public void TestUpdateEncryptionProtector()
        {
            using (SqlManagementTestContext context = new SqlManagementTestContext(this))
            {
                SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();

                ResourceGroup resourceGroup = context.CreateResourceGroup();
                Server        server        = sqlClient.Servers.CreateOrUpdate(
                    resourceGroup.Name,
                    serverName: SqlManagementTestUtilities.GenerateName(),
                    parameters: new Server
                {
                    AdministratorLogin         = SqlManagementTestUtilities.DefaultLogin,
                    AdministratorLoginPassword = SqlManagementTestUtilities.DefaultPassword,
                    Location = resourceGroup.Location,
                    Identity = new ResourceIdentity()
                    {
                        Type = IdentityType.SystemAssigned
                    }
                });

                var keyBundle = SqlManagementTestUtilities.CreateKeyVaultKeyWithServerAccess(context, resourceGroup, server);

                // Create server key
                string serverKeyName = SqlManagementTestUtilities.GetServerKeyNameFromKeyBundle(keyBundle);
                string serverKeyUri  = keyBundle.Key.Kid;
                var    serverKey     = sqlClient.ServerKeys.CreateOrUpdate(resourceGroup.Name, server.Name, serverKeyName, new ServerKey()
                {
                    ServerKeyType = "AzureKeyVault",
                    Uri           = serverKeyUri
                });
                SqlManagementTestUtilities.ValidateServerKey(serverKey, serverKeyName, "AzureKeyVault", serverKeyUri);

                // Update to Key Vault
                sqlClient.EncryptionProtectors.CreateOrUpdate(resourceGroup.Name, server.Name, new EncryptionProtector()
                {
                    ServerKeyName = serverKeyName,
                    ServerKeyType = "AzureKeyVault"
                });

                EncryptionProtector encProtector1 = sqlClient.EncryptionProtectors.Get(resourceGroup.Name, server.Name);
                Assert.Equal("AzureKeyVault", encProtector1.ServerKeyType);
                Assert.Equal(serverKeyName, encProtector1.ServerKeyName);

                // Update to Service Managed
                sqlClient.EncryptionProtectors.CreateOrUpdate(resourceGroup.Name, server.Name, new EncryptionProtector()
                {
                    ServerKeyName = "ServiceManaged",
                    ServerKeyType = "ServiceManaged"
                });

                EncryptionProtector encProtector2 = sqlClient.EncryptionProtectors.Get(resourceGroup.Name, server.Name);
                Assert.Equal("ServiceManaged", encProtector2.ServerKeyType);
                Assert.Equal("ServiceManaged", encProtector2.ServerKeyName);
            }
        }
Example #2
0
        public void TestUpdateEncryptionProtector()
        {
            using (SqlManagementTestContext context = new SqlManagementTestContext(this))
            {
                SqlManagementClient      sqlClient      = context.GetClient <SqlManagementClient>();
                ResourceManagementClient resourceClient = context.GetClient <ResourceManagementClient>();
                ResourceGroup            resourceGroup  = context.CreateResourceGroup();
                string resourceGroupName = resourceGroup.Name;

                ManagedInstance managedInstance = context.CreateManagedInstance(resourceGroup, new ManagedInstance()
                {
                    Identity = new ResourceIdentity()
                    {
                        Type = IdentityType.SystemAssignedUserAssigned,
                        UserAssignedIdentities = ManagedInstanceTestUtilities.UserIdentity
                    },
                    PrimaryUserAssignedIdentityId = ManagedInstanceTestUtilities.UAMI
                });
                managedInstance = sqlClient.ManagedInstances.Get(resourceGroupName, managedInstance.Name);

                var keyBundle = SqlManagementTestUtilities.CreateKeyVaultKeyWithManagedInstanceAccess(context, resourceGroup, managedInstance);

                // Create server key
                string serverKeyName      = SqlManagementTestUtilities.GetServerKeyNameFromKeyBundle(keyBundle);
                string serverKeyUri       = keyBundle.Key.Kid;
                var    managedInstanceKey = sqlClient.ManagedInstanceKeys.CreateOrUpdate(resourceGroup.Name, managedInstance.Name, serverKeyName, new ManagedInstanceKey()
                {
                    ServerKeyType = "AzureKeyVault",
                    Uri           = serverKeyUri
                });
                SqlManagementTestUtilities.ValidateManagedInstanceKey(managedInstanceKey, serverKeyName, "AzureKeyVault", serverKeyUri);

