public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case GetVaultParameterSet:
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
if (ShouldGetByName(ResourceGroupName, VaultName))
{
PSKeyVault vault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName,
ActiveDirectoryClient);
WriteObject(FilterByTag(vault, Tag));
}
else
{
WriteObject(TopLevelWildcardFilter(ResourceGroupName, VaultName, ListVaults(ResourceGroupName, Tag)), true);
}
break;
case GetDeletedVaultParameterSet:
WriteObject(KeyVaultManagementClient.GetDeletedVault(VaultName, Location));
break;
case ListDeletedVaultsParameterSet:
WriteObject(KeyVaultManagementClient.ListDeletedVaults(), true);
break;
default:
throw new ArgumentException(Resources.BadParameterSetName);
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case GetVaultParameterSet:
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
PSKeyVaultModels.PSVault vault = null;
if (!string.IsNullOrWhiteSpace(ResourceGroupName))
{
vault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName,
ActiveDirectoryClient);
}
if (vault == null)
{
throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.VaultNotFound, VaultName, ResourceGroupName));
}
else
{
WriteObject(vault);
}
break;
case ListVaultsByRGParameterSet:
case ListVaultsBySubParameterSet:
WriteObject(ListVaults(ResourceGroupName, Tag), true);
break;
default:
throw new ArgumentException(PSKeyVaultProperties.Resources.BadParameterSetName);
}
}
public override void ExecuteCmdlet()
{
if (ShouldProcess(VaultName, Properties.Resources.RemoveVaultAccessPolicy))
{
if (ParameterSetName == ForVault && !EnabledForDeployment.IsPresent &&
!EnabledForTemplateDeployment.IsPresent && !EnabledForDiskEncryption.IsPresent)
{
throw new ArgumentException(PSKeyVaultProperties.Resources.VaultPermissionFlagMissing);
}
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
// Get the vault to be updated
PSKeyVaultModels.PSVault existingVault = null;
if (!string.IsNullOrWhiteSpace(ResourceGroupName))
{
existingVault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName);
}
if (existingVault == null)
{
throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.VaultNotFound, VaultName, ResourceGroupName));
}
if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
{
throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidApplicationId);
}
if (!string.IsNullOrWhiteSpace(this.ObjectId) && !this.IsValidObjectIdSyntax(this.ObjectId))
{
throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidObjectIdSyntax);
}
// Update vault policies
var updatedPolicies = existingVault.AccessPolicies;
if (!string.IsNullOrEmpty(UserPrincipalName) || !string.IsNullOrEmpty(ServicePrincipalName) || !string.IsNullOrWhiteSpace(this.ObjectId))
{
if (string.IsNullOrWhiteSpace(this.ObjectId))
{
ObjectId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.ServicePrincipalName);
}
updatedPolicies = existingVault.AccessPolicies.Where(ap => !ShallBeRemoved(ap, ObjectId, this.ApplicationId)).ToArray();
}
// Update the vault
var updatedVault = KeyVaultManagementClient.UpdateVault(existingVault, updatedPolicies,
EnabledForDeployment.IsPresent ? false : existingVault.EnabledForDeployment,
EnabledForTemplateDeployment.IsPresent ? false : existingVault.EnabledForTemplateDeployment,
EnabledForDiskEncryption.IsPresent ? false : existingVault.EnabledForDiskEncryption,
ActiveDirectoryClient);
if (PassThru.IsPresent)
{
WriteObject(updatedVault);
}
}
}
public override void ExecuteCmdlet()
{
WriteWarning("The usage of Tag parameter in this cmdlet will be modified in a future release. This will impact creating, updating and appending tags for Azure resources. For more details about the change, please visit https://github.com/Azure/azure-powershell/issues/726#issuecomment-213545494");
switch (ParameterSetName)
{
case GetVaultParameterSet:
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
PSKeyVaultModels.PSVault vault = null;
if (!string.IsNullOrWhiteSpace(ResourceGroupName))
{
vault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName,
ActiveDirectoryClient);
}
if (vault == null)
{
throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.VaultNotFound, VaultName, ResourceGroupName));
}
WriteObject(vault);
break;
case ListVaultsByRGParameterSet:
case ListVaultsBySubParameterSet:
WriteObject(ListVaults(ResourceGroupName, Tag), true);
break;
default:
