public PSVaultAccessPolicy(KeyVaultManagement.AccessPolicyEntry s, PSResourceManagerModels.ActiveDirectory.ActiveDirectoryClient adClient)
 {
     ObjectId             = s.ObjectId;
     DisplayName          = ModelExtensions.GetDisplayNameForADObject(s.ObjectId, adClient);
     TenantId             = s.TenantId;
     TenantName           = s.TenantId.ToString();
     PermissionsToSecrets = new List <string>(s.PermissionsToSecrets);
     PermissionsToKeys    = new List <string>(s.PermissionsToKeys);
 }
예제 #2
0
        public override void ExecuteCmdlet()
        {
            if (VaultExistsInCurrentSubscription(this.VaultName))
            {
                throw new ArgumentException(PSKeyVaultProperties.Resources.VaultAlreadyExists);
            }

            var userObjectId = Guid.Empty;
            AccessPolicyEntry accessPolicy = null;

            try
            {
                userObjectId = GetCurrentUsersObjectId();
            }
            catch (Exception ex)
            {
                // Show the graph exceptions as a warning, but still proceed to create a vault with no access policy
                // This is to unblock Key Vault in Fairfax as Graph has issues in this environment.
                WriteWarning(ex.Message);
            }
            if (userObjectId != Guid.Empty)
            {
                accessPolicy = new AccessPolicyEntry()
                {
                    TenantId = GetTenantId(),
                    ObjectId = userObjectId,
                    PermissionsToKeys = DefaultPermissionsToKeys,
                    PermissionsToSecrets = DefaultPermissionsToSecrets
                };
            }

            var newVault = KeyVaultManagementClient.CreateNewVault(new PSKeyVaultModels.VaultCreationParameters()
            {
                VaultName = this.VaultName,
                ResourceGroupName = this.ResourceGroupName,
                Location = this.Location,
                EnabledForDeployment = this.EnabledForDeployment.IsPresent,
                EnabledForTemplateDeployment = EnabledForTemplateDeployment.IsPresent,
                EnabledForDiskEncryption = EnabledForDiskEncryption.IsPresent,
                SkuFamilyName = DefaultSkuFamily,
                SkuName = string.IsNullOrWhiteSpace(this.Sku) ? DefaultSkuName : this.Sku,
                TenantId = GetTenantId(),
                AccessPolicy = accessPolicy,
                Tags = this.Tag
            },
            ActiveDirectoryClient
            );

            this.WriteObject(newVault);

            if (accessPolicy == null)
            {
                WriteWarning(PSKeyVaultProperties.Resources.VaultNoAccessPolicyWarning);
            }
        }
예제 #3
0
        public void ResetPreCreatedVault()
        {
            if (mode == HttpRecorderMode.Record)
            {
                using (MockContext context = MockContext.Start(TestUtilities.GetCallingClass(), TestUtilities.GetCurrentMethodName(1)))
                {
                    var testFactory = new LegacyTest.CSMTestEnvironmentFactory();
                    var testEnv = testFactory.GetTestEnvironment();
                    var resourcesClient = LegacyTest.TestBase.GetServiceClient<ResourceManagementClient>(testFactory);
                    var mgmtClient = context.GetServiceClient<KeyVaultManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
                    var tenantId = Guid.Parse(testEnv.AuthorizationContext.TenantId);

                    var policies = new AccessPolicyEntry[] { };

                    mgmtClient.Vaults.CreateOrUpdate(
                    resourceGroupName: resourceGroupName,
                    vaultName: preCreatedVault,
                    parameters: new VaultCreateOrUpdateParameters
                    {
                        Location = location,
                        Tags = new Dictionary<string, string> { { tagName, tagValue } },
                        Properties = new VaultProperties
                        {
                            EnabledForDeployment = false,
                            Sku = new Sku { Name = SkuName.Premium },
                            TenantId = tenantId,
                            VaultUri = "",
                            AccessPolicies = policies
                        }
                    }
                    );
                }
            }
        }
        public void ResetPreCreatedVault()
        {
            if (HttpMockServer.Mode == HttpRecorderMode.Record)
            {
                var testFactory = new CSMTestEnvironmentFactory();
                var testEnv = testFactory.GetTestEnvironment();
                var resourcesClient = TestBase.GetServiceClient<ResourceManagementClient>(testFactory);
                var mgmtClient = TestBase.GetServiceClient<KeyVaultManagementClient>(testFactory);
                var tenantId = Guid.Parse(testEnv.AuthorizationContext.TenantId);

                var policies = new AccessPolicyEntry[] { };

                mgmtClient.Vaults.CreateOrUpdate(
                resourceGroupName: resourceGroupName,
                vaultName: preCreatedVault,
                parameters: new VaultCreateOrUpdateParameters
                {
                    Location = location,
                    Tags = new Dictionary<string, string> { { tagName, tagValue } },
                    Properties = new VaultProperties
                    {
                        EnabledForDeployment = false,
                        Sku = new Sku { Family = "A", Name = "Premium" },
                        TenantId = tenantId,
                        VaultUri = "",
                        AccessPolicies = policies
                    }
                }
                );
            }
        }