                // Update to Key Vault
                sqlClient.ManagedInstanceEncryptionProtectors.CreateOrUpdate(resourceGroup.Name, managedInstance.Name, new ManagedInstanceEncryptionProtector()
                {
                    ServerKeyName = serverKeyName,
                    ServerKeyType = "AzureKeyVault"
                });

                ManagedInstanceEncryptionProtector encProtector1 = sqlClient.ManagedInstanceEncryptionProtectors.Get(resourceGroup.Name, managedInstance.Name);
                Assert.Equal("AzureKeyVault", encProtector1.ServerKeyType);
                Assert.Equal(serverKeyName, encProtector1.ServerKeyName);

                // Update to Service Managed
                sqlClient.ManagedInstanceEncryptionProtectors.CreateOrUpdate(resourceGroup.Name, managedInstance.Name, new ManagedInstanceEncryptionProtector()
                {
                    ServerKeyName = "ServiceManaged",
                    ServerKeyType = "ServiceManaged"
                });

                ManagedInstanceEncryptionProtector encProtector2 = sqlClient.ManagedInstanceEncryptionProtectors.Get(resourceGroup.Name, managedInstance.Name);
                Assert.Equal("ServiceManaged", encProtector2.ServerKeyType);
                Assert.Equal("ServiceManaged", encProtector2.ServerKeyName);
            }
        }
        public void TestCreateUpdateDropServerKey()
        {
            using (SqlManagementTestContext context = new SqlManagementTestContext(this))
            {
                SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();

                ResourceGroup resourceGroup = context.CreateResourceGroup();
                Server        server        = sqlClient.Servers.CreateOrUpdate(
                    resourceGroup.Name,
                    serverName: SqlManagementTestUtilities.GenerateName(),
                    parameters: new Server
                {
                    AdministratorLogin         = SqlManagementTestUtilities.DefaultLogin,
                    AdministratorLoginPassword = SqlManagementTestUtilities.DefaultPassword,
                    Location = resourceGroup.Location,
                    Identity = new ResourceIdentityWithUserAssignedIdentities()
                    {
                        Type = IdentityType.SystemAssigned
                    }
                });

                var keyBundle = SqlManagementTestUtilities.CreateKeyVaultKeyWithServerAccess(context, resourceGroup, server);

                // Create server key
                string serverKeyName = SqlManagementTestUtilities.GetServerKeyNameFromKeyBundle(keyBundle);
                string serverKeyUri  = keyBundle.Key.Kid;
                var    serverKey     = sqlClient.ServerKeys.CreateOrUpdate(resourceGroup.Name, server.Name, serverKeyName, new ServerKey()
                {
                    ServerKeyType = "AzureKeyVault",
                    Uri           = serverKeyUri
                });
                SqlManagementTestUtilities.ValidateServerKey(serverKey, serverKeyName, "AzureKeyVault", serverKeyUri);

                // Validate key exists by getting key
                var key1 = sqlClient.ServerKeys.Get(resourceGroup.Name, server.Name, serverKeyName);
                SqlManagementTestUtilities.ValidateServerKey(key1, serverKeyName, "AzureKeyVault", serverKeyUri);

                // Validate key exists by listing keys
                var keyList = sqlClient.ServerKeys.ListByServer(resourceGroup.Name, server.Name);
                Assert.Equal(2, keyList.Count());

                //TODO: Temporarily disabling this since delete operation is affected by a production bug.
                //// Delete key
                //sqlClient.ServerKeys.Delete(resourceGroup.Name, server.Name, serverKeyName);

