/// <summary>
/// Update an existing Managed HSM. Only Tags can be updated currently.
/// </summary>
/// <param name="existingManagedHsm">existing Managed HSM</param>
/// <param name="parameters">HSM update parameters</param>
/// <param name="adClient">the active directory client</param>
/// <returns>the updated Managed HSM</returns>
public PSManagedHsm UpdateManagedHsm(PSManagedHsm existingManagedHsm, VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null)
{
if (existingManagedHsm == null)
{
throw new ArgumentNullException("existingManagedHsm");
}
if (existingManagedHsm.OriginalManagedHsm == null)
{
throw new ArgumentNullException("existingManagedHsm.OriginalManagedHsm");
}
//Update the vault properties in the object received from server
var properties = existingManagedHsm.OriginalManagedHsm.Properties;
// None property is allowed to be updated currently,
// Can be added here in the furture
var response = KeyVaultManagementClient.ManagedHsms.Update(
resourceGroupName: existingManagedHsm.ResourceGroupName,
name: existingManagedHsm.Name,
parameters: new ManagedHsm
{
Location = existingManagedHsm.Location,
Sku = new ManagedHsmSku
{
Name = (ManagedHsmSkuName)Enum.Parse(typeof(ManagedHsmSkuName), existingManagedHsm.Sku)
},
Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
Properties = properties
});
return(new PSManagedHsm(response, adClient));
}
/// <summary>
/// Update an existing Managed HSM.
/// </summary>
/// <param name="existingManagedHsm">existing Managed HSM</param>
/// <param name="parameters">HSM update parameters</param>
/// <param name="graphClient">the active directory client</param>
/// <returns>the updated Managed HSM</returns>
public PSManagedHsm UpdateManagedHsm(PSManagedHsm existingManagedHsm, VaultCreationOrUpdateParameters parameters, IMicrosoftGraphClient graphClient = null)
{
if (existingManagedHsm == null)
{
throw new ArgumentNullException("existingManagedHsm");
}
if (existingManagedHsm.OriginalManagedHsm == null)
{
throw new ArgumentNullException("existingManagedHsm.OriginalManagedHsm");
}
//Update the vault properties in the object received from server
var properties = existingManagedHsm.OriginalManagedHsm.Properties;
properties.EnablePurgeProtection = parameters.EnablePurgeProtection;
var response = KeyVaultManagementClient.ManagedHsms.Update(
resourceGroupName: existingManagedHsm.ResourceGroupName,
name: existingManagedHsm.Name,
parameters: new ManagedHsm
{
Location = existingManagedHsm.Location,
Sku = new ManagedHsmSku
{
Name = (ManagedHsmSkuName)Enum.Parse(typeof(ManagedHsmSkuName), existingManagedHsm.Sku)
},
Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
Properties = properties
});
return(new PSManagedHsm(response, graphClient));
}
/// <summary>
/// Update an existing vault. Only EnablePurgeProtection, EnableRbacAuthorization and Tags can be updated currently.
/// </summary>
/// <param name="existingVault">the existing vault</param>
/// <param name="updatedParamater">updated paramater</param>
/// <param name="graphClient">the active directory client</param>
/// <returns>the updated vault</returns>
public PSKeyVault UpdateVault(
PSKeyVault existingVault,
VaultCreationOrUpdateParameters updatedParamater,
IMicrosoftGraphClient graphClient = null)
{
if (existingVault == null)
{
throw new ArgumentNullException("existingVault");
}
if (existingVault.OriginalVault == null)
{
throw new ArgumentNullException("existingVault.OriginalVault");
}
//Update the vault properties in the object received from server
var properties = existingVault.OriginalVault.Properties;
if (!(properties.EnablePurgeProtection.HasValue && properties.EnablePurgeProtection.Value) &&
updatedParamater.EnablePurgeProtection.HasValue &&
updatedParamater.EnablePurgeProtection.Value)
{
properties.EnablePurgeProtection = updatedParamater.EnablePurgeProtection;
}
properties.EnableRbacAuthorization = updatedParamater.EnableRbacAuthorization;
properties.PublicNetworkAccess = string.IsNullOrEmpty(updatedParamater.PublicNetworkAccess)?
