internal static ManagedHsmData DeserializeManagedHsmData(JsonElement element)
{
Optional <ManagedHsmProperties> properties = default;
Optional <ManagedHsmSku> sku = default;
Optional <SystemData> systemData = default;
IDictionary <string, string> tags = default;
Location location = default;
ResourceIdentifier id = default;
string name = default;
ResourceType type = default;
foreach (var property in element.EnumerateObject())
{
if (property.NameEquals("properties"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
properties = ManagedHsmProperties.DeserializeManagedHsmProperties(property.Value);
continue;
}
if (property.NameEquals("sku"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
sku = ManagedHsmSku.DeserializeManagedHsmSku(property.Value);
continue;
}
if (property.NameEquals("systemData"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
systemData = SystemData.DeserializeSystemData(property.Value);
continue;
}
if (property.NameEquals("tags"))
{
Dictionary <string, string> dictionary = new Dictionary <string, string>();
foreach (var property0 in property.Value.EnumerateObject())
{
dictionary.Add(property0.Name, property0.Value.GetString());
}
tags = dictionary;
continue;
}
if (property.NameEquals("location"))
{
location = property.Value.GetString();
continue;
}
if (property.NameEquals("id"))
{
id = property.Value.GetString();
continue;
}
if (property.NameEquals("name"))
{
name = property.Value.GetString();
continue;
}
if (property.NameEquals("type"))
{
type = property.Value.GetString();
continue;
}
}
return(new ManagedHsmData(id, name, type, tags, location, sku.Value, systemData.Value, properties.Value));
}
protected async Task Initialize()
{
Client = GetArmClient();
DeletedVaultContainer = Client.DefaultSubscription.GetDeletedVaults();
if (Mode == RecordedTestMode.Playback)
{
this.ObjectId = Recording.GetVariable(ObjectIdKey, string.Empty);
}
else if (Mode == RecordedTestMode.Record)
{
var spClient = new RbacManagementClient(TestEnvironment.TenantId, TestEnvironment.Credential).ServicePrincipals;
var servicePrincipalList = spClient.ListAsync($"appId eq '{TestEnvironment.ClientId}'").ToEnumerableAsync().Result;
foreach (var servicePrincipal in servicePrincipalList)
{
this.ObjectId = servicePrincipal.ObjectId;
Recording.GetVariable(ObjectIdKey, this.ObjectId);
break;
}
}
Location = "North Central US";
ResGroupName = Recording.GenerateAssetName("sdktestrg");
var rgResponse = await Client.DefaultSubscription.GetResourceGroups().CreateOrUpdateAsync(ResGroupName, new ResourceGroupData(Location)).ConfigureAwait(false);
ResourceGroup = rgResponse.Value;
VaultContainer = ResourceGroup.GetVaults();
VaultName = Recording.GenerateAssetName("sdktestvault");
TenantIdGuid = new Guid(TestEnvironment.TenantId);
Tags = new Dictionary <string, string> {
{ "tag1", "value1" }, { "tag2", "value2" }, { "tag3", "value3" }
};
var permissions = new Permissions
{
Keys = { new KeyPermissions("all") },
Secrets = { new SecretPermissions("all") },
Certificates = { new CertificatePermissions("all") },
Storage = { new StoragePermissions("all") },
};
AccessPolicy = new AccessPolicyEntry(TenantIdGuid, ObjectId, permissions);
VaultProperties = new VaultProperties(TenantIdGuid, new Sku(SkuFamily.A, SkuName.Standard));
VaultProperties.EnabledForDeployment = true;
VaultProperties.EnabledForDiskEncryption = true;
VaultProperties.EnabledForTemplateDeployment = true;
VaultProperties.EnableSoftDelete = true;
VaultProperties.VaultUri = "";
VaultProperties.NetworkAcls = new NetworkRuleSet()
{
Bypass = "******",
DefaultAction = "Allow",
IpRules =
{
new IPRule("1.2.3.4/32"),
new IPRule("1.0.0.0/25")
}
};
VaultProperties.AccessPolicies.Add(AccessPolicy);
ManagedHsmContainer = ResourceGroup.GetManagedHsms();
ManagedHsmProperties = new ManagedHsmProperties();
ManagedHsmProperties.InitialAdminObjectIds.Add(ObjectId);
ManagedHsmProperties.CreateMode = CreateMode.Default;
ManagedHsmProperties.EnablePurgeProtection = false;
ManagedHsmProperties.EnableSoftDelete = true;
ManagedHsmProperties.NetworkAcls = new MhsmNetworkRuleSet()
{
Bypass = "******",
DefaultAction = "Deny" //Property properties.networkAcls.ipRules is not supported currently and must be set to null.
