[KeyVault] Redesign HSM cmdlets

src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.ps1

@@ -1,37 +1,37 @@
-function GetAzManagedHsm{
+function GetAzManagedHsm {
     Param(
-        [parameter(Mandatory=$false)]
+        [parameter(Mandatory = $false)]
         [String]
         $HsmName,
-        [parameter(Mandatory=$false)]
+        [parameter(Mandatory = $false)]
         [String]
         $ResourceGroupName,
-        [parameter(Mandatory=$false)]
+        [parameter(Mandatory = $false)]
         [String]
         $Location,
-        [parameter(Mandatory=$false)]
+        [parameter(Mandatory = $false)]
         [String[]]
         $Administrator
     )
     $hsmName = GetRandomName -Prefix "hsm"
     $resourceGroupName = GetRandomName -Prefix "rg"
-    $Location = "eastus2euap"
-    $administrator = "c1be1392-39b8-4521-aafc-819a47008545"
-    $hsm = New-AzManagedHsm -Name $HsmName -ResourceGroupName $ResourceGroupName -Location $r -Administrator $Administrator
+    $Location = "eastus2"
+    $administrator = "c1be1392-39b8-4521-aafc-819a47008545", 'd7e17135-d5a7-4b8b-89e5-252aa15b7e01'
+    $hsm = New-AzKeyVaultManagedHsm -Name $HsmName -ResourceGroupName $ResourceGroupName -Location $Location -Administrator $Administrator
     return $hsm
 }
 
-function GetRandomName{
+function GetRandomName {
     Param(
-        [parameter(Mandatory=$false)]
+        [parameter(Mandatory = $false)]
         [String]
         $Prefix
     )
     $randomNum = Get-Random -Minimum 100 -Maximum 99999
     return "$Prefix$randomNum"
 }
 
-function ImportModules{
+function ImportModules {
     $psd1Path = Join-Path $PSScriptRoot "../../../../artifacts/Debug/" -Resolve
     $accountsPsd1 = Join-Path $psd1Path "./Az.Accounts/Az.Accounts.psd1" -Resolve
     $keyVaultPsd1 = Join-Path $psd1Path "./Az.KeyVault/Az.KeyVault.psd1" -Resolve

src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1

@@ -26,7 +26,7 @@ function Test-ManagedHsmCRUD {
 
     try {
         # Test create a default managed HSM
-        $hsm = New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
+        $hsm = New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
         Assert-AreEqual $hsmName $hsm.Name
         Assert-AreEqual $rgName $hsm.ResourceGroupName
         Assert-AreEqual $hsmLocation $hsm.Location
@@ -38,22 +38,22 @@ function Test-ManagedHsmCRUD {
         Assert-AreEqual 90 $hsm.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
 
         # Test get managed HSM
-        $got = Get-AzManagedHsm -Name $hsmName    
+        $got = Get-AzKeyVaultManagedHsm -Name $hsmName    
         Assert-NotNull $got
         Assert-AreEqual $hsmName $got.Name
         Assert-AreEqual $rgName $got.ResourceGroupName
         Assert-AreEqual $hsmLocation $got.Location
 
         # Test throws for existing managed HSM
-        Assert-Throws { New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator }
+        Assert-Throws { New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator }
 
         # Test remove managed HSM
-        Remove-AzManagedHsm -InputObject $got -Force
-        $deletedMhsm = Get-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName
+        Remove-AzKeyVaultManagedHsm -InputObject $got -Force
+        $deletedMhsm = Get-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName
         Assert-Null $deletedMhsm
 
         # Test throws for resourcegroup nonexistent
-        Assert-Throws {  New-AzManagedHsm -Name (getAssetName) -ResourceGroupName (getAssetName) -Location $hsmLocation -Administrator $administrator }
+        Assert-Throws {  New-AzKeyVaultManagedHsm -Name (getAssetName) -ResourceGroupName (getAssetName) -Location $hsmLocation -Administrator $administrator }
     }
 
     finally {

src/KeyVault/KeyVault.Test/Scripts/Common.ps1

@@ -207,7 +207,7 @@ function Cleanup-OldCertificates
     $certificatePattern = Get-CertificateName '*'
     Get-AzKeyVaultCertificate $keyVault |
         Where-Object {$_.Name -like $certificatePattern} |
-        Remove-AzKeyVaultCertificate -Name $_.Name -VaultName $_.VaultName -Force -Confirm:$false
+        ForEach-Object { Remove-AzKeyVaultCertificate -Name $_.Name -VaultName $_.VaultName -Force -Confirm:$false }
 
     if($global:softDeleteEnabled -eq $true) 
     {

src/KeyVault/KeyVault.Test/Scripts/RunKeyVaultTests.ps1

@@ -70,16 +70,15 @@ param(
     [string] $StorageResourceId = $null
 )
 
