format(Resources.FullRestoreFailed, HsmName), ex);
}
if (PassThru)
{
diff --git a/src/KeyVault/KeyVault/Commands/GetAzureKeyVaultKey.cs b/src/KeyVault/KeyVault/Commands/GetAzureKeyVaultKey.cs
index 558766f89d81..5f142f2c204d 100644
--- a/src/KeyVault/KeyVault/Commands/GetAzureKeyVaultKey.cs
+++ b/src/KeyVault/KeyVault/Commands/GetAzureKeyVaultKey.cs
@@ -43,6 +43,18 @@ public class GetAzureKeyVaultKey : KeyVaultCmdletBase
private const string ResourceIdByKeyNameParameterSet = "ByResourceIdKeyName";
private const string ResourceIdByKeyVersionsParameterSet = "ByResourceIdKeyVersions";
+ private const string HsmByVaultNameParameterSet = "HsmByVaultName";
+ private const string HsmByKeyNameParameterSet = "HsmByKeyName";
+ private const string HsmByKeyVersionsParameterSet = "HsmByKeyVersions";
+
+ private const string HsmInputObjectByVaultNameParameterSet = "HsmByInputObjectVaultName";
+ private const string HsmInputObjectByKeyNameParameterSet = "HsmByInputObjectKeyName";
+ private const string HsmInputObjectByKeyVersionsParameterSet = "HsmByInputObjectKeyVersions";
+
+ private const string HsmResourceIdByVaultNameParameterSet = "HsmByResourceIdVaultName";
+ private const string HsmResourceIdByKeyNameParameterSet = "HsmByResourceIdKeyName";
+ private const string HsmResourceIdByKeyVersionsParameterSet = "HsmByResourceIdKeyVersions";
+
private readonly string[] _supportedTypesForDownload = new string[] { Constants.RSA, Constants.RSAHSM };
#endregion
@@ -58,16 +70,25 @@ public class GetAzureKeyVaultKey : KeyVaultCmdletBase
HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")]
[Parameter(Mandatory = true,
Position = 0,
- ParameterSetName = ByVaultNameParameterSet,
- HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")]
+ ParameterSetName = ByVaultNameParameterSet)]
[Parameter(Mandatory = true,
Position = 0,
- ParameterSetName = ByKeyVersionsParameterSet,
- HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")]
+ ParameterSetName = ByKeyVersionsParameterSet)]
[ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")]
[ValidateNotNullOrEmpty]
public string VaultName { get; set; }
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByKeyNameParameterSet,
+ HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByVaultNameParameterSet)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByKeyVersionsParameterSet)]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
+ [ValidateNotNullOrEmpty]
+ public string HsmName { get; set; }
+
///
/// KeyVault object
///
@@ -79,16 +100,30 @@ public class GetAzureKeyVaultKey : KeyVaultCmdletBase
[Parameter(Mandatory = true,
Position = 0,
ValueFromPipeline = true,
- ParameterSetName = InputObjectByKeyNameParameterSet,
- HelpMessage = "KeyVault object.")]
+ ParameterSetName = InputObjectByKeyNameParameterSet)]
[Parameter(Mandatory = true,
Position = 0,
ValueFromPipeline = true,
- ParameterSetName = InputObjectByKeyVersionsParameterSet,
- HelpMessage = "KeyVault object.")]
+ ParameterSetName = InputObjectByKeyVersionsParameterSet)]
[ValidateNotNullOrEmpty]
public PSKeyVault InputObject { get; set; }
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ValueFromPipeline = true,
+ ParameterSetName = HsmInputObjectByVaultNameParameterSet,
+ HelpMessage = "HSM object.")]
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ValueFromPipeline = true,
+ ParameterSetName = HsmInputObjectByKeyNameParameterSet)]
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ValueFromPipeline = true,
+ ParameterSetName = HsmInputObjectByKeyVersionsParameterSet)]
+ [ValidateNotNullOrEmpty]
+ public PSManagedHsm HsmObject { get; set; }
+
///
/// KeyVault resource id
///
@@ -100,16 +135,27 @@ public class GetAzureKeyVaultKey : KeyVaultCmdletBase
[Parameter(Mandatory = true,
Position = 0,
ValueFromPipelineByPropertyName = true,
- ParameterSetName = ResourceIdByKeyNameParameterSet,
- HelpMessage = "KeyVault Resource Id.")]
+ ParameterSetName = ResourceIdByKeyNameParameterSet)]
[Parameter(Mandatory = true,
Position = 0,
ValueFromPipelineByPropertyName = true,
- ParameterSetName = ResourceIdByKeyVersionsParameterSet,
- HelpMessage = "KeyVault ResourceId.")]
+ ParameterSetName = ResourceIdByKeyVersionsParameterSet)]
[ValidateNotNullOrEmpty]
public string ResourceId { get; set; }
+ [Parameter(Mandatory = true,
+ ValueFromPipelineByPropertyName = true,
+ ParameterSetName = HsmResourceIdByVaultNameParameterSet,
+ HelpMessage = "HSM Resource Id.")]
+ [Parameter(Mandatory = true,
+ ValueFromPipelineByPropertyName = true,
+ ParameterSetName = HsmResourceIdByKeyNameParameterSet)]
+ [Parameter(Mandatory = true,
+ ValueFromPipelineByPropertyName = true,
+ ParameterSetName = HsmResourceIdByKeyVersionsParameterSet)]
+ [ValidateNotNullOrEmpty]
+ public string HsmResourceId { get; set; }
+
///
/// Key name.
///
@@ -119,36 +165,55 @@ public class GetAzureKeyVaultKey : KeyVaultCmdletBase
HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
[Parameter(Mandatory = false,
ParameterSetName = InputObjectByVaultNameParameterSet,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ Position = 1)]
[Parameter(Mandatory = false,
ParameterSetName = ResourceIdByVaultNameParameterSet,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ Position = 1)]
[Parameter(Mandatory = true,
ParameterSetName = ByKeyNameParameterSet,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ Position = 1)]
[Parameter(Mandatory = true,
ParameterSetName = InputObjectByKeyNameParameterSet,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ Position = 1)]
[Parameter(Mandatory = true,
ParameterSetName = ResourceIdByKeyNameParameterSet,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ Position = 1)]
[Parameter(Mandatory = true,
ParameterSetName = ByKeyVersionsParameterSet,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ Position = 1)]
[Parameter(Mandatory = true,
ParameterSetName = InputObjectByKeyVersionsParameterSet,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ Position = 1)]
[Parameter(Mandatory = true,
ParameterSetName = ResourceIdByKeyVersionsParameterSet,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ Position = 1)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmByVaultNameParameterSet,
+ Position = 1)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmInputObjectByVaultNameParameterSet,
+ Position = 1)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmResourceIdByVaultNameParameterSet,
+ Position = 1)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByKeyNameParameterSet,
+ Position = 1)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInputObjectByKeyNameParameterSet,
+ Position = 1)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmResourceIdByKeyNameParameterSet,
+ Position = 1)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByKeyVersionsParameterSet,
+ Position = 1)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInputObjectByKeyVersionsParameterSet,
+ Position = 1)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmResourceIdByKeyVersionsParameterSet,
+ Position = 1)]
[ValidateNotNullOrEmpty]
[Alias(Constants.KeyName)]
[SupportsWildcards]
@@ -163,12 +228,19 @@ public class GetAzureKeyVaultKey : KeyVaultCmdletBase
HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")]
[Parameter(Mandatory = true,
ParameterSetName = InputObjectByKeyNameParameterSet,
- Position = 2,
- HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")]
+ Position = 2)]
[Parameter(Mandatory = true,
ParameterSetName = ResourceIdByKeyNameParameterSet,
- Position = 2,
- HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from vault name, currently selected environment, key name and key version.")]
+ Position = 2)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByKeyNameParameterSet,
+ Position = 2)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInputObjectByKeyNameParameterSet,
+ Position = 2)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmResourceIdByKeyNameParameterSet,
+ Position = 2)]
[Alias("KeyVersion")]
public string Version { get; set; }
@@ -176,22 +248,30 @@ public class GetAzureKeyVaultKey : KeyVaultCmdletBase
ParameterSetName = ByKeyVersionsParameterSet,
HelpMessage = "Specifies whether to include the versions of the key in the output.")]
[Parameter(Mandatory = true,
- ParameterSetName = InputObjectByKeyVersionsParameterSet,
- HelpMessage = "Specifies whether to include the versions of the key in the output.")]
+ ParameterSetName = InputObjectByKeyVersionsParameterSet)]
[Parameter(Mandatory = true,
- ParameterSetName = ResourceIdByKeyVersionsParameterSet,
- HelpMessage = "Specifies whether to include the versions of the key in the output.")]
+ ParameterSetName = ResourceIdByKeyVersionsParameterSet)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByKeyVersionsParameterSet)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInputObjectByKeyVersionsParameterSet)]
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmResourceIdByKeyVersionsParameterSet)]
public SwitchParameter IncludeVersions { get; set; }
[Parameter(Mandatory = false,
ParameterSetName = ByVaultNameParameterSet,
HelpMessage = "Specifies whether to show the previously deleted keys in the output.")]
[Parameter(Mandatory = false,
- ParameterSetName = InputObjectByVaultNameParameterSet,
- HelpMessage = "Specifies whether to show the previously deleted keys in the output.")]
+ ParameterSetName = InputObjectByVaultNameParameterSet)]
[Parameter(Mandatory = false,
- ParameterSetName = ResourceIdByVaultNameParameterSet,
- HelpMessage = "Specifies whether to show the previously deleted keys in the output.")]
+ ParameterSetName = ResourceIdByVaultNameParameterSet)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmByVaultNameParameterSet)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmInputObjectByVaultNameParameterSet)]
+ [Parameter(Mandatory = false,
+ ParameterSetName = HsmResourceIdByVaultNameParameterSet)]
public SwitchParameter InRemovedState { get; set; }
[Parameter(Mandatory = false, HelpMessage = "Specifies the output file for which this cmdlet saves the key. The public key is saved in PEM format by default.")]
@@ -202,18 +282,67 @@ public class GetAzureKeyVaultKey : KeyVaultCmdletBase
public override void ExecuteCmdlet()
{
- PSKeyVaultKey keyBundle = null;
+ NormalizeParameterSets();
+ if (string.IsNullOrEmpty(HsmName))
+ {
+ GetKeyVaultKey();
+ }
+ else
+ {
+ GetHsmKey();
+ }
+ }
- if (InputObject != null)
+ private void GetHsmKey()
+ {
+ PSKeyVaultKey keyBundle = null;
+ if (!string.IsNullOrEmpty(Version))
{
- VaultName = InputObject.VaultName;
+ keyBundle = this.Track2DataClient.GetManagedHsmKey(HsmName, Name, Version);
+ WriteObject(keyBundle);
}
- else if (!string.IsNullOrEmpty(ResourceId))
+ else if (IncludeVersions.IsPresent)
{
- var parsedResourceId = new ResourceIdentifier(ResourceId);
- VaultName = parsedResourceId.ResourceName;
+ WriteObject(this.Track2DataClient.GetManagedHsmKeyAllVersions(HsmName, Name), true);
+ }
+ else if (InRemovedState.IsPresent)
+ {
+ if (string.IsNullOrEmpty(Name) || WildcardPattern.ContainsWildcardCharacters(Name))
+ {
+ WriteObject(KVSubResourceWildcardFilter(
+ Name, this.Track2DataClient.GetManagedHsmDeletedKeys(HsmName)),
+ true);
+ }
+ else
+ {
+ PSDeletedKeyVaultKey deletedKeyBundle = this.Track2DataClient.GetManagedHsmDeletedKey(HsmName, Name);
+ WriteObject(deletedKeyBundle);
+ }
+ }
+ else
+ {
+ if (string.IsNullOrEmpty(Name) || WildcardPattern.ContainsWildcardCharacters(Name))
+ {
+ WriteObject(KVSubResourceWildcardFilter(
+ Name, this.Track2DataClient.GetManagedHsmKeys(HsmName)),
+ true);
+ }
+ else
+ {
+ keyBundle = this.Track2DataClient.GetManagedHsmKey(HsmName, Name, string.Empty);
+ WriteObject(keyBundle);
+ }
}
+ if (!string.IsNullOrEmpty(OutFile) && keyBundle != null)
+ {
+ DownloadKey(keyBundle.Key, OutFile);
+ }
+ }
+
+ private void GetKeyVaultKey()
+ {
+ PSKeyVaultKey keyBundle = null;
if (!string.IsNullOrEmpty(Version))
{
keyBundle = DataServiceClient.GetKey(VaultName, Name, Version);
@@ -259,6 +388,29 @@ public override void ExecuteCmdlet()
}
}
+ private void NormalizeParameterSets()
+ {
+ if (InputObject != null)
+ {
+ VaultName = InputObject.VaultName;
+ }
+ else if (!string.IsNullOrEmpty(ResourceId))
+ {
+ var parsedResourceId = new ResourceIdentifier(ResourceId);
+ VaultName = parsedResourceId.ResourceName;
+ }
+
+ if (HsmObject != null)
+ {
+ HsmName = HsmObject.VaultName;
+ }
+ else if (!string.IsNullOrEmpty(HsmResourceId))
+ {
+ var parsedResourceId = new ResourceIdentifier(HsmResourceId);
+ HsmName = parsedResourceId.ResourceName;
+ }
+ }
+
private void GetAndWriteKeys(string vaultName, string name) =>
GetAndWriteObjects(new KeyVaultObjectFilterOptions
{
diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
index 522ecac856ad..7c1b1cb4306d 100644
--- a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
@@ -5,7 +5,7 @@
namespace Microsoft.Azure.Commands.KeyVault.Commands
{
- [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm")]
+ [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVaultManagedHsm")]
[OutputType(typeof(PSManagedHsm), typeof(PSKeyVaultIdentityItem))]
public class GetAzureManagedHsm : KeyVaultManagementCmdletBase
{
diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs
deleted file mode 100644
index 087aec66b7a4..000000000000
--- a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsmKey.cs
+++ /dev/null
@@ -1,263 +0,0 @@
-using Microsoft.Azure.Commands.Common.Authentication;
-using Microsoft.Azure.Commands.KeyVault.Helpers;
-using Microsoft.Azure.Commands.KeyVault.Models;
-using Microsoft.Azure.Commands.KeyVault.Properties;
-using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using Microsoft.Azure.KeyVault.WebKey;
-using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
-using System.Linq;
-using System.Management.Automation;
-
-namespace Microsoft.Azure.Commands.KeyVault
-{
- [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", DefaultParameterSetName = SpecifyHsmByHsmName + GetKeyWithoutConstraint)]
- [OutputType(typeof(PSKeyVaultKeyIdentityItem), typeof(PSKeyVaultKey), typeof(PSDeletedKeyVaultKeyIdentityItem), typeof(PSDeletedKeyVaultKey))]
- public class GetAzureManagedHsmKey : KeyVaultCmdletBase
- {
-
- #region Parameter Set Names
-
- private const string SpecifyHsmByHsmName = "SpecifyHsmByHsmName";
- private const string SpecifyHsmByInputObject = "SpecifyHsmByInputObject";
- private const string SpecifyHsmByResourceId = "SpecifyHsmByResourceId";
-
- private const string GetKeyWithoutConstraint = "GetKeyWithoutConstraint";
- private const string GetKeyWithSpecifiedVersion = "GetKeyWithSpecifiedVersion";
- private const string GetKeyIncludeAllVersions = "GetKeyIncludeAllVersions";
-
- private readonly string[] _supportedTypesForDownload = new string[] { Constants.RSA, Constants.RSAHSM };
-
- #endregion
-
- #region Input Parameter Definitions
-
- ///
- /// HSM name
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = SpecifyHsmByHsmName + GetKeyWithoutConstraint,
- HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = SpecifyHsmByHsmName + GetKeyWithSpecifiedVersion,
- HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = SpecifyHsmByHsmName + GetKeyIncludeAllVersions,
- HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
- [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
- [ValidateNotNullOrEmpty]
- public string HsmName { get; set; }
-
- ///
- /// HSM object
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ValueFromPipeline = true,
- ParameterSetName = SpecifyHsmByInputObject + GetKeyWithoutConstraint,
- HelpMessage = "HSM object.")]
- [Parameter(Mandatory = true,
- Position = 0,
- ValueFromPipeline = true,
- ParameterSetName = SpecifyHsmByInputObject + GetKeyWithSpecifiedVersion,
- HelpMessage = "HSM object.")]
- [Parameter(Mandatory = true,
- Position = 0,
- ValueFromPipeline = true,
- ParameterSetName = SpecifyHsmByInputObject + GetKeyIncludeAllVersions,
- HelpMessage = "HSM object.")]
- [ValidateNotNullOrEmpty]
- public PSManagedHsm InputObject { get; set; }
-
- ///
- /// HSM resource id
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ValueFromPipelineByPropertyName = true,
- ParameterSetName = SpecifyHsmByResourceId + GetKeyWithoutConstraint,
- HelpMessage = "HSM Resource Id.")]
- [Parameter(Mandatory = true,
- Position = 0,
- ValueFromPipelineByPropertyName = true,
- ParameterSetName = SpecifyHsmByResourceId + GetKeyWithSpecifiedVersion,
- HelpMessage = "HSM Resource Id.")]
- [Parameter(Mandatory = true,
- Position = 0,
- ValueFromPipelineByPropertyName = true,
- ParameterSetName = SpecifyHsmByResourceId + GetKeyIncludeAllVersions,
- HelpMessage = "HSM ResourceId.")]
- [ValidateNotNullOrEmpty]
- public string ResourceId { get; set; }
-
- ///
- /// Key name.
- ///
- [Parameter(Mandatory = false,
- ParameterSetName = SpecifyHsmByHsmName + GetKeyWithoutConstraint,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")]
- [Parameter(Mandatory = false,
- ParameterSetName = SpecifyHsmByInputObject + GetKeyWithoutConstraint,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")]
- [Parameter(Mandatory = false,
- ParameterSetName = SpecifyHsmByResourceId + GetKeyWithoutConstraint,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")]
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByHsmName + GetKeyWithSpecifiedVersion,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")]
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByInputObject + GetKeyWithSpecifiedVersion,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")]
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByResourceId + GetKeyWithSpecifiedVersion,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")]
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByHsmName + GetKeyIncludeAllVersions,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")]
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByInputObject + GetKeyIncludeAllVersions,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")]
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByResourceId + GetKeyIncludeAllVersions,
- Position = 1,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")]
- [ValidateNotNullOrEmpty]
- [Alias(Constants.KeyName)]
- [SupportsWildcards]
- public string Name { get; set; }
-
- ///
- /// Key version.
- ///
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByHsmName + GetKeyWithSpecifiedVersion,
- Position = 2,
- HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment, key name and key version.")]
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByInputObject + GetKeyWithSpecifiedVersion,
- Position = 2,
- HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment, key name and key version.")]
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByResourceId + GetKeyWithSpecifiedVersion,
- Position = 2,
- HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment, key name and key version.")]
- [Alias("KeyVersion")]
- public string Version { get; set; }
-
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByHsmName + GetKeyIncludeAllVersions,
- HelpMessage = "Specifies whether to include the versions of the key in the output.")]
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByInputObject + GetKeyIncludeAllVersions,
- HelpMessage = "Specifies whether to include the versions of the key in the output.")]
- [Parameter(Mandatory = true,
- ParameterSetName = SpecifyHsmByResourceId + GetKeyIncludeAllVersions,
- HelpMessage = "Specifies whether to include the versions of the key in the output.")]
