-
Notifications
You must be signed in to change notification settings - Fork 3.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[KeyVault] Supported creating/updating key with release policy in a M…
…anaged HSM (#18374) * Supported creating/updating key with release policy in a Managed HSM * Refine codes * Update update-azkeyvault.md * add example for secure key * upgrade Azure.Security.KeyVault.Keys to 4.3.0-beta.7
- Loading branch information
1 parent
31cb35a
commit 8be1b24
Showing
31 changed files
with
878 additions
and
197 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
118 changes: 118 additions & 0 deletions
118
src/KeyVault/KeyVault.Test/PesterTests/MhsmKey.Tests.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
|
||
$hsmName = 'bezmhsm' | ||
. $PSScriptRoot/ManagedHsmDataPlaneTests.ps1 | ||
|
||
function Get-KeyName{ | ||
return GetRandomName "bez-key" | ||
} | ||
|
||
|
||
Describe "Exportable and ReleasePolicyPath shoud show up at the same time"{ | ||
|
||
It "Both Exportable and ReleasePolicyPath don't show up"{ | ||
{ | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName (Get-KeyName) -KeyType RSA | ||
} | Should -Not -Throw | ||
} | ||
|
||
It "Exportable shows up but ReleasePolicyPath not" -skip { | ||
{ | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName (Get-KeyName) -KeyType RSA -Exportable | ||
} | Should -Throw | ||
} | ||
|
||
It "ReleasePolicyPath shows up but Exportable not" -skip { | ||
{ | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName (Get-KeyName) -KeyType RSA -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" | ||
} | Should -Throw | ||
} | ||
|
||
It "Both ReleasePolicyPath and Exportable show up"{ | ||
$keyName = Get-KeyName | ||
{ | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -KeyType RSA -Exportable -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" | ||
} | Should -Not -Throw | ||
$key = Get-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName | ||
$key.ReleasePolicy | Should -Not -BeNullOrEmpty | ||
$key.Attributes.Exportable | Should -Be $true | ||
} | ||
} | ||
|
||
Describe "Create secure key"{ | ||
It "Create a key without immutable property and release policy" { | ||
{ | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName (Get-KeyName) -KeyType RSA | ||
} | Should -Not -Throw | ||
} | ||
|
||
It "Create a key with immutable property but release policy" -skip { | ||
$keyName = Get-KeyName | ||
{ | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -KeyType RSA -Immutable | ||
} | Should -Throw "Please provide release policy when Immutable is present." | ||
} | ||
|
||
It "Create a key with release policy but immutable property" { | ||
$keyName = Get-KeyName | ||
{ | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -KeyType RSA -Exportable -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" | ||
} | Should -Not -Throw | ||
$key = Get-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName | ||
$key.ReleasePolicy | Should -Not -BeNullOrEmpty | ||
$key.ReleasePolicy.Immutable | Should -Be $false | ||
} | ||
|
||
It "Create a key with both release policy and immutable property" { | ||
$keyName = Get-KeyName | ||
{ | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -KeyType RSA -Exportable -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" -Immutable | ||
} | Should -Not -Throw | ||
$key = Get-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName | ||
$key.ReleasePolicy | Should -Not -BeNullOrEmpty | ||
$key.ReleasePolicy.Immutable | Should -Be $true | ||
} | ||
} | ||
|
||
Describe "Update secure key"{ | ||
|
||
It "Update a key with immutable property but release policy" -skip { | ||
$keyName = Get-KeyName | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -KeyType RSA -Exportable -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" | ||
{ Update-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -Immutable} | Should -Throw "Please provide release policy when Immutable is present." | ||
} | ||
|
||
|
||
It "Update a key with release policy but immutable property" { | ||
$keyName = Get-KeyName | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -KeyType RSA -Exportable -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" | ||
{ Update-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json"} | Should -Not -Throw | ||
$key = Get-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName | ||
$key.ReleasePolicy | Should -Not -BeNullOrEmpty | ||
$key.ReleasePolicy.Immutable | Should -Be $false | ||
} | ||
|
||
It "Update a key with both release policy and immutable property" { | ||
$keyName = Get-KeyName | ||
Add-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -KeyType RSA -Exportable -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" | ||
{ Update-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" -Immutable} | Should -Not -Throw | ||
$updatedKey = Get-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName | ||
$updatedKey.ReleasePolicy | Should -Not -BeNullOrEmpty | ||
$updatedKey.ReleasePolicy.Immutable | Should -Be $true | ||
} | ||
|
||
It "Update an immutable release policy" -skip { | ||
$keyName = Get-KeyName | ||
$key = Add-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -KeyType RSA -Exportable -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" -Immutable | ||
$key.ReleasePolicy | Should -Not -BeNullOrEmpty | ||
$key.ReleasePolicy.Immutable | Should -Be $true | ||
{ Update-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" } | Should -Throw "Please provide release policy when Immutable is present." | ||
} | ||
|
||
It "Update a mutable release policy" { | ||
$keyName = Get-KeyName | ||
$key = Add-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -KeyType RSA -Exportable -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json" | ||
$key.ReleasePolicy | Should -Not -BeNullOrEmpty | ||
$key.ReleasePolicy.Immutable | Should -Be $false | ||
{ Update-AzKeyVaultKey -HsmName $hsmName -KeyName $keyName -ReleasePolicyPath "$PSScriptRoot\..\Resources\releasepolicy.json"} | Should -Not -Throw | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"anyOf": [ | ||
{ | ||
"authority": "https://sharedeus.eus.attest.azure.net/", | ||
"allOf": [ | ||
{ | ||
"claim": "x-ms-sgx-is-debuggable", | ||
"equals": "true" | ||
} | ||
] | ||
} | ||
], | ||
"version": "1.0.0" | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
Oops, something went wrong.