public void TestUpdateEncryptionProtector()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
ResourceGroup resourceGroup = context.CreateResourceGroup();
Server server = sqlClient.Servers.CreateOrUpdate(
resourceGroup.Name,
serverName: SqlManagementTestUtilities.GenerateName(),
parameters: new Server
{
AdministratorLogin = SqlManagementTestUtilities.DefaultLogin,
AdministratorLoginPassword = SqlManagementTestUtilities.DefaultPassword,
Location = resourceGroup.Location,
Identity = new ResourceIdentity()
{
Type = IdentityType.SystemAssigned
}
});
var keyBundle = SqlManagementTestUtilities.CreateKeyVaultKeyWithServerAccess(context, resourceGroup, server);
// Create server key
string serverKeyName = SqlManagementTestUtilities.GetServerKeyNameFromKeyBundle(keyBundle);
string serverKeyUri = keyBundle.Key.Kid;
var serverKey = sqlClient.ServerKeys.CreateOrUpdate(resourceGroup.Name, server.Name, serverKeyName, new ServerKey()
{
ServerKeyType = "AzureKeyVault",
Uri = serverKeyUri
});
SqlManagementTestUtilities.ValidateServerKey(serverKey, serverKeyName, "AzureKeyVault", serverKeyUri);
// Update to Key Vault
sqlClient.EncryptionProtectors.CreateOrUpdate(resourceGroup.Name, server.Name, new EncryptionProtector()
{
ServerKeyName = serverKeyName,
ServerKeyType = "AzureKeyVault"
});
EncryptionProtector encProtector1 = sqlClient.EncryptionProtectors.Get(resourceGroup.Name, server.Name);
Assert.Equal("AzureKeyVault", encProtector1.ServerKeyType);
Assert.Equal(serverKeyName, encProtector1.ServerKeyName);
// Update to Service Managed
sqlClient.EncryptionProtectors.CreateOrUpdate(resourceGroup.Name, server.Name, new EncryptionProtector()
{
ServerKeyName = "ServiceManaged",
ServerKeyType = "ServiceManaged"
});
EncryptionProtector encProtector2 = sqlClient.EncryptionProtectors.Get(resourceGroup.Name, server.Name);
Assert.Equal("ServiceManaged", encProtector2.ServerKeyType);
Assert.Equal("ServiceManaged", encProtector2.ServerKeyName);
}
}
public void TestCreateUpdateDropServerKey()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
ResourceGroup resourceGroup = context.CreateResourceGroup();
Server server = sqlClient.Servers.CreateOrUpdate(
resourceGroup.Name,
serverName: SqlManagementTestUtilities.GenerateName(),
parameters: new Server
{
AdministratorLogin = SqlManagementTestUtilities.DefaultLogin,
AdministratorLoginPassword = SqlManagementTestUtilities.DefaultPassword,
Location = resourceGroup.Location,
Identity = new ResourceIdentityWithUserAssignedIdentities()
{
Type = IdentityType.SystemAssigned
}
});
var keyBundle = SqlManagementTestUtilities.CreateKeyVaultKeyWithServerAccess(context, resourceGroup, server);
// Create server key
string serverKeyName = SqlManagementTestUtilities.GetServerKeyNameFromKeyBundle(keyBundle);
string serverKeyUri = keyBundle.Key.Kid;
var serverKey = sqlClient.ServerKeys.CreateOrUpdate(resourceGroup.Name, server.Name, serverKeyName, new ServerKey()
{
ServerKeyType = "AzureKeyVault",
Uri = serverKeyUri
});
SqlManagementTestUtilities.ValidateServerKey(serverKey, serverKeyName, "AzureKeyVault", serverKeyUri);
// Validate key exists by getting key
var key1 = sqlClient.ServerKeys.Get(resourceGroup.Name, server.Name, serverKeyName);
SqlManagementTestUtilities.ValidateServerKey(key1, serverKeyName, "AzureKeyVault", serverKeyUri);
// Validate key exists by listing keys
var keyList = sqlClient.ServerKeys.ListByServer(resourceGroup.Name, server.Name);
Assert.Equal(2, keyList.Count());
//TODO: Temporarily disabling this since delete operation is affected by a production bug.
//// Delete key
//sqlClient.ServerKeys.Delete(resourceGroup.Name, server.Name, serverKeyName);
//// Validate key is gone by listing keys
//var keyList2 = sqlClient.ServerKeys.ListByServer(resourceGroup.Name, server.Name);
//Assert.Equal(1, keyList2.Count());
}
}