Merge pull request #8115 from markcowl/fig-ag

Supporting KeyVault in ApplicationGateway

Author: markcowl

src/ResourceManager/Network/Commands.Network/ApplicationGateway/NewAzureApplicationGatewayCommand.cs

@@ -12,7 +12,6 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
-using AutoMapper;
 using Microsoft.Azure.Commands.Network.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
@@ -183,6 +182,15 @@ public class NewAzureApplicationGatewayCommand : ApplicationGatewayBaseCmdlet
             HelpMessage = "A hashtable which represents resource tags.")]
         public Hashtable Tag { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "ResourceId of the user assigned identity to be assigned to Application Gateway.")]
+        [ValidateNotNullOrEmpty]
+        [Alias("UserAssignedIdentity")]
+        public string UserAssignedIdentityId { get; set; }
+
+
         [Parameter(
             Mandatory = false,
             HelpMessage = "Do not ask for confirmation if you want to overrite a resource")]
@@ -322,6 +330,18 @@ private PSApplicationGateway CreateApplicationGateway()
                 applicationGateway.Zones = this.Zone?.ToList();
             }
 
+            if (this.UserAssignedIdentityId != null)
+            {
+                applicationGateway.Identity = new PSManagedServiceIdentity
+                {
+                    Type = MNM.ResourceIdentityType.UserAssigned,
+                    UserAssignedIdentities = new Dictionary<string, PSManagedServiceIdentityUserAssignedIdentitiesValue>
+                    {
+                        { this.UserAssignedIdentityId, new PSManagedServiceIdentityUserAssignedIdentitiesValue() }
+                    }
+                };
+            }
+
             if (this.CustomErrorConfiguration != null)
             {
                 applicationGateway.CustomErrorConfigurations = this.CustomErrorConfiguration?.ToList();

src/ResourceManager/Network/Commands.Network/ApplicationGateway/SslCertificate/AzureApplicationGatewaySslCertificateBase.cs

@@ -29,24 +29,36 @@ public class AzureApplicationGatewaySslCertificateBase : NetworkBaseCmdlet
         public string Name { get; set; }
 
         [Parameter(
-               Mandatory = true,
+               Mandatory = false,
                HelpMessage = "Path of certificate PFX file")]
         [ValidateNotNullOrEmpty]
         public string CertificateFile { get; set; }
 
         [Parameter(
-               Mandatory = true,
+               Mandatory = false,
                HelpMessage = "Certificate password")]
         [ValidateNotNullOrEmpty]
         public SecureString Password { get; set; }
 
+        [Parameter(
+               Mandatory = false,
+               HelpMessage = "SecretId (uri) of the KeyVault Secret. Use this option when a specific version of secret needs to be used.")]
+        [ValidateNotNullOrEmpty]
+        public string KeyVaultSecretId { get; set; }
+
         public PSApplicationGatewaySslCertificate NewObject()
         {
             var sslCertificate = new PSApplicationGatewaySslCertificate();
 
             sslCertificate.Name = this.Name;
-            sslCertificate.Data = Convert.ToBase64String(File.ReadAllBytes(this.CertificateFile));
-            sslCertificate.Password = this.Password;
+            if (this.CertificateFile != null)
+            {
+                sslCertificate.Data = Convert.ToBase64String(File.ReadAllBytes(this.CertificateFile));
+                sslCertificate.Password = this.Password;
+            }
+
+            sslCertificate.KeyVaultSecretId = this.KeyVaultSecretId;
+
             sslCertificate.Id =
                 ApplicationGatewayChildResourceHelper.GetResourceNotSetId(
                     this.NetworkClient.NetworkManagementClient.SubscriptionId,

src/ResourceManager/Network/Commands.Network/ChangeLog.md

@@ -40,4 +40,10 @@
         - New-AzureRmApplicationGatewayUrlPathMapConfig
 * Removed deprecated -ResourceId parameter from Get-AzServiceEndpointPolicyDefinition
 * Removed deprecated EnableVmProtection property from PSVirtualNetwork
-* Removed deprecated Set-AzVirtualNetworkGatewayVpnClientConfig cmdlet
+* Removed deprecated Set-AzVirtualNetworkGatewayVpnClientConfig cmdlet
+* Added KeyVault Support to Application Gateway using Identity.
+    - Cmdlets updated with optonal parameter -KeyVaultSecretId, -KeyVaultSecret
+        - Add-AzApplicationGatewaySslCertificate
+        - New-AzApplicationGatewaySslCertificate
+        - Set-AzApplicationGatewaySslCertificate
+    - New-AzApplicationGateway cmdlet updated with optional parameter -UserAssignedIdentityId, -UserAssignedIdentity

src/ResourceManager/Network/Commands.Network/Commands.Network.Netcore.csproj

@@ -68,4 +68,4 @@
   <ItemGroup>
     <Content Include="help\**\*" CopyToOutputDirectory="PreserveNewest" />
   </ItemGroup>
-</Project>
+</Project>

src/ResourceManager/Network/Commands.Network/Common/NetworkResourceManagerProfile.cs

