/// <summary> /// Update an existing Managed HSM. Only Tags can be updated currently. /// </summary> /// <param name="existingManagedHsm">existing Managed HSM</param> /// <param name="parameters">HSM update parameters</param> /// <param name="adClient">the active directory client</param> /// <returns>the updated Managed HSM</returns> public PSManagedHsm UpdateManagedHsm(PSManagedHsm existingManagedHsm, VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null) { if (existingManagedHsm == null) { throw new ArgumentNullException("existingManagedHsm"); } if (existingManagedHsm.OriginalManagedHsm == null) { throw new ArgumentNullException("existingManagedHsm.OriginalManagedHsm"); } //Update the vault properties in the object received from server var properties = existingManagedHsm.OriginalManagedHsm.Properties; // None property is allowed to be updated currently, // Can be added here in the furture var response = KeyVaultManagementClient.ManagedHsms.Update( resourceGroupName: existingManagedHsm.ResourceGroupName, name: existingManagedHsm.Name, parameters: new ManagedHsm { Location = existingManagedHsm.Location, Sku = new ManagedHsmSku { Name = (ManagedHsmSkuName)Enum.Parse(typeof(ManagedHsmSkuName), existingManagedHsm.Sku) }, Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true), Properties = properties }); return(new PSManagedHsm(response, adClient)); }
/// <summary> /// Update an existing Managed HSM. /// </summary> /// <param name="existingManagedHsm">existing Managed HSM</param> /// <param name="parameters">HSM update parameters</param> /// <param name="graphClient">the active directory client</param> /// <returns>the updated Managed HSM</returns> public PSManagedHsm UpdateManagedHsm(PSManagedHsm existingManagedHsm, VaultCreationOrUpdateParameters parameters, IMicrosoftGraphClient graphClient = null) { if (existingManagedHsm == null) { throw new ArgumentNullException("existingManagedHsm"); } if (existingManagedHsm.OriginalManagedHsm == null) { throw new ArgumentNullException("existingManagedHsm.OriginalManagedHsm"); } //Update the vault properties in the object received from server var properties = existingManagedHsm.OriginalManagedHsm.Properties; properties.EnablePurgeProtection = parameters.EnablePurgeProtection; var response = KeyVaultManagementClient.ManagedHsms.Update( resourceGroupName: existingManagedHsm.ResourceGroupName, name: existingManagedHsm.Name, parameters: new ManagedHsm { Location = existingManagedHsm.Location, Sku = new ManagedHsmSku { Name = (ManagedHsmSkuName)Enum.Parse(typeof(ManagedHsmSkuName), existingManagedHsm.Sku) }, Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true), Properties = properties }); return(new PSManagedHsm(response, graphClient)); }
/// <summary> /// Update an existing vault. Only EnablePurgeProtection, EnableRbacAuthorization and Tags can be updated currently. /// </summary> /// <param name="existingVault">the existing vault</param> /// <param name="updatedParamater">updated paramater</param> /// <param name="graphClient">the active directory client</param> /// <returns>the updated vault</returns> public PSKeyVault UpdateVault( PSKeyVault existingVault, VaultCreationOrUpdateParameters updatedParamater, IMicrosoftGraphClient graphClient = null) { if (existingVault == null) { throw new ArgumentNullException("existingVault"); } if (existingVault.OriginalVault == null) { throw new ArgumentNullException("existingVault.OriginalVault"); } //Update the vault properties in the object received from server var properties = existingVault.OriginalVault.Properties; if (!(properties.EnablePurgeProtection.HasValue && properties.EnablePurgeProtection.Value) && updatedParamater.EnablePurgeProtection.HasValue && updatedParamater.EnablePurgeProtection.Value) { properties.EnablePurgeProtection = updatedParamater.EnablePurgeProtection; } properties.EnableRbacAuthorization = updatedParamater.EnableRbacAuthorization; properties.PublicNetworkAccess = string.IsNullOrEmpty(updatedParamater.PublicNetworkAccess)? existingVault.PublicNetworkAccess : updatedParamater.PublicNetworkAccess; var response = KeyVaultManagementClient.Vaults.CreateOrUpdate( resourceGroupName: existingVault.ResourceGroupName, vaultName: existingVault.VaultName, parameters: new VaultCreateOrUpdateParameters { Location = existingVault.Location, Properties = properties, Tags = TagsConversionHelper.CreateTagDictionary(updatedParamater.Tags, validate: true) } ); return(new PSKeyVault(response, graphClient)); }
/// <summary> /// Update an existing Managed HSM. /// </summary> /// <param name="existingManagedHsm">existing Managed HSM</param> /// <param name="parameters">HSM update parameters</param> /// <param name="graphClient">the active directory client</param> /// <returns>the updated Managed HSM</returns> public PSManagedHsm UpdateManagedHsm(PSManagedHsm existingManagedHsm, VaultCreationOrUpdateParameters parameters, IMicrosoftGraphClient graphClient = null) { if (existingManagedHsm == null) { throw new ArgumentNullException("existingManagedHsm"); } if (existingManagedHsm.OriginalManagedHsm == null) { throw new ArgumentNullException("existingManagedHsm.OriginalManagedHsm"); } //Update the vault properties in the object received from server var properties = existingManagedHsm.OriginalManagedHsm.Properties; properties.EnablePurgeProtection = parameters.EnablePurgeProtection; if (!string.IsNullOrEmpty(parameters.PublicNetworkAccess)) { properties.PublicNetworkAccess = parameters.PublicNetworkAccess; properties.NetworkAcls.DefaultAction = PublicNetworkAccess.Enabled.ToString().Equals(parameters.PublicNetworkAccess) ? NetworkRuleAction.Allow.ToString() : NetworkRuleAction.Deny.ToString(); } var response = KeyVaultManagementClient.ManagedHsms.Update( resourceGroupName: existingManagedHsm.ResourceGroupName, name: existingManagedHsm.Name, parameters: new ManagedHsm { Location = existingManagedHsm.Location, Sku = new ManagedHsmSku { Name = (ManagedHsmSkuName)Enum.Parse(typeof(ManagedHsmSkuName), existingManagedHsm.Sku) }, Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true), Properties = properties }); return(new PSManagedHsm(response, graphClient)); }
