[KeyVault] Enable key vault tag update (#13323)

BethanyZhou · web-flow · commit 61516299760e · 2020-10-29T11:25:37.000+08:00
* enable key vault tag update

* update update-azkeyvault markdown file

* Provide examples about tags update
diff --git a/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj b/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj
@@ -25,9 +25,5 @@
     <None Update="Scripts\ControlPlane\KeyVaultManagementTests.ps1" CopyToOutputDirectory="PreserveNewest" />
   </ItemGroup>
 
-  <ItemGroup>
-    <Folder Include="ScenarioTests\PesterTests\" />
-  </ItemGroup>
-
 </Project>
 
diff --git a/src/KeyVault/KeyVault.Test/Scripts/ControlPlane/KeyVaultManagementTests.ps1 b/src/KeyVault/KeyVault.Test/Scripts/ControlPlane/KeyVaultManagementTests.ps1
@@ -800,6 +800,16 @@ function Test-UpdateKeyVault {
         $vault = $vault | Update-AzKeyVault -EnableRbacAuthorization $false
         Assert-False { $vault.EnableRbacAuthorization } "6. EnableRbacAuthorization should be false"
 
+        # Update Tags
+        $vault = $vault | Update-AzKeyVault -Tag @{key = "value"}
+        Assert-AreEqual 1 $vault.Tags.Count "7. Tags should contain a key-value pair (key, value)"
+        Assert-True { $vault.Tags.Contains("key") } "7. Tags should contain a key-value pair (key, value)"
+        Assert-AreEqual "value" $vault.Tags["key"] "7. Tags should contain a key-value pair (key, value)"
+
+        # Clean Tags
+        $vault = $vault | Update-AzKeyVault -Tag @{}
+        Assert-AreEqual 0 $vault.Tags.Count "8. Tags should be empty"
+
     }
     finally {
         $rg | Remove-AzResourceGroup -Force
diff --git a/src/KeyVault/KeyVault.Test/SessionRecords/Microsoft.Azure.Commands.KeyVault.Test.ScenarioTests.KeyVaultManagementTests/TestUpdateVault.json b/src/KeyVault/KeyVault.Test/SessionRecords/Microsoft.Azure.Commands.KeyVault.Test.ScenarioTests.KeyVaultManagementTests/TestUpdateVault.json
diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Supported updating key vault tag
 
 ## Version 3.0.0
 * [Breaking Change] Deprecated parameter DisableSoftDelete in `New-AzKeyVault` and EnableSoftDelete in `Update-AzKeyVault`
diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs
@@ -15,12 +15,10 @@
 using Microsoft.Azure.Commands.KeyVault.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
-using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using System;
-using System.Collections.Generic;
+using System.Collections;
 using System.Management.Automation;
-using System.Text;
 
 namespace Microsoft.Azure.Commands.KeyVault
 {
@@ -56,6 +54,12 @@ public class UpdateTopLevelResourceCommand : KeyVaultManagementCmdletBase
         [Parameter(Mandatory = false, HelpMessage = "Enable or disable this key vault to authorize data actions by Role Based Access Control (RBAC).")]
         public bool? EnableRbacAuthorization { get; set; }
 
+        [Parameter(Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "A hash table which represents resource tags.")]
+        [Alias(Constants.TagsAlias)]
+        public Hashtable Tag { get; set; }
+
         public override void ExecuteCmdlet()
         {
             if (this.IsParameterBound(c => c.InputObject))
@@ -88,16 +92,14 @@ public override void ExecuteCmdlet()
 
             if (this.ShouldProcess(this.VaultName, string.Format("Updating key vault '{0}' in resource group '{1}'.", this.VaultName, this.ResourceGroupName)))
             {
-                var result = KeyVaultManagementClient.UpdateVault(existingResource,
-                    existingResource.AccessPolicies,
-                    existingResource.EnabledForDeployment,
-                    existingResource.EnabledForTemplateDeployment,
-                    existingResource.EnabledForDiskEncryption,
-                    null,
-                    EnablePurgeProtection.IsPresent ? (true as bool?) : null,
-                    EnableRbacAuthorization,
-                    null,
-                    existingResource.NetworkAcls
+                var result = KeyVaultManagementClient.UpdateVault(
+                    existingResource,
+                    updatedParamater: new VaultCreationOrUpdateParameters
+                    {
+                        EnablePurgeProtection = this.EnablePurgeProtection.IsPresent ? (true as bool?) : null,
+                        EnableRbacAuthorization = this.EnableRbacAuthorization,
+                        Tags = this.Tag
+                    }
                 );
                 