existingVault.PublicNetworkAccess : updatedParamater.PublicNetworkAccess;
var response = KeyVaultManagementClient.Vaults.CreateOrUpdate(
resourceGroupName: existingVault.ResourceGroupName,
vaultName: existingVault.VaultName,
parameters: new VaultCreateOrUpdateParameters
{
Location = existingVault.Location,
Properties = properties,
Tags = TagsConversionHelper.CreateTagDictionary(updatedParamater.Tags, validate: true)
}
);
return(new PSKeyVault(response, graphClient));
}
/// <summary>
/// Update an existing Managed HSM.
/// </summary>
/// <param name="existingManagedHsm">existing Managed HSM</param>
/// <param name="parameters">HSM update parameters</param>
/// <param name="graphClient">the active directory client</param>
/// <returns>the updated Managed HSM</returns>
public PSManagedHsm UpdateManagedHsm(PSManagedHsm existingManagedHsm, VaultCreationOrUpdateParameters parameters, IMicrosoftGraphClient graphClient = null)
{
if (existingManagedHsm == null)
{
throw new ArgumentNullException("existingManagedHsm");
}
if (existingManagedHsm.OriginalManagedHsm == null)
{
throw new ArgumentNullException("existingManagedHsm.OriginalManagedHsm");
}
//Update the vault properties in the object received from server
var properties = existingManagedHsm.OriginalManagedHsm.Properties;
properties.EnablePurgeProtection = parameters.EnablePurgeProtection;
if (!string.IsNullOrEmpty(parameters.PublicNetworkAccess))
{
properties.PublicNetworkAccess = parameters.PublicNetworkAccess;
properties.NetworkAcls.DefaultAction = PublicNetworkAccess.Enabled.ToString().Equals(parameters.PublicNetworkAccess) ?
NetworkRuleAction.Allow.ToString() : NetworkRuleAction.Deny.ToString();
}
var response = KeyVaultManagementClient.ManagedHsms.Update(
resourceGroupName: existingManagedHsm.ResourceGroupName,
name: existingManagedHsm.Name,
parameters: new ManagedHsm
{
Location = existingManagedHsm.Location,
Sku = new ManagedHsmSku
{
Name = (ManagedHsmSkuName)Enum.Parse(typeof(ManagedHsmSkuName), existingManagedHsm.Sku)
},
Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
Properties = properties
});
return(new PSManagedHsm(response, graphClient));
}
/// <summary>
/// Create a new vault
/// </summary>
/// <param name="parameters">vault creation parameters</param>
/// <param name="adClient">the active directory client</param>
/// <returns></returns>
public PSKeyVault CreateNewVault(VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null, PSKeyVaultNetworkRuleSet networkRuleSet = null)
{
if (parameters == null)
{
throw new ArgumentNullException("parameters");
}
if (string.IsNullOrWhiteSpace(parameters.Name))
{
throw new ArgumentNullException("parameters.Name");
}
if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName))
{
throw new ArgumentNullException("parameters.ResourceGroupName");
}
if (string.IsNullOrWhiteSpace(parameters.Location))
{
throw new ArgumentNullException("parameters.Location");
}
var properties = new VaultProperties();
if (parameters.CreateMode != CreateMode.Recover)
{
if (string.IsNullOrWhiteSpace(parameters.SkuFamilyName))
{
throw new ArgumentNullException("parameters.SkuFamilyName");
}
if (parameters.TenantId == Guid.Empty)
{
throw new ArgumentException("parameters.TenantId");
}
if (!string.IsNullOrWhiteSpace(parameters.SkuName))
{
if (Enum.TryParse(parameters.SkuName, true, out SkuName skuName))
{
properties.Sku = new Sku(skuName);
}
else
{
throw new InvalidEnumArgumentException("parameters.SkuName");
