Azure
diff --git a/‎LICENSE.txt
Lines changed: 14 additions & 0 deletions b/‎LICENSE.txt
Lines changed: 14 additions & 0 deletions
diff --git a/‎src/Compute/Compute.Test/Compute.Test.csproj
Lines changed: 1 addition & 1 deletion b/‎src/Compute/Compute.Test/Compute.Test.csproj
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/EventHub/EventHub.Test/EventHub.Test.csproj
Lines changed: 1 addition & 1 deletion b/‎src/EventHub/EventHub.Test/EventHub.Test.csproj
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/HDInsight/HDInsight.Test/HDInsight.Test.csproj
Lines changed: 1 addition & 1 deletion b/‎src/HDInsight/HDInsight.Test/HDInsight.Test.csproj
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/KeyVault/KeyVault.Test/KeyVault.Test.csproj
Lines changed: 8 additions & 2 deletions b/‎src/KeyVault/KeyVault.Test/KeyVault.Test.csproj
Lines changed: 8 additions & 2 deletions
diff --git a/‎src/KeyVault/KeyVault.Test/Models/UtilitiesTests.cs
Lines changed: 0 additions & 17 deletions b/‎src/KeyVault/KeyVault.Test/Models/UtilitiesTests.cs
Lines changed: 0 additions & 17 deletions
diff --git a/‎src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.Tests.ps1
Lines changed: 172 additions & 0 deletions b/‎src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.Tests.ps1
Lines changed: 172 additions & 0 deletions
diff --git a/‎src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.ps1
Lines changed: 40 additions & 0 deletions b/‎src/KeyVault/KeyVault.Test/PesterTests/ManagedHsmDatePlaneTests.ps1
Lines changed: 40 additions & 0 deletions
diff --git a/‎src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs
Lines changed: 22 additions & 0 deletions b/‎src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs
Lines changed: 22 additions & 0 deletions
diff --git a/‎src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
Lines changed: 62 additions & 0 deletions b/‎src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
Lines changed: 62 additions & 0 deletions
@@ -223,5 +223,19 @@ Permission is hereby granted, free of charge, to any person obtaining a copy of
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+***************
+
+The software includes BouncyCastle.NetCore. The MIT License set out below is provided for informational purposes only. It is not the license that governs any part of the software.
+
+BouncyCastle.NetCore
+
+LICENSE
+Copyright (c) 2000 - 2020 The Legion of the Bouncy Castle Inc. (https://www.bouncycastle.org)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 -------------END OF THIRD PARTY NOTICE----------------------------------------
 
@@ -13,7 +13,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.Graph.RBAC" Version="3.4.0-preview" />
     <PackageReference Include="Microsoft.Azure.Management.Compute" Version="39.0.0" />
-    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.1.0-preview.2" />
     <PackageReference Include="Microsoft.Azure.Management.Network" Version="20.1.1" />
   </ItemGroup>
 
 
@@ -13,7 +13,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.5" />
     <PackageReference Include="Microsoft.Azure.Management.EventHub" Version="2.7.2" />
-    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.1.0-preview.2" />
   </ItemGroup>
 
   <ItemGroup>
 
@@ -14,7 +14,7 @@
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.5" />
     <PackageReference Include="Microsoft.Azure.Management.HDInsight" Version="5.6.0" />
     <PackageReference Include="Microsoft.Azure.Management.HDInsight.Job" Version="2.0.7" />
-    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.1.0-preview.2" />
     <PackageReference Include="Microsoft.Azure.Management.ManagedServiceIdentity" Version="0.11.0" />
     <PackageReference Include="Microsoft.Azure.Management.Network" Version="20.1.1" />
     <PackageReference Include="Microsoft.Azure.Management.OperationalInsights" Version="0.21.0-preview" />
 
