public void TestUpdateEncryptionProtector()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
ResourceManagementClient resourceClient = context.GetClient <ResourceManagementClient>();
ResourceGroup resourceGroup = context.CreateResourceGroup();
string resourceGroupName = resourceGroup.Name;
ManagedInstance managedInstance = context.CreateManagedInstance(resourceGroup, new ManagedInstance()
{
Identity = new ResourceIdentity()
{
Type = IdentityType.SystemAssignedUserAssigned,
UserAssignedIdentities = ManagedInstanceTestUtilities.UserIdentity
},
PrimaryUserAssignedIdentityId = ManagedInstanceTestUtilities.UAMI
});
managedInstance = sqlClient.ManagedInstances.Get(resourceGroupName, managedInstance.Name);
var keyBundle = SqlManagementTestUtilities.CreateKeyVaultKeyWithManagedInstanceAccess(context, resourceGroup, managedInstance);
// Create server key
string serverKeyName = SqlManagementTestUtilities.GetServerKeyNameFromKeyBundle(keyBundle);
string serverKeyUri = keyBundle.Key.Kid;
var managedInstanceKey = sqlClient.ManagedInstanceKeys.CreateOrUpdate(resourceGroup.Name, managedInstance.Name, serverKeyName, new ManagedInstanceKey()
{
ServerKeyType = "AzureKeyVault",
Uri = serverKeyUri
});
SqlManagementTestUtilities.ValidateManagedInstanceKey(managedInstanceKey, serverKeyName, "AzureKeyVault", serverKeyUri);
// Update to Key Vault
sqlClient.ManagedInstanceEncryptionProtectors.CreateOrUpdate(resourceGroup.Name, managedInstance.Name, new ManagedInstanceEncryptionProtector()
{
ServerKeyName = serverKeyName,
ServerKeyType = "AzureKeyVault"
});
ManagedInstanceEncryptionProtector encProtector1 = sqlClient.ManagedInstanceEncryptionProtectors.Get(resourceGroup.Name, managedInstance.Name);
Assert.Equal("AzureKeyVault", encProtector1.ServerKeyType);
Assert.Equal(serverKeyName, encProtector1.ServerKeyName);
// Update to Service Managed
sqlClient.ManagedInstanceEncryptionProtectors.CreateOrUpdate(resourceGroup.Name, managedInstance.Name, new ManagedInstanceEncryptionProtector()
{
ServerKeyName = "ServiceManaged",
ServerKeyType = "ServiceManaged"
});
ManagedInstanceEncryptionProtector encProtector2 = sqlClient.ManagedInstanceEncryptionProtectors.Get(resourceGroup.Name, managedInstance.Name);
Assert.Equal("ServiceManaged", encProtector2.ServerKeyType);
Assert.Equal("ServiceManaged", encProtector2.ServerKeyName);
}
}
public void TestCreateUpdateDropManagedInstanceKeys()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
ResourceManagementClient resourceClient = context.GetClient <ResourceManagementClient>();
var resourceGroup = context.CreateResourceGroup(ManagedInstanceTestUtilities.Region);
ManagedInstance managedInstance = context.CreateManagedInstance(resourceGroup, new ManagedInstance()
{
Identity = new ResourceIdentity()
{
Type = IdentityType.SystemAssignedUserAssigned,
UserAssignedIdentities = ManagedInstanceTestUtilities.UserIdentity,
},
PrimaryUserAssignedIdentityId = ManagedInstanceTestUtilities.UAMI
});
var keyBundle = SqlManagementTestUtilities.CreateKeyVaultKeyWithManagedInstanceAccess(context, resourceGroup, managedInstance);
string serverKeyName = SqlManagementTestUtilities.GetServerKeyNameFromKeyBundle(keyBundle);
string keyUri = keyBundle.Key.Kid;
var managedInstanceKey = sqlClient.ManagedInstanceKeys.CreateOrUpdate(
resourceGroupName: resourceGroup.Name,
managedInstanceName: managedInstance.Name,
keyName: serverKeyName,
parameters: new ManagedInstanceKey()
{
ServerKeyType = "AzureKeyVault",
Uri = keyUri
});
SqlManagementTestUtilities.ValidateManagedInstanceKey(managedInstanceKey, serverKeyName, "AzureKeyVault", keyUri);
// Validate key exists by getting key
var key1 = sqlClient.ManagedInstanceKeys.Get(
resourceGroupName: resourceGroup.Name,
managedInstanceName: managedInstance.Name,
keyName: serverKeyName);
SqlManagementTestUtilities.ValidateManagedInstanceKey(key1, serverKeyName, "AzureKeyVault", keyUri);
// Validate key exists by listing keys
var keyList = sqlClient.ManagedInstanceKeys.ListByInstance(
resourceGroupName: resourceGroup.Name,
managedInstanceName: managedInstance.Name);
Assert.True(keyList.Count() > 0);
}
}
public void TestCreateUpdateDropManagedInstanceKeys()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
string resourceGroupName = ManagedInstanceResourceGroup;
string managedInstanceName = ManagedInstanceName;
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
ResourceManagementClient resourceClient = context.GetClient <ResourceManagementClient>();
ResourceGroup resourceGroup = resourceClient.ResourceGroups.Get(resourceGroupName);
ManagedInstance managedInstance = sqlClient.ManagedInstances.Get(resourceGroupName, managedInstanceName);
var keyBundle = SqlManagementTestUtilities.CreateKeyVaultKeyWithManagedInstanceAccess(context, resourceGroup, managedInstance);
string serverKeyName = SqlManagementTestUtilities.GetServerKeyNameFromKeyBundle(keyBundle);
string keyUri = keyBundle.Key.Kid;
var managedInstanceKey = sqlClient.ManagedInstanceKeys.CreateOrUpdate(
resourceGroupName: resourceGroup.Name,
managedInstanceName: managedInstance.Name,
keyName: serverKeyName,
parameters: new ManagedInstanceKey()
{
ServerKeyType = "AzureKeyVault",
Uri = keyUri
});
SqlManagementTestUtilities.ValidateManagedInstanceKey(managedInstanceKey, serverKeyName, "AzureKeyVault", keyUri);
// Validate key exists by getting key
var key1 = sqlClient.ManagedInstanceKeys.Get(
resourceGroupName: resourceGroup.Name,
managedInstanceName: managedInstance.Name,
keyName: serverKeyName);
SqlManagementTestUtilities.ValidateManagedInstanceKey(key1, serverKeyName, "AzureKeyVault", keyUri);
// Validate key exists by listing keys
var keyList = sqlClient.ManagedInstanceKeys.ListByInstance(
resourceGroupName: resourceGroup.Name,
managedInstanceName: managedInstance.Name);
Assert.True(keyList.Count() > 0);
}
}