-. (Join-Path $PSScriptRoot "..\..\..\..\Common\Commands.ScenarioTests.Common\Common.ps1")
-. (Join-Path $PSScriptRoot "..\..\..\..\Common\Commands.ScenarioTests.Common\Assert.ps1")
+. (Join-Path $PSScriptRoot "..\..\..\..\tools\ScenarioTest.ResourceManager\Common.ps1")
+. (Join-Path $PSScriptRoot "..\..\..\..\tools\ScenarioTest.ResourceManager\Assert.ps1")
 . (Join-Path $PSScriptRoot "Common.ps1")
 . (Join-Path $PSScriptRoot "VaultKeyTests.ps1")
 . (Join-Path $PSScriptRoot "VaultSecretTests.ps1")
 . (Join-Path $PSScriptRoot "VaultCertificateTests.ps1");
 . (Join-Path $PSScriptRoot "VaultManagedStorageAccountTests.ps1");
 . (Join-Path $PSScriptRoot "VaultManagementTests.ps1")
 . (Join-Path $PSScriptRoot "ControlPlane\KeyVaultManagementTests.ps1")  # Shared between PSH scenario tests and KV-specific script based tests.
-. (Join-Path $PSScriptRoot "ControlPlane\Common.ps1")
 
 $global:totalCount = 0
 $global:passedCount = 0

src/KeyVault/KeyVault.Test/Scripts/RunUITests.ps1

@@ -7,8 +7,8 @@
     [string] $StorageResourceId = $null
 )
 
-. (Join-Path $PSScriptRoot "..\..\..\..\Common\Commands.ScenarioTests.Common\Common.ps1")
-. (Join-Path $PSScriptRoot "..\..\..\..\Common\Commands.ScenarioTests.Common\Assert.ps1")
+. (Join-Path $PSScriptRoot "..\..\..\..\tools\ScenarioTest.ResourceManager\Common.ps1")
+. (Join-Path $PSScriptRoot "..\..\..\..\tools\ScenarioTest.ResourceManager\Assert.ps1")
 . (Join-Path $PSScriptRoot "Common.ps1");
 . (Join-Path $PSScriptRoot "VaultUITests.ps1");
 

src/KeyVault/KeyVault.Test/Scripts/VaultCertificateTests.ps1

@@ -360,7 +360,7 @@ function Test_NewCertificatePolicy
     Assert-NotNull $policy
     $policy = New-AzKeyVaultCertificatePolicy -SubjectName "CN=testCertificate" -Ekus "1.0","2.0" -IssuerName Self
     Assert-NotNull $policy
-    Assert-Throws { $policy = New-AzKeyVaultCertificatePolicy -Ekus "1.0","2.0" -SecretContentType application/x-pem-file -ReuseKeyOnRenewal -Disabled -RenewAtNumberOfDaysBeforeExpiry 10 -ValidityInMonths 10 -IssuerName Self }
+    Assert-Throws { $policy = New-AzKeyVaultCertificatePolicy -SubjectName "CN=testCertificate" -Ekus "1.0","2.0" -SecretContentType application/x-pem-file -ReuseKeyOnRenewal -Disabled -RenewAtNumberOfDaysBeforeExpiry 10 -ValidityInMonths 10 -IssuerName Self }
     $policy = New-AzKeyVaultCertificatePolicy -SubjectName "CN=testCertificate" -Ekus "1.0","2.0" -SecretContentType application/x-pem-file -ReuseKeyOnRenewal -Disabled -RenewAtNumberOfDaysBeforeExpiry 10 -ValidityInMonths 10 -IssuerName Self
     Assert-NotNull $policy
     $policy = New-AzKeyVaultCertificatePolicy -SubjectName "CN=testCertificate" -Ekus "1.0","2.0" -SecretContentType application/x-pem-file -ReuseKeyOnRenewal -Disabled -RenewAtNumberOfDaysBeforeExpiry 10 -ValidityInMonths 10 -IssuerName Self -EmailAtNumberOfDaysBeforeExpiry 15

src/KeyVault/KeyVault.Test/Scripts/VaultSecretTests.ps1

@@ -319,6 +319,7 @@ function Test_SetSecretVersion
     # create a new version
     $sec=Set-AzKeyVaultSecret -VaultName $keyVault -Name $secretname -SecretValue $securedata
     Assert-NotNull $sec
+    $v2 = $sec.Version
     Assert-SecretAttributes $sec.Attributes $true $null $null $null $null
 