@@ -13,7 +13,10 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.KeyVault.WebKey" Version="3.0.1" />
-    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.1.0-preview.2" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.6.0">
+      <NoWarn>NU1608</NoWarn>
+    </PackageReference>
     <PackageReference Include="Microsoft.Azure.Management.Network" Version="20.1.1" />
   </ItemGroup>
 
@@ -23,7 +26,10 @@
 
   <ItemGroup>
     <None Update="Scripts\ControlPlane\KeyVaultManagementTests.ps1" CopyToOutputDirectory="PreserveNewest" />
-    <None Update="Resources\pshtest.pfx" CopyToOutputDirectory="PreserveNewest" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Folder Include="ScenarioTests\PesterTests\" />
   </ItemGroup>
 
 </Project>
 
@@ -58,22 +58,5 @@ public void GetWebKeyFromByok()
             Assert.True(webKey.T.SequenceEqual(byokBlob));
             Assert.Equal(webKey.Kty, JsonWebKeyType.RsaHsm);
         }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void GetWebKeyFromCertificate()
-        {
-            string password = "123";
-            // This allows the test to run in Visual Studio and in the console runner. The file will exist in one of the two locations depending on the environment.
-            var consolePath = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) ?? String.Empty, "Resources", "pshtest.pfx");
-            var vsPath = Path.Combine(Directory.GetCurrentDirectory(), "Resources", "pshtest.pfx");
-
-            IWebKeyConverter converters = WebKeyConverterFactory.CreateConverterChain();
-            var webKey = converters.ConvertKeyFromFile(new FileInfo(File.Exists(consolePath) ? consolePath : vsPath), password.ConvertToSecureString());
-
-            Assert.True(webKey.HasPrivateKey());
-            Assert.True(webKey.IsValid());
-            Assert.Equal(webKey.Kty, JsonWebKeyType.Rsa);
-        }
     }
 }
@@ -0,0 +1,172 @@
+$here = Split-Path -Parent $MyInvocation.MyCommand.Path
+$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.Tests\.', '.'
+. "$here\$sut"
+
+BeforeAll {
+    . $PSScriptRoot/ManagedHsmDatePlaneTests.ps1
+    ImportModules
+    $hsmName = GetAzManagedHsm
+}
+
+Describe "AddAzManagedHsmKey" {
+    It "Create a RSA key inside a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        $keyType = "RSA"
+        $rsaKey = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType
+        $rsaKey.VaultName | Should -BeExactly $hsmName
+        $rsaKey.Name | Should -BeExactly $keyName
+        $rsaKey.Attributes.KeyType | Should -Be "RSA-HSM"
+    }
+
+    It "Create an EC key with curve P-256 inside a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        $keyType = "EC"
+        $curveName = "P-256"
+        $rsaKey = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType -CurveName $curveName
+        $rsaKey.VaultName | Should -BeExactly $hsmName
+        $rsaKey.Name | Should -BeExactly $keyName
+        $rsaKey.Attributes.KeyType | Should -Be "EC-HSM"
+        $rsaKey.Key.CurveName | Should -Be $curveName
+    }
+
+    It "Create an oct key inside a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        $keyType = "oct"
+        $rsaKey = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType
+        $rsaKey.VaultName | Should -BeExactly $hsmName
+        $rsaKey.Name | Should -BeExactly $keyName
+        $rsaKey.Attributes.KeyType | Should -Be "oct-HSM"
+    }
+
+     It "Create an oct key inside a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        $keyType = "oct"
+        $rsaKey = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType
+        $rsaKey.VaultName | Should -BeExactly $hsmName
+        $rsaKey.Name | Should -BeExactly $keyName