- public SwitchParameter IncludeVersions { get; set; }
-
- [Parameter(Mandatory = false,
- ParameterSetName = SpecifyHsmByHsmName + GetKeyWithoutConstraint,
- HelpMessage = "Specifies whether to show the previously deleted keys in the output.")]
- [Parameter(Mandatory = false,
- ParameterSetName = SpecifyHsmByInputObject + GetKeyWithoutConstraint,
- HelpMessage = "Specifies whether to show the previously deleted keys in the output.")]
- [Parameter(Mandatory = false,
- ParameterSetName = SpecifyHsmByResourceId + GetKeyWithoutConstraint,
- HelpMessage = "Specifies whether to show the previously deleted keys in the output.")]
- public SwitchParameter InRemovedState { get; set; }
-
- [Parameter(Mandatory = false, HelpMessage = "Specifies the output file for which this cmdlet saves the key. The public key is saved in PEM format by default.")]
- [ValidateNotNullOrEmpty]
- public string OutFile { get; set; }
-
- #endregion
-
- public override void ExecuteCmdlet()
- {
- PSKeyVaultKey keyBundle = null;
-
- if (InputObject != null)
- {
- HsmName = InputObject.VaultName;
- }
- else if (!string.IsNullOrEmpty(ResourceId))
- {
- var parsedResourceId = new ResourceIdentifier(ResourceId);
- HsmName = parsedResourceId.ResourceName;
- }
-
- if (!string.IsNullOrEmpty(Version))
- {
- keyBundle = this.Track2DataClient.GetManagedHsmKey(HsmName, Name, Version);
- WriteObject(keyBundle);
- }
- else if (IncludeVersions.IsPresent)
- {
- WriteObject(this.Track2DataClient.GetManagedHsmKeyAllVersions(HsmName, Name), true);
- }
- else if (InRemovedState.IsPresent)
- {
- if (string.IsNullOrEmpty(Name) || WildcardPattern.ContainsWildcardCharacters(Name))
- {
- WriteObject(KVSubResourceWildcardFilter(
- Name, this.Track2DataClient.GetManagedHsmDeletedKeys(HsmName)),
- true);
- }
- else
- {
- PSDeletedKeyVaultKey deletedKeyBundle = this.Track2DataClient.GetManagedHsmDeletedKey(HsmName, Name);
- WriteObject(deletedKeyBundle);
- }
- }
- else
- {
- if (string.IsNullOrEmpty(Name) || WildcardPattern.ContainsWildcardCharacters(Name))
- {
- WriteObject(KVSubResourceWildcardFilter(
- Name, this.Track2DataClient.GetManagedHsmKeys(HsmName)),
- true);
- }
- else
- {
- keyBundle = this.Track2DataClient.GetManagedHsmKey(HsmName, Name, string.Empty);
- WriteObject(keyBundle);
- }
- }
-
- if (!string.IsNullOrEmpty(OutFile) && keyBundle != null)
- {
- DownloadKey(keyBundle.Key, OutFile);
- }
- }
-
- private void DownloadKey(JsonWebKey jwk, string path)
- {
- if (CanDownloadKey(jwk, out string reason))
- {
- var pem = JwkHelper.ExportPublicKeyToPem(jwk);
- AzureSession.Instance.DataStore.WriteFile(path, pem);
- WriteDebug(string.Format(Resources.PublicKeySavedAt, path));
- }
- else
- {
- WriteWarning(reason);
- }
- }
-
- private bool CanDownloadKey(JsonWebKey jwk, out string reason)
- {
- reason = string.Format(Resources.DownloadNotSupported, jwk.Kty);
- return _supportedTypesForDownload.Contains(jwk.Kty);
- }
- }
-}
diff --git a/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
index 904cf5600079..aecab0689e13 100644
--- a/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
@@ -10,7 +10,7 @@ namespace Microsoft.Azure.Commands.KeyVault.Commands
///
/// Create a new managed HSM.
///
- [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm", SupportsShouldProcess = true)]
+ [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVaultManagedHsm", SupportsShouldProcess = true)]
[OutputType(typeof(PSManagedHsm))]
public class NewAzureManagedHsm : KeyVaultManagementCmdletBase
{
diff --git a/src/KeyVault/KeyVault/Commands/RBAC/GetAzureManagedHsmRoleAssignment.cs b/src/KeyVault/KeyVault/Commands/RBAC/GetAzureManagedHsmRoleAssignment.cs
index 06119a752a63..41d584248178 100644
--- a/src/KeyVault/KeyVault/Commands/RBAC/GetAzureManagedHsmRoleAssignment.cs
+++ b/src/KeyVault/KeyVault/Commands/RBAC/GetAzureManagedHsmRoleAssignment.cs
@@ -9,7 +9,7 @@
namespace Microsoft.Azure.Commands.KeyVault.Commands
{
- [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.ManagedHsmRoleAssignment, DefaultParameterSetName = ListParameterSet)]
+ [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.KeyVaultRoleAssignment, DefaultParameterSetName = ListParameterSet)]
[OutputType(typeof(PSKeyVaultRoleAssignment))]
public class GetAzureManagedHsmRoleAssignment : RbacCmdletBase
{
diff --git a/src/KeyVault/KeyVault/Commands/RBAC/GetAzureManagedHsmRoleDefinition.cs b/src/KeyVault/KeyVault/Commands/RBAC/GetAzureManagedHsmRoleDefinition.cs
index 2b192f0b2084..0195004e42f1 100644
--- a/src/KeyVault/KeyVault/Commands/RBAC/GetAzureManagedHsmRoleDefinition.cs
+++ b/src/KeyVault/KeyVault/Commands/RBAC/GetAzureManagedHsmRoleDefinition.cs
@@ -6,7 +6,7 @@
namespace Microsoft.Azure.Commands.KeyVault.Commands
{
- [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.ManagedHsmRoleDefinition, DefaultParameterSetName = InteractiveCreateParameterSet)]
+ [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.KeyVaultHsmRoleDefinition, DefaultParameterSetName = InteractiveCreateParameterSet)]
[OutputType(typeof(PSKeyVaultRoleDefinition))]
public class GetAzureManagedHsmRoleDefinition : RbacCmdletBase
{
diff --git a/src/KeyVault/KeyVault/Commands/RBAC/NewAzureManagedHsmRoleAssignment.cs b/src/KeyVault/KeyVault/Commands/RBAC/NewAzureManagedHsmRoleAssignment.cs
index c1b9d9f41d9b..e7b753a37056 100644
--- a/src/KeyVault/KeyVault/Commands/RBAC/NewAzureManagedHsmRoleAssignment.cs
+++ b/src/KeyVault/KeyVault/Commands/RBAC/NewAzureManagedHsmRoleAssignment.cs
@@ -9,7 +9,7 @@
namespace Microsoft.Azure.Commands.KeyVault.Commands
{
- [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.ManagedHsmRoleAssignment,
+ [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.KeyVaultRoleAssignment,
SupportsShouldProcess = true, DefaultParameterSetName = ParameterSet.DefinitionNameSignInName)]
[OutputType(typeof(PSKeyVaultRoleAssignment))]
public class NewAzureManagedHsmRoleAssignment : RbacCmdletBase
diff --git a/src/KeyVault/KeyVault/Commands/RBAC/RemoveAzureManagedHsmRoleAssignment.cs b/src/KeyVault/KeyVault/Commands/RBAC/RemoveAzureManagedHsmRoleAssignment.cs
index 472482191c49..1ab27626db04 100644
--- a/src/KeyVault/KeyVault/Commands/RBAC/RemoveAzureManagedHsmRoleAssignment.cs
+++ b/src/KeyVault/KeyVault/Commands/RBAC/RemoveAzureManagedHsmRoleAssignment.cs
@@ -9,7 +9,7 @@
namespace Microsoft.Azure.Commands.KeyVault.Commands
{
- [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.ManagedHsmRoleAssignment,
+ [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.KeyVaultRoleAssignment,
SupportsShouldProcess = true, DefaultParameterSetName = ParameterSet.DefinitionNameSignInName)]
[OutputType(typeof(PSKeyVaultRoleAssignment))]
public class RemoveAzureManagedHsmRoleAssignment : RbacCmdletBase
diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVaultKey.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVaultKey.cs
index 86c6765a3d5e..0e634ca92b80 100644
--- a/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVaultKey.cs
+++ b/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVaultKey.cs
@@ -20,7 +20,7 @@
namespace Microsoft.Azure.Commands.KeyVault
{
- [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKey",SupportsShouldProcess = true,DefaultParameterSetName = ByVaultNameParameterSet)]
+ [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKey", SupportsShouldProcess = true, DefaultParameterSetName = ByVaultNameParameterSet)]
[OutputType(typeof(PSDeletedKeyVaultKey))]
public class RemoveAzureKeyVaultKey : KeyVaultCmdletBase
{
@@ -28,6 +28,7 @@ public class RemoveAzureKeyVaultKey : KeyVaultCmdletBase
private const string ByVaultNameParameterSet = "ByVaultName";
private const string ByInputObjectParameterSet = "ByInputObject";
+ private const string HsmByVaultNameParameterSet = "HsmByVaultName";
#endregion
@@ -44,6 +45,13 @@ public class RemoveAzureKeyVaultKey : KeyVaultCmdletBase
[ValidateNotNullOrEmpty]
public string VaultName { get; set; }
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByVaultNameParameterSet,
+ HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
+ [ValidateNotNullOrEmpty]
+ public string HsmName { get; set; }
+
///
/// key name
///
@@ -51,6 +59,9 @@ public class RemoveAzureKeyVaultKey : KeyVaultCmdletBase
Position = 1,
ParameterSetName = ByVaultNameParameterSet,
HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ [Parameter(Mandatory = true,
+ Position = 1,
+ ParameterSetName = HsmByVaultNameParameterSet)]
[ValidateNotNullOrEmpty]
[Alias(Constants.KeyName)]
public string Name { get; set; }
@@ -70,7 +81,7 @@ public class RemoveAzureKeyVaultKey : KeyVaultCmdletBase
/// If present, do not ask for confirmation
///
[Parameter(Mandatory = false,
- HelpMessage = "Do not ask for confirmation.")]
+ HelpMessage = "Do not ask for confirmation.")]
public SwitchParameter Force { get; set; }
[Parameter(Mandatory = false,
@@ -81,18 +92,42 @@ public class RemoveAzureKeyVaultKey : KeyVaultCmdletBase
/// If present, operate on the deleted key entity.
///
[Parameter(Mandatory = false,
- HelpMessage = "Remove the previously deleted key permanently.")]
+ HelpMessage = "Remove the previously deleted key permanently.")]
public SwitchParameter InRemovedState { get; set; }
#endregion
public override void ExecuteCmdlet()
+ {
+ NormalizeParameterSets();
+
+ if (string.IsNullOrEmpty(HsmName))
+ {
+ RemoveKeyVaultKey();
+ }
+ else
+ {
+ RemoveHsmKey();
+ }
+ }
+
+ private void NormalizeParameterSets()
{
if (InputObject != null)
{
- VaultName = InputObject.VaultName.ToString();
+ if (InputObject.IsHsm)
+ {
+ HsmName = InputObject.VaultName.ToString();
+ }
+ else
+ {
+ VaultName = InputObject.VaultName.ToString();
+ }
Name = InputObject.Name.ToString();
}
+ }
+ private void RemoveKeyVaultKey()
+ {
if (InRemovedState.IsPresent)
{
ConfirmAction(
@@ -129,5 +164,44 @@ public override void ExecuteCmdlet()
WriteObject(deletedKeyBundle);
}
}
+
+ private void RemoveHsmKey()
+ {
+ if (InRemovedState.IsPresent)
+ {
+ ConfirmAction(
+ Force.IsPresent,
+ string.Format(
+ CultureInfo.InvariantCulture,
+ Resources.RemoveDeletedKeyWarning,
+ Name),
+ string.Format(
+ CultureInfo.InvariantCulture,
+ Resources.RemoveDeletedKeyWhatIfMessage,
+ Name),
+ Name,
+ () => { this.Track2DataClient.PurgeManagedHsmKey(HsmName, Name); });
+ return;
+ }
+
+ PSDeletedKeyVaultKey deletedKeyBundle = null;
+ ConfirmAction(
+ Force.IsPresent,
+ string.Format(
+ CultureInfo.InvariantCulture,
+ Resources.RemoveKeyWarning,
+ Name),
+ string.Format(
+ CultureInfo.InvariantCulture,
+ Resources.RemoveKeyWhatIfMessage,
+ Name),
+ Name,
+ () => { deletedKeyBundle = this.Track2DataClient.DeleteManagedHsmKey(HsmName, Name); });
+
+ if (PassThru)
+ {
+ WriteObject(deletedKeyBundle);
+ }
+ }
}
}
diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs
index 5c196e9cca0a..e4597048632a 100644
--- a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs
@@ -9,7 +9,7 @@
namespace Microsoft.Azure.Commands.KeyVault
{
- [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm", SupportsShouldProcess = true, DefaultParameterSetName = RemoveManagedHsmByNameParameterSet)]
+ [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVaultManagedHsm", SupportsShouldProcess = true, DefaultParameterSetName = RemoveManagedHsmByNameParameterSet)]
[OutputType(typeof(bool))]
public class RemoveAzureManagedHsm : KeyVaultManagementCmdletBase
{
diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs
deleted file mode 100644
index a441f4dcff97..000000000000
--- a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsmKey.cs
+++ /dev/null
@@ -1,133 +0,0 @@
-// ----------------------------------------------------------------------------------
-//
-// Copyright Microsoft Corporation
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ----------------------------------------------------------------------------------
-
-using Microsoft.Azure.Commands.KeyVault.Models;
-using System.Globalization;
-using System.Management.Automation;
-using Microsoft.Azure.Commands.KeyVault.Properties;
-using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-
-namespace Microsoft.Azure.Commands.KeyVault
-{
- [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = RemoveByKeyNameParameterSet)]
- [OutputType(typeof(PSDeletedKeyVaultKey))]
- public class RemoveAzureManagedHsmKey : KeyVaultCmdletBase
- {
- #region Parameter Set Names
-
- private const string RemoveByKeyNameParameterSet = "RemoveByKeyNameParameterSet";
- private const string RemoveByInputObjectParameterSet = "RemoveByInputObjectParameterSet";
-
- #endregion
-
- #region Input Parameter Definitions
-
- ///
- /// HSM name
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = RemoveByKeyNameParameterSet,
- HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
- [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
- [ValidateNotNullOrEmpty]
- public string HsmName { get; set; }
-
- ///
- /// key name
- ///
- [Parameter(Mandatory = true,
- Position = 1,
- ParameterSetName = RemoveByKeyNameParameterSet,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name.")]
- [ValidateNotNullOrEmpty]
- [Alias(Constants.KeyName)]
- public string Name { get; set; }
-
- ///
- /// Key object
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ValueFromPipeline = true,
- ParameterSetName = RemoveByInputObjectParameterSet,
- HelpMessage = "Key Object")]
- [ValidateNotNullOrEmpty]
- public PSKeyVaultKeyIdentityItem InputObject { get; set; }
-
- ///
- /// If present, do not ask for confirmation
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "Do not ask for confirmation.")]
- public SwitchParameter Force { get; set; }
-
- [Parameter(Mandatory = false,
- HelpMessage = "Cmdlet does not return an object by default. If this switch is specified, the cmdlet returns the key object that was deleted.")]
- public SwitchParameter PassThru { get; set; }
-
- ///
- /// If present, operate on the deleted key entity.
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "Remove the previously deleted key permanently.")]
- public SwitchParameter InRemovedState { get; set; }
-
- #endregion
- public override void ExecuteCmdlet()
- {
- if (InputObject != null)
- {
- HsmName = InputObject.VaultName;
- Name = InputObject.Name;
- }
-
- if (InRemovedState.IsPresent)
- {
- ConfirmAction(
- Force.IsPresent,
- string.Format(
- CultureInfo.InvariantCulture,
- Resources.RemoveDeletedKeyWarning,
- Name),
- string.Format(
- CultureInfo.InvariantCulture,
- Resources.RemoveDeletedKeyWhatIfMessage,
- Name),
- Name,
- () => { this.Track2DataClient.PurgeManagedHsmKey(HsmName, Name); });
- return;
- }
-
- PSDeletedKeyVaultKey deletedKeyBundle = null;
- ConfirmAction(
- Force.IsPresent,
- string.Format(
- CultureInfo.InvariantCulture,
- Resources.RemoveKeyWarning,
- Name),
- string.Format(
- CultureInfo.InvariantCulture,
- Resources.RemoveKeyWhatIfMessage,
- Name),
- Name,
- () => { deletedKeyBundle = this.Track2DataClient.DeleteManagedHsmKey(HsmName, Name); });
-
- if (PassThru)
- {
- WriteObject(deletedKeyBundle);
- }
- }
- }
-}
diff --git a/src/KeyVault/KeyVault/Commands/RestoreAzureKeyVaultKey.cs b/src/KeyVault/KeyVault/Commands/RestoreAzureKeyVaultKey.cs
index 35fe57dbf717..c51fd48f9868 100644
--- a/src/KeyVault/KeyVault/Commands/RestoreAzureKeyVaultKey.cs
+++ b/src/KeyVault/KeyVault/Commands/RestoreAzureKeyVaultKey.cs
@@ -22,9 +22,9 @@
namespace Microsoft.Azure.Commands.KeyVault
{
///
- /// Restores the backup key into a vault
+ /// Restores the backup key into a vault
///
- [Cmdlet("Restore", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKey",SupportsShouldProcess = true,DefaultParameterSetName = ByVaultNameParameterSet)]
+ [Cmdlet("Restore", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKey", SupportsShouldProcess = true, DefaultParameterSetName = ByVaultNameParameterSet)]
[OutputType(typeof(PSKeyVaultKey))]
public class RestoreAzureKeyVaultKey : KeyVaultCmdletBase
{
@@ -33,6 +33,9 @@ public class RestoreAzureKeyVaultKey : KeyVaultCmdletBase
private const string ByVaultNameParameterSet = "ByVaultName";
private const string ByInputObjectParameterSet = "ByInputObject";
private const string ByResourceIdParameterSet = "ByResourceId";
+ private const string HsmByVaultNameParameterSet = "HsmByVaultName";
+ private const string HsmByInputObjectParameterSet = "HsmByInputObject";
+ private const string HsmByResourceIdParameterSet = "HsmByResourceId";
#endregion
@@ -42,61 +45,109 @@ public class RestoreAzureKeyVaultKey : KeyVaultCmdletBase
/// Vault name
///
[Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = ByVaultNameParameterSet,
- HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")]
+ Position = 0,
+ ParameterSetName = ByVaultNameParameterSet,
+ HelpMessage = "Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.")]
[ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")]
[ValidateNotNullOrEmpty]
public string VaultName { get; set; }
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByVaultNameParameterSet,
+ HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
+ [ValidateNotNullOrEmpty]
+ public string HsmName { get; set; }
+
///
/// KeyVault object
///
[Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = ByInputObjectParameterSet,
- ValueFromPipeline = true,
- HelpMessage = "KeyVault object")]
+ Position = 0,
+ ParameterSetName = ByInputObjectParameterSet,
+ ValueFromPipeline = true,
+ HelpMessage = "KeyVault object")]
[ValidateNotNullOrEmpty]
public PSKeyVault InputObject { get; set; }
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = HsmByInputObjectParameterSet,
+ ValueFromPipeline = true,
+ HelpMessage = "HSM object")]
+ [ValidateNotNullOrEmpty]
+ public PSManagedHsm HsmObject { get; set; }
+
///
/// KeyVault ResourceId
///
[Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = ByResourceIdParameterSet,
- ValueFromPipelineByPropertyName = true,
- HelpMessage = "KeyVault Resource Id")]
+ Position = 0,
+ ParameterSetName = ByResourceIdParameterSet,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "KeyVault Resource Id")]
[ValidateNotNullOrEmpty]
public string ResourceId { get; set; }
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmByResourceIdParameterSet,
+ ValueFromPipelineByPropertyName = true,
+ HelpMessage = "Hsm Resource Id")]
+ [ValidateNotNullOrEmpty]
+ public string HsmResourceId { get; set; }
+
///
/// The input file in which the backup blob is stored
///
[Parameter(Mandatory = true,
- Position = 1,
- HelpMessage = "Input file. The input file containing the backed-up blob")]
+ Position = 1,
+ HelpMessage = "Input file. The input file containing the backed-up blob")]
[ValidateNotNullOrEmpty]
public string InputFile { get; set; }
#endregion Input Parameter Definitions
public override void ExecuteCmdlet()
+ {
+ NormalizeParameterSets();
+
+ if (string.IsNullOrEmpty(HsmName))
+ {
+ RestoreKeyVaultKey();
+ }
+ else
+ {
+ RestoreHsmKey();
+ }
+ }
+
+ private void NormalizeParameterSets()
{
if (InputObject != null)
{
VaultName = InputObject.VaultName;
}
- else if (ResourceId != null)
+ if (ResourceId != null)
{
var resourceIdentifier = new ResourceIdentifier(ResourceId);
VaultName = resourceIdentifier.ResourceName;
}
+ if (HsmObject != null)
+ {
+ HsmName = HsmObject.VaultName;
+ }
+ if (HsmResourceId != null)
+ {
+ var resourceIdentifier = new ResourceIdentifier(HsmResourceId);
+ HsmName = resourceIdentifier.ResourceName;
+ }
+ }
+ private void RestoreKeyVaultKey()
+ {
if (ShouldProcess(VaultName, Properties.Resources.RestoreKey))
{
- var filePath = ResolveKeyVaultPath(InputFile);
+ var filePath = ResolveKeyPath(InputFile);
var restoredKeyBundle = this.DataServiceClient.RestoreKey(VaultName, filePath);
@@ -104,7 +155,7 @@ public override void ExecuteCmdlet()
}
}
- private string ResolveKeyVaultPath(string filePath)
+ private string ResolveKeyPath(string filePath)
{
FileInfo keyFile = new FileInfo(this.ResolveUserPath(filePath));
if (!keyFile.Exists)
@@ -113,5 +164,17 @@ private string ResolveKeyVaultPath(string filePath)
}
return keyFile.FullName;
}
+
+ private void RestoreHsmKey()
+ {
+ if (ShouldProcess(HsmName, Properties.Resources.RestoreKey))
+ {
+ var filePath = ResolveKeyPath(InputFile);
+
+ var restoredKeyBundle = this.Track2DataClient.RestoreManagedHsmKey(HsmName, filePath);
+
+ this.WriteObject(restoredKeyBundle);
+ }
+ }
}
}
diff --git a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs
deleted file mode 100644
index 0b22602ea77f..000000000000
--- a/src/KeyVault/KeyVault/Commands/RestoreAzureManagedHsmKey.cs
+++ /dev/null
@@ -1,103 +0,0 @@
-using Microsoft.Azure.Commands.KeyVault.Models;
-using Microsoft.Azure.Commands.KeyVault.Properties;
-using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
-using System.IO;
-using System.Management.Automation;
-
-namespace Microsoft.Azure.Commands.KeyVault
-{
- ///
- /// Restores the backup key into a vault
- ///
- [Cmdlet("Restore", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = ByHsmNameParameterSet)]
- [OutputType(typeof(PSKeyVaultKey))]
- public class RestoreAzureManagedHsmKey : KeyVaultCmdletBase
- {
- #region Parameter Set Names
-
- private const string ByHsmNameParameterSet = "ByHsmName";
- private const string ByInputObjectParameterSet = "ByInputObject";
- private const string ByResourceIdParameterSet = "ByResourceId";
-
- #endregion
-
- #region Input Parameter Definitions
-
- ///
- /// HSM name
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = ByHsmNameParameterSet,
- HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
- [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
- [ValidateNotNullOrEmpty]
- public string HsmName { get; set; }
-
- ///
- /// HSM object
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = ByInputObjectParameterSet,
- ValueFromPipeline = true,
- HelpMessage = "Hsm object")]
- [ValidateNotNullOrEmpty]
- public PSManagedHsm InputObject { get; set; }
-
- ///
- /// HSM ResourceId
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = ByResourceIdParameterSet,
- ValueFromPipelineByPropertyName = true,
- HelpMessage = "Hsm Resource Id")]
- [ValidateNotNullOrEmpty]
- public string ResourceId { get; set; }
-
- ///
- /// The input file in which the backup blob is stored
- ///
- [Parameter(Mandatory = true,
- Position = 1,
- HelpMessage = "Input file. The input file containing the backed-up blob")]
- [ValidateNotNullOrEmpty]
- public string InputFile { get; set; }
-
- #endregion Input Parameter Definitions
-
- public override void ExecuteCmdlet()
- {
- if (InputObject != null)
- {
- HsmName = InputObject.VaultName;
- }
- else if (ResourceId != null)
- {
- var resourceIdentifier = new ResourceIdentifier(ResourceId);
- HsmName = resourceIdentifier.ResourceName;
- }
-
- if (ShouldProcess(HsmName, Properties.Resources.RestoreKey))
- {
- var filePath = ResolveKeyPath(InputFile);
-
- var restoredKeyBundle = this.Track2DataClient.RestoreManagedHsmKey(HsmName, filePath);
-
- this.WriteObject(restoredKeyBundle);
- }
- }
-
- private string ResolveKeyPath(string filePath)
- {
- FileInfo keyFile = new FileInfo(this.ResolveUserPath(filePath));
- if (!keyFile.Exists)
- {
- throw new FileNotFoundException(string.Format(Resources.BackupKeyFileNotFound, filePath));
- }
- return keyFile.FullName;
- }
- }
-}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultKeyRemoval.cs b/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultKeyRemoval.cs
index 48db2cd68523..b72f2d240119 100644
--- a/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultKeyRemoval.cs
+++ b/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultKeyRemoval.cs
@@ -18,13 +18,14 @@
namespace Microsoft.Azure.Commands.KeyVault
{
- [Cmdlet("Undo", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKeyRemoval",SupportsShouldProcess = true,DefaultParameterSetName = DefaultParameterSet)]
+ [Cmdlet("Undo", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKeyRemoval", SupportsShouldProcess = true, DefaultParameterSetName = DefaultParameterSet)]
[OutputType(typeof(PSKeyVaultKey))]
public class UndoAzureKeyVaultKeyRemoval : KeyVaultCmdletBase
{
#region Parameter Set Names
private const string DefaultParameterSet = "Default";
+ private const string HsmInteractiveParameterSet = "HsmInteractive";
private const string InputObjectParameterSet = "InputObject";
#endregion
@@ -42,6 +43,13 @@ public class UndoAzureKeyVaultKeyRemoval : KeyVaultCmdletBase
[ValidateNotNullOrEmpty]
public string VaultName { get; set; }
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInteractiveParameterSet,
+ HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
+ [ValidateNotNullOrEmpty]
+ public string HsmName { get; set; }
+
///
/// Key name
///
@@ -49,6 +57,9 @@ public class UndoAzureKeyVaultKeyRemoval : KeyVaultCmdletBase
Position = 1,
ParameterSetName = DefaultParameterSet,
HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ [Parameter(Mandatory = true,
+ Position = 1,
+ ParameterSetName = HsmInteractiveParameterSet)]
[ValidateNotNullOrEmpty]
[Alias(Constants.KeyName)]
public string Name { get; set; }
@@ -57,10 +68,10 @@ public class UndoAzureKeyVaultKeyRemoval : KeyVaultCmdletBase
/// Key object
///
[Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = InputObjectParameterSet,
- ValueFromPipeline = true,
- HelpMessage = "Deleted key object")]
+ Position = 0,
+ ParameterSetName = InputObjectParameterSet,
+ ValueFromPipeline = true,
+ HelpMessage = "Deleted key object")]
[ValidateNotNullOrEmpty]
public PSDeletedKeyVaultKeyIdentityItem InputObject { get; set; }
@@ -68,18 +79,38 @@ public class UndoAzureKeyVaultKeyRemoval : KeyVaultCmdletBase
public override void ExecuteCmdlet()
{
- if (InputObject != null)
- {
- VaultName = InputObject.VaultName;
- Name = InputObject.Name;
- }
+ NormalizeParameterSets();
if (ShouldProcess(Name, Properties.Resources.RecoverKey))
{
- PSKeyVaultKey recoveredKey = DataServiceClient.RecoverKey(VaultName, Name);
+ PSKeyVaultKey recoveredKey;
+ if (string.IsNullOrEmpty(HsmName))
+ {
+ recoveredKey = DataServiceClient.RecoverKey(VaultName, Name);
+ }
+ else
+ {
+ recoveredKey = this.Track2DataClient.RecoverManagedHsmKey(HsmName, Name);
+ }
WriteObject(recoveredKey);
}
}
+
+ private void NormalizeParameterSets()
+ {
+ if (InputObject != null)
+ {
+ if (InputObject.IsHsm)
+ {
+ HsmName = InputObject.VaultName;
+ }
+ else
+ {
+ VaultName = InputObject.VaultName;
+ }
+ Name = InputObject.Name;
+ }
+ }
}
}
diff --git a/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs b/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs
deleted file mode 100644
index df12b92bb3c1..000000000000
--- a/src/KeyVault/KeyVault/Commands/UndoAzureManagedHsmKeyRemoval.cs
+++ /dev/null
@@ -1,71 +0,0 @@
-using Microsoft.Azure.Commands.KeyVault.Models;
-using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using System.Management.Automation;
-
-namespace Microsoft.Azure.Commands.KeyVault.Commands
-{
- [Cmdlet("Undo", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKeyRemoval", SupportsShouldProcess = true, DefaultParameterSetName = DefaultParameterSet)]
- [OutputType(typeof(PSKeyVaultKey))]
- public class UndoAzureManagedHsmKeyRemoval : KeyVaultCmdletBase
- {
- #region Parameter Set Names
-
- private const string DefaultParameterSet = "Default";
- private const string InputObjectParameterSet = "InputObject";
-
- #endregion
-
- #region Input Parameter Definitions
-
- ///
- /// HSM name
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = DefaultParameterSet,
- HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
- [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
- [ValidateNotNullOrEmpty]
- public string HsmName { get; set; }
-
- ///
- /// Key name
- ///
- [Parameter(Mandatory = true,
- Position = 1,
- ParameterSetName = DefaultParameterSet,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from HSM name, currently selected environment and key name.")]
- [ValidateNotNullOrEmpty]
- [Alias(Constants.KeyName)]
- public string Name { get; set; }
-
- ///
- /// Key object
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = InputObjectParameterSet,
- ValueFromPipeline = true,
- HelpMessage = "Deleted key object")]
- [ValidateNotNullOrEmpty]
- public PSDeletedKeyVaultKeyIdentityItem InputObject { get; set; }
-
- #endregion
-
- public override void ExecuteCmdlet()
- {
- if (InputObject != null)
- {
- HsmName = InputObject.VaultName;
- Name = InputObject.Name;
- }
-
- if (ShouldProcess(Name, Properties.Resources.RecoverKey))
- {
- PSKeyVaultKey recoveredKey = this.Track2DataClient.RecoverManagedHsmKey(HsmName, Name);
-
- WriteObject(recoveredKey);
- }
- }
- }
-}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVaultKey.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVaultKey.cs
index 229140976a8b..ba8575884c8e 100644
--- a/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVaultKey.cs
+++ b/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVaultKey.cs
@@ -24,13 +24,14 @@ namespace Microsoft.Azure.Commands.KeyVault
/// Update attribute of a key vault key.
///
[Alias("Set-" + ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKey", "Set-" + ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKeyAttribute")]
- [Cmdlet("Update", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKey",SupportsShouldProcess = true,DefaultParameterSetName = DefaultParameterSet)]
+ [Cmdlet("Update", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKey", SupportsShouldProcess = true, DefaultParameterSetName = DefaultParameterSet)]
[OutputType(typeof(PSKeyVaultKey))]
public class UpdateAzureKeyVaultKey : KeyVaultCmdletBase
{
#region Parameter Set Names
private const string DefaultParameterSet = "Default";
+ private const string HsmInteractiveParameterSet = "HsmInteractive";
private const string InputObjectParameterSet = "InputObject";
#endregion
@@ -48,6 +49,13 @@ public class UpdateAzureKeyVaultKey : KeyVaultCmdletBase
[ValidateNotNullOrEmpty]
public string VaultName { get; set; }
+ [Parameter(Mandatory = true,
+ ParameterSetName = HsmInteractiveParameterSet,
+ HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
+ [ValidateNotNullOrEmpty]
+ public string HsmName { get; set; }
+
///
/// key name
///
@@ -55,6 +63,9 @@ public class UpdateAzureKeyVaultKey : KeyVaultCmdletBase
Position = 1,
ParameterSetName = DefaultParameterSet,
HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from vault name, currently selected environment and key name.")]
+ [Parameter(Mandatory = true,
+ Position = 1,
+ ParameterSetName = HsmInteractiveParameterSet)]
[ValidateNotNullOrEmpty]
[Alias(Constants.KeyName)]
public string Name { get; set; }
@@ -80,7 +91,7 @@ public class UpdateAzureKeyVaultKey : KeyVaultCmdletBase
public string Version { get; set; }
///
- /// If present, enable a key if value is true.
+ /// If present, enable a key if value is true.
/// Disable a key if value is false.
/// If not present, no change on current key enabled/disabled state.
///
@@ -96,45 +107,53 @@ public class UpdateAzureKeyVaultKey : KeyVaultCmdletBase
public DateTime? Expires { get; set; }
///
- /// The UTC time before which key can't be used
+ /// The UTC time before which key can't be used
///
[Parameter(Mandatory = false,
HelpMessage = "The UTC time before which key can't be used. If not specified, the existing NotBefore attribute of the key remains unchanged.")]
public DateTime? NotBefore { get; set; }
///
- /// Key operations
+ /// Key operations
///
[Parameter(Mandatory = false,
HelpMessage = "The operations that can be performed with the key. If not specified, the existing key operations of the key remain unchanged.")]
public string[] KeyOps { get; set; }
[Parameter(Mandatory = false,
- HelpMessage = "A hashtable represents key tags. If not specified, the existings tags of the key remain unchanged.")]
+ HelpMessage = "A hashtable represents key tags. If not specified, the existings tags of the key remain unchanged.")]
[Alias(Constants.TagsAlias)]
public Hashtable Tag { get; set; }
[Parameter(Mandatory = false,
- HelpMessage = "Cmdlet does not return an object by default. If this switch is specified, returns the updated key bundle object.")]
+ HelpMessage = "Cmdlet does not return an object by default. If this switch is specified, returns the updated key bundle object.")]
public SwitchParameter PassThru { get; set; }
#endregion
public override void ExecuteCmdlet()
{
- if (InputObject != null)
- {
- VaultName = InputObject.VaultName;
- Name = InputObject.Name;
- }
+ NormalizeParameterSets();
if (ShouldProcess(Name, Properties.Resources.SetKeyAttribute))
{
- var keyBundle = DataServiceClient.UpdateKey(
- VaultName,
- Name,
- Version ?? string.Empty,
- new PSKeyVaultKeyAttributes(Enable, Expires, NotBefore, null, KeyOps, Tag));
+ PSKeyVaultKey keyBundle;
+ if (string.IsNullOrEmpty(HsmName))
+ {
+ keyBundle = DataServiceClient.UpdateKey(
+ VaultName,
+ Name,
+ Version ?? string.Empty,
+ new PSKeyVaultKeyAttributes(Enable, Expires, NotBefore, null, KeyOps, Tag));
+ }
+ else
+ {
+ keyBundle = this.Track2DataClient.UpdateManagedHsmKey(
+ HsmName,
+ Name,
+ Version ?? string.Empty,
+ new PSKeyVaultKeyAttributes(Enable, Expires, NotBefore, null, KeyOps, Tag));
+ }
if (PassThru)
{
@@ -142,5 +161,21 @@ public override void ExecuteCmdlet()
}
}
}
+
+ private void NormalizeParameterSets()
+ {
+ if (InputObject != null)
+ {
+ if (InputObject.IsHsm)
+ {
+ HsmName = InputObject.VaultName;
+ }
+ else
+ {
+ VaultName = InputObject.VaultName;
+ }
+ Name = InputObject.Name;
+ }
+ }
}
}
diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs
index 2651ca6e5bc1..a9d47efa0ea8 100644
--- a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs
@@ -1,4 +1,5 @@
using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.KeyVault.Properties;
using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
using Microsoft.WindowsAzure.Commands.Utilities.Common;
@@ -8,7 +9,7 @@
namespace Microsoft.Azure.Commands.KeyVault.Commands
{
- [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsm", DefaultParameterSetName = UpdateByNameParameterSet, SupportsShouldProcess = true), OutputType(typeof(PSManagedHsm))]
+ [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultManagedHsm", DefaultParameterSetName = UpdateByNameParameterSet, SupportsShouldProcess = true), OutputType(typeof(PSManagedHsm))]
public class UpdateAzureManagedHsm : KeyVaultManagementCmdletBase
{
private const string UpdateByNameParameterSet = "UpdateByNameParameterSet";
@@ -68,10 +69,10 @@ public override void ExecuteCmdlet()
if (existingResource == null)
{
- throw new Exception(string.Format("A managed HSM with name '{0}' in resource group '{1}' does not exist. Please use New-AzManagedHsm to create a managed HSM with these properties.", this.Name, this.ResourceGroupName));
+ throw new Exception(string.Format(Resources.HsmNotFound, this.Name, this.ResourceGroupName));
}
- if (this.ShouldProcess(this.Name, string.Format("Updating managed HSM '{0}' in resource group '{1}'.", this.Name, this.ResourceGroupName)))
+ if (this.ShouldProcess(this.Name, string.Format(Resources.UpdateHsmShouldProcessMessage, this.Name, this.ResourceGroupName)))
{
var result = KeyVaultManagementClient.UpdateManagedHsm(existingResource,
new VaultCreationOrUpdateParameters
diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs
deleted file mode 100644
index c298cc06acab..000000000000
--- a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsmKey.cs
+++ /dev/null
@@ -1,146 +0,0 @@
-// ----------------------------------------------------------------------------------
-//
-// Copyright Microsoft Corporation
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ----------------------------------------------------------------------------------
-
-using Microsoft.Azure.Commands.KeyVault.Models;
-using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using System;
-using System.Collections;
-using System.Management.Automation;
-
-namespace Microsoft.Azure.Commands.KeyVault
-{
- ///
- /// Update attribute of a managed HSM key.
- ///
- [Alias("Set-" + ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", "Set-" + ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKeyAttribute")]
- [Cmdlet("Update", ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmKey", SupportsShouldProcess = true, DefaultParameterSetName = DefaultParameterSet)]
- [OutputType(typeof(PSKeyVaultKey))]
- public class UpdateAzureManagedHsmKey : KeyVaultCmdletBase
- {
- #region Parameter Set Names
-
- private const string DefaultParameterSet = "Default";
- private const string InputObjectParameterSet = "InputObject";
-
- #endregion
-
- #region Input Parameter Definitions
-
- ///
- /// HSM name
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = DefaultParameterSet,
- HelpMessage = "HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.")]
- [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
- [ValidateNotNullOrEmpty]
- public string HsmName { get; set; }
-
- ///
- /// key name
- ///
- [Parameter(Mandatory = true,
- Position = 1,
- ParameterSetName = DefaultParameterSet,
- HelpMessage = "Key name. Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name.")]