throw new ArgumentException(PSKeyVaultProperties.Resources.BadParameterSetName);
}
}
public override void ExecuteCmdlet()
{
if (this.IsParameterBound(c => c.InputObject))
{
this.ResourceGroupName = this.InputObject.ResourceGroupName;
this.VaultName = this.InputObject.VaultName;
}
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.VaultName = resourceIdentifier.ResourceName;
}
PSKeyVault existingResource = null;
try
{
existingResource = KeyVaultManagementClient.GetVault(this.VaultName, this.ResourceGroupName);
}
catch
{
existingResource = null;
}
if (existingResource == null)
{
throw new Exception(string.Format("A key vault with name '{0}' in resource group '{1}' does not exist. Please use New-AzKeyVault to create a key vault with these properties.", this.VaultName, this.ResourceGroupName));
}
if (this.ShouldProcess(this.VaultName, string.Format("Updating key vault '{0}' in resource group '{1}'.", this.VaultName, this.ResourceGroupName)))
{
var result = KeyVaultManagementClient.UpdateVault(existingResource,
existingResource.AccessPolicies,
existingResource.EnabledForDeployment,
existingResource.EnabledForTemplateDeployment,
existingResource.EnabledForDiskEncryption,
EnableSoftDelete.IsPresent ? (true as bool?) : null,
EnablePurgeProtection.IsPresent ? (true as bool?) : null,
EnableRbacAuthorization,
this.IsParameterBound(c => c.SoftDeleteRetentionInDays)
? (SoftDeleteRetentionInDays as int?)
: (existingResource.SoftDeleteRetentionInDays ?? Constants.DefaultSoftDeleteRetentionDays),
existingResource.NetworkAcls
);
WriteObject(result);
}
}
public override void ExecuteCmdlet()
{
if (this.IsParameterBound(c => c.InputObject))
{
this.ResourceGroupName = this.InputObject.ResourceGroupName;
this.VaultName = this.InputObject.VaultName;
}
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.VaultName = resourceIdentifier.ResourceName;
}
PSKeyVault existingResource = null;
try
{
existingResource = KeyVaultManagementClient.GetVault(this.VaultName, this.ResourceGroupName);
}
catch
{
existingResource = null;
}
if (existingResource == null)
{
throw new Exception(string.Format("A key vault with name '{0}' in resource group '{1}' does not exist. Please use New-AzKeyVault to create a key vault with these properties.", this.VaultName, this.ResourceGroupName));
}
if (this.ShouldProcess(this.VaultName, string.Format("Updating key vault '{0}' in resource group '{1}'.", this.VaultName, this.ResourceGroupName)))
{
var result = KeyVaultManagementClient.UpdateVault(
existingResource,
updatedParamater: new VaultCreationOrUpdateParameters
{
EnablePurgeProtection = this.EnablePurgeProtection.IsPresent ? (true as bool?) : null,
EnableRbacAuthorization = this.EnableRbacAuthorization,
PublicNetworkAccess = this.PublicNetworkAccess,
Tags = this.Tag
}
);
WriteObject(result);
}
}
public override void ExecuteCmdlet()
{
MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);
switch (ParameterSetName)
{
case GetVaultParameterSet:
List <PSKeyVaultIdentityItem> vaults = null;
if (string.IsNullOrWhiteSpace(ResourceGroupName))
{
vaults = ListVaults(ResourceGroupName, Tag);
ResourceGroupName = vaults?.FirstOrDefault(r => r.VaultName.Equals(VaultName, StringComparison.OrdinalIgnoreCase))?.ResourceGroupName;
}
if (ShouldGetByName(ResourceGroupName, VaultName))
{
PSKeyVault vault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName,
GraphClient);
WriteObject(FilterByTag(vault, Tag));
}
else
{
WriteObject(TopLevelWildcardFilter(ResourceGroupName, VaultName, vaults ?? ListVaults(ResourceGroupName, Tag)), true);
}
break;
case GetDeletedVaultParameterSet:
WriteObject(KeyVaultManagementClient.GetDeletedVault(VaultName, Location));
break;
case ListDeletedVaultsParameterSet:
WriteObject(KeyVaultManagementClient.ListDeletedVaults(), true);
break;
default:
throw new ArgumentException(Resources.BadParameterSetName);
}
}
public override void ExecuteCmdlet()
{
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
// Get the vault to be updated
PSKeyVaultModels.PSVault existingVault = null;
if (!string.IsNullOrWhiteSpace(ResourceGroupName))
{
existingVault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName);
}
if (existingVault == null)
{
throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.VaultNotFound, VaultName, ResourceGroupName));
}
if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
{
throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidApplicationId);