/// <summary> /// Create a new vault /// </summary> /// <param name="parameters">vault creation parameters</param> /// <param name="adClient">the active directory client</param> /// <returns></returns> public PSKeyVault CreateNewVault(VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null, PSKeyVaultNetworkRuleSet networkRuleSet = null) { if (parameters == null) { throw new ArgumentNullException("parameters"); } if (string.IsNullOrWhiteSpace(parameters.Name)) { throw new ArgumentNullException("parameters.Name"); } if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName)) { throw new ArgumentNullException("parameters.ResourceGroupName"); } if (string.IsNullOrWhiteSpace(parameters.Location)) { throw new ArgumentNullException("parameters.Location"); } var properties = new VaultProperties(); if (parameters.CreateMode != CreateMode.Recover) { if (string.IsNullOrWhiteSpace(parameters.SkuFamilyName)) { throw new ArgumentNullException("parameters.SkuFamilyName"); } if (parameters.TenantId == Guid.Empty) { throw new ArgumentException("parameters.TenantId"); } if (!string.IsNullOrWhiteSpace(parameters.SkuName)) { if (Enum.TryParse(parameters.SkuName, true, out SkuName skuName)) { properties.Sku = new Sku(skuName); } else { throw new InvalidEnumArgumentException("parameters.SkuName"); } } properties.EnabledForDeployment = parameters.EnabledForDeployment; properties.EnabledForTemplateDeployment = parameters.EnabledForTemplateDeployment; properties.EnabledForDiskEncryption = parameters.EnabledForDiskEncryption; properties.EnableSoftDelete = parameters.EnableSoftDelete; properties.EnablePurgeProtection = parameters.EnablePurgeProtection; properties.EnableRbacAuthorization = parameters.EnableRbacAuthorization; properties.SoftDeleteRetentionInDays = parameters.SoftDeleteRetentionInDays; properties.TenantId = parameters.TenantId; properties.VaultUri = ""; properties.AccessPolicies = (parameters.AccessPolicy != null) ? new[] { parameters.AccessPolicy } : new AccessPolicyEntry[] { }; properties.NetworkAcls = parameters.NetworkAcls; if (networkRuleSet != null) { UpdateVaultNetworkRuleSetProperties(properties, networkRuleSet); } } else { properties.CreateMode = CreateMode.Recover; } var response = KeyVaultManagementClient.Vaults.CreateOrUpdate( resourceGroupName: parameters.ResourceGroupName, vaultName: parameters.Name, parameters: new VaultCreateOrUpdateParameters { Location = parameters.Location, Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true), Properties = properties }); return(new PSKeyVault(response, adClient)); }
/// <summary> /// Create a Managed HSM pool /// </summary> /// <param name="parameters">vault creation parameters</param> /// <param name="adClient">the active directory client</param> /// <returns></returns> public PSManagedHsm CreateNewManagedHsm(VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null) { if (parameters == null) { throw new ArgumentNullException("parameters"); } if (string.IsNullOrWhiteSpace(parameters.Name)) { throw new ArgumentNullException("parameters.Name"); } if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName)) { throw new ArgumentNullException("parameters.ResourceGroupName"); } if (string.IsNullOrWhiteSpace(parameters.Location)) { throw new ArgumentNullException("parameters.Location"); } if (parameters.Administrator.Length == 0) { throw new ArgumentNullException("parameters.Administrator"); } var properties = new ManagedHsmProperties(); var managedHsmSku = new ManagedHsmSku(); if (parameters.CreateMode != CreateMode.Recover) { if (string.IsNullOrWhiteSpace(parameters.SkuFamilyName)) { throw new ArgumentNullException("parameters.SkuFamilyName"); } if (parameters.TenantId == Guid.Empty) { throw new ArgumentException("parameters.TenantId"); } if (!string.IsNullOrWhiteSpace(parameters.SkuName)) { if (Enum.TryParse(parameters.SkuName, true, out ManagedHsmSkuName skuName)) { managedHsmSku.Name = skuName; } else { throw new InvalidEnumArgumentException("parameters.SkuName"); } } properties.TenantId = parameters.TenantId; properties.InitialAdminObjectIds = parameters.Administrator; properties.HsmUri = ""; properties.EnableSoftDelete = parameters.EnableSoftDelete; properties.SoftDeleteRetentionInDays = parameters.SoftDeleteRetentionInDays; properties.EnablePurgeProtection = parameters.EnablePurgeProtection; } else { properties.CreateMode = CreateMode.Recover; } var response = KeyVaultManagementClient.ManagedHsms.CreateOrUpdate( resourceGroupName: parameters.ResourceGroupName, name: parameters.Name, parameters: new ManagedHsm { Location = parameters.Location, Sku = managedHsmSku, Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true), Properties = properties }); return(new PSManagedHsm(response, adClient)); }