                //// Validate key is gone by listing keys
                //var keyList2 = sqlClient.ServerKeys.ListByServer(resourceGroup.Name, server.Name);
                //Assert.Equal(1, keyList2.Count());
            }
        }
        public void TestCreateUpdateDropManagedInstanceKeys()
        {
            using (SqlManagementTestContext context = new SqlManagementTestContext(this))
            {
                SqlManagementClient      sqlClient      = context.GetClient <SqlManagementClient>();
                ResourceManagementClient resourceClient = context.GetClient <ResourceManagementClient>();
                var             resourceGroup           = context.CreateResourceGroup(ManagedInstanceTestUtilities.Region);
                ManagedInstance managedInstance         = context.CreateManagedInstance(resourceGroup, new ManagedInstance()
                {
                    Identity = new ResourceIdentity()
                    {
                        Type = IdentityType.SystemAssignedUserAssigned,
                        UserAssignedIdentities = ManagedInstanceTestUtilities.UserIdentity,
                    },
                    PrimaryUserAssignedIdentityId = ManagedInstanceTestUtilities.UAMI
                });

                var    keyBundle          = SqlManagementTestUtilities.CreateKeyVaultKeyWithManagedInstanceAccess(context, resourceGroup, managedInstance);
                string serverKeyName      = SqlManagementTestUtilities.GetServerKeyNameFromKeyBundle(keyBundle);
                string keyUri             = keyBundle.Key.Kid;
                var    managedInstanceKey = sqlClient.ManagedInstanceKeys.CreateOrUpdate(
                    resourceGroupName: resourceGroup.Name,
                    managedInstanceName: managedInstance.Name,
                    keyName: serverKeyName,
                    parameters: new ManagedInstanceKey()
                {
                    ServerKeyType = "AzureKeyVault",
                    Uri           = keyUri
                });

                SqlManagementTestUtilities.ValidateManagedInstanceKey(managedInstanceKey, serverKeyName, "AzureKeyVault", keyUri);


                // Validate key exists by getting key
                var key1 = sqlClient.ManagedInstanceKeys.Get(
                    resourceGroupName: resourceGroup.Name,
                    managedInstanceName: managedInstance.Name,
                    keyName: serverKeyName);

                SqlManagementTestUtilities.ValidateManagedInstanceKey(key1, serverKeyName, "AzureKeyVault", keyUri);

                // Validate key exists by listing keys
                var keyList = sqlClient.ManagedInstanceKeys.ListByInstance(
                    resourceGroupName: resourceGroup.Name,
                    managedInstanceName: managedInstance.Name);

                Assert.True(keyList.Count() > 0);
            }
        }
        public void TestCreateUpdateDropManagedInstanceKeys()
        {
            using (SqlManagementTestContext context = new SqlManagementTestContext(this))
            {
                string resourceGroupName   = ManagedInstanceResourceGroup;
                string managedInstanceName = ManagedInstanceName;

                SqlManagementClient      sqlClient       = context.GetClient <SqlManagementClient>();
                ResourceManagementClient resourceClient  = context.GetClient <ResourceManagementClient>();
                ResourceGroup            resourceGroup   = resourceClient.ResourceGroups.Get(resourceGroupName);
                ManagedInstance          managedInstance = sqlClient.ManagedInstances.Get(resourceGroupName, managedInstanceName);

                var    keyBundle          = SqlManagementTestUtilities.CreateKeyVaultKeyWithManagedInstanceAccess(context, resourceGroup, managedInstance);
                string serverKeyName      = SqlManagementTestUtilities.GetServerKeyNameFromKeyBundle(keyBundle);
                string keyUri             = keyBundle.Key.Kid;
                var    managedInstanceKey = sqlClient.ManagedInstanceKeys.CreateOrUpdate(
                    resourceGroupName: resourceGroup.Name,
                    managedInstanceName: managedInstance.Name,
                    keyName: serverKeyName,
                    parameters: new ManagedInstanceKey()
                {
                    ServerKeyType = "AzureKeyVault",
                    Uri           = keyUri
                });

                SqlManagementTestUtilities.ValidateManagedInstanceKey(managedInstanceKey, serverKeyName, "AzureKeyVault", keyUri);


                // Validate key exists by getting key
                var key1 = sqlClient.ManagedInstanceKeys.Get(
                    resourceGroupName: resourceGroup.Name,
                    managedInstanceName: managedInstance.Name,
                    keyName: serverKeyName);

                SqlManagementTestUtilities.ValidateManagedInstanceKey(key1, serverKeyName, "AzureKeyVault", keyUri);

                // Validate key exists by listing keys
                var keyList = sqlClient.ManagedInstanceKeys.ListByInstance(
                    resourceGroupName: resourceGroup.Name,
                    managedInstanceName: managedInstance.Name);

                Assert.True(keyList.Count() > 0);
            }
        }