}
// Update vault policies
var updatedPolicies = existingVault.AccessPolicies;
if (!string.IsNullOrEmpty(UserPrincipalName) || !string.IsNullOrEmpty(ServicePrincipalName) || (ObjectId != null && ObjectId != Guid.Empty))
{
Guid objId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.ServicePrincipalName);
updatedPolicies = existingVault.AccessPolicies.Where(ap => !ShallBeRemoved(ap, objId, this.ApplicationId)).ToArray();
}
// Update the vault
var updatedVault = KeyVaultManagementClient.UpdateVault(existingVault, updatedPolicies, !this.EnabledForDeployment.IsPresent, ActiveDirectoryClient);
if (PassThru.IsPresent)
{
WriteObject(updatedVault);
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case GetVaultParameterSet:
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
PSKeyVault vault = null;
if (string.IsNullOrEmpty(VaultName))
{
WriteObject(ListVaults(ResourceGroupName, Tag), true);
break;
}
if (!string.IsNullOrWhiteSpace(ResourceGroupName))
{
vault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName,
ActiveDirectoryClient);
}
WriteObject(vault);
break;
case ListVaultsBySubParameterSet:
WriteObject(ListVaults(ResourceGroupName, Tag), true);
break;
case GetDeletedVaultParameterSet:
WriteObject(KeyVaultManagementClient.GetDeletedVault(VaultName, Location));
break;
case ListDeletedVaultsParameterSet:
WriteObject(KeyVaultManagementClient.ListDeletedVaults(), true);
break;
default:
throw new ArgumentException(Resources.BadParameterSetName);
}
}
protected PSKeyVault GetCurrentVault(string vaultName, string resourceGroupName)
{
string resGroupName = resourceGroupName;
if (string.IsNullOrWhiteSpace(resGroupName))
{
resGroupName = GetResourceGroupName(vaultName);
}
// Get the existing vault
PSKeyVault vault = null;
if (!string.IsNullOrWhiteSpace(resGroupName))
{
vault = KeyVaultManagementClient.GetVault(vaultName, resGroupName);
}
if (vault == null)
{
throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.VaultNotFound, vaultName, resGroupName));
}
return(vault);
}
public override void ExecuteCmdlet()
{
if (InputObject != null)
{
VaultName = InputObject.VaultName;
ResourceGroupName = InputObject.ResourceGroupName;
}
else if (ResourceId != null)
{
var resourceIdentifier = new ResourceIdentifier(ResourceId);
VaultName = resourceIdentifier.ResourceName;
ResourceGroupName = resourceIdentifier.ResourceGroupName;
}
if (ShouldProcess(VaultName, Properties.Resources.SetVaultAccessPolicy))
{
if (ParameterSetName == ForVault && !EnabledForDeployment.IsPresent &&
!EnabledForTemplateDeployment.IsPresent && !EnabledForDiskEncryption.IsPresent)
{
throw new ArgumentException(Resources.VaultPermissionFlagMissing);
}
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
if (ResourceGroupName == null)
{
throw new ArgumentException(string.Format(Resources.VaultDoesNotExist, VaultName));
}
PSKeyVault vault = null;
// Get the vault to be updated
if (!string.IsNullOrWhiteSpace(ResourceGroupName))
{
vault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName);
}
if (vault == null)
{
throw new ArgumentException(string.Format(Resources.VaultNotFound, VaultName, ResourceGroupName));
}
if (!string.IsNullOrWhiteSpace(this.ObjectId) && !this.IsValidObjectIdSyntax(this.ObjectId))
{
throw new ArgumentException(Resources.InvalidObjectIdSyntax);
}
// Update vault policies
PSKeyVaultAccessPolicy[] updatedListOfAccessPolicies = vault.AccessPolicies;
if (!string.IsNullOrEmpty(UserPrincipalName) ||
!string.IsNullOrEmpty(ServicePrincipalName) ||
!string.IsNullOrWhiteSpace(this.ObjectId) ||
!string.IsNullOrWhiteSpace(this.EmailAddress))
{
var objId = this.ObjectId;
if (!this.BypassObjectIdValidation.IsPresent && ActiveDirectoryClient != null)
{
objId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.EmailAddress, this.ServicePrincipalName);
}
else if (ActiveDirectoryClient == null && objId == null)
{
throw new Exception(Resources.ActiveDirectoryClientNull);
}
if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
{
throw new ArgumentException(Resources.InvalidApplicationId);
}
//All permission arrays cannot be null
if (PermissionsToKeys == null && PermissionsToSecrets == null && PermissionsToCertificates == null && PermissionsToStorage == null)
{
throw new ArgumentException(Resources.PermissionsNotSpecified);
}
else
{
//Is there an existing policy for this policy identity?