};
ManagedHsmProperties.PublicNetworkAccess = PublicNetworkAccess.Disabled;
ManagedHsmProperties.SoftDeleteRetentionInDays = 10;
ManagedHsmProperties.TenantId = TenantIdGuid;
}
internal ManagedHsmData(ResourceIdentifier id, string name, ResourceType resourceType, SystemData systemData, IDictionary <string, string> tags, AzureLocation location, ManagedHsmSku sku, ManagedHsmProperties properties) : base(id, name, resourceType, systemData, tags, location, sku)
{
Properties = properties;
}
/// <summary>
/// Create a Managed HSM pool
/// </summary>
/// <param name="parameters">vault creation parameters</param>
/// <param name="adClient">the active directory client</param>
/// <returns></returns>
public PSManagedHsm CreateNewManagedHsm(VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null)
{
if (parameters == null)
{
throw new ArgumentNullException("parameters");
}
if (string.IsNullOrWhiteSpace(parameters.Name))
{
throw new ArgumentNullException("parameters.Name");
}
if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName))
{
throw new ArgumentNullException("parameters.ResourceGroupName");
}
if (string.IsNullOrWhiteSpace(parameters.Location))
{
throw new ArgumentNullException("parameters.Location");
}
if (parameters.Administrator.Length == 0)
{
throw new ArgumentNullException("parameters.Administrator");
}
var properties = new ManagedHsmProperties();
var managedHsmSku = new ManagedHsmSku();
if (parameters.CreateMode != CreateMode.Recover)
{
if (string.IsNullOrWhiteSpace(parameters.SkuFamilyName))
{
throw new ArgumentNullException("parameters.SkuFamilyName");
}
if (parameters.TenantId == Guid.Empty)
{
throw new ArgumentException("parameters.TenantId");
}
if (!string.IsNullOrWhiteSpace(parameters.SkuName))
{
if (Enum.TryParse(parameters.SkuName, true, out ManagedHsmSkuName skuName))
{
managedHsmSku.Name = skuName;
}
else
{
throw new InvalidEnumArgumentException("parameters.SkuName");
}
}
properties.TenantId = parameters.TenantId;
properties.InitialAdminObjectIds = parameters.Administrator;
properties.HsmUri = "";
properties.EnableSoftDelete = parameters.EnableSoftDelete;
properties.SoftDeleteRetentionInDays = parameters.SoftDeleteRetentionInDays;
properties.EnablePurgeProtection = parameters.EnablePurgeProtection;
}
else
{
properties.CreateMode = CreateMode.Recover;
}
var response = KeyVaultManagementClient.ManagedHsms.CreateOrUpdate(
resourceGroupName: parameters.ResourceGroupName,
name: parameters.Name,
parameters: new ManagedHsm
{
Location = parameters.Location,
Sku = managedHsmSku,
Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
Properties = properties
});
return(new PSManagedHsm(response, adClient));
}
protected async Task Initialize()
{
Location = AzureLocation.CanadaCentral;
Client = GetArmClient();
Subscription = await Client.GetDefaultSubscriptionAsync();
DeletedVaultCollection = Subscription.GetDeletedVaults();
if (Mode == RecordedTestMode.Playback)
{
this.ObjectId = Recording.GetVariable(ObjectIdKey, string.Empty);
}
else if (Mode == RecordedTestMode.Record)
{
// Get ObjectId of Service Principal
// [warning] Microsoft.Graph required corresponding api permission, Please make sure the service has these two api permissions as follows.