     # Update old version

src/KeyVault/KeyVault/Az.KeyVault.psd1

@@ -79,10 +79,7 @@ NestedModules = @('Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll', '.\Az.KeyVa
 FunctionsToExport = @()
 
 # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-CmdletsToExport = 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey', 
-               'Remove-AzManagedHsmKey', 'Undo-AzManagedHsmKeyRemoval', 
-               'Update-AzManagedHsmKey', 'Backup-AzManagedHsmKey', 
-               'Restore-AzManagedHsmKey', 'Add-AzKeyVaultCertificate', 
+CmdletsToExport = 'Add-AzKeyVaultCertificate', 
                'Update-AzKeyVaultCertificate', 
                'Stop-AzKeyVaultCertificateOperation', 
                'Get-AzKeyVaultCertificateOperation', 
@@ -94,13 +91,13 @@ CmdletsToExport = 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey',
                'Remove-AzKeyVaultCertificateIssuer', 
                'Remove-AzKeyVaultCertificateOperation', 
                'Set-AzKeyVaultCertificateIssuer', 
-               'Set-AzKeyVaultCertificatePolicy', 'Get-AzManagedHsm', 
-               'New-AzManagedHsm', 'Remove-AzManagedHsm', 'Update-AzManagedHsm', 
+               'Set-AzKeyVaultCertificatePolicy', 'Get-AzKeyVaultManagedHsm', 
+               'New-AzKeyVaultManagedHsm', 'Remove-AzKeyVaultManagedHsm', 'Update-AzKeyVaultManagedHsm', 
                'Get-AzKeyVault', 'New-AzKeyVault', 'Remove-AzKeyVault', 
-               'Undo-AzKeyVaultRemoval', 'Backup-AzManagedHsm', 
-               'Restore-AzManagedHsm', 'Get-AzManagedHsmRoleDefinition', 
-               'Get-AzManagedHsmRoleAssignment', 'New-AzManagedHsmRoleAssignment', 
-               'Remove-AzManagedHsmRoleAssignment', 
+               'Undo-AzKeyVaultRemoval', 'Backup-AzKeyVault', 
+               'Restore-AzKeyVault', 'Get-AzKeyVaultRoleDefinition', 
+               'Get-AzKeyVaultRoleAssignment', 'New-AzKeyVaultRoleAssignment', 
+               'Remove-AzKeyVaultRoleAssignment', 
                'Remove-AzKeyVaultAccessPolicy', 'Set-AzKeyVaultAccessPolicy', 
                'Backup-AzKeyVaultKey', 'Get-AzKeyVaultKey', 'Get-AzKeyVaultSecret', 
                'Undo-AzKeyVaultKeyRemoval', 'Undo-AzKeyVaultSecretRemoval', 
@@ -127,16 +124,15 @@ CmdletsToExport = 'Add-AzManagedHsmKey', 'Get-AzManagedHsmKey',
                'Undo-AzKeyVaultManagedStorageSasDefinitionRemoval', 
                'Undo-AzKeyVaultManagedStorageAccountRemoval', 
                'Add-AzKeyVaultNetworkRule', 'Update-AzKeyVaultNetworkRuleSet', 
-               'Remove-AzKeyVaultNetworkRule', 'Backup-AzManagedHsmSecurityDomain', 
-               'Restore-AzManagedHsmSecurityDomain'
+               'Remove-AzKeyVaultNetworkRule', 'Export-AzKeyVaultSecurityDomain', 
+               'Import-AzKeyVaultSecurityDomain'
 
 # Variables to export from this module
 # VariablesToExport = @()
 
 # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
 AliasesToExport = 'Set-AzKeyVaultKey', 'Set-AzKeyVaultSecretAttribute', 
-               'Set-AzKeyVaultKeyAttribute', 'Set-AzKeyVaultCertificateAttribute', 
-               'Set-AzManagedHsmKey', 'Set-AzManagedHsmKeyAttribute'
+               'Set-AzKeyVaultKeyAttribute', 'Set-AzKeyVaultCertificateAttribute'
 
 # DSC resources to export from this module
 # DscResourcesToExport = @()

src/KeyVault/KeyVault/ChangeLog.md

@@ -21,6 +21,7 @@
 * Supported "all" as an option when setting key vault access policies
 * Supported new version of SecretManagement module [#13366]
 * Supported ByteArray, String, PSCredential and Hashtable for `SecretValue` in SecretManagementModule [#12190]
+* [Breaking change] redesigned the API surface of cmdlets related to managed HSM.
 
 ## Version 3.1.0
 * Supported updating key vault tag