var existingPolicy = vault.AccessPolicies.FirstOrDefault(ap => MatchVaultAccessPolicyIdentity(ap, objId, ApplicationId));
//New policy will have permission arrays that are either from cmdlet input
//or if that's null, then from the old policy for this object ID if one existed
var keys = PermissionsToKeys ?? (existingPolicy != null && existingPolicy.PermissionsToKeys != null ?
existingPolicy.PermissionsToKeys.ToArray() : null);
var secrets = PermissionsToSecrets ?? (existingPolicy != null && existingPolicy.PermissionsToSecrets != null ?
existingPolicy.PermissionsToSecrets.ToArray() : null);
var certificates = PermissionsToCertificates ?? (existingPolicy != null && existingPolicy.PermissionsToCertificates != null ?
existingPolicy.PermissionsToCertificates.ToArray() : null);
var managedStorage = PermissionsToStorage ?? (existingPolicy != null && existingPolicy.PermissionsToStorage != null ?
existingPolicy.PermissionsToStorage.ToArray() : null);
//Remove old policies for this policy identity and add a new one with the right permissions, iff there were some non-empty permissions
updatedListOfAccessPolicies = vault.AccessPolicies.Where(ap => !MatchVaultAccessPolicyIdentity(ap, objId, this.ApplicationId)).ToArray();
if ((keys != null && keys.Length > 0) || (secrets != null && secrets.Length > 0) || (certificates != null && certificates.Length > 0) || (managedStorage != null && managedStorage.Length > 0))
{
var policy = new PSKeyVaultAccessPolicy(vault.TenantId, objId, this.ApplicationId, keys, secrets, certificates, managedStorage);
updatedListOfAccessPolicies = updatedListOfAccessPolicies.Concat(new[] { policy }).ToArray();
}
}
}
// Update the vault
var updatedVault = KeyVaultManagementClient.UpdateVault(
vault,
updatedListOfAccessPolicies,
EnabledForDeployment.IsPresent ? true : vault.EnabledForDeployment,
EnabledForTemplateDeployment.IsPresent ? true : vault.EnabledForTemplateDeployment,
EnabledForDiskEncryption.IsPresent ? true : vault.EnabledForDiskEncryption,
vault.EnableSoftDelete,
vault.EnablePurgeProtection,
vault.NetworkAcls,
ActiveDirectoryClient);
if (PassThru.IsPresent)
{
WriteObject(updatedVault);
}
}
}
public override void ExecuteCmdlet()
{
if (ParameterSetName == ForVault && !EnabledForDeployment.IsPresent &&
!EnabledForTemplateDeployment.IsPresent && !EnabledForDiskEncryption.IsPresent)
{
throw new ArgumentException(PSKeyVaultProperties.Resources.VaultPermissionFlagMissing);
}
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
PSKeyVaultModels.PSVault vault = null;
// Get the vault to be updated
if (!string.IsNullOrWhiteSpace(ResourceGroupName))
{
vault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName);
}
if (vault == null)
{
throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.VaultNotFound, VaultName, ResourceGroupName));
}
// Update vault policies
PSKeyVaultModels.PSVaultAccessPolicy[] updatedListOfAccessPolicies = vault.AccessPolicies;
if (!string.IsNullOrEmpty(UserPrincipalName) || !string.IsNullOrEmpty(ServicePrincipalName) || (ObjectId != Guid.Empty))
{
Guid objId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.ServicePrincipalName);
if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
{
throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidApplicationId);
}
//Both arrays cannot be null
if (PermissionsToKeys == null && PermissionsToSecrets == null)
{
throw new ArgumentException(PSKeyVaultProperties.Resources.PermissionsNotSpecified);
}
else
{
//Validate
if (!IsMeaningfulPermissionSet(PermissionsToKeys))
{
throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.PermissionSetIncludesAllPlusOthers, "keys"));
}
if (!IsMeaningfulPermissionSet(PermissionsToSecrets))
{
throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.PermissionSetIncludesAllPlusOthers, "secrets"));
}
//Is there an existing policy for this policy identity?