- [ValidateNotNullOrEmpty]
- [Alias(Constants.KeyName)]
- public string Name { get; set; }
-
- ///
- /// key object
- ///
- [Parameter(Mandatory = true,
- Position = 0,
- ParameterSetName = InputObjectParameterSet,
- ValueFromPipeline = true,
- HelpMessage = "Key object")]
- [ValidateNotNullOrEmpty]
- public PSKeyVaultKeyIdentityItem InputObject { get; set; }
-
- ///
- /// Key version.
- ///
- [Parameter(Mandatory = false,
- Position = 2,
- HelpMessage = "Key version. Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment, key name and key version.")]
- [Alias("KeyVersion")]
- public string Version { get; set; }
-
- ///
- /// If present, enable a key if value is true.
- /// Disable a key if value is false.
- /// If not present, no change on current key enabled/disabled state.
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "Value of true enables the key and a value of false disabless the key. If not specified, the existing enabled/disabled state remains unchanged.")]
- public bool? Enable { get; set; }
-
- ///
- /// Key expires time in UTC time
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "The expiration time of a key in UTC time. If not specified, the existing expiration time of the key remains unchanged.")]
- public DateTime? Expires { get; set; }
-
- ///
- /// The UTC time before which key can't be used
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "The UTC time before which key can't be used. If not specified, the existing NotBefore attribute of the key remains unchanged.")]
- public DateTime? NotBefore { get; set; }
-
- ///
- /// Key operations
- ///
- [Parameter(Mandatory = false,
- HelpMessage = "The operations that can be performed with the key. If not specified, the existing key operations of the key remain unchanged.")]
- public string[] KeyOps { get; set; }
-
- [Parameter(Mandatory = false,
- HelpMessage = "A hashtable represents key tags. If not specified, the existings tags of the key remain unchanged.")]
- [Alias(Constants.TagsAlias)]
- public Hashtable Tag { get; set; }
-
- [Parameter(Mandatory = false,
- HelpMessage = "Cmdlet does not return an object by default. If this switch is specified, returns the updated key bundle object.")]
- public SwitchParameter PassThru { get; set; }
-
- #endregion
-
- public override void ExecuteCmdlet()
- {
- if (InputObject != null)
- {
- HsmName = InputObject.VaultName;
- Name = InputObject.Name;
- }
-
- if (ShouldProcess(Name, Properties.Resources.SetKeyAttribute))
- {
- var keyBundle = this.Track2DataClient.UpdateManagedHsmKey(
- HsmName,
- Name,
- Version ?? string.Empty,
- new PSKeyVaultKeyAttributes(Enable, Expires, NotBefore, null, KeyOps, Tag));
-
- if (PassThru)
- {
- WriteObject(keyBundle);
- }
- }
- }
- }
-}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs b/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs
index 58b949b38c4c..fa4c45625528 100644
--- a/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs
+++ b/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKey.cs
@@ -26,7 +26,7 @@ public class PSDeletedKeyVaultKey : PSDeletedKeyVaultKeyIdentityItem
public PSDeletedKeyVaultKey()
{ }
- internal PSDeletedKeyVaultKey(Azure.KeyVault.Models.DeletedKeyBundle deletedKeyBundle, VaultUriHelper vaultUriHelper)
+ internal PSDeletedKeyVaultKey(Azure.KeyVault.Models.DeletedKeyBundle deletedKeyBundle, VaultUriHelper vaultUriHelper, bool isHsm = false)
{
if (deletedKeyBundle == null)
throw new ArgumentNullException("keyItem");
@@ -59,9 +59,10 @@ internal PSDeletedKeyVaultKey(Azure.KeyVault.Models.DeletedKeyBundle deletedKeyB
ScheduledPurgeDate = deletedKeyBundle.ScheduledPurgeDate;
DeletedDate = deletedKeyBundle.DeletedDate;
+ IsHsm = isHsm;
}
- internal PSDeletedKeyVaultKey(DeletedKey deletedKey, VaultUriHelper vaultUriHelper)
+ internal PSDeletedKeyVaultKey(DeletedKey deletedKey, VaultUriHelper vaultUriHelper, bool isHsm = false)
{
if (deletedKey == null)
throw new ArgumentNullException("deletedKey");
@@ -93,6 +94,7 @@ internal PSDeletedKeyVaultKey(DeletedKey deletedKey, VaultUriHelper vaultUriHelp
Tags = deletedKey.Properties.Tags.ConvertToHashtable();
ScheduledPurgeDate = deletedKey.ScheduledPurgeDate?.UtcDateTime;
DeletedDate = deletedKey.DeletedOn?.UtcDateTime;
+ IsHsm = isHsm;
}
public PSKeyVaultKeyAttributes Attributes { get; set; }
diff --git a/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKeyIdentityItem.cs b/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKeyIdentityItem.cs
index 0e75d5da5218..f857f5941395 100644
--- a/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKeyIdentityItem.cs
+++ b/src/KeyVault/KeyVault/Models/PSDeletedKeyVaultKeyIdentityItem.cs
@@ -22,12 +22,12 @@ public class PSDeletedKeyVaultKeyIdentityItem : PSKeyVaultKeyIdentityItem
public PSDeletedKeyVaultKeyIdentityItem()
{ }
- internal PSDeletedKeyVaultKeyIdentityItem(Azure.KeyVault.Models.DeletedKeyItem keyItem, VaultUriHelper vaultUriHelper) : base(keyItem, vaultUriHelper)
+ internal PSDeletedKeyVaultKeyIdentityItem(Azure.KeyVault.Models.DeletedKeyItem keyItem, VaultUriHelper vaultUriHelper, bool isHsm = false) : base(keyItem, vaultUriHelper, isHsm)
{
ScheduledPurgeDate = keyItem.ScheduledPurgeDate;
DeletedDate = keyItem.DeletedDate;
}
- internal PSDeletedKeyVaultKeyIdentityItem(Track2Sdk.DeletedKey deletedKey, VaultUriHelper vaultUriHelper): base(deletedKey.Properties, vaultUriHelper)
+ internal PSDeletedKeyVaultKeyIdentityItem(Track2Sdk.DeletedKey deletedKey, VaultUriHelper vaultUriHelper, bool isHsm = false) : base(deletedKey.Properties, vaultUriHelper, isHsm)
{
ScheduledPurgeDate = deletedKey.ScheduledPurgeDate?.UtcDateTime;
DeletedDate = deletedKey.DeletedOn?.UtcDateTime;
diff --git a/src/KeyVault/KeyVault/Models/PSKeyVaultKey.cs b/src/KeyVault/KeyVault/Models/PSKeyVaultKey.cs
index d74106b509c6..07fbba7a7c4c 100644
--- a/src/KeyVault/KeyVault/Models/PSKeyVaultKey.cs
+++ b/src/KeyVault/KeyVault/Models/PSKeyVaultKey.cs
@@ -25,7 +25,7 @@ public class PSKeyVaultKey : PSKeyVaultKeyIdentityItem
public PSKeyVaultKey()
{ }
- internal PSKeyVaultKey(Microsoft.Azure.KeyVault.Models.KeyBundle keyBundle, VaultUriHelper vaultUriHelper)
+ internal PSKeyVaultKey(Microsoft.Azure.KeyVault.Models.KeyBundle keyBundle, VaultUriHelper vaultUriHelper, bool isHsm = false)
{
if (keyBundle == null)
throw new ArgumentNullException("keyBundle");
@@ -53,9 +53,11 @@ internal PSKeyVaultKey(Microsoft.Azure.KeyVault.Models.KeyBundle keyBundle, Vaul
Updated = keyBundle.Attributes.Updated;
RecoveryLevel = keyBundle.Attributes.RecoveryLevel;
Tags = (keyBundle.Tags == null) ? null : keyBundle.Tags.ConvertToHashtable();
+
+ IsHsm = isHsm;
}
- internal PSKeyVaultKey(Track2Sdk.KeyVaultKey key, VaultUriHelper vaultUriHelper)
+ internal PSKeyVaultKey(Track2Sdk.KeyVaultKey key, VaultUriHelper vaultUriHelper, bool isHsm = false)
{
if (key == null)
throw new ArgumentNullException("key");
@@ -85,6 +87,7 @@ internal PSKeyVaultKey(Track2Sdk.KeyVaultKey key, VaultUriHelper vaultUriHelper)
Updated = key.Properties.UpdatedOn?.UtcDateTime;
RecoveryLevel = key.Properties.RecoveryLevel;
Tags = key.Properties.Tags.ConvertToHashtable();
+ IsHsm = isHsm;
}
public PSKeyVaultKeyAttributes Attributes { get; set; }
diff --git a/src/KeyVault/KeyVault/Models/PSKeyVaultKeyIdentityItem.cs b/src/KeyVault/KeyVault/Models/PSKeyVaultKeyIdentityItem.cs
index 0c88ef3c9c1f..9d56282c3143 100644
--- a/src/KeyVault/KeyVault/Models/PSKeyVaultKeyIdentityItem.cs
+++ b/src/KeyVault/KeyVault/Models/PSKeyVaultKeyIdentityItem.cs
@@ -24,7 +24,7 @@ public class PSKeyVaultKeyIdentityItem : ObjectIdentifier
public PSKeyVaultKeyIdentityItem()
{ }
- internal PSKeyVaultKeyIdentityItem(Azure.KeyVault.Models.KeyItem keyItem, VaultUriHelper vaultUriHelper)
+ internal PSKeyVaultKeyIdentityItem(Azure.KeyVault.Models.KeyItem keyItem, VaultUriHelper vaultUriHelper, bool isHsm = false)
{
if (keyItem == null)
throw new ArgumentNullException("keyItem");
@@ -42,9 +42,10 @@ internal PSKeyVaultKeyIdentityItem(Azure.KeyVault.Models.KeyItem keyItem, VaultU
Updated = keyItem.Attributes.Updated;
RecoveryLevel = keyItem.Attributes.RecoveryLevel;
Tags = (keyItem.Tags == null) ? null : keyItem.Tags.ConvertToHashtable();
+ IsHsm = isHsm;
}
- internal PSKeyVaultKeyIdentityItem(PSKeyVaultKey keyBundle)
+ internal PSKeyVaultKeyIdentityItem(PSKeyVaultKey keyBundle, bool isHsm = false)
{
if (keyBundle == null)
throw new ArgumentNullException("keyBundle");
@@ -60,8 +61,10 @@ internal PSKeyVaultKeyIdentityItem(PSKeyVaultKey keyBundle)
Updated = keyBundle.Attributes.Updated;
RecoveryLevel = keyBundle.Attributes.RecoveryLevel;
Tags = keyBundle.Attributes.Tags;
+
+ IsHsm = isHsm;
}
- internal PSKeyVaultKeyIdentityItem(Track2Sdk.KeyProperties keyProperties, VaultUriHelper vaultUriHelper)
+ internal PSKeyVaultKeyIdentityItem(Track2Sdk.KeyProperties keyProperties, VaultUriHelper vaultUriHelper, bool isHsm = false)
{
if (keyProperties == null)
throw new ArgumentNullException("keyProperties");
@@ -77,6 +80,8 @@ internal PSKeyVaultKeyIdentityItem(Track2Sdk.KeyProperties keyProperties, VaultU
Updated = keyProperties.UpdatedOn?.UtcDateTime;
RecoveryLevel = keyProperties.RecoveryLevel;
Tags = keyProperties.Tags.ConvertToHashtable();
+
+ IsHsm = isHsm;
}
public bool? Enabled { get; set; }
@@ -97,5 +102,7 @@ public string TagsTable
{
get { return (Tags == null) ? null : Tags.ConvertToTagsTable(); }
}
+
+ public bool IsHsm { get; protected set; }
}
}
diff --git a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
index 3f53340d9ff6..7e3d64c0359f 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
+++ b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
@@ -8,11 +8,10 @@
//
//------------------------------------------------------------------------------
-namespace Microsoft.Azure.Commands.KeyVault.Properties
-{
+namespace Microsoft.Azure.Commands.KeyVault.Properties {
using System;
-
-
+
+
///
/// A strongly-typed resource class, for looking up localized strings, etc.
///
@@ -23,118 +22,98 @@ namespace Microsoft.Azure.Commands.KeyVault.Properties
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "16.0.0.0")]
[global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
[global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
- internal class Resources
- {
-
+ internal class Resources {
+
private static global::System.Resources.ResourceManager resourceMan;
-
+
private static global::System.Globalization.CultureInfo resourceCulture;
-
+
[global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
- internal Resources()
- {
+ internal Resources() {
}
-
+
///
/// Returns the cached ResourceManager instance used by this class.
///
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
- internal static global::System.Resources.ResourceManager ResourceManager
- {
- get
- {
- if (object.ReferenceEquals(resourceMan, null))
- {
+ internal static global::System.Resources.ResourceManager ResourceManager {
+ get {
+ if (object.ReferenceEquals(resourceMan, null)) {
global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.Azure.Commands.KeyVault.Properties.Resources", typeof(Resources).Assembly);
resourceMan = temp;
}
return resourceMan;
}
}
-
+
///
/// Overrides the current thread's CurrentUICulture property for all
/// resource lookups using this strongly typed resource class.
///
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
- internal static global::System.Globalization.CultureInfo Culture
- {
- get
- {
+ internal static global::System.Globalization.CultureInfo Culture {
+ get {
return resourceCulture;
}
- set
- {
+ set {
resourceCulture = value;
}
}
-
+
///
/// Looks up a localized string similar to The current credentials do not have access to Azure Active Directory. Please either use an ObjectId to refer to ActiveDirectory objects, or log in using credentials that have access to Azure Active Directory..
///
- internal static string ActiveDirectoryClientNull
- {
- get
- {
+ internal static string ActiveDirectoryClientNull {
+ get {
return ResourceManager.GetString("ActiveDirectoryClientNull", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Add certificate.
///
- internal static string AddCertificate
- {
- get
- {
+ internal static string AddCertificate {
+ get {
return ResourceManager.GetString("AddCertificate", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Add certificate contact.
///
- internal static string AddCertificateContact
- {
- get
- {
+ internal static string AddCertificateContact {
+ get {
return ResourceManager.GetString("AddCertificateContact", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Add key.
///
- internal static string AddKey
- {
- get
- {
+ internal static string AddKey {
+ get {
return ResourceManager.GetString("AddKey", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Add Key Vault managed Storage Account.
///
- internal static string AddManagedStorageAccount
- {
- get
- {
+ internal static string AddManagedStorageAccount {
+ get {
return ResourceManager.GetString("AddManagedStorageAccount", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Add vault network rule.
///
- internal static string AddNetworkRule
- {
- get
- {
+ internal static string AddNetworkRule {
+ get {
return ResourceManager.GetString("AddNetworkRule", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Please make sure you have sufficient permissions in AD Graph to get and list graph objects for validation to work. Otherwise skip witch `-BypassObjectIdValidation`..
///
@@ -147,259 +126,213 @@ internal static string ADGraphPermissionWarning {
///
/// Looks up a localized string similar to The Email argument specified, '{1}', matches multiple objects in the Azure Active Directory tenant '{2}'. Please use -UserPrincipalName to narrow down the filter to a single object. The TenantID displayed by the cmdlet 'Get-AzContext' is the current subscription's Azure Active Directory..
///
- internal static string ADObjectAmbiguous
- {
- get
- {
+ internal static string ADObjectAmbiguous {
+ get {
return ResourceManager.GetString("ADObjectAmbiguous", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Retrieving object ID from Azure Active Directory failed. {0}
///
///Please provide object ID for the user or service principle to set a vault access policy.
///You can find the object ID using Azure Active Directory Module for Windows PowerShell..
///
- internal static string ADObjectIDRetrievalFailed
- {
- get
- {
+ internal static string ADObjectIDRetrievalFailed {
+ get {
return ResourceManager.GetString("ADObjectIDRetrievalFailed", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Cannot find the Active Directory object '{0}' in tenant '{1}'. Please make sure that the user or application service principal you are authorizing is registered in the current subscription's Azure Active directory. The TenantID displayed by the cmdlet 'Get-AzContext' is the current subscription's Azure Active directory..
///
- internal static string ADObjectNotFound
- {
- get
- {
+ internal static string ADObjectNotFound {
+ get {
return ResourceManager.GetString("ADObjectNotFound", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to The 'all' permission will be removed in May 2018 and does not include the 'purge' permission. 'Purge' permission must be explicitly set..
///
- internal static string AllPermissionExpansionWarning
- {
- get
- {
+ internal static string AllPermissionExpansionWarning {
+ get {
return ResourceManager.GetString("AllPermissionExpansionWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Could not find application by '{0}'..
///
- internal static string ApplicationNotFoundBy
- {
- get
- {
+ internal static string ApplicationNotFoundBy {
+ get {
return ResourceManager.GetString("ApplicationNotFoundBy", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to No account found in the context. Please login using Connect-AzAccount..
///
- internal static string ArmAccountNotFound
- {
- get
- {
+ internal static string ArmAccountNotFound {
+ get {
return ResourceManager.GetString("ArmAccountNotFound", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Assign role '{0}' to principal '{1}' at scope '{2}'..
///
- internal static string AssignRole
- {
- get
- {
+ internal static string AssignRole {
+ get {
return ResourceManager.GetString("AssignRole", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Backup certificate.
///
- internal static string BackupCertificate
- {
- get
- {
+ internal static string BackupCertificate {
+ get {
return ResourceManager.GetString("BackupCertificate", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to The backup file '{0}' already exists..
///
- internal static string BackupFileAlreadyExists
- {
- get
- {
+ internal static string BackupFileAlreadyExists {
+ get {
return ResourceManager.GetString("BackupFileAlreadyExists", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Cannot find backup file '{0}'..
///
- internal static string BackupFileNotFound
- {
- get
- {
+ internal static string BackupFileNotFound {
+ get {
return ResourceManager.GetString("BackupFileNotFound", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Backup key.
///
- internal static string BackupKey
- {
- get
- {
+ internal static string BackupKey {
+ get {
return ResourceManager.GetString("BackupKey", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to The backup key file '{0}' already exists..
///
- internal static string BackupKeyFileAlreadyExists
- {
- get
- {
+ internal static string BackupKeyFileAlreadyExists {
+ get {
return ResourceManager.GetString("BackupKeyFileAlreadyExists", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Cannot find backup key file '{0}'.
///
- internal static string BackupKeyFileNotFound
- {
- get
- {
+ internal static string BackupKeyFileNotFound {
+ get {
return ResourceManager.GetString("BackupKeyFileNotFound", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Backup managed storage account.
///
- internal static string BackupManagedStorageAccount
- {
- get
- {
+ internal static string BackupManagedStorageAccount {
+ get {
return ResourceManager.GetString("BackupManagedStorageAccount", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Backup secret.
///
- internal static string BackupSecret
- {
- get
- {
+ internal static string BackupSecret {
+ get {
return ResourceManager.GetString("BackupSecret", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to The backup secret file '{0}' already exists..
///
- internal static string BackupSecretFileAlreadyExists
- {
- get
- {
+ internal static string BackupSecretFileAlreadyExists {
+ get {
return ResourceManager.GetString("BackupSecretFileAlreadyExists", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Cannot find backup secret file '{0}'.
///
- internal static string BackupSecretFileNotFound
- {
- get
- {
+ internal static string BackupSecretFileNotFound {
+ get {
return ResourceManager.GetString("BackupSecretFileNotFound", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Bad Parameter Set Name.
///
- internal static string BadParameterSetName
- {
- get
- {
+ internal static string BadParameterSetName {
+ get {
return ResourceManager.GetString("BadParameterSetName", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Cannot find certificate file '{0}'..
///
- internal static string CertificateFileNotFound
- {
- get
- {
+ internal static string CertificateFileNotFound {
+ get {
return ResourceManager.GetString("CertificateFileNotFound", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Create certificate administrator.
