public PSVaultAccessPolicy(KeyVaultManagement.AccessPolicyEntry s, PSResourceManagerModels.ActiveDirectory.ActiveDirectoryClient adClient)
{
ObjectId = s.ObjectId;
DisplayName = ModelExtensions.GetDisplayNameForADObject(s.ObjectId, adClient);
TenantId = s.TenantId;
TenantName = s.TenantId.ToString();
PermissionsToSecrets = new List <string>(s.PermissionsToSecrets);
PermissionsToKeys = new List <string>(s.PermissionsToKeys);
}
public override void ExecuteCmdlet()
{
if (VaultExistsInCurrentSubscription(this.VaultName))
{
throw new ArgumentException(PSKeyVaultProperties.Resources.VaultAlreadyExists);
}
var userObjectId = Guid.Empty;
AccessPolicyEntry accessPolicy = null;
try
{
userObjectId = GetCurrentUsersObjectId();
}
catch (Exception ex)
{
// Show the graph exceptions as a warning, but still proceed to create a vault with no access policy
// This is to unblock Key Vault in Fairfax as Graph has issues in this environment.
WriteWarning(ex.Message);
}
if (userObjectId != Guid.Empty)
{
accessPolicy = new AccessPolicyEntry()
{
TenantId = GetTenantId(),
ObjectId = userObjectId,
PermissionsToKeys = DefaultPermissionsToKeys,
PermissionsToSecrets = DefaultPermissionsToSecrets
};
}
var newVault = KeyVaultManagementClient.CreateNewVault(new PSKeyVaultModels.VaultCreationParameters()
{
VaultName = this.VaultName,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
EnabledForDeployment = this.EnabledForDeployment.IsPresent,
EnabledForTemplateDeployment = EnabledForTemplateDeployment.IsPresent,
EnabledForDiskEncryption = EnabledForDiskEncryption.IsPresent,
SkuFamilyName = DefaultSkuFamily,
SkuName = string.IsNullOrWhiteSpace(this.Sku) ? DefaultSkuName : this.Sku,
TenantId = GetTenantId(),
AccessPolicy = accessPolicy,
Tags = this.Tag
},
ActiveDirectoryClient
);
this.WriteObject(newVault);
if (accessPolicy == null)
{
WriteWarning(PSKeyVaultProperties.Resources.VaultNoAccessPolicyWarning);
}
}
public void ResetPreCreatedVault()
{
if (mode == HttpRecorderMode.Record)
{
using (MockContext context = MockContext.Start(TestUtilities.GetCallingClass(), TestUtilities.GetCurrentMethodName(1)))
{
var testFactory = new LegacyTest.CSMTestEnvironmentFactory();
var testEnv = testFactory.GetTestEnvironment();
var resourcesClient = LegacyTest.TestBase.GetServiceClient<ResourceManagementClient>(testFactory);
var mgmtClient = context.GetServiceClient<KeyVaultManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
var tenantId = Guid.Parse(testEnv.AuthorizationContext.TenantId);
var policies = new AccessPolicyEntry[] { };
mgmtClient.Vaults.CreateOrUpdate(
resourceGroupName: resourceGroupName,
vaultName: preCreatedVault,
parameters: new VaultCreateOrUpdateParameters
{
Location = location,
Tags = new Dictionary<string, string> { { tagName, tagValue } },
Properties = new VaultProperties
{
EnabledForDeployment = false,
Sku = new Sku { Name = SkuName.Premium },
TenantId = tenantId,
VaultUri = "",
AccessPolicies = policies
}
}
);
}
}
}
public void ResetPreCreatedVault()
{
if (HttpMockServer.Mode == HttpRecorderMode.Record)
{
var testFactory = new CSMTestEnvironmentFactory();
var testEnv = testFactory.GetTestEnvironment();
var resourcesClient = TestBase.GetServiceClient<ResourceManagementClient>(testFactory);
var mgmtClient = TestBase.GetServiceClient<KeyVaultManagementClient>(testFactory);
var tenantId = Guid.Parse(testEnv.AuthorizationContext.TenantId);
var policies = new AccessPolicyEntry[] { };
mgmtClient.Vaults.CreateOrUpdate(
resourceGroupName: resourceGroupName,
vaultName: preCreatedVault,
parameters: new VaultCreateOrUpdateParameters
{
Location = location,
Tags = new Dictionary<string, string> { { tagName, tagValue } },
Properties = new VaultProperties
{
EnabledForDeployment = false,
Sku = new Sku { Family = "A", Name = "Premium" },
TenantId = tenantId,
VaultUri = "",
AccessPolicies = policies
}
}
);
}
}