var existingPolicy = vault.AccessPolicies.FirstOrDefault(ap => MatchVaultAccessPolicyIdentity(ap, objId, ApplicationId));
//New policy will have permission arrays that are either from cmdlet input
//or if that's null, then from the old policy for this object ID if one existed
var keys = PermissionsToKeys ?? (existingPolicy != null && existingPolicy.PermissionsToKeys != null ?
existingPolicy.PermissionsToKeys.ToArray() : null);
var secrets = PermissionsToSecrets ?? (existingPolicy != null && existingPolicy.PermissionsToSecrets != null ?
existingPolicy.PermissionsToSecrets.ToArray() : null);
//Remove old policies for this policy identity and add a new one with the right permissions, iff there were some non-empty permissions
updatedListOfAccessPolicies = vault.AccessPolicies.Where(ap => !MatchVaultAccessPolicyIdentity(ap, objId, this.ApplicationId)).ToArray();
if ((keys != null && keys.Length > 0) || (secrets != null && secrets.Length > 0))
{
var policy = new PSKeyVaultModels.PSVaultAccessPolicy(vault.TenantId, objId, this.ApplicationId, keys, secrets);
updatedListOfAccessPolicies = updatedListOfAccessPolicies.Concat(new[] { policy }).ToArray();
}
}
}
// Update the vault
var updatedVault = KeyVaultManagementClient.UpdateVault(vault, updatedListOfAccessPolicies,
EnabledForDeployment.IsPresent || vault.EnabledForDeployment,
EnabledForTemplateDeployment.IsPresent ? true : vault.EnabledForTemplateDeployment,
EnabledForDiskEncryption.IsPresent ? true : vault.EnabledForDiskEncryption,
ActiveDirectoryClient);
if (PassThru.IsPresent)
{
WriteObject(updatedVault);
}
}
public override void ExecuteCmdlet()
{
if (ShouldProcess(VaultName, Properties.Resources.RemoveVaultAccessPolicy))
{
if (InputObject != null)
{
VaultName = InputObject.VaultName;
ResourceGroupName = InputObject.ResourceGroupName;
}
else if (!string.IsNullOrEmpty(ResourceId))
{
var parsedResourceId = new ResourceIdentifier(ResourceId);
VaultName = parsedResourceId.ResourceName;
ResourceGroupName = parsedResourceId.ResourceGroupName;
}
ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
// Get the vault to be updated
PSKeyVault existingVault = null;
if (!string.IsNullOrWhiteSpace(ResourceGroupName))
{
existingVault = KeyVaultManagementClient.GetVault(
VaultName,
ResourceGroupName);
}
if (existingVault == null)
{
throw new ArgumentException(string.Format(Resources.VaultNotFound, VaultName, ResourceGroupName));
}
if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
{
throw new ArgumentException(Resources.InvalidApplicationId);
}
if (!string.IsNullOrWhiteSpace(this.ObjectId) && !this.IsValidObjectIdSyntax(this.ObjectId))
{
throw new ArgumentException(Resources.InvalidObjectIdSyntax);
}
// Update vault policies
var updatedPolicies = existingVault.AccessPolicies;
if (!string.IsNullOrEmpty(UserPrincipalName) ||
!string.IsNullOrEmpty(ServicePrincipalName) ||
!string.IsNullOrWhiteSpace(this.ObjectId) ||
!string.IsNullOrWhiteSpace(this.EmailAddress))
{
if (string.IsNullOrWhiteSpace(this.ObjectId))
{
if (ActiveDirectoryClient == null)
{
throw new Exception(Resources.ActiveDirectoryClientNull);
}
ObjectId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.EmailAddress, this.ServicePrincipalName);
}
updatedPolicies = existingVault.AccessPolicies.Where(ap => !ShallBeRemoved(ap, ObjectId, this.ApplicationId)).ToArray();
}
// Update the vault
var updatedVault = KeyVaultManagementClient.UpdateVault(
existingVault,
updatedPolicies,
EnabledForDeployment.IsPresent ? false : existingVault.EnabledForDeployment,
EnabledForTemplateDeployment.IsPresent ? false : existingVault.EnabledForTemplateDeployment,
EnabledForDiskEncryption.IsPresent ? false : existingVault.EnabledForDiskEncryption,
existingVault.EnableSoftDelete,
existingVault.EnablePurgeProtection,
existingVault.SoftDeleteRetentionInDays,
existingVault.NetworkAcls,
ActiveDirectoryClient);
if (PassThru.IsPresent)
{
WriteObject(updatedVault);
}
}
}