///
- internal static string CreateCertificateAdministrator
- {
- get
- {
+ internal static string CreateCertificateAdministrator {
+ get {
return ResourceManager.GetString("CreateCertificateAdministrator", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Create certificate organization.
///
- internal static string CreateCertificateOrganization
- {
- get
- {
+ internal static string CreateCertificateOrganization {
+ get {
return ResourceManager.GetString("CreateCertificateOrganization", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Create certificate policy.
///
- internal static string CreateCertificatePolicy
- {
- get
- {
+ internal static string CreateCertificatePolicy {
+ get {
return ResourceManager.GetString("CreateCertificatePolicy", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Create key vault.
///
- internal static string CreateKeyVault
- {
- get
- {
+ internal static string CreateKeyVault {
+ get {
return ResourceManager.GetString("CreateKeyVault", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Failed to decrypt security domain data. Please make sure the file is not modified and the keys / passwords are correct..
///
@@ -421,47 +354,39 @@ internal static string DecryptSecurityDomainKeyNotEnough {
///
/// Looks up a localized string similar to Cannot find deleted vault '{0}' in location '{1}'.
///
- internal static string DeletedVaultNotFound
- {
- get
- {
+ internal static string DeletedVaultNotFound {
+ get {
return ResourceManager.GetString("DeletedVaultNotFound", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Perform a full backup and stores it in {0}..
///
- internal static string DoFullBackup
- {
- get
- {
+ internal static string DoFullBackup {
+ get {
return ResourceManager.GetString("DoFullBackup", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Restores the managed HSM from the backup stored in {0}..
///
- internal static string DoFullRestore
- {
- get
- {
+ internal static string DoFullRestore {
+ get {
return ResourceManager.GetString("DoFullRestore", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Key type '{0}' is not supported for downloading. (Supported types: RSA, RSA-HSM).
///
- internal static string DownloadNotSupported
- {
- get
- {
+ internal static string DownloadNotSupported {
+ get {
return ResourceManager.GetString("DownloadNotSupported", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Failed to download security domain backup data..
///
@@ -483,462 +408,381 @@ internal static string DownloadSecurityDomainKeyFail {
///
/// Looks up a localized string similar to Overwrite File ?.
///
- internal static string FileOverwriteCaption
- {
- get
- {
+ internal static string FileOverwriteCaption {
+ get {
return ResourceManager.GetString("FileOverwriteCaption", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Overwrite existing file at '{0}' ?.
///
- internal static string FileOverwriteMessage
- {
- get
- {
+ internal static string FileOverwriteMessage {
+ get {
return ResourceManager.GetString("FileOverwriteMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Failed to backup managed HSM {0}..
///
- internal static string FullBackupFailed
- {
- get
- {
+ internal static string FullBackupFailed {
+ get {
return ResourceManager.GetString("FullBackupFailed", resourceCulture);
}
}
-
+
///
- /// Looks up a localized string similar to To encrypt the security domain data, please provide at least {0} and at most {1} certificates..
+ /// Looks up a localized string similar to Failed to restore managed HSM {0}..
///
- internal static string HsmCertRangeWarning {
+ internal static string FullRestoreFailed {
get {
- return ResourceManager.GetString("HsmCertRangeWarning", resourceCulture);
- }
+ return ResourceManager.GetString("FullRestoreFailed", resourceCulture);
+ }
}
+ ///
/// Looks up a localized string similar to The specified HSM already exists..
///
- internal static string HsmAlreadyExists
- {
- get
- {
+ internal static string HsmAlreadyExists {
+ get {
return ResourceManager.GetString("HsmAlreadyExists", resourceCulture);
}
}
-
+
///
- /// Looks up a localized string similar to Failed to restore managed HSM {0}..
+ /// Looks up a localized string similar to To encrypt the security domain data, please provide at least {0} and at most {1} certificates..
///
- internal static string FullRestoreFailed
- {
- get
- {
- return ResourceManager.GetString("FullRestoreFailed", resourceCulture);
+ internal static string HsmCertRangeWarning {
+ get {
+ return ResourceManager.GetString("HsmCertRangeWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Cannot find HSM '{0}' in resource group '{1}'..
///
- internal static string HsmNotFound
- {
- get
- {
+ internal static string HsmNotFound {
+ get {
return ResourceManager.GetString("HsmNotFound", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to BYOK key can not be imported as software key.
///
- internal static string ImportByokAsSoftkeyError
- {
- get
- {
+ internal static string ImportByokAsSoftkeyError {
+ get {
return ResourceManager.GetString("ImportByokAsSoftkeyError", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Import certificate.
///
- internal static string ImportCertificate
- {
- get
- {
+ internal static string ImportCertificate {
+ get {
return ResourceManager.GetString("ImportCertificate", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Key type '{0}' is not supported for importing. (Supported types: RSA-HSM).
///
- internal static string ImportNotSupported
- {
- get
- {
+ internal static string ImportNotSupported {
+ get {
return ResourceManager.GetString("ImportNotSupported", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid application Id..
///
- internal static string InvalidApplicationId
- {
- get
- {
+ internal static string InvalidApplicationId {
+ get {
return ResourceManager.GetString("InvalidApplicationId", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid AzureEnvironment..
///
- internal static string InvalidAzureEnvironment
- {
- get
- {
+ internal static string InvalidAzureEnvironment {
+ get {
return ResourceManager.GetString("InvalidAzureEnvironment", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to No current subscription has been designated. Use Set-AzContext -SubscriptionName <subscriptionName> to set the current subscription..
///
- internal static string InvalidCurrentSubscription
- {
- get
- {
+ internal static string InvalidCurrentSubscription {
+ get {
return ResourceManager.GetString("InvalidCurrentSubscription", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid HSM name..
///
- internal static string InvalidHsmName
- {
- get
- {
+ internal static string InvalidHsmName {
+ get {
return ResourceManager.GetString("InvalidHsmName", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid key attributes.
///
- internal static string InvalidKeyAttributes
- {
- get
- {
+ internal static string InvalidKeyAttributes {
+ get {
return ResourceManager.GetString("InvalidKeyAttributes", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid '{0}' key blob..
///
- internal static string InvalidKeyBlob
- {
- get
- {
+ internal static string InvalidKeyBlob {
+ get {
return ResourceManager.GetString("InvalidKeyBlob", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid KeyBundle..
///
- internal static string InvalidKeyBundle
- {
- get
- {
+ internal static string InvalidKeyBundle {
+ get {
return ResourceManager.GetString("InvalidKeyBundle", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Can not create given key material in specified destination..
///
- internal static string InvalidKeyDestination
- {
- get
- {
+ internal static string InvalidKeyDestination {
+ get {
return ResourceManager.GetString("InvalidKeyDestination", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid key identifier.
///
- internal static string InvalidKeyIdentifier
- {
- get
- {
+ internal static string InvalidKeyIdentifier {
+ get {
return ResourceManager.GetString("InvalidKeyIdentifier", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid key name..
///
- internal static string InvalidKeyName
- {
- get
- {
+ internal static string InvalidKeyName {
+ get {
return ResourceManager.GetString("InvalidKeyName", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid key properties.
///
- internal static string InvalidKeyProperties
- {
- get
- {
+ internal static string InvalidKeyProperties {
+ get {
return ResourceManager.GetString("InvalidKeyProperties", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid key uri '{0}'..
///
- internal static string InvalidKeyUri
- {
- get
- {
+ internal static string InvalidKeyUri {
+ get {
return ResourceManager.GetString("InvalidKeyUri", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid managed storage account bundle..
///
- internal static string InvalidManagedStorageAccountBundle
- {
- get
- {
+ internal static string InvalidManagedStorageAccountBundle {
+ get {
return ResourceManager.GetString("InvalidManagedStorageAccountBundle", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid managed storage account identifier..
///
- internal static string InvalidManagedStorageAccountIdentifier
- {
- get
- {
+ internal static string InvalidManagedStorageAccountIdentifier {
+ get {
return ResourceManager.GetString("InvalidManagedStorageAccountIdentifier", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid key vault managed storage acccount name..
///
- internal static string InvalidManagedStorageAccountName
- {
- get
- {
+ internal static string InvalidManagedStorageAccountName {
+ get {
return ResourceManager.GetString("InvalidManagedStorageAccountName", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid managed storage account or storage SAS definition attributes..
///
- internal static string InvalidManagedStorageObjectAttributes
- {
- get
- {
+ internal static string InvalidManagedStorageObjectAttributes {
+ get {
return ResourceManager.GetString("InvalidManagedStorageObjectAttributes", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid number of certificates..
///
- internal static string InvalidNumberOfCertificates
- {
- get
- {
+ internal static string InvalidNumberOfCertificates {
+ get {
return ResourceManager.GetString("InvalidNumberOfCertificates", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Cannot parse ObjectId into Guid..
///
- internal static string InvalidObjectIdSyntax
- {
- get
- {
+ internal static string InvalidObjectIdSyntax {
+ get {
return ResourceManager.GetString("InvalidObjectIdSyntax", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid Sas permission '{0}'..
///
- internal static string InvalidSasPermission
- {
- get
- {
+ internal static string InvalidSasPermission {
+ get {
return ResourceManager.GetString("InvalidSasPermission", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid secret attributes.
///
- internal static string InvalidSecretAttributes
- {
- get
- {
+ internal static string InvalidSecretAttributes {
+ get {
return ResourceManager.GetString("InvalidSecretAttributes", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid secret identifier.
///
- internal static string InvalidSecretIdentifier
- {
- get
- {
+ internal static string InvalidSecretIdentifier {
+ get {
return ResourceManager.GetString("InvalidSecretIdentifier", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid secret name..
///
- internal static string InvalidSecretName
- {
- get
- {
+ internal static string InvalidSecretName {
+ get {
return ResourceManager.GetString("InvalidSecretName", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid secret uri '{0}'..
///
- internal static string InvalidSecretUri
- {
- get
- {
+ internal static string InvalidSecretUri {
+ get {
return ResourceManager.GetString("InvalidSecretUri", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to No subscription is currently selected. Use Set-AzContext to activate a subscription..
///
- internal static string InvalidSelectedSubscription
- {
- get
- {
+ internal static string InvalidSelectedSubscription {
+ get {
return ResourceManager.GetString("InvalidSelectedSubscription", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid storage SAS definition identifier..
///
- internal static string InvalidStorageSasDefinitionIdentifier
- {
- get
- {
+ internal static string InvalidStorageSasDefinitionIdentifier {
+ get {
return ResourceManager.GetString("InvalidStorageSasDefinitionIdentifier", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials..
///
- internal static string InvalidSubscriptionState
- {
- get
- {
+ internal static string InvalidSubscriptionState {
+ get {
return ResourceManager.GetString("InvalidSubscriptionState", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid tag format. Expect @{Name = "tagName"} or @{Name = "tagName"; Value = "tagValue"}.
///
- internal static string InvalidTagFormat
- {
- get
- {
+ internal static string InvalidTagFormat {
+ get {
return ResourceManager.GetString("InvalidTagFormat", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid vault name..
///
- internal static string InvalidVaultName
- {
- get
- {
+ internal static string InvalidVaultName {
+ get {
return ResourceManager.GetString("InvalidVaultName", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid vault uri '{0}'. Vault uri must contain valid dns host name with domain suffix '{1}'..
///
- internal static string InvalidVaultUri
- {
- get
- {
+ internal static string InvalidVaultUri {
+ get {
return ResourceManager.GetString("InvalidVaultUri", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to When KeyOps is 'import', Destination must be HSM..
///
- internal static string KEKMustBeHSM
- {
- get
- {
+ internal static string KEKMustBeHSM {
+ get {
return ResourceManager.GetString("KEKMustBeHSM", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Can not find key file '{0}'..
///
- internal static string KeyFileNotFound
- {
- get
- {
+ internal static string KeyFileNotFound {
+ get {
return ResourceManager.GetString("KeyFileNotFound", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to The "import" operation is exclusive, it cannot be combined with any other value(s)..
///
- internal static string KeyOpsImportIsExclusive
- {
- get
- {
+ internal static string KeyOpsImportIsExclusive {
+ get {
return ResourceManager.GetString("KeyOpsImportIsExclusive", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Failed to load security domain data from {0}. Please make sure the file exists and is not modified..
///
@@ -951,542 +795,426 @@ internal static string LoadSecurityDomainFileFailed {
///
/// Looks up a localized string similar to There is no default user account associated with this subscription. Certificate accounts are not supported with Azure Key Vault..
///
- internal static string NoDefaultUserAccount
- {
- get
- {
+ internal static string NoDefaultUserAccount {
+ get {
return ResourceManager.GetString("NoDefaultUserAccount", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to No tenant found in the context. Please ensure that the credentials you provided are authorized to access an Azure subscription, then run Connect-AzAccount to login..
///
- internal static string NoTenantInContext
- {
- get
- {
+ internal static string NoTenantInContext {
+ get {
return ResourceManager.GetString("NoTenantInContext", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Invalid permissions to {0}. The list contains "all" along with other permissions. Please remove "all" from the list or include only "all" in the list..
///
- internal static string PermissionSetIncludesAllPlusOthers
- {
- get
- {
+ internal static string PermissionSetIncludesAllPlusOthers {
+ get {
return ResourceManager.GetString("PermissionSetIncludesAllPlusOthers", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to At least one permission should be selected for key access or secret access..
///
- internal static string PermissionsNotSpecified
- {
- get
- {
+ internal static string PermissionsNotSpecified {
+ get {
return ResourceManager.GetString("PermissionsNotSpecified", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Public key saved at '{0}'..
///
- internal static string PublicKeySavedAt
- {
- get
- {
+ internal static string PublicKeySavedAt {
+ get {
return ResourceManager.GetString("PublicKeySavedAt", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to remove vault '{0}' forever..
///
- internal static string PurgeVaultWarning
- {
- get
- {
+ internal static string PurgeVaultWarning {
+ get {
return ResourceManager.GetString("PurgeVaultWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Purge vault.
///
- internal static string PurgeVaultWhatIfMessage
- {
- get
- {
+ internal static string PurgeVaultWhatIfMessage {
+ get {
return ResourceManager.GetString("PurgeVaultWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Recover certificate.
///
- internal static string RecoverCertificate
- {
- get
- {
+ internal static string RecoverCertificate {
+ get {
return ResourceManager.GetString("RecoverCertificate", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Recover key.
///
- internal static string RecoverKey
- {
- get
- {
+ internal static string RecoverKey {
+ get {
return ResourceManager.GetString("RecoverKey", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Recover KeyVault-managed storage account.
///
- internal static string RecoverManagedStorageAccount
- {
- get
- {
+ internal static string RecoverManagedStorageAccount {
+ get {
return ResourceManager.GetString("RecoverManagedStorageAccount", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Recover KeyVault-managed storage account SAS definition..
///
- internal static string RecoverManagedStorageSasDefinition
- {
- get
- {
+ internal static string RecoverManagedStorageSasDefinition {
+ get {
return ResourceManager.GetString("RecoverManagedStorageSasDefinition", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Recover secret.
///
- internal static string RecoverSecret
- {
- get
- {
+ internal static string RecoverSecret {
+ get {
return ResourceManager.GetString("RecoverSecret", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Recover vault.
///
- internal static string RecoverVault
- {
- get
- {
+ internal static string RecoverVault {
+ get {
return ResourceManager.GetString("RecoverVault", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to regenerate '{0}' of storage account '{1}' and make it an active key of Key Vault managed Storage Account..
///
- internal static string RegenerateManagedStorageAccountKeyWarning
- {
- get
- {
+ internal static string RegenerateManagedStorageAccountKeyWarning {
+ get {
return ResourceManager.GetString("RegenerateManagedStorageAccountKeyWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Regenerate '{0}'.
///
- internal static string RegenerateManagedStorageAccountKeyWhatIfMessage
- {
- get
- {
+ internal static string RegenerateManagedStorageAccountKeyWhatIfMessage {
+ get {
return ResourceManager.GetString("RegenerateManagedStorageAccountKeyWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove certificate contact.
///
- internal static string RemoveCertificateContact
- {
- get
- {
+ internal static string RemoveCertificateContact {
+ get {
return ResourceManager.GetString("RemoveCertificateContact", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove certificate issuer.
///
- internal static string RemoveCertificateIssuer
- {
- get
- {
+ internal static string RemoveCertificateIssuer {
+ get {
return ResourceManager.GetString("RemoveCertificateIssuer", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove certificate operation.
///
- internal static string RemoveCertificateOperation
- {
- get
- {
+ internal static string RemoveCertificateOperation {
+ get {
return ResourceManager.GetString("RemoveCertificateOperation", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to remove certificate '{0}'?.
///
- internal static string RemoveCertWarning
- {
- get
- {
+ internal static string RemoveCertWarning {
+ get {
return ResourceManager.GetString("RemoveCertWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove certificate.
///
- internal static string RemoveCertWhatIfMessage
- {
- get
- {
+ internal static string RemoveCertWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveCertWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to purge certificate '{0}'.
///
- internal static string RemoveDeletedCertificateWarning
- {
- get
- {
+ internal static string RemoveDeletedCertificateWarning {
+ get {
return ResourceManager.GetString("RemoveDeletedCertificateWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Purge certificate.
///
- internal static string RemoveDeletedCertificateWhatIfMessage
- {
- get
- {
+ internal static string RemoveDeletedCertificateWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveDeletedCertificateWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to purge key '{0}'..
///
- internal static string RemoveDeletedKeyWarning
- {
- get
- {
+ internal static string RemoveDeletedKeyWarning {
+ get {
return ResourceManager.GetString("RemoveDeletedKeyWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Purge key.
///
- internal static string RemoveDeletedKeyWhatIfMessage
- {
- get
- {
+ internal static string RemoveDeletedKeyWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveDeletedKeyWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to purge managed storage account '{0}'.
///
- internal static string RemoveDeletedManagedStorageAccountWarning
- {
- get
- {
+ internal static string RemoveDeletedManagedStorageAccountWarning {
+ get {
return ResourceManager.GetString("RemoveDeletedManagedStorageAccountWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Purge managed storage account.
///
- internal static string RemoveDeletedManagedStorageAccountWhatIfMessage
- {
- get
- {
+ internal static string RemoveDeletedManagedStorageAccountWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveDeletedManagedStorageAccountWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to purge secret '{0}'..
///
- internal static string RemoveDeletedSecretWarning
- {
- get
- {
+ internal static string RemoveDeletedSecretWarning {
+ get {
return ResourceManager.GetString("RemoveDeletedSecretWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Purge secret.
///
- internal static string RemoveDeletedSecretWhatIfMessage
- {
- get
- {
+ internal static string RemoveDeletedSecretWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveDeletedSecretWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to remove HSM '{0}'?.
///
- internal static string RemoveHsmWarning
- {
- get
- {
+ internal static string RemoveHsmWarning {
+ get {
return ResourceManager.GetString("RemoveHsmWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove HSM.
///
- internal static string RemoveHsmWhatIfMessage
- {
- get
- {
+ internal static string RemoveHsmWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveHsmWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to remove key '{0}'?.
///
- internal static string RemoveKeyWarning
- {
- get
- {
+ internal static string RemoveKeyWarning {
+ get {
return ResourceManager.GetString("RemoveKeyWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove key.
///
- internal static string RemoveKeyWhatIfMessage
- {
- get
- {
+ internal static string RemoveKeyWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveKeyWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to remove managed storage account '{0}'?.
///
- internal static string RemoveManagedStorageAccountWarning
- {
- get
- {
+ internal static string RemoveManagedStorageAccountWarning {
+ get {
return ResourceManager.GetString("RemoveManagedStorageAccountWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove managed storage account.
