Enable MHSM Management via *-AzKeyVault #12575

BethanyZhou · 2020-08-05T03:16:05Z

Description

Design: https://github.com/Azure/azure-powershell-cmdlet-review-pr/issues/688

TODO: after spec PR Azure/azure-rest-api-specs#8996 is merged. Generate and publish new .NET SDK.

Checklist

I have read the Submitting Changes section of CONTRIBUTING.md
The title of the PR is clear and informative
The appropriate ChangeLog.md file(s) has been updated:
- For any service, the ChangeLog.md file can be found at src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md
- A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header -- no new version header should be added
The PR does not introduce breaking changes
If applicable, the changes made in the PR have proper test coverage
For public API changes to cmdlets:
- a cmdlet design review was approved for the changes in this repository (Microsoft internal only)
- the markdown help files have been regenerated using the commands listed here

adxsdkps · 2020-08-05T03:16:07Z

Can one of the admins verify this patch?

isra-fel

Except for the inline comments, please also write examples for Get-, New- and Set-.

Thanks

src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs

src/KeyVault/KeyVault/Models/PSKeyVault.cs

src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs

src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs

src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs

src/KeyVault/KeyVault/help/Update-AzKeyVault.md

…-powershell into bez/managedHSM

isra-fel

@BethanyZhou I'll just merge this PR. When recording the tests please also regenerate the help files. Thanks

isra-fel · 2020-08-07T03:10:24Z

src/KeyVault/KeyVault/help/New-AzKeyVault.md

@@ -211,6 +258,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```

+### -Hsm
+Specifies the type of this vault as MHSM.


The help files needs to be regenerated

* Enable MHSM Management via *-AzKeyVault (#12575) * Support creating a MHSM pool. * Supporting querying MHSM objects * Support deleting MHSM * Support updating mhsm * Add test cases * Hide unavailable services * Add test cases * expose EnablePurgeProtection for MHSM * correct indent of ps1xml * upload localfeed * Hide enablePurgeProtection * Update ChangeLog.md and help.md * Modify codes according to comments * Update help.md * Update VaultCreationParameters.cs * Update get-azkeyvault.md * Update KeyVaultManagementTests.ps1 * Record scenario test for Managed Hsm (#12631) * Record scenario tests for managed hsm * add default parameter set for * Re-record scenario tests. * [KeyVault] Update to official SDK (#12767) * local 3.1.0 sdk * Use production key vault mgmt sdk * remove security domain from format xml * combine track 1&2 sdk (#13018) * combine track 1&2 sdk * update azure.core to 1.5.0 * add exception; revert addkeyvaultkey * add dll to psd1 * fix exception * Detach managed hsm from key vault command (#13187) * get managed hsm * new managed hsm * remove managed hsm * update help.md * update managed hsm * add online version for new help.md * Convert mhsm test to liveonly * add test record * Support data plane of managed HSM (#13216) * create managed hsm key * get managed hsm key * remove managed hsm key * update managed hsm key * undo managed hsm key removal * back up and restore managed hsm key * add help.md * import/download managed hsm RSA key * Update help.md * Update changelog.md * suppress signature issues * Update all help markdowns * add logger for track2sdk * add metadata for oct-HSM Co-authored-by: Yeming Liu <Yeming.Liu@microsoft.com> * Limit KeyType to be required only when create managed HSM key (#13242) * limit KeyType to be required only when create managed HSM key * add pester test * Security domain (#13226) * wip * wip * wip * wip * wip * wip * support securestring * wip * wip * wip * generate docs * docs & error handling * move crypto alg inside security domain * resource strings * remove extra code * write help markdown * resolve relative path to absolute path * suppress signature issues Co-authored-by: Yeming Liu <yeliu@microsoft.com> Co-authored-by: Beisi Zhou <zhoubeisi@gmail.com> Co-authored-by: Beisi Zhou <zazbs@qq.com> * remove pfx file * full backup restore + rbac (#13261) Co-authored-by: Yeming Liu <yeliu@microsoft.com> * small fixes changelog; azure.core; sdk version; online version; breaking change csv; shared assembly conflict; failed tests; * license of BouncyCastle.NetCore * remove local feed Co-authored-by: Yeming Liu <Yeming.Liu@microsoft.com> Co-authored-by: Yeming Liu <yeliu@microsoft.com>

