internal static ManagedHsmData DeserializeManagedHsmData(JsonElement element) { Optional <ManagedHsmProperties> properties = default; Optional <ManagedHsmSku> sku = default; Optional <SystemData> systemData = default; IDictionary <string, string> tags = default; Location location = default; ResourceIdentifier id = default; string name = default; ResourceType type = default; foreach (var property in element.EnumerateObject()) { if (property.NameEquals("properties")) { if (property.Value.ValueKind == JsonValueKind.Null) { property.ThrowNonNullablePropertyIsNull(); continue; } properties = ManagedHsmProperties.DeserializeManagedHsmProperties(property.Value); continue; } if (property.NameEquals("sku")) { if (property.Value.ValueKind == JsonValueKind.Null) { property.ThrowNonNullablePropertyIsNull(); continue; } sku = ManagedHsmSku.DeserializeManagedHsmSku(property.Value); continue; } if (property.NameEquals("systemData")) { if (property.Value.ValueKind == JsonValueKind.Null) { property.ThrowNonNullablePropertyIsNull(); continue; } systemData = SystemData.DeserializeSystemData(property.Value); continue; } if (property.NameEquals("tags")) { Dictionary <string, string> dictionary = new Dictionary <string, string>(); foreach (var property0 in property.Value.EnumerateObject()) { dictionary.Add(property0.Name, property0.Value.GetString()); } tags = dictionary; continue; } if (property.NameEquals("location")) { location = property.Value.GetString(); continue; } if (property.NameEquals("id")) { id = property.Value.GetString(); continue; } if (property.NameEquals("name")) { name = property.Value.GetString(); continue; } if (property.NameEquals("type")) { type = property.Value.GetString(); continue; } } return(new ManagedHsmData(id, name, type, tags, location, sku.Value, systemData.Value, properties.Value)); }
protected async Task Initialize() { Client = GetArmClient(); DeletedVaultContainer = Client.DefaultSubscription.GetDeletedVaults(); if (Mode == RecordedTestMode.Playback) { this.ObjectId = Recording.GetVariable(ObjectIdKey, string.Empty); } else if (Mode == RecordedTestMode.Record) { var spClient = new RbacManagementClient(TestEnvironment.TenantId, TestEnvironment.Credential).ServicePrincipals; var servicePrincipalList = spClient.ListAsync($"appId eq '{TestEnvironment.ClientId}'").ToEnumerableAsync().Result; foreach (var servicePrincipal in servicePrincipalList) { this.ObjectId = servicePrincipal.ObjectId; Recording.GetVariable(ObjectIdKey, this.ObjectId); break; } } Location = "North Central US"; ResGroupName = Recording.GenerateAssetName("sdktestrg"); var rgResponse = await Client.DefaultSubscription.GetResourceGroups().CreateOrUpdateAsync(ResGroupName, new ResourceGroupData(Location)).ConfigureAwait(false); ResourceGroup = rgResponse.Value; VaultContainer = ResourceGroup.GetVaults(); VaultName = Recording.GenerateAssetName("sdktestvault"); TenantIdGuid = new Guid(TestEnvironment.TenantId); Tags = new Dictionary <string, string> { { "tag1", "value1" }, { "tag2", "value2" }, { "tag3", "value3" } }; var permissions = new Permissions { Keys = { new KeyPermissions("all") }, Secrets = { new SecretPermissions("all") }, Certificates = { new CertificatePermissions("all") }, Storage = { new StoragePermissions("all") }, }; AccessPolicy = new AccessPolicyEntry(TenantIdGuid, ObjectId, permissions); VaultProperties = new VaultProperties(TenantIdGuid, new Sku(SkuFamily.A, SkuName.Standard)); VaultProperties.EnabledForDeployment = true; VaultProperties.EnabledForDiskEncryption = true; VaultProperties.EnabledForTemplateDeployment = true; VaultProperties.EnableSoftDelete = true; VaultProperties.VaultUri = ""; VaultProperties.NetworkAcls = new NetworkRuleSet() { Bypass = "******", DefaultAction = "Allow", IpRules = { new IPRule("1.2.3.4/32"), new IPRule("1.0.0.0/25") } }; VaultProperties.AccessPolicies.Add(AccessPolicy); ManagedHsmContainer = ResourceGroup.GetManagedHsms(); ManagedHsmProperties = new ManagedHsmProperties(); ManagedHsmProperties.InitialAdminObjectIds.Add(ObjectId); ManagedHsmProperties.CreateMode = CreateMode.Default; ManagedHsmProperties.EnablePurgeProtection = false; ManagedHsmProperties.EnableSoftDelete = true; ManagedHsmProperties.NetworkAcls = new MhsmNetworkRuleSet() { Bypass = "******", DefaultAction = "Deny" //Property properties.networkAcls.ipRules is not supported currently and must be set to null. }; ManagedHsmProperties.PublicNetworkAccess = PublicNetworkAccess.Disabled; ManagedHsmProperties.SoftDeleteRetentionInDays = 10; ManagedHsmProperties.TenantId = TenantIdGuid; }
internal ManagedHsmData(ResourceIdentifier id, string name, ResourceType resourceType, SystemData systemData, IDictionary <string, string> tags, AzureLocation location, ManagedHsmSku sku, ManagedHsmProperties properties) : base(id, name, resourceType, systemData, tags, location, sku) { Properties = properties; }
/// <summary> /// Create a Managed HSM pool /// </summary> /// <param name="parameters">vault creation parameters</param> /// <param name="adClient">the active directory client</param> /// <returns></returns> public PSManagedHsm CreateNewManagedHsm(VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null) { if (parameters == null) { throw new ArgumentNullException("parameters"); } if (string.IsNullOrWhiteSpace(parameters.Name)) { throw new ArgumentNullException("parameters.Name"); } if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName)) { throw new ArgumentNullException("parameters.ResourceGroupName"); } if (string.IsNullOrWhiteSpace(parameters.Location)) { throw new ArgumentNullException("parameters.Location"); } if (parameters.Administrator.Length == 0) { throw new ArgumentNullException("parameters.Administrator"); } var properties = new ManagedHsmProperties(); var managedHsmSku = new ManagedHsmSku(); if (parameters.CreateMode != CreateMode.Recover) { if (string.IsNullOrWhiteSpace(parameters.SkuFamilyName)) { throw new ArgumentNullException("parameters.SkuFamilyName"); } if (parameters.TenantId == Guid.Empty) { throw new ArgumentException("parameters.TenantId"); } if (!string.IsNullOrWhiteSpace(parameters.SkuName)) { if (Enum.TryParse(parameters.SkuName, true, out ManagedHsmSkuName skuName)) { managedHsmSku.Name = skuName; } else { throw new InvalidEnumArgumentException("parameters.SkuName"); } } properties.TenantId = parameters.TenantId; properties.InitialAdminObjectIds = parameters.Administrator; properties.HsmUri = ""; properties.EnableSoftDelete = parameters.EnableSoftDelete; properties.SoftDeleteRetentionInDays = parameters.SoftDeleteRetentionInDays; properties.EnablePurgeProtection = parameters.EnablePurgeProtection; } else { properties.CreateMode = CreateMode.Recover; } var response = KeyVaultManagementClient.ManagedHsms.CreateOrUpdate( resourceGroupName: parameters.ResourceGroupName, name: parameters.Name, parameters: new ManagedHsm { Location = parameters.Location, Sku = managedHsmSku, Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true), Properties = properties }); return(new PSManagedHsm(response, adClient)); }