///
- internal static string RemoveManagedStorageAccountWhatIfMessage
- {
- get
- {
+ internal static string RemoveManagedStorageAccountWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveManagedStorageAccountWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to remove managed storage sas definition '{0}'.
///
- internal static string RemoveManagedStorageSasDefinitionWarning
- {
- get
- {
+ internal static string RemoveManagedStorageSasDefinitionWarning {
+ get {
return ResourceManager.GetString("RemoveManagedStorageSasDefinitionWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove managed storage sas definition.
///
- internal static string RemoveManagedStorageSasDefinitionWhatIfMessage
- {
- get
- {
+ internal static string RemoveManagedStorageSasDefinitionWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveManagedStorageSasDefinitionWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove vault network rule.
///
- internal static string RemoveNetworkRule
- {
- get
- {
+ internal static string RemoveNetworkRule {
+ get {
return ResourceManager.GetString("RemoveNetworkRule", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove role '{0}' of principal '{1}' at scope '{2}'..
///
- internal static string RemoveRole
- {
- get
- {
+ internal static string RemoveRole {
+ get {
return ResourceManager.GetString("RemoveRole", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to remove secret '{0}'?.
///
- internal static string RemoveSecretWarning
- {
- get
- {
+ internal static string RemoveSecretWarning {
+ get {
return ResourceManager.GetString("RemoveSecretWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove secret.
///
- internal static string RemoveSecretWhatIfMessage
- {
- get
- {
+ internal static string RemoveSecretWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveSecretWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove vault access policy.
///
- internal static string RemoveVaultAccessPolicy
- {
- get
- {
+ internal static string RemoveVaultAccessPolicy {
+ get {
return ResourceManager.GetString("RemoveVaultAccessPolicy", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Are you sure you want to remove vault '{0}'..
///
- internal static string RemoveVaultWarning
- {
- get
- {
+ internal static string RemoveVaultWarning {
+ get {
return ResourceManager.GetString("RemoveVaultWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Remove vault.
///
- internal static string RemoveVaultWhatIfMessage
- {
- get
- {
+ internal static string RemoveVaultWhatIfMessage {
+ get {
return ResourceManager.GetString("RemoveVaultWhatIfMessage", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Restore certificate.
///
- internal static string RestoreCertificate
- {
- get
- {
+ internal static string RestoreCertificate {
+ get {
return ResourceManager.GetString("RestoreCertificate", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Restore key.
///
- internal static string RestoreKey
- {
- get
- {
+ internal static string RestoreKey {
+ get {
return ResourceManager.GetString("RestoreKey", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Restore managed storage account.
///
- internal static string RestoreManagedStorageAccount
- {
- get
- {
+ internal static string RestoreManagedStorageAccount {
+ get {
return ResourceManager.GetString("RestoreManagedStorageAccount", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Restore secret.
///
- internal static string RestoreSecret
- {
- get
- {
+ internal static string RestoreSecret {
+ get {
return ResourceManager.GetString("RestoreSecret", resourceCulture);
}
}
-
- ///
- /// Looks up a localized string similar to Could not find the role assignment by given parameters..
- ///
- internal static string RoleAssignmentNotFound
- {
- get
- {
- return ResourceManager.GetString("RoleAssignmentNotFound", resourceCulture);
- }
- }
-
- ///
- /// Looks up a localized string similar to Could not to find role definition by '{0}'..
- ///
- internal static string RoleDefinitionNotFound
- {
- get
- {
- return ResourceManager.GetString("RoleDefinitionNotFound", resourceCulture);
- }
- }
-
+
///
/// Looks up a localized string similar to "PublicKey" and "PrivateKey" are mandatory properties in each object in "Keys"..
///
@@ -1514,222 +1242,209 @@ internal static string RestoreSecurityDomainNotEnoughKey {
}
}
+ ///
+ /// Looks up a localized string similar to Could not find the role assignment by given parameters..
+ ///
+ internal static string RoleAssignmentNotFound {
+ get {
+ return ResourceManager.GetString("RoleAssignmentNotFound", resourceCulture);
+ }
+ }
+
+ ///
+ /// Looks up a localized string similar to Could not to find role definition by '{0}'..
+ ///
+ internal static string RoleDefinitionNotFound {
+ get {
+ return ResourceManager.GetString("RoleDefinitionNotFound", resourceCulture);
+ }
+ }
+
///
/// Looks up a localized string similar to Set certificate attribute.
///
- internal static string SetCertificateAttributes
- {
- get
- {
+ internal static string SetCertificateAttributes {
+ get {
return ResourceManager.GetString("SetCertificateAttributes", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Set certificate issuer.
///
- internal static string SetCertificateIssuer
- {
- get
- {
+ internal static string SetCertificateIssuer {
+ get {
return ResourceManager.GetString("SetCertificateIssuer", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Set certificate policy.
///
- internal static string SetCertificatePolicy
- {
- get
- {
+ internal static string SetCertificatePolicy {
+ get {
return ResourceManager.GetString("SetCertificatePolicy", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Set key attribute.
///
- internal static string SetKeyAttribute
- {
- get
- {
+ internal static string SetKeyAttribute {
+ get {
return ResourceManager.GetString("SetKeyAttribute", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Set Key Vault managed Storage Account attribute.
///
- internal static string SetManagedStorageAccountKeysAttribute
- {
- get
- {
+ internal static string SetManagedStorageAccountKeysAttribute {
+ get {
return ResourceManager.GetString("SetManagedStorageAccountKeysAttribute", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Set Key Vault managed Storage SAS definition.
///
- internal static string SetManagedStorageSasDefinition
- {
- get
- {
+ internal static string SetManagedStorageSasDefinition {
+ get {
return ResourceManager.GetString("SetManagedStorageSasDefinition", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Set secret.
///
- internal static string SetSecret
- {
- get
- {
+ internal static string SetSecret {
+ get {
return ResourceManager.GetString("SetSecret", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Set secret attribute.
///
- internal static string SetSecretAttribute
- {
- get
- {
+ internal static string SetSecretAttribute {
+ get {
return ResourceManager.GetString("SetSecretAttribute", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Set vault access policy.
///
- internal static string SetVaultAccessPolicy
- {
- get
- {
+ internal static string SetVaultAccessPolicy {
+ get {
return ResourceManager.GetString("SetVaultAccessPolicy", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Stop certificate operation.
///
- internal static string StopCertificateOperation
- {
- get
- {
+ internal static string StopCertificateOperation {
+ get {
return ResourceManager.GetString("StopCertificateOperation", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Key vault cmdlet does not support account type '{0}'..
///
- internal static string UnsupportedAccountType
- {
- get
- {
+ internal static string UnsupportedAccountType {
+ get {
return ResourceManager.GetString("UnsupportedAccountType", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to The file format of '{0}' is not supported..
///
- internal static string UnsupportedFileFormat
- {
- get
- {
+ internal static string UnsupportedFileFormat {
+ get {
return ResourceManager.GetString("UnsupportedFileFormat", resourceCulture);
}
}
-
+
+ ///
+ /// Looks up a localized string similar to Updating managed HSM '{0}' in resource group '{1}'..
+ ///
+ internal static string UpdateHsmShouldProcessMessage {
+ get {
+ return ResourceManager.GetString("UpdateHsmShouldProcessMessage", resourceCulture);
+ }
+ }
+
///
/// Looks up a localized string similar to Update vault network rule.
///
- internal static string UpdateNetworkRule
- {
- get
- {
+ internal static string UpdateNetworkRule {
+ get {
return ResourceManager.GetString("UpdateNetworkRule", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to The network rule set has been turned off for this vault..
///
- internal static string UpdateNetworkRuleWarning
- {
- get
- {
+ internal static string UpdateNetworkRuleWarning {
+ get {
return ResourceManager.GetString("UpdateNetworkRuleWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Could not find user by '{0}'..
///
- internal static string UserNotFoundBy
- {
- get
- {
+ internal static string UserNotFoundBy {
+ get {
return ResourceManager.GetString("UserNotFoundBy", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to The specified vault already exists..
///
- internal static string VaultAlreadyExists
- {
- get
- {
+ internal static string VaultAlreadyExists {
+ get {
return ResourceManager.GetString("VaultAlreadyExists", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Vault '{0}' does not exist in current subscription. If this vault exists in your tenant, please switch to the correct subscription in order to modifiy the Access Policies of this vault..
///
- internal static string VaultDoesNotExist
- {
- get
- {
+ internal static string VaultDoesNotExist {
+ get {
return ResourceManager.GetString("VaultDoesNotExist", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Access policy is not set. No user or application have access permission to use this vault. This can happen if the vault was created by a service principal. Please use Set-AzKeyVaultAccessPolicy to set access policies..
///
- internal static string VaultNoAccessPolicyWarning
- {
- get
- {
+ internal static string VaultNoAccessPolicyWarning {
+ get {
return ResourceManager.GetString("VaultNoAccessPolicyWarning", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to Cannot find vault '{0}' in resource group '{1}'..
///
- internal static string VaultNotFound
- {
- get
- {
+ internal static string VaultNotFound {
+ get {
return ResourceManager.GetString("VaultNotFound", resourceCulture);
}
}
-
+
///
/// Looks up a localized string similar to At least one of -EnabledForDeployment, -EnabledForTemplateDeployment, or -EnabledForDiskEncryption must be specified..
///
- internal static string VaultPermissionFlagMissing
- {
- get
- {
+ internal static string VaultPermissionFlagMissing {
+ get {
return ResourceManager.GetString("VaultPermissionFlagMissing", resourceCulture);
}
}
diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx
index e73af75a87f1..3534b9652e3d 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.resx
+++ b/src/KeyVault/KeyVault/Properties/Resources.resx
@@ -579,4 +579,7 @@ You can find the object ID using Azure Active Directory Module for Windows Power
Please make sure you have sufficient permissions in AD Graph to get and list graph objects for validation to work. Otherwise skip witch `-BypassObjectIdValidation`.
+
+ Updating managed HSM '{0}' in resource group '{1}'.
+
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/SecurityDomain/Cmdlets/BackupSecurityDomain.cs b/src/KeyVault/KeyVault/SecurityDomain/Cmdlets/BackupSecurityDomain.cs
index 2a460cab5feb..551f4580b767 100644
--- a/src/KeyVault/KeyVault/SecurityDomain/Cmdlets/BackupSecurityDomain.cs
+++ b/src/KeyVault/KeyVault/SecurityDomain/Cmdlets/BackupSecurityDomain.cs
@@ -7,7 +7,7 @@
namespace Microsoft.Azure.Commands.KeyVault.SecurityDomain.Cmdlets
{
- [Cmdlet(VerbsData.Backup, ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmSecurityDomain", SupportsShouldProcess = true, DefaultParameterSetName = ByName)]
+ [Cmdlet(VerbsData.Export, ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.KeyVault + "SecurityDomain", SupportsShouldProcess = true, DefaultParameterSetName = ByName)]
[OutputType(typeof(bool))]
public class BackupSecurityDomain: SecurityDomainCmdlet
{
diff --git a/src/KeyVault/KeyVault/SecurityDomain/Cmdlets/RestoreSecurityDomain.cs b/src/KeyVault/KeyVault/SecurityDomain/Cmdlets/RestoreSecurityDomain.cs
index d59dc7b8118e..01ffaa14fedf 100644
--- a/src/KeyVault/KeyVault/SecurityDomain/Cmdlets/RestoreSecurityDomain.cs
+++ b/src/KeyVault/KeyVault/SecurityDomain/Cmdlets/RestoreSecurityDomain.cs
@@ -8,7 +8,7 @@
namespace Microsoft.Azure.Commands.KeyVault.SecurityDomain.Cmdlets
{
- [Cmdlet(VerbsData.Restore, ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsmSecurityDomain", SupportsShouldProcess = true, DefaultParameterSetName = ByName)]
+ [Cmdlet(VerbsData.Import, ResourceManager.Common.AzureRMConstants.AzurePrefix + CmdletNoun.KeyVault + "SecurityDomain", SupportsShouldProcess = true, DefaultParameterSetName = ByName)]
[OutputType(typeof(bool))]
public class RestoreSecurityDomain : SecurityDomainCmdlet
{
diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs
index 08d4ac040e93..79605ff04179 100644
--- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs
+++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs
@@ -1,5 +1,5 @@
using Azure.Security.KeyVault.Administration;
-using Azure;
+using Azure;
using Azure.Security.KeyVault.Keys;
using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
using Microsoft.Azure.Commands.KeyVault.Models;
@@ -44,7 +44,7 @@ internal string BackupKey(string managedHsmName, string keyName, string outputBl
return BackupKey(client, keyName, outputBlobPath);
}
- private string BackupKey(KeyClient client, string keyName, string outputBlobPath)
+ private string BackupKey(KeyClient client, string keyName, string outputBlobPath)
{
BackupKeyResult backupKeyResult;
try
@@ -87,7 +87,7 @@ private PSKeyVaultKey RestoreKey(KeyClient client, string inputBlobPath)
throw GetInnerException(ex);
}
- return new PSKeyVaultKey(keyBundle, this._uriHelper);
+ return new PSKeyVaultKey(keyBundle, this._uriHelper, isHsm: true);
}
internal PSKeyVaultKey CreateKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName)
@@ -142,15 +142,15 @@ private PSKeyVaultKey CreateKey(KeyClient client, string keyName, PSKeyVaultKeyA
if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm)
{
- return new PSKeyVaultKey(client.CreateRsaKey(options as CreateRsaKeyOptions).Value, _uriHelper);
+ return new PSKeyVaultKey(client.CreateRsaKey(options as CreateRsaKeyOptions).Value, _uriHelper, isHsm: true);
}
else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm)
{
- return new PSKeyVaultKey(client.CreateEcKey(options as CreateEcKeyOptions).Value, _uriHelper);
+ return new PSKeyVaultKey(client.CreateEcKey(options as CreateEcKeyOptions).Value, _uriHelper, isHsm: true);
}
else if (keyAttributes.KeyType == KeyType.Oct || keyAttributes.KeyType.ToString() == "oct-HSM")
{
- return new PSKeyVaultKey(client.CreateKey(keyName, KeyType.Oct, options).Value, _uriHelper);
+ return new PSKeyVaultKey(client.CreateKey(keyName, KeyType.Oct, options).Value, _uriHelper, isHsm: true);
}
else
{
@@ -219,7 +219,7 @@ internal void RemoveHsmRoleAssignment(string hsmName, string scope, string roleA
var client = CreateRbacClient(hsmName);
client.DeleteRoleAssignment(new KeyVaultRoleScope(scope), roleAssignmentName);
}
-
+
internal PSDeletedKeyVaultKey DeleteKey(string managedHsmName, string keyName)
{
if (string.IsNullOrEmpty(managedHsmName))
@@ -245,10 +245,10 @@ private PSDeletedKeyVaultKey DeleteKey(KeyClient client, string keyName)
throw GetInnerException(ex);
}
- return new PSDeletedKeyVaultKey(deletedKey, this._uriHelper);
+ return new PSDeletedKeyVaultKey(deletedKey, this._uriHelper, isHsm: true);
}
- internal PSKeyVaultKey RecoverKey(string managedHsmName, string keyName)
+ internal PSKeyVaultKey RecoverKey(string managedHsmName, string keyName)
{
if (string.IsNullOrEmpty(managedHsmName))
throw new ArgumentNullException("managedHsmName");
@@ -259,7 +259,7 @@ internal PSKeyVaultKey RecoverKey(string managedHsmName, string keyName)
return RecoverKey(client, keyName);
}
-
+
private PSKeyVaultKey RecoverKey(KeyClient client, string keyName)
{
KeyVaultKey recoveredKey;
@@ -273,7 +273,7 @@ private PSKeyVaultKey RecoverKey(KeyClient client, string keyName)
throw GetInnerException(ex);
}
- return new PSKeyVaultKey(recoveredKey, this._uriHelper);
+ return new PSKeyVaultKey(recoveredKey, this._uriHelper, isHsm: true);
}
internal PSKeyVaultKey UpdateKey(string managedHsmName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes)
@@ -317,7 +317,7 @@ private PSKeyVaultKey UpdateKey(KeyClient client, string keyName, string keyVers
throw GetInnerException(ex);
}
- return new PSKeyVaultKey(keyBundle, this._uriHelper);
+ return new PSKeyVaultKey(keyBundle, this._uriHelper, isHsm: true);
}
internal PSKeyVaultKey GetKey(string managedHsmName, string keyName, string keyVersion)
@@ -331,7 +331,7 @@ internal PSKeyVaultKey GetKey(string managedHsmName, string keyName, string keyV
return GetKey(client, keyName, keyVersion);
}
- private PSKeyVaultKey GetKey(KeyClient client, string keyName, string keyVersion)
+ private PSKeyVaultKey GetKey(KeyClient client, string keyName, string keyVersion)
{
KeyVaultKey keyBundle;
try
@@ -350,7 +350,7 @@ private PSKeyVaultKey GetKey(KeyClient client, string keyName, string keyVersion
throw GetInnerException(ex);
}
- return new PSKeyVaultKey(keyBundle, this._uriHelper);
+ return new PSKeyVaultKey(keyBundle, this._uriHelper, isHsm: true);
}
internal IEnumerable GetKeys(string managedHsmName)
@@ -365,7 +365,7 @@ internal IEnumerable GetKeys(string managedHsmName)
IEnumerable result = client.GetPropertiesOfKeys();
return (result == null) ? new List() :
- result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper));
+ result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper, isHsm: true));
}
catch (Exception ex)
{
@@ -374,7 +374,7 @@ internal IEnumerable GetKeys(string managedHsmName)
}
internal IEnumerable GetKeyAllVersions(string managedHsmName, string keyName)
- {
+ {
if (string.IsNullOrEmpty(managedHsmName))
throw new ArgumentException(KeyVaultProperties.Resources.InvalidHsmName);
@@ -391,7 +391,7 @@ private IEnumerable GetAllVersionKeys(KeyClient clien
{
IEnumerable result = client.GetPropertiesOfKeyVersions(keyName);
return (result == null) ? new List() :
- result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper));
+ result.Select((keyProperties) => new PSKeyVaultKeyIdentityItem(keyProperties, this._uriHelper, isHsm: true));
}
catch (Exception ex)
{
@@ -408,7 +408,7 @@ internal PSDeletedKeyVaultKey GetDeletedKey(string managedHsmName, string keyNam
var client = CreateKeyClient(managedHsmName);
- return GetDeletedKey(client, keyName);
+ return GetDeletedKey(client, keyName);
}
private PSDeletedKeyVaultKey GetDeletedKey(KeyClient client, string keyName)
@@ -430,7 +430,7 @@ private PSDeletedKeyVaultKey GetDeletedKey(KeyClient client, string keyName)
throw GetInnerException(ex);
}
- return new PSDeletedKeyVaultKey(deletedKeyBundle, _uriHelper);
+ return new PSDeletedKeyVaultKey(deletedKeyBundle, _uriHelper, isHsm: true);
}
internal IEnumerable GetDeletedKeys(string managedHsmName)
@@ -443,9 +443,9 @@ internal IEnumerable GetDeletedKeys(string man
try
{
IEnumerable result = client.GetDeletedKeys();
-
+
return (result == null) ? new List() :
- result.Select((deletedKey) => new PSDeletedKeyVaultKeyIdentityItem(deletedKey, this._uriHelper));
+ result.Select((deletedKey) => new PSDeletedKeyVaultKeyIdentityItem(deletedKey, this._uriHelper, isHsm: true));
}
catch (Exception ex)
{
@@ -453,7 +453,7 @@ internal IEnumerable GetDeletedKeys(string man
}
}
- internal PSKeyVaultKey ImportKey(string managedHsmName, string keyName, JsonWebKey webKey)
+ internal PSKeyVaultKey ImportKey(string managedHsmName, string keyName, JsonWebKey webKey)
{
if (string.IsNullOrEmpty(managedHsmName))
throw new ArgumentNullException(nameof(managedHsmName));
@@ -466,7 +466,7 @@ internal PSKeyVaultKey ImportKey(string managedHsmName, string keyName, JsonWebK
try
{
var key = client.ImportKeyAsync(keyName, webKey).GetAwaiter().GetResult();
- return new PSKeyVaultKey(key, this._uriHelper);
+ return new PSKeyVaultKey(key, this._uriHelper, isHsm: true);
}
catch (Exception ex)
{
diff --git a/src/KeyVault/KeyVault/help/Add-AzKeyVaultKey.md b/src/KeyVault/KeyVault/help/Add-AzKeyVaultKey.md
index 2b1a0e130751..83d30e510e5b 100644
--- a/src/KeyVault/KeyVault/help/Add-AzKeyVaultKey.md
+++ b/src/KeyVault/KeyVault/help/Add-AzKeyVaultKey.md
@@ -28,6 +28,20 @@ Add-AzKeyVaultKey [-VaultName] [-Name] -KeyFilePath
[-WhatIf] [-Confirm] []
```
+### HsmInteractiveCreate
+```
+Add-AzKeyVaultKey -HsmName [-Name] [-Disable] [-KeyOps ] [-Expires ]
+ [-NotBefore ] [-Tag ] [-Size ] -KeyType [-CurveName ]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### HsmInteractiveImport
+```
+Add-AzKeyVaultKey -HsmName [-Name] -KeyFilePath [-KeyFilePassword ]
+ [-Disable] [-KeyOps ] [-Expires ] [-NotBefore ] [-Tag ]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
### InputObjectCreate
```
Add-AzKeyVaultKey [-InputObject] [-Name] -Destination [-Disable]
@@ -43,6 +57,21 @@ Add-AzKeyVaultKey [-InputObject] [-Name] -KeyFilePath ]
```
+### HsmInputObjectCreate
+```
+Add-AzKeyVaultKey [-HsmObject] [-Name] [-Disable] [-KeyOps ]
+ [-Expires ] [-NotBefore ] [-Tag ] [-Size ] -KeyType
+ [-CurveName ] [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### HsmInputObjectImport
+```
+Add-AzKeyVaultKey [-HsmObject] [-Name] -KeyFilePath
+ [-KeyFilePassword ] [-Disable] [-KeyOps ] [-Expires ]
+ [-NotBefore ] [-Tag ] [-DefaultProfile ] [-WhatIf] [-Confirm]
+ []
+```
+
### ResourceIdCreate
```
Add-AzKeyVaultKey [-ResourceId] [-Name] -Destination [-Disable] [-KeyOps ]
@@ -58,6 +87,21 @@ Add-AzKeyVaultKey [-ResourceId] [-Name] -KeyFilePath
[-WhatIf] [-Confirm] []
```
+### HsmResourceIdCreate
+```
+Add-AzKeyVaultKey -HsmResourceId [-Name] [-Disable] [-KeyOps ]
+ [-Expires ] [-NotBefore ] [-Tag ] [-Size ] -KeyType
+ [-CurveName ] [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### HsmResourceIdImport
+```
+Add-AzKeyVaultKey -HsmResourceId [-Name] -KeyFilePath
+ [-KeyFilePassword ] [-Disable] [-KeyOps ] [-Expires ]
+ [-NotBefore ] [-Tag ] [-DefaultProfile ] [-WhatIf] [-Confirm]
+ []
+```
+
## DESCRIPTION
The **Add-AzKeyVaultKey** cmdlet creates a key in a key vault in Azure Key Vault, or imports a key into a key vault.