Force merge after CI passed * [KeyVault] Managed HSM (#13259) * Enable MHSM Management via *-AzKeyVault (#12575) * Support creating a MHSM pool. * Supporting querying MHSM objects * Support deleting MHSM * Support updating mhsm * Add test cases * Hide unavailable services * Add test cases * expose EnablePurgeProtection for MHSM * correct indent of ps1xml * upload localfeed * Hide enablePurgeProtection * Update ChangeLog.md and help.md * Modify codes according to comments * Update help.md * Update VaultCreationParameters.cs * Update get-azkeyvault.md * Update KeyVaultManagementTests.ps1 * Record scenario test for Managed Hsm (#12631) * Record scenario tests for managed hsm * add default parameter set for * Re-record scenario tests. * [KeyVault] Update to official SDK (#12767) * local 3.1.0 sdk * Use production key vault mgmt sdk * remove security domain from format xml * combine track 1&2 sdk (#13018) * combine track 1&2 sdk * update azure.core to 1.5.0 * add exception; revert addkeyvaultkey * add dll to psd1 * fix exception * Detach managed hsm from key vault command (#13187) * get managed hsm * new managed hsm * remove managed hsm * update help.md * update managed hsm * add online version for new help.md * Convert mhsm test to liveonly * add test record * Support data plane of managed HSM (#13216) * create managed hsm key * get managed hsm key * remove managed hsm key * update managed hsm key * undo managed hsm key removal * back up and restore managed hsm key * add help.md * import/download managed hsm RSA key * Update help.md * Update changelog.md * suppress signature issues * Update all help markdowns * add logger for track2sdk * add metadata for oct-HSM Co-authored-by: Yeming Liu <Yeming.Liu@microsoft.com> * Limit KeyType to be required only when create managed HSM key (#13242) * limit KeyType to be required only when create managed HSM key * add pester test * Security domain (#13226) * wip * wip * wip * wip * wip * wip * support securestring * wip * wip * wip * generate docs * docs & error handling * move crypto alg inside security domain * resource strings * remove extra code * write help markdown * resolve relative path to absolute path * suppress signature issues Co-authored-by: Yeming Liu <yeliu@microsoft.com> Co-authored-by: Beisi Zhou <zhoubeisi@gmail.com> Co-authored-by: Beisi Zhou <zazbs@qq.com> * remove pfx file * full backup restore + rbac (#13261) Co-authored-by: Yeming Liu <yeliu@microsoft.com> * small fixes changelog; azure.core; sdk version; online version; breaking change csv; shared assembly conflict; failed tests; * license of BouncyCastle.NetCore * remove local feed Co-authored-by: Yeming Liu <Yeming.Liu@microsoft.com> Co-authored-by: Yeming Liu <yeliu@microsoft.com> * use portable.bouncycastle * bug fix... ...replace bouncycastle lib; fix security domain issue on windows powershell * Add pester test for RBAC and full-backup managed HSM * fix dll list * support relative path when restoring SD * update license (bouncycastle.netcore -> portable) * remove dependency Microsoft.IdentityModel.Tokens Co-authored-by: Beisi Zhou <zhoubeisi@gmail.com> Co-authored-by: Yeming Liu <yeliu@microsoft.com> Co-authored-by: Beisi Zhou <zazbs@qq.com> Co-authored-by: Dingmeng Xue <dixue@microsoft.com>

BethanyZhou added 13 commits July 31, 2020 14:11

Support creating a MHSM pool.

9373268

Supporting querying MHSM objects

00f5e6e

Support deleting MHSM

f26a536

Support updating mhsm

afb9ea6

Add test cases

c2bea72

Hide unavailable services

d7e523d

Add test cases

81f59c1

expose EnablePurgeProtection for MHSM

5b60c7a

Merge branch 'master' into bez/managedHSM

3089ff6

correct indent of ps1xml

491b854

upload localfeed

fbcfde8

Hide enablePurgeProtection

c2b0997

Update ChangeLog.md and help.md

8fdd512

BethanyZhou assigned isra-fel Aug 5, 2020

isra-fel added the needs-review label Aug 5, 2020

isra-fel requested changes Aug 5, 2020

View reviewed changes

isra-fel added needs-revision and removed needs-review labels Aug 5, 2020

isra-fel assigned BethanyZhou Aug 5, 2020

BethanyZhou and others added 5 commits August 5, 2020 18:40

Modify codes according to comments

c984d6a

Update help.md

09b09af

Update VaultCreationParameters.cs

73eca01

Update get-azkeyvault.md

b3ee6e4

Merge branch 'bez/managedHSM' of https://github.com/BethanyZhou/azure…

2fb611d

…-powershell into bez/managedHSM

BethanyZhou added needs-review and removed needs-revision labels Aug 6, 2020

Update KeyVaultManagementTests.ps1

67f22fa

BethanyZhou changed the base branch from master to enableMHSMManagement August 6, 2020 05:45

isra-fel approved these changes Aug 7, 2020

View reviewed changes

isra-fel marked this pull request as ready for review August 7, 2020 03:14

isra-fel merged commit 08b2c9c into Azure:enableMHSMManagement Aug 7, 2020

isra-fel mentioned this pull request Oct 20, 2020

[KeyVault] Managed HSM #13259

Merged

10 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable MHSM Management via *-AzKeyVault #12575

Enable MHSM Management via *-AzKeyVault #12575

BethanyZhou commented Aug 5, 2020 •

edited

Loading

adxsdkps commented Aug 5, 2020

isra-fel left a comment

isra-fel left a comment

isra-fel Aug 7, 2020

Enable MHSM Management via *-AzKeyVault #12575

Enable MHSM Management via *-AzKeyVault #12575

Conversation

BethanyZhou commented Aug 5, 2020 • edited Loading

Description

Checklist

adxsdkps commented Aug 5, 2020

isra-fel left a comment

Choose a reason for hiding this comment

isra-fel left a comment

Choose a reason for hiding this comment

isra-fel Aug 7, 2020

Choose a reason for hiding this comment

BethanyZhou commented Aug 5, 2020 •

edited

Loading