protected async Task Initialize() { Location = AzureLocation.CanadaCentral; Client = GetArmClient(); Subscription = await Client.GetDefaultSubscriptionAsync(); DeletedVaultCollection = Subscription.GetDeletedVaults(); if (Mode == RecordedTestMode.Playback) { this.ObjectId = Recording.GetVariable(ObjectIdKey, string.Empty); } else if (Mode == RecordedTestMode.Record) { // Get ObjectId of Service Principal // [warning] Microsoft.Graph required corresponding api permission, Please make sure the service has these two api permissions as follows. // 1. ServicePrincipalEndpoint.Read.All(TYPE-Application) 2.ServicePrincipalEndpoint.ReadWrite.All(TYPE-Application) var scopes = new[] { "https://graph.microsoft.com/.default" }; var options = new TokenCredentialOptions { AuthorityHost = AzureAuthorityHosts.AzurePublicCloud }; var clientSecretCredential = new ClientSecretCredential(TestEnvironment.TenantId, TestEnvironment.ClientId, TestEnvironment.ClientSecret, options); var graphClient = new GraphServiceClient(clientSecretCredential, scopes); var response = await graphClient.ServicePrincipals.Request().GetAsync(); var result = response.CurrentPage.Where(i => i.AppId == TestEnvironment.ClientId).FirstOrDefault(); this.ObjectId = result.Id; Recording.GetVariable(ObjectIdKey, this.ObjectId); } ResGroupName = Recording.GenerateAssetName("sdktestrg-kv-"); ArmOperation <ResourceGroupResource> rgResponse = await Subscription.GetResourceGroups().CreateOrUpdateAsync(WaitUntil.Completed, ResGroupName, new ResourceGroupData(Location)).ConfigureAwait(false); ResourceGroupResource = rgResponse.Value; VaultCollection = ResourceGroupResource.GetVaults(); VaultName = Recording.GenerateAssetName("sdktest-vault-"); MHSMName = Recording.GenerateAssetName("sdktest-mhsm-"); TenantIdGuid = new Guid(TestEnvironment.TenantId); Tags = new Dictionary <string, string> { { "tag1", "value1" }, { "tag2", "value2" }, { "tag3", "value3" } }; IdentityAccessPermissions permissions = new IdentityAccessPermissions { Keys = { new KeyPermission("all") }, Secrets = { new SecretPermission("all") }, Certificates = { new CertificatePermission("all") }, Storage = { new StoragePermission("all") }, }; AccessPolicy = new VaultAccessPolicy(TenantIdGuid, ObjectId, permissions); VaultProperties = new VaultProperties(TenantIdGuid, new KeyVaultSku(KeyVaultSkuFamily.A, KeyVaultSkuName.Standard)); VaultProperties.EnabledForDeployment = true; VaultProperties.EnabledForDiskEncryption = true; VaultProperties.EnabledForTemplateDeployment = true; VaultProperties.EnableSoftDelete = true; VaultProperties.SoftDeleteRetentionInDays = DefSoftDeleteRetentionInDays; VaultProperties.VaultUri = new Uri("http://vaulturi.com"); VaultProperties.NetworkRuleSet = new VaultNetworkRuleSet() { Bypass = "******", DefaultAction = "Allow", IPRules = { new VaultIPRule("1.2.3.4/32"), new VaultIPRule("1.0.0.0/25") } }; VaultProperties.AccessPolicies.Add(AccessPolicy); ManagedHsmCollection = ResourceGroupResource.GetManagedHsms(); ManagedHsmProperties = new ManagedHsmProperties(); ManagedHsmProperties.InitialAdminObjectIds.Add(ObjectId); ManagedHsmProperties.CreateMode = ManagedHsmCreateMode.Default; ManagedHsmProperties.EnableSoftDelete = true; ManagedHsmProperties.SoftDeleteRetentionInDays = DefSoftDeleteRetentionInDays; ManagedHsmProperties.EnablePurgeProtection = false; ManagedHsmProperties.NetworkRuleSet = new ManagedHsmNetworkRuleSet() { Bypass = "******", DefaultAction = "Deny" //Property properties.networkAcls.ipRules is not supported currently and must be set to null. }; ManagedHsmProperties.PublicNetworkAccess = PublicNetworkAccess.Disabled; ManagedHsmProperties.TenantId = TenantIdGuid; }