Use this cmdlet to add keys by using any of the following methods:
@@ -245,6 +289,21 @@ For more details please refer to https://docs.microsoft.com/en-us/azure/key-vaul
## PARAMETERS
+### -CurveName
+Specifies the curve name of elliptic curve cryptography, this value is valid when KeyType is EC.
+
+```yaml
+Type: System.String
+Parameter Sets: HsmInteractiveCreate, HsmInputObjectCreate, HsmResourceIdCreate
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
@@ -334,6 +393,51 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -HsmName
+HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.
+
+```yaml
+Type: System.String
+Parameter Sets: HsmInteractiveCreate, HsmInteractiveImport
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmObject
+HSM object.
+
+```yaml
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+Parameter Sets: HsmInputObjectCreate, HsmInputObjectImport
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -HsmResourceId
+Resource ID of the HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: HsmResourceIdCreate, HsmResourceIdImport
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
### -InputObject
Vault object.
@@ -357,7 +461,7 @@ name extension.
```yaml
Type: System.Security.SecureString
-Parameter Sets: InteractiveImport, InputObjectImport, ResourceIdImport
+Parameter Sets: InteractiveImport, HsmInteractiveImport, InputObjectImport, HsmInputObjectImport, ResourceIdImport, HsmResourceIdImport
Aliases:
Required: False
@@ -378,7 +482,7 @@ When you specify this parameter, the *Destination* parameter is optional.
```yaml
Type: System.String
-Parameter Sets: InteractiveImport, InputObjectImport, ResourceIdImport
+Parameter Sets: InteractiveImport, HsmInteractiveImport, InputObjectImport, HsmInputObjectImport, ResourceIdImport, HsmResourceIdImport
Aliases:
Required: True
@@ -413,6 +517,21 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -KeyType
+Specifies the key type of this key.
+
+```yaml
+Type: System.String
+Parameter Sets: HsmInteractiveCreate, HsmInputObjectCreate, HsmResourceIdCreate
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -Name
Specifies the name of the key to add to the key vault. This cmdlet constructs the fully qualified
domain name (FQDN) of a key based on the name that this parameter specifies, the name of the key
@@ -468,7 +587,7 @@ RSA key size, in bits. If not specified, the service will provide a safe default
```yaml
Type: System.Nullable`1[System.Int32]
-Parameter Sets: InteractiveCreate, InputObjectCreate, ResourceIdCreate
+Parameter Sets: InteractiveCreate, HsmInteractiveCreate, InputObjectCreate, HsmInputObjectCreate, ResourceIdCreate, HsmResourceIdCreate
Aliases:
Required: False
diff --git a/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md
deleted file mode 100644
index 98b233677141..000000000000
--- a/src/KeyVault/KeyVault/help/Add-AzManagedHsmKey.md
+++ /dev/null
@@ -1,440 +0,0 @@
----
-external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
-Module Name: Az.KeyVault
-online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/add-azmanagedhsmkey
-schema: 2.0.0
----
-
-# Add-AzManagedHsmKey
-
-## SYNOPSIS
-Creates a key in a managed HSM or imports a key into a managed HSM.
-
-## SYNTAX
-
-### InteractiveCreate (Default)
-```
-Add-AzManagedHsmKey [-HsmName] [-Name] -KeyType [-CurveName ] [-Disable]
- [-KeyOps ] [-Expires ] [-NotBefore ] [-Tag ] [-Size ]
- [-DefaultProfile ] [-WhatIf] [-Confirm] []
-```
-
-### InteractiveImport
-```
-Add-AzManagedHsmKey [-HsmName] [-Name] -KeyFilePath
- [-KeyFilePassword ] [-CurveName ] [-Disable] [-KeyOps ] [-Expires ]
- [-NotBefore ] [-Tag ] [-DefaultProfile ] [-WhatIf] [-Confirm]
- []
-```
-
-### InputObjectCreate
-```
-Add-AzManagedHsmKey [-InputObject] [-Name] -KeyType [-CurveName ]
- [-Disable] [-KeyOps ] [-Expires ] [-NotBefore ] [-Tag ]
- [-Size ] [-DefaultProfile ] [-WhatIf] [-Confirm] []
-```
-
-### InputObjectImport
-```
-Add-AzManagedHsmKey [-InputObject] [-Name] -KeyFilePath
- [-KeyFilePassword ] [-CurveName ] [-Disable] [-KeyOps ] [-Expires ]
- [-NotBefore ] [-Tag ] [-DefaultProfile ] [-WhatIf] [-Confirm]
- []
-```
-
-### ResourceIdCreate
-```
-Add-AzManagedHsmKey [-ResourceId] [-Name] -KeyType [-CurveName ] [-Disable]
- [-KeyOps ] [-Expires ] [-NotBefore ] [-Tag ] [-Size ]
- [-DefaultProfile ] [-WhatIf] [-Confirm] []
-```
-
-### ResourceIdImport
-```
-Add-AzManagedHsmKey [-ResourceId] [-Name] -KeyFilePath
- [-KeyFilePassword ] [-CurveName ] [-Disable] [-KeyOps ] [-Expires ]
- [-NotBefore ] [-Tag ] [-DefaultProfile ] [-WhatIf] [-Confirm]
- []
-```
-
-## DESCRIPTION
-The **Add-AzManagedHsmKey** cmdlet creates a key in a managed HSM in Azure Managed Hsm or imports a key into a managed HSM.
-Use this cmdlet to add keys by using any of the following methods:
-- Create a key with default key attributes
-- Create a key with given key attributes
-- Import a key from a .pfx file on your computer.
-For any of these operations, you can provide key attributes or accept default settings.
-If you create or import a key that has the same name as an existing key in your managed HSM, the
-original key is updated with the values that you specify for the new key. You can access the
-previous values by using the version-specific URI for that version of the key. To learn about key
-versions and the URI structure, see [About Keys and Secrets](http://go.microsoft.com/fwlink/?linkid=518560)
-in the Managed HSM REST API documentation.
-
-## EXAMPLES
-
-### Example 1: Create a RSA-HSM key
-```powershell
-PS C:\> Add-AzManagedHsmKey -HsmName testmhsm -Name testkey -KeyType RSA
-
-Vault/HSM Name : testmhsm
-Name : testkey
-Version : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-Id : https://bezmhsm.managedhsm.azure.net:443/keys/testkey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-Enabled : True
-Expires :
-Not Before :
-Created : 10/14/2020 7:55:43 AM
-Updated : 10/14/2020 7:55:43 AM
-Recovery Level : Recoverable+Purgeable
-Tags :
-```
-
-This command creates a RSA-HSM key named testkey in the managed HSM testkey named testmhsm.
-
-### Example 2: Create a EC-HSM key
-```powershell
-PS C:\> Add-AzManagedHsmKey -HsmName testmhsm -Name testkey -KeyType EC -CurveName P-256
-
-Vault/HSM Name : testmhsm
-Name : testkey
-Version : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-Id : https://bezmhsm.managedhsm.azure.net:443/keys/testkey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-Enabled : True
-Expires :
-Not Before :
-Created : 10/14/2020 8:06:26 AM
-Updated : 10/14/2020 8:06:26 AM
-Recovery Level : Recoverable+Purgeable
-Tags :
-```
-
-This command creates a EC-HSM key named testkey using P-256 curve in the managed HSM testkey named testmhsm.
-
-### Example 3: Create a oct-HSM key with non-default values
-```powershell
-PS C:\> $KeyOperations = 'decrypt', 'verify'
-PS C:\> $Expires = (Get-Date).AddYears(2).ToUniversalTime()
-PS C:\> $NotBefore = (Get-Date).ToUniversalTime()
-PS C:\> $Tags = @{'Severity' = 'high'; 'Accounting' = "true"}
-PS C:\> Add-AzManagedHsmKey -HsmName testmhsm -Name testkey -KeyType oct -Expires $Expires -NotBefore $NotBefore -KeyOps $KeyOperations -Disable -Tag $Tags
-
-Vault/HSM Name : testmhsm
-Name : testkey
-Version : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-Id : https://bezmhsm.managedhsm.azure.net:443/keys/testkey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-Enabled : False
-Expires : 10/14/2022 8:13:29 AM
-Not Before : 10/14/2020 8:13:33 AM
-Created : 10/14/2020 8:14:01 AM
-Updated : 10/14/2020 8:14:01 AM
-Recovery Level : Recoverable+Purgeable
-Tags : Name Value
- Severity high
- Accounting true
-```
-
-The first command stores the values decrypt and verify in the $KeyOperations variable.
-The second command creates a **DateTime** object, defined in UTC, by using the **Get-Date** cmdlet.
-That object specifies a time two years in the future. The command stores that date in the $Expires
-variable. For more information, type `Get-Help Get-Date`.
-The third command creates a **DateTime** object by using the **Get-Date** cmdlet. That object
-specifies current UTC time. The command stores that date in the $NotBefore variable.
-The final command creates a key named testkey that is an oct-HSM key. The command specifies
-values for allowed key operations stored $KeyOperations. The command specifies times for
-the *Expires* and *NotBefore* parameters created in the previous commands, and tags for high
-severity and IT. The new key is disabled. You can enable it by using the **Update-AzManagedHsmKey**
-cmdlet.
-
-## PARAMETERS
-
-### -CurveName
-Specifies the curve name of elliptic curve cryptography, this value is valid when KeyType is EC.
-
-```yaml
-Type: System.String
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -DefaultProfile
-The credentials, account, tenant, and subscription used for communication with Azure.
-
-```yaml
-Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
-Parameter Sets: (All)
-Aliases: AzContext, AzureRmContext, AzureCredential
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -Disable
-Indicates that the key you are adding is set to an initial state of disabled.
-Any attempt to use the key will fail.
-Use this parameter if you are preloading keys that you intend to enable later.
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -Expires
-Specifies the expiration time of the key in UTC.
-If not specified, key will not expire.
-
-```yaml
-Type: System.Nullable`1[System.DateTime]
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -HsmName
-HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.
-
-```yaml
-Type: System.String
-Parameter Sets: InteractiveCreate, InteractiveImport
-Aliases:
-
-Required: True
-Position: 0
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -InputObject
-HSM object.
-
-```yaml
-Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
-Parameter Sets: InputObjectCreate, InputObjectImport
-Aliases:
-
-Required: True
-Position: 0
-Default value: None
-Accept pipeline input: True (ByValue)
-Accept wildcard characters: False
-```
-
-### -KeyFilePassword
-Password of the local file containing the key material to be imported.
-
-```yaml
-Type: System.Security.SecureString
-Parameter Sets: InteractiveImport, InputObjectImport, ResourceIdImport
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -KeyFilePath
-Path to the local file containing the key material to be imported.
-
-```yaml
-Type: System.String
-Parameter Sets: InteractiveImport, InputObjectImport, ResourceIdImport
-Aliases:
-
-Required: True
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -KeyOps
-The operations that can be performed with the key.
-If not present, all operations can be performed.
-
-```yaml
-Type: System.String[]
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -KeyType
-Specifies the key type of this key.
-
-```yaml
-Type: System.String
-Parameter Sets: InteractiveCreate, InputObjectCreate, ResourceIdCreate
-Aliases:
-
-Required: True
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -Name
-Key name.
-Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name.
-
-```yaml
-Type: System.String
-Parameter Sets: (All)
-Aliases: KeyName
-
-Required: True
-Position: 1
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -NotBefore
-The UTC time before which the key can't be used.
-If not specified, there is no limitation.
-
-```yaml
-Type: System.Nullable`1[System.DateTime]
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -ResourceId
-HSM Resource Id.
-
-```yaml
-Type: System.String
-Parameter Sets: ResourceIdCreate, ResourceIdImport
-Aliases:
-
-Required: True
-Position: 0
-Default value: None
-Accept pipeline input: True (ByPropertyName)
-Accept wildcard characters: False
-```
-
-### -Size
-RSA key size, in bits.
-If not specified, the service will provide a safe default.
-
-```yaml
-Type: System.Nullable`1[System.Int32]
-Parameter Sets: InteractiveCreate, InputObjectCreate, ResourceIdCreate
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -Tag
-A hashtable representing key tags.
-
-```yaml
-Type: System.Collections.Hashtable
-Parameter Sets: (All)
-Aliases: Tags
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -Confirm
-Prompts you for confirmation before running the cmdlet.
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: (All)
-Aliases: cf
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -WhatIf
-Shows what would happen if the cmdlet runs.
-The cmdlet is not run.
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: (All)
-Aliases: wi
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
-
-## INPUTS
-
-### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
-
-### System.String
-
-## OUTPUTS
-
-### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
-
-## NOTES
-
-## RELATED LINKS
-
-[Backup-AzManagedHsmKey](./Backup-AzManagedHsmKey.md)
-
-[Get-AzManagedHsmKey](./Get-AzManagedHsmKey.md)
-
-[Remove-AzManagedHsmKey](./Remove-AzManagedHsmKey.md)
-
-[Undo-AzManagedHsmKeyRemoval](./Undo-AzManagedHsmKeyRemoval.md)
-
-[Update-AzManagedHsmKey](./Update-AzManagedHsmKey.md)
-
-[Restore-AzManagedHsmKey](./Restore-AzManagedHsmKey.md)
diff --git a/src/KeyVault/KeyVault/help/Az.KeyVault.md b/src/KeyVault/KeyVault/help/Az.KeyVault.md
index d4ee02e33fe4..362ae91d9867 100644
--- a/src/KeyVault/KeyVault/help/Az.KeyVault.md
+++ b/src/KeyVault/KeyVault/help/Az.KeyVault.md
@@ -26,8 +26,8 @@ Adds an existing Azure Storage Account to the specified key vault for its keys t
### [Add-AzKeyVaultNetworkRule](Add-AzKeyVaultNetworkRule.md)
Adds a rule meant to restrict access to a key vault based on the client's internet address.
-### [Add-AzManagedHsmKey](Add-AzManagedHsmKey.md)
-Creates a key in a managed HSM or imports a key into a managed HSM.
+### [Backup-AzKeyVault](Backup-AzKeyVault.md)
+Fully backup a managed HSM.
### [Backup-AzKeyVaultCertificate](Backup-AzKeyVaultCertificate.md)
Backs up a certificate in a key vault.
@@ -41,14 +41,8 @@ Backs up a KeyVault-managed storage account.
### [Backup-AzKeyVaultSecret](Backup-AzKeyVaultSecret.md)
Backs up a secret in a key vault.
-### [Backup-AzManagedHsm](Backup-AzManagedHsm.md)
-Fully backup a managed HSM.
-
-### [Backup-AzManagedHsmKey](Backup-AzManagedHsmKey.md)
-Backs up a key in a managed HSM.
-
-### [Backup-AzManagedHsmSecurityDomain](Backup-AzManagedHsmSecurityDomain.md)
-Backs up the security domain data of a managed HSM for restoring.
+### [Export-AzKeyVaultSecurityDomain](Export-AzKeyVaultSecurityDomain.md)
+Exports the security domain data of a managed HSM.
### [Get-AzKeyVault](Get-AzKeyVault.md)
Gets key vaults.
@@ -71,30 +65,30 @@ Gets the policy for a certificate in a key vault.
### [Get-AzKeyVaultKey](Get-AzKeyVaultKey.md)
Gets Key Vault keys.
+### [Get-AzKeyVaultManagedHsm](Get-AzKeyVaultManagedHsm.md)
+Get managed HSMs.
+
### [Get-AzKeyVaultManagedStorageAccount](Get-AzKeyVaultManagedStorageAccount.md)
Gets Key Vault managed Azure Storage Accounts.
### [Get-AzKeyVaultManagedStorageSasDefinition](Get-AzKeyVaultManagedStorageSasDefinition.md)
Gets Key Vault managed Storage SAS Definitions.
-### [Get-AzKeyVaultSecret](Get-AzKeyVaultSecret.md)
-Gets the secrets in a key vault.
-
-### [Get-AzManagedHsm](Get-AzManagedHsm.md)
-Get managed HSMs.
-
-### [Get-AzManagedHsmKey](Get-AzManagedHsmKey.md)
-Gets Managed Hsm keys.