                 WriteObject(result);
diff --git a/src/KeyVault/KeyVault/Models/VaultManagementClient.cs b/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
@@ -163,6 +163,46 @@ public PSKeyVault GetVault(string vaultName, string resourceGroupName, ActiveDir
             }
         }
 
+        /// <summary>
+        /// Update an existing vault. Only EnablePurgeProtection, EnableRbacAuthorization and Tags can be updated currently.
+        /// </summary>
+        /// <param name="existingVault">the existing vault</param>
+        /// <param name="updatedParamater">updated paramater</param>
+        /// <param name="adClient">the active directory client</param>
+        /// <returns>the updated vault</returns>
+        public PSKeyVault UpdateVault(
+            PSKeyVault existingVault,
+            VaultCreationOrUpdateParameters updatedParamater,
+            ActiveDirectoryClient adClient = null)
+        {
+            if (existingVault == null)
+                throw new ArgumentNullException("existingVault");
+            if (existingVault.OriginalVault == null)
+                throw new ArgumentNullException("existingVault.OriginalVault");
+
+            //Update the vault properties in the object received from server
+            var properties = existingVault.OriginalVault.Properties;
+
+            if (!(properties.EnablePurgeProtection.HasValue && properties.EnablePurgeProtection.Value)
+                && updatedParamater.EnablePurgeProtection.HasValue
+                && updatedParamater.EnablePurgeProtection.Value)
+                properties.EnablePurgeProtection = updatedParamater.EnablePurgeProtection;
+
+            properties.EnableRbacAuthorization = updatedParamater.EnableRbacAuthorization;
+
+            var response = KeyVaultManagementClient.Vaults.CreateOrUpdate(
+                resourceGroupName: existingVault.ResourceGroupName,
+                vaultName: existingVault.VaultName,
+                parameters: new VaultCreateOrUpdateParameters
+                {
+                    Location = existingVault.Location,
+                    Properties = properties,
+                    Tags = TagsConversionHelper.CreateTagDictionary(updatedParamater.Tags, validate: true)
+                }
+                );
+            return new PSKeyVault(response, adClient);
+        }
+
         /// <summary>
         /// Update an existing vault. Only EnabledForDeployment and AccessPolicies can be updated currently.
         /// </summary>
diff --git a/src/KeyVault/KeyVault/help/Update-AzKeyVault.md b/src/KeyVault/KeyVault/help/Update-AzKeyVault.md
@@ -15,34 +15,55 @@ Update the state of an Azure key vault.
 ### UpdateByNameParameterSet (Default)
 ```
 Update-AzKeyVault -ResourceGroupName <String> -VaultName <String> [-EnablePurgeProtection]
- [-EnableRbacAuthorization <Boolean>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
- [<CommonParameters>]
+ [-EnableRbacAuthorization <Boolean>] [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
 ```
 
 ### UpdateByInputObjectParameterSet
 ```
 Update-AzKeyVault -InputObject <PSKeyVault> [-EnablePurgeProtection] [-EnableRbacAuthorization <Boolean>]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### UpdateByResourceIdParameterSet
 ```
 Update-AzKeyVault -ResourceId <String> [-EnablePurgeProtection] [-EnableRbacAuthorization <Boolean>]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
 This cmdlet updates the state of an Azure key vault.
 
 ## EXAMPLES
 
-### Example 2
+### Example 1： Enable purge protection
 ```powershell
 PS C:\> Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceGroupName | Update-AzKeyVault -EnablePurgeProtection
 ```
 
 Enables purge protection using piping syntax.
 
+### Example 2： Enable RBAC Authorization
+```powershell
+PS C:\> Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceGroupName | Update-AzKeyVault -EnableRbacAuthorization $true
+```
+
+Enables RBAC Authorization using piping syntax.
+
+### Example 3： Set tags
+```powershell
+PS C:\> Get-AzKeyVault -VaultName $keyVaultName | Update-AzKeyVault -Tags @{key = "value"}
+```
+
+Sets the tags of a key vault named $keyVaultName.
+
+### Example 4： Clean tags
+```powershell
+PS C:\> Get-AzKeyVault -VaultName $keyVaultName | Update-AzKeyVault -Tags @{}
+```
+
+Deletes all tags of a key vault named $keyVaultName.
+
 ## PARAMETERS
 
 ### -DefaultProfile
@@ -137,6 +158,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -Tag
+A hash table which represents resource tags.
+
+```yaml
+Type: System.Collections.Hashtable
+Parameter Sets: (All)
+Aliases: Tags
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ### -VaultName
 Name of the key vault.
 