@@ -56,6 +56,12 @@ private static void Initialize()
                 cfg.CreateMap<CNM.PSResourceId, MNM.SubResource>();
                 cfg.CreateMap<MNM.SubResource, CNM.PSResourceId>();
 
+                // Managed Service Identity
+                cfg.CreateMap<CNM.PSManagedServiceIdentity, MNM.ManagedServiceIdentity>();
+                cfg.CreateMap<MNM.ManagedServiceIdentity, CNM.PSManagedServiceIdentity>();
+                cfg.CreateMap<CNM.PSManagedServiceIdentityUserAssignedIdentitiesValue, MNM.ManagedServiceIdentityUserAssignedIdentitiesValue>();
+                cfg.CreateMap<MNM.ManagedServiceIdentityUserAssignedIdentitiesValue, CNM.PSManagedServiceIdentityUserAssignedIdentitiesValue>();
+
                 // Route Filter 
                 cfg.CreateMap<CNM.PSRouteFilter, MNM.RouteFilter>();
                 cfg.CreateMap<MNM.RouteFilter, CNM.PSRouteFilter>();

src/ResourceManager/Network/Commands.Network/Models/PSApplicationGateway.cs

@@ -75,6 +75,9 @@ public class PSApplicationGateway : PSTopLevelResource
         [Ps1Xml(Target = ViewControl.Table)]
         public string ProvisioningState { get; set; }
 
+        [Ps1Xml(Target = ViewControl.Table)]
+        public PSManagedServiceIdentity Identity { get; set; }
+
         [JsonIgnore]
         public string GatewayIpConfigurationsText
         {

src/ResourceManager/Network/Commands.Network/Models/PSApplicationGatewaySslCertificate.cs

@@ -23,6 +23,7 @@ public class PSApplicationGatewaySslCertificate : PSChildResource
         public string Data { get; set; }
         public SecureString Password { get; set; }
         public string PublicCertData { get; set; }
+        public string KeyVaultSecretId { get; set; }
         [Ps1Xml(Target = ViewControl.Table)]
         public string ProvisioningState { get; set; }
         public string Type { get; set; }

src/ResourceManager/Network/Commands.Network/Models/PSManagedServiceIdentity.cs

@@ -0,0 +1,33 @@
+//
+// Copyright (c) Microsoft.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+using Microsoft.Azure.Management.Network.Models;
+using Microsoft.WindowsAzure.Commands.Common.Attributes;
+using System.Collections.Generic;
+
+namespace Microsoft.Azure.Commands.Network.Models
+{
+    public class PSManagedServiceIdentity
+    {
+        [Ps1Xml(Target = ViewControl.Table)]
+        public ResourceIdentityType? Type { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string PrincipalId { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string TenantId { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public Dictionary<string, PSManagedServiceIdentityUserAssignedIdentitiesValue> UserAssignedIdentities { get; set; }
+    }
+}

src/ResourceManager/Network/Commands.Network/Models/PSManagedServiceIdentityUserAssignedIdentitiesValue.cs

@@ -0,0 +1,27 @@
+//
+// Copyright (c) Microsoft.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+using Microsoft.WindowsAzure.Commands.Common.Attributes;
+
+namespace Microsoft.Azure.Commands.Network.Models
+{
+    public class PSManagedServiceIdentityUserAssignedIdentitiesValue
+    {
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string PrincipalId { get; set; }
+        [Ps1Xml(Target = ViewControl.Table)]
+        public string ClientId { get; set; }
+    }
+}

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayAuthenticationCertificate.md

@@ -61,7 +61,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayBackendAddressPool.md

@@ -104,7 +104,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayBackendHttpSettings.md

@@ -122,7 +122,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayCustomError.md

@@ -68,7 +68,7 @@ The credentials, account, tenant, and subscription used for communication with A
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayFrontendIPConfig.md

@@ -97,7 +97,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayFrontendPort.md

@@ -55,7 +55,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayHttpListener.md

@@ -92,7 +92,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayHttpListenerCustomError.md

@@ -54,7 +54,7 @@ The credentials, account, tenant, and subscription used for communication with A
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayIPConfiguration.md

@@ -67,7 +67,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayProbeConfig.md

@@ -56,7 +56,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayRedirectConfiguration.md

@@ -70,7 +70,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayRequestRoutingRule.md

@@ -129,7 +129,7 @@ The credentials, account, tenant, and subscription used for communication with a
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named

src/ResourceManager/Network/Commands.Network/help/Add-AzApplicationGatewayRewriteRuleSet.md

@@ -55,7 +55,7 @@ The credentials, account, tenant, and subscription used for communication with A
 ```yaml
 Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
-Aliases: AzureRmContext, AzureCredential
+Aliases: AzContext, AzureRmContext, AzureCredential
 
 Required: False
 Position: Named