-
-### [Get-AzManagedHsmRoleAssignment](Get-AzManagedHsmRoleAssignment.md)
+### [Get-AzKeyVaultRoleAssignment](Get-AzKeyVaultRoleAssignment.md)
Get or list role assignments of a managed HSM. Use respective parameters to list assignments to a specific user or a role definition.
-### [Get-AzManagedHsmRoleDefinition](Get-AzManagedHsmRoleDefinition.md)
+### [Get-AzKeyVaultRoleDefinition](Get-AzKeyVaultRoleDefinition.md)
List role definitions of a given managed HSM at a given scope.
+### [Get-AzKeyVaultSecret](Get-AzKeyVaultSecret.md)
+Gets the secrets in a key vault.
+
### [Import-AzKeyVaultCertificate](Import-AzKeyVaultCertificate.md)
Imports a certificate to a key vault.
+### [Import-AzKeyVaultSecurityDomain](Import-AzKeyVaultSecurityDomain.md)
+Imports previously exported security domain data to a managed HSM.
+
### [New-AzKeyVault](New-AzKeyVault.md)
Creates a key vault.
@@ -107,13 +101,13 @@ Creates an in-memory certificate organization details object.
### [New-AzKeyVaultCertificatePolicy](New-AzKeyVaultCertificatePolicy.md)
Creates an in-memory certificate policy object.
+### [New-AzKeyVaultManagedHsm](New-AzKeyVaultManagedHsm.md)
+Creates a managed HSM.
+
### [New-AzKeyVaultNetworkRuleSetObject](New-AzKeyVaultNetworkRuleSetObject.md)
Create an object representing the network rule settings.
-### [New-AzManagedHsm](New-AzManagedHsm.md)
-Creates a managed HSM.
-
-### [New-AzManagedHsmRoleAssignment](New-AzManagedHsmRoleAssignment.md)
+### [New-AzKeyVaultRoleAssignment](New-AzKeyVaultRoleAssignment.md)
Assigns the specified RBAC role to the specified principal, at the specified scope.
### [Remove-AzKeyVault](Remove-AzKeyVault.md)
@@ -137,6 +131,9 @@ Deletes a certificate operation from a key vault.
### [Remove-AzKeyVaultKey](Remove-AzKeyVaultKey.md)
Deletes a key in a key vault.
+### [Remove-AzKeyVaultManagedHsm](Remove-AzKeyVaultManagedHsm.md)
+Deletes a managed HSM.
+
### [Remove-AzKeyVaultManagedStorageAccount](Remove-AzKeyVaultManagedStorageAccount.md)
Removes a Key Vault managed Azure Storage Account and all associated SAS definitions.
@@ -146,17 +143,14 @@ Removes a Key Vault managed Azure Storage SAS definitions.
### [Remove-AzKeyVaultNetworkRule](Remove-AzKeyVaultNetworkRule.md)
Removes a network rule from a key vault.
+### [Remove-AzKeyVaultRoleAssignment](Remove-AzKeyVaultRoleAssignment.md)
+Removes a role assignment to the specified principal who is assigned to a particular role at a particular scope.
+
### [Remove-AzKeyVaultSecret](Remove-AzKeyVaultSecret.md)
Deletes a secret in a key vault.
-### [Remove-AzManagedHsm](Remove-AzManagedHsm.md)
-Deletes a managed HSM.
-
-### [Remove-AzManagedHsmKey](Remove-AzManagedHsmKey.md)
-Deletes a key in a managed HSM.
-
-### [Remove-AzManagedHsmRoleAssignment](Remove-AzManagedHsmRoleAssignment.md)
-Removes a role assignment to the specified principal who is assigned to a particular role at a particular scope.
+### [Restore-AzKeyVault](Restore-AzKeyVault.md)
+Fully restores a managed HSM from backup.
### [Restore-AzKeyVaultCertificate](Restore-AzKeyVaultCertificate.md)
Restores a certificate in a key vault from a backup file.
@@ -170,15 +164,6 @@ Restores a managed storage account in a key vault from a backup file.
### [Restore-AzKeyVaultSecret](Restore-AzKeyVaultSecret.md)
Creates a secret in a key vault from a backed-up secret.
-### [Restore-AzManagedHsm](Restore-AzManagedHsm.md)
-Fully restores a managed HSM from backup.
-
-### [Restore-AzManagedHsmKey](Restore-AzManagedHsmKey.md)
-Creates a key in a managed HSM from a backed-up key.
-
-### [Restore-AzManagedHsmSecurityDomain](Restore-AzManagedHsmSecurityDomain.md)
-Restores previous backed up security domain data to a managed HSM.
-
### [Set-AzKeyVaultAccessPolicy](Set-AzKeyVaultAccessPolicy.md)
Grants or modifies existing permissions for a user, application, or security group to perform operations with a key vault.
@@ -215,9 +200,6 @@ Recovers a deleted key vault into an active state.
### [Undo-AzKeyVaultSecretRemoval](Undo-AzKeyVaultSecretRemoval.md)
Recovers a deleted secret in a key vault into an active state.
-### [Undo-AzManagedHsmKeyRemoval](Undo-AzManagedHsmKeyRemoval.md)
-Recovers a deleted key in a managed HSM into an active state.
-
### [Update-AzKeyVault](Update-AzKeyVault.md)
Update the state of an Azure key vault.
@@ -227,6 +209,9 @@ Modifies editable attributes of a certificate.
### [Update-AzKeyVaultKey](Update-AzKeyVaultKey.md)
Updates the attributes of a key in a key vault.
+### [Update-AzKeyVaultManagedHsm](Update-AzKeyVaultManagedHsm.md)
+Update the state of an Azure managed HSM.
+
### [Update-AzKeyVaultManagedStorageAccount](Update-AzKeyVaultManagedStorageAccount.md)
Update editable attributes of a Key Vault managed Azure Storage Account.
@@ -239,9 +224,3 @@ Updates the network rule set on a key vault.
### [Update-AzKeyVaultSecret](Update-AzKeyVaultSecret.md)
Updates attributes of a secret in a key vault.
-### [Update-AzManagedHsm](Update-AzManagedHsm.md)
-Update the state of an Azure managed HSM.
-
-### [Update-AzManagedHsmKey](Update-AzManagedHsmKey.md)
-Updates the attributes of a key in a managed HSM.
-
diff --git a/src/KeyVault/KeyVault/help/Backup-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Backup-AzKeyVault.md
similarity index 87%
rename from src/KeyVault/KeyVault/help/Backup-AzManagedHsm.md
rename to src/KeyVault/KeyVault/help/Backup-AzKeyVault.md
index 7a79ba14bb39..7a98d919e350 100644
--- a/src/KeyVault/KeyVault/help/Backup-AzManagedHsm.md
+++ b/src/KeyVault/KeyVault/help/Backup-AzKeyVault.md
@@ -1,11 +1,11 @@
---
external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
Module Name: Az.KeyVault
-online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/backup-azmanagedhsm
+online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/backup-azkeyvault
schema: 2.0.0
---
-# Backup-AzManagedHsm
+# Backup-AzKeyVault
## SYNOPSIS
Fully backup a managed HSM.
@@ -14,31 +14,31 @@ Fully backup a managed HSM.
### InteractiveStorageName (Default)
```
-Backup-AzManagedHsm [-Name] -StorageAccountName -StorageContainerName
+Backup-AzKeyVault [-HsmName] -StorageAccountName -StorageContainerName
-SasToken [-DefaultProfile ] [-WhatIf] [-Confirm] []
```
### InteractiveStorageUri
```
-Backup-AzManagedHsm [-Name] -StorageContainerUri -SasToken
+Backup-AzKeyVault [-HsmName] -StorageContainerUri -SasToken
[-DefaultProfile ] [-WhatIf] [-Confirm] []
```
### InputObjectStorageUri
```
-Backup-AzManagedHsm -StorageContainerUri -SasToken -HsmObject
+Backup-AzKeyVault -StorageContainerUri -SasToken -HsmObject
[-DefaultProfile ] [-WhatIf] [-Confirm] []
```
### InputObjectStorageName
```
-Backup-AzManagedHsm -StorageAccountName -StorageContainerName -SasToken
+Backup-AzKeyVault -StorageAccountName -StorageContainerName -SasToken
-HsmObject [-DefaultProfile ] [-WhatIf] [-Confirm] []
```
## DESCRIPTION
Fully backup a managed HSM to a storage account.
-Use `Restore-AzManagedHsm` to restore the backup.
+Use `Restore-AzKeyVault` to restore the backup.
## EXAMPLES
@@ -46,7 +46,7 @@ Use `Restore-AzManagedHsm` to restore the backup.
```powershell
PS C:\> $sasToken = ConvertTo-SecureString -AsPlainText -Force "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-10-12T14:42:19Z&st=2020-10-12T06:42:19Z&spr=https&sig=******"
-PS C:\> Backup-AzManagedHsm -Name myHsm -StorageContainerUri "https://{accountName}.blob.core.windows.net/{containerName}" -SasToken $sasToken
+PS C:\> Backup-AzKeyVault -HsmName myHsm -StorageContainerUri "https://{accountName}.blob.core.windows.net/{containerName}" -SasToken $sasToken
https://{accountName}.blob.core.windows.net/{containerName}/{backupFolder}
```
@@ -70,31 +70,31 @@ Accept pipeline input: False
Accept wildcard characters: False
```
-### -HsmObject
-Managed HSM object
+### -HsmName
+Name of the HSM.
```yaml
-Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
-Parameter Sets: InputObjectStorageUri, InputObjectStorageName
+Type: System.String
+Parameter Sets: InteractiveStorageName, InteractiveStorageUri
Aliases:
Required: True
-Position: Named
+Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
-### -Name
-Name of the HSM.
+### -HsmObject
+Managed HSM object
```yaml
-Type: System.String
-Parameter Sets: InteractiveStorageName, InteractiveStorageUri
-Aliases: HsmName
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+Parameter Sets: InputObjectStorageUri, InputObjectStorageName
+Aliases:
Required: True
-Position: 1
+Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
diff --git a/src/KeyVault/KeyVault/help/Backup-AzKeyVaultKey.md b/src/KeyVault/KeyVault/help/Backup-AzKeyVaultKey.md
index c284e3d52b1e..e0df08d7b5bc 100644
--- a/src/KeyVault/KeyVault/help/Backup-AzKeyVaultKey.md
+++ b/src/KeyVault/KeyVault/help/Backup-AzKeyVaultKey.md
@@ -19,6 +19,12 @@ Backup-AzKeyVaultKey [-VaultName] [-Name] [[-OutputFile] ] [-WhatIf] [-Confirm] []
```
+### HsmByKeyName
+```
+Backup-AzKeyVaultKey -HsmName [-Name] [[-OutputFile] ] [-Force]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
### ByKey
```
Backup-AzKeyVaultKey [-InputObject] [[-OutputFile] ] [-Force]
@@ -98,6 +104,21 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -HsmName
+HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.
+
+```yaml
+Type: System.String
+Parameter Sets: HsmByKeyName
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -InputObject
Key bundle to back up, pipelined in from the output of a retrieval call.
@@ -118,7 +139,7 @@ Specifies the name of the key to back up.
```yaml
Type: System.String
-Parameter Sets: ByKeyName
+Parameter Sets: ByKeyName, HsmByKeyName
Aliases: KeyName
Required: True
diff --git a/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md b/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md
deleted file mode 100644
index f524a47576de..000000000000
--- a/src/KeyVault/KeyVault/help/Backup-AzManagedHsmKey.md
+++ /dev/null
@@ -1,200 +0,0 @@
----
-external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
-Module Name: Az.KeyVault
-online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/backup-azmanagedhsmkey
-schema: 2.0.0
----
-
-# Backup-AzManagedHsmKey
-
-## SYNOPSIS
-Backs up a key in a managed HSM.
-
-## SYNTAX
-
-### ByKeyName (Default)
-```
-Backup-AzManagedHsmKey [-HsmName] [-Name] [[-OutputFile] ] [-Force]
- [-DefaultProfile ] [-WhatIf] [-Confirm] []
-```
-
-### ByKey
-```
-Backup-AzManagedHsmKey [-InputObject] [[-OutputFile] ] [-Force]
- [-DefaultProfile ] [-WhatIf] [-Confirm] []
-```
-
-## DESCRIPTION
-The **Backup-AzManagedHsmKey** cmdlet backs up a specified key in a managed HSM by downloading it and storing it in a file.
-If there are multiple versions of the key, all versions are included in the backup.
-Because the downloaded content is encrypted, it cannot be used outside of Azure Managed HSM.
-You can restore a backed-up key to any managed HSM in the subscription that it was backed up from.
-Typical reasons to use this cmdlet are:
-- You want to escrow a copy of your key, so that you have an offline copy in case you accidentally delete your key in your managed HSM.
-
-- You created a key using Managed HSM and now want to clone the key into a different Azure region, so that you can use it from all instances of your distributed application.
-Use the **Backup-AzManagedHsmKey** cmdlet to retrieve the key in encrypted format and then use the Restore-AzManagedHsmKey cmdlet and specify a managed HSM in the second region.
-
-## EXAMPLES
-
-### Example 1: Back up a key with an automatically generated file name
-```powershell
-PS C:\Users\username\> Backup-AzManagedHsmKey -HsmName testmhsm -Name testkey
-
-C:\Users\username\testmhsm-testkey-1602664728.7106073
-```
-
-This command retrieves the key named testkey from the managed HSM named testmhsm and saves a backup of that key to a file that is automatically named for you, and displays the file name.
-
-## PARAMETERS
-
-### -DefaultProfile
-The credentials, account, tenant, and subscription used for communication with Azure.
-
-```yaml
-Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
-Parameter Sets: (All)
-Aliases: AzContext, AzureRmContext, AzureCredential
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -Force
-Overwrite the given file if it exists
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -HsmName
-HSM name. Cmdlet constructs the FQDN of a managed HSM based on the name and currently selected environment.
-
-```yaml
-Type: System.String
-Parameter Sets: ByKeyName
-Aliases:
-
-Required: True
-Position: 0
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -InputObject
-Key bundle to back up, pipelined in from the output of a retrieval call.
-
-```yaml
-Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem
-Parameter Sets: ByKey
-Aliases: Key
-
-Required: True
-Position: 0
-Default value: None
-Accept pipeline input: True (ByValue)
-Accept wildcard characters: False
-```
-
-### -Name
-Key name.
-Cmdlet constructs the FQDN of a key from managed HSM name, currently selected environment and key name.
-
-```yaml
-Type: System.String
-Parameter Sets: ByKeyName
-Aliases: KeyName
-
-Required: True
-Position: 1
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -OutputFile
-Output file.
-The output file to store the backed up key blob in.
-If not present, a default filename is chosen.
-
-```yaml
-Type: System.String
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: 2
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -Confirm
-Prompts you for confirmation before running the cmdlet.
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: (All)
-Aliases: cf
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -WhatIf
-Shows what would happen if the cmdlet runs.
-The cmdlet is not run.
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: (All)
-Aliases: wi
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
-
-## INPUTS
-
-### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultKeyIdentityItem
-
-## OUTPUTS
-
-### System.String
-
-## NOTES
-
-## RELATED LINKS
-
-[Add-AzManagedHsmKey](./Add-AzManagedHsmKey.md)
-
-[Get-AzManagedHsmKey](./Get-AzManagedHsmKey.md)
-
-[Remove-AzManagedHsmKey](./Remove-AzManagedHsmKey.md)
-
-[Undo-AzManagedHsmKeyRemoval](./Undo-AzManagedHsmKeyRemoval.md)
-
-[Update-AzManagedHsmKey](./Update-AzManagedHsmKey.md)
-
-[Restore-AzManagedHsmKey](./Restore-AzManagedHsmKey.md)
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/Backup-AzManagedHsmSecurityDomain.md b/src/KeyVault/KeyVault/help/Export-AzKeyVaultSecurityDomain.md
similarity index 86%
rename from src/KeyVault/KeyVault/help/Backup-AzManagedHsmSecurityDomain.md
rename to src/KeyVault/KeyVault/help/Export-AzKeyVaultSecurityDomain.md
index 8fa172dad523..14b3d6748608 100644
--- a/src/KeyVault/KeyVault/help/Backup-AzManagedHsmSecurityDomain.md
+++ b/src/KeyVault/KeyVault/help/Export-AzKeyVaultSecurityDomain.md
@@ -1,39 +1,39 @@
---
external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
Module Name: Az.KeyVault
-online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/backup-azmanagedhsmsecuritydomain
+online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/export-azkeyvaultsecuritydomain
schema: 2.0.0
---
-# Backup-AzManagedHsmSecurityDomain
+# Export-AzKeyVaultSecurityDomain
## SYNOPSIS
-Backs up the security domain data of a managed HSM for restoring.
+Exports the security domain data of a managed HSM.
## SYNTAX
### ByName (Default)
```
-Backup-AzManagedHsmSecurityDomain -Certificates -OutputPath [-Force] [-PassThru]
+Export-AzKeyVaultSecurityDomain -Certificates -OutputPath [-Force] [-PassThru]
-Quorum -Name [-DefaultProfile ] [-WhatIf] [-Confirm]
[]
```
### ByInputObject
```
-Backup-AzManagedHsmSecurityDomain -Certificates -OutputPath [-Force] [-PassThru]
+Export-AzKeyVaultSecurityDomain -Certificates -OutputPath [-Force] [-PassThru]
-Quorum -InputObject [-DefaultProfile ] [-WhatIf]
[-Confirm] []
```
## DESCRIPTION
-This cmdlet backs up the security domain data of a managed HSM for restoring.
+Exports the security domain data of a managed HSM for importing on another HSM.
## EXAMPLES
### Example 1
```powershell
-PS C:\Users\username\> Backup-AzManagedHsmSecurityDomain -Name testmhsm -Certificates {pathOfCertificates}/sd1.cer, {pathOfCertificates}/sd2.cer, {pathOfCertificates}/sd3.cer -OutputPath {pathOfOutput}/sd.ps.json -Quorum 2
+PS C:\Users\username\> Export-AzKeyVaultSecurityDomain -Name testmhsm -Certificates {pathOfCertificates}/sd1.cer, {pathOfCertificates}/sd2.cer, {pathOfCertificates}/sd3.cer -OutputPath {pathOfOutput}/sd.ps.json -Quorum 2
```
This command retrieves the managed HSM named testmhsm and saves a backup of that managed HSM security domain to the specified output file.
diff --git a/src/KeyVault/KeyVault/help/Get-AzKeyVaultKey.md b/src/KeyVault/KeyVault/help/Get-AzKeyVaultKey.md
index e83acbcf6c38..8625d293b9a8 100644
--- a/src/KeyVault/KeyVault/help/Get-AzKeyVaultKey.md
+++ b/src/KeyVault/KeyVault/help/Get-AzKeyVaultKey.md
@@ -31,6 +31,24 @@ Get-AzKeyVaultKey [-VaultName] [-Name] [-IncludeVersions] [-Ou
[-DefaultProfile ] []
```
+### HsmByKeyName
+```
+Get-AzKeyVaultKey -HsmName [-Name] [-Version] [-OutFile ]
+ [-DefaultProfile ] []
+```
+
+### HsmByVaultName
+```
+Get-AzKeyVaultKey -HsmName [[-Name] ] [-InRemovedState] [-OutFile ]
+ [-DefaultProfile ] []
+```
+
+### HsmByKeyVersions
+```
+Get-AzKeyVaultKey -HsmName [-Name] [-IncludeVersions] [-OutFile ]
+ [-DefaultProfile ] []
+```
+
### ByInputObjectVaultName
```
Get-AzKeyVaultKey [-InputObject] [[-Name] ] [-InRemovedState] [-OutFile