}
}
properties.EnabledForDeployment = parameters.EnabledForDeployment;
properties.EnabledForTemplateDeployment = parameters.EnabledForTemplateDeployment;
properties.EnabledForDiskEncryption = parameters.EnabledForDiskEncryption;
properties.EnableSoftDelete = parameters.EnableSoftDelete;
properties.EnablePurgeProtection = parameters.EnablePurgeProtection;
properties.EnableRbacAuthorization = parameters.EnableRbacAuthorization;
properties.SoftDeleteRetentionInDays = parameters.SoftDeleteRetentionInDays;
properties.TenantId = parameters.TenantId;
properties.VaultUri = "";
properties.AccessPolicies = (parameters.AccessPolicy != null) ? new[] { parameters.AccessPolicy } : new AccessPolicyEntry[] { };
properties.NetworkAcls = parameters.NetworkAcls;
if (networkRuleSet != null)
{
UpdateVaultNetworkRuleSetProperties(properties, networkRuleSet);
}
}
else
{
properties.CreateMode = CreateMode.Recover;
}
var response = KeyVaultManagementClient.Vaults.CreateOrUpdate(
resourceGroupName: parameters.ResourceGroupName,
vaultName: parameters.Name,
parameters: new VaultCreateOrUpdateParameters
{
Location = parameters.Location,
Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
Properties = properties
});
return(new PSKeyVault(response, adClient));
}
/// <summary>
/// Create a Managed HSM pool
/// </summary>
/// <param name="parameters">vault creation parameters</param>
/// <param name="adClient">the active directory client</param>
/// <returns></returns>
public PSManagedHsm CreateNewManagedHsm(VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null)
{
if (parameters == null)
{
throw new ArgumentNullException("parameters");
}
if (string.IsNullOrWhiteSpace(parameters.Name))
{
throw new ArgumentNullException("parameters.Name");
}
if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName))
{
throw new ArgumentNullException("parameters.ResourceGroupName");
}
if (string.IsNullOrWhiteSpace(parameters.Location))
{
throw new ArgumentNullException("parameters.Location");
}
if (parameters.Administrator.Length == 0)
{
throw new ArgumentNullException("parameters.Administrator");
}
var properties = new ManagedHsmProperties();
var managedHsmSku = new ManagedHsmSku();
if (parameters.CreateMode != CreateMode.Recover)
{
if (string.IsNullOrWhiteSpace(parameters.SkuFamilyName))
{
throw new ArgumentNullException("parameters.SkuFamilyName");
}
if (parameters.TenantId == Guid.Empty)
{
throw new ArgumentException("parameters.TenantId");
}
if (!string.IsNullOrWhiteSpace(parameters.SkuName))
{
if (Enum.TryParse(parameters.SkuName, true, out ManagedHsmSkuName skuName))
{
managedHsmSku.Name = skuName;
}
else
{
throw new InvalidEnumArgumentException("parameters.SkuName");
}
}
properties.TenantId = parameters.TenantId;
properties.InitialAdminObjectIds = parameters.Administrator;
properties.HsmUri = "";
properties.EnableSoftDelete = parameters.EnableSoftDelete;
properties.SoftDeleteRetentionInDays = parameters.SoftDeleteRetentionInDays;
properties.EnablePurgeProtection = parameters.EnablePurgeProtection;
}
else
{
properties.CreateMode = CreateMode.Recover;
}
var response = KeyVaultManagementClient.ManagedHsms.CreateOrUpdate(
resourceGroupName: parameters.ResourceGroupName,
name: parameters.Name,
parameters: new ManagedHsm
{
Location = parameters.Location,
Sku = managedHsmSku,
Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
Properties = properties
});
return(new PSManagedHsm(response, adClient));
}