// 1. ServicePrincipalEndpoint.Read.All(TYPE-Application) 2.ServicePrincipalEndpoint.ReadWrite.All(TYPE-Application)
var scopes = new[] { "https://graph.microsoft.com/.default" };
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
var clientSecretCredential = new ClientSecretCredential(TestEnvironment.TenantId, TestEnvironment.ClientId, TestEnvironment.ClientSecret, options);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var response = await graphClient.ServicePrincipals.Request().GetAsync();
var result = response.CurrentPage.Where(i => i.AppId == TestEnvironment.ClientId).FirstOrDefault();
this.ObjectId = result.Id;
Recording.GetVariable(ObjectIdKey, this.ObjectId);
}
ResGroupName = Recording.GenerateAssetName("sdktestrg-kv-");
ArmOperation <ResourceGroupResource> rgResponse = await Subscription.GetResourceGroups().CreateOrUpdateAsync(WaitUntil.Completed, ResGroupName, new ResourceGroupData(Location)).ConfigureAwait(false);
ResourceGroupResource = rgResponse.Value;
VaultCollection = ResourceGroupResource.GetVaults();
VaultName = Recording.GenerateAssetName("sdktest-vault-");
MHSMName = Recording.GenerateAssetName("sdktest-mhsm-");
TenantIdGuid = new Guid(TestEnvironment.TenantId);
Tags = new Dictionary <string, string> {
{ "tag1", "value1" }, { "tag2", "value2" }, { "tag3", "value3" }
};
IdentityAccessPermissions permissions = new IdentityAccessPermissions
{
Keys = { new KeyPermission("all") },
Secrets = { new SecretPermission("all") },
Certificates = { new CertificatePermission("all") },
Storage = { new StoragePermission("all") },
};
AccessPolicy = new VaultAccessPolicy(TenantIdGuid, ObjectId, permissions);
VaultProperties = new VaultProperties(TenantIdGuid, new KeyVaultSku(KeyVaultSkuFamily.A, KeyVaultSkuName.Standard));
VaultProperties.EnabledForDeployment = true;
VaultProperties.EnabledForDiskEncryption = true;
VaultProperties.EnabledForTemplateDeployment = true;
VaultProperties.EnableSoftDelete = true;
VaultProperties.SoftDeleteRetentionInDays = DefSoftDeleteRetentionInDays;
VaultProperties.VaultUri = new Uri("http://vaulturi.com");
VaultProperties.NetworkRuleSet = new VaultNetworkRuleSet()
{
Bypass = "******",
DefaultAction = "Allow",
IPRules =
{
new VaultIPRule("1.2.3.4/32"),
new VaultIPRule("1.0.0.0/25")
}
};
VaultProperties.AccessPolicies.Add(AccessPolicy);
ManagedHsmCollection = ResourceGroupResource.GetManagedHsms();
ManagedHsmProperties = new ManagedHsmProperties();
ManagedHsmProperties.InitialAdminObjectIds.Add(ObjectId);
ManagedHsmProperties.CreateMode = ManagedHsmCreateMode.Default;
ManagedHsmProperties.EnableSoftDelete = true;
ManagedHsmProperties.SoftDeleteRetentionInDays = DefSoftDeleteRetentionInDays;
ManagedHsmProperties.EnablePurgeProtection = false;
ManagedHsmProperties.NetworkRuleSet = new ManagedHsmNetworkRuleSet()
{
Bypass = "******",
DefaultAction = "Deny" //Property properties.networkAcls.ipRules is not supported currently and must be set to null.
};
ManagedHsmProperties.PublicNetworkAccess = PublicNetworkAccess.Disabled;
ManagedHsmProperties.TenantId = TenantIdGuid;
}