+        $rsaKey.Attributes.KeyType | Should -Be "oct-HSM"
+    }
+
+     It "Create a key with non-default values inside a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        $keyType = "RSA"
+        $KeyOps = 'decrypt', 'verify'
+        # Expires & NotBefore is hard to cmpare, may add in the furture
+        $Tags = @{'Severity' = 'high'; 'Accounting' = "true"}
+
+        $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType $keyType -KeyOps $KeyOps -Disable -Tag $Tags
+        
+        $key.Attributes.KeyOps | Should -Be $KeyOps
+        $key.Tags.Count | Should -Be 2
+        $key.Enabled | Should -Be $false
+    }
+
+    # It "Import a RSA key from pfx file into a managed HSM" {
+    #     $keyName = GetRandomName -Prefix "key"
+    #     $keyFilePath = Join-Path $PSScriptRoot ../Resources/testImportKey.pfx -Resolve
+    #     $keyFilePwd = $null
+    #     $key = Add-AzManagedHsmKey -HsmName bezmhsm -Name $keyName -KeyFilePath $keyFilePath -KeyFilePassword $keyFilePwd
+    #     $key.Name | Should -BeExactly $keyName
+    # }
+}
+
+Describe "GetAzManagedHsmKey"{
+    It "List all the keys in a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+        $keys = Get-AzManagedHsmKey -HsmName $hsmName
+        $keys.Count | Should -BeGreaterThan 0
+    }
+
+    It "Get a specific key in a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+        $got = Get-AzManagedHsmKey -HsmName $hsmName -KeyName $keyName
+        $got.Id | Should -Be $key.Id
+    }
+
+    It "List all the keys that have been deleted in a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+        Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName
+        $deletedKey = Get-AzManagedHsmKey -HsmName $hsmName -KeyName $keyName -InRemovedState
+        $deletedKey.Id | Should -Be $key.Id
+    }
+    
+    It "Download a key from a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+        $filePath = "$PSScriptRoot\public.pem"
+        Get-AzManagedHsmKey -HsmName $hsmName -KeyName $keyName -OutFile $filePath
+        $filePath | Should -Exist
+    }
+}
+
+Describe "RemoveAzManagedHsmKey"{
+    It "Remove a key from a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+        $deletedKey = Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Force -PassThru
+        $deletedKey.Id | Should -Be $key.Id
+    }
+
+    It "Purge a deleted key from a managed HSM" {
+        $keyName = GetRandomName -Prefix "key"
+        Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+        Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Force -PassThru
+        Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -InRemovedState -Force -PassThru
+        $deletedKey = Get-AzManagedHsmKey -HsmName $hsmName -Name $keyName -InRemovedState
+        $deletedKey | Should -Be $null
+    }
+
+    It "Remove keys by using piping" {
+        Get-AzManagedHsmKey -HsmName $hsmName | Remove-AzManagedHsmKey -Force
+        $keys = Get-AzManagedHsmKey -HsmName $hsmName
+        $keys.Count | Should -Be 0
+    }
+}
+
+Describe "UpdateAzManagedHsmKey"{
+    It "Enable a key and set tags" {
+        $keyName = GetRandomName -Prefix "key"
+        $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA" -Disable
+        $Tags = @{'Severity' = 'high'; 'Accounting' = 'true'}
+
+        $updatedKey = Update-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Enable $True -Tag $Tags -PassThru
+       
+        $updatedKey.Id | Should -Be $key.Id
+        $updatedKey.Enabled | Should -Be $True
+        $updatedKey.Tags.Count | Should -Be 2
+    }
+}
+
+Describe "UndoAzManagedHsmKeyRemoval"{
+    It "Undo a key removal" {      
+        $keyName = GetRandomName -Prefix "key"
+        $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+        $deletedKey = Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Force -PassThru
+        $recoveredKey = $deletedKey | Undo-AzManagedHsmKeyRemoval
+        $recoveredKey.Id | Should -Be $key.Id
+    }
+}
+
+Describe "BackupAndRetoreAzManagedHsmKey"{
+    It "Backup and retore a key" {      
+        $keyName = GetRandomName -Prefix "key"
+        $key = Add-AzManagedHsmKey -HsmName $hsmName -Name $keyName -KeyType "RSA"
+        $filePath = "$PSScriptRoot/backupkey.blob"  
+        $key | Backup-AzManagedHsmKey -OutputFile $filePath -Force
+        $filePath | Should -Exist
+ 
+        Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -Force
+        Remove-AzManagedHsmKey -HsmName $hsmName -Name $keyName -InRemovedState -Force
+        $restoredKey = Restore-AzManagedHsmKey -HsmName $hsmName -InputFile $filePath
+        $restoredKey.Id | Should -Be $key.Id
+    }
+}
+
+# to do: manually remove all stuffs in resource group
+# AfterAll {
+    # $hsm = Get-AzManagedHsm -Name $hsmName
+    # Remove-AzResourceGroup -Name $hsm.ResourceGroupName -Force
+# }
@@ -0,0 +1,40 @@
+function GetAzManagedHsm{
+    Param(
+        [parameter(Mandatory=$false)]
+        [String]
+        $HsmName,
+        [parameter(Mandatory=$false)]
+        [String]
+        $ResourceGroupName,
+        [parameter(Mandatory=$false)]
+        [String]
+        $Location,
+        [parameter(Mandatory=$false)]
+        [String[]]
+        $Administrator
+    )
+    $hsmName = GetRandomName -Prefix "hsm"
+    $resourceGroupName = GetRandomName -Prefix "rg"
+    $Location = "eastus2euap"
+    $administrator = "c1be1392-39b8-4521-aafc-819a47008545"
+    $hsm = New-AzManagedHsm -Name $HsmName -ResourceGroupName $ResourceGroupName -Location $r -Administrator $Administrator
+    return $hsm
+}
+
+function GetRandomName{
+    Param(
+        [parameter(Mandatory=$false)]
+        [String]
+        $Prefix
+    )
+    $randomNum = Get-Random -Minimum 100 -Maximum 99999
+    return "$Prefix$randomNum"
+}
+
+function ImportModules{
+    $psd1Path = Join-Path $PSScriptRoot "../../../../artifacts/Debug/" -Resolve
+    $accountsPsd1 = Join-Path $psd1Path "./Az.Accounts/Az.Accounts.psd1" -Resolve
+    $keyVaultPsd1 = Join-Path $psd1Path "./Az.KeyVault/Az.KeyVault.psd1" -Resolve
+    Import-Module $accountsPsd1
+    Import-Module $keyVaultPsd1
+}
@@ -0,0 +1,22 @@
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using System;
+using System.Collections.Generic;
+using System.Text;
+using Xunit;
+
+namespace Microsoft.Azure.Commands.KeyVault.Test.ScenarioTests
+{
+    public class ManagedHsmManagementTests: KeyVaultTestRunner
+    {
+        public ManagedHsmManagementTests(Xunit.Abstractions.ITestOutputHelper output) : base(output)
+        {
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestManagedHsmCRUD()
+        {
+            TestRunner.RunTestScript("Test-ManagedHsmCRUD");
+        }
+    }
+}
@@ -0,0 +1,62 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+<#
+.SYNOPSIS
+Tests CRUD for Managed Hsm.
+#>
+function Test-ManagedHsmCRUD {
+    $rgName = getAssetName
+    $rgLocation = Get-Location "Microsoft.Resources" "resourceGroups" "West US"
+    $hsmName = getAssetName
+    $hsmLocation = Get-Location "Microsoft.KeyVault" "managedHSMs" "East US 2"
+    $administrator = "c1be1392-39b8-4521-aafc-819a47008545"
+    New-AzResourceGroup -Name $rgName -Location $rgLocation
+
+    try {
+        # Test create a default managed HSM
+        $hsm = New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
+        Assert-AreEqual $hsmName $hsm.Name
+        Assert-AreEqual $rgName $hsm.ResourceGroupName
+        Assert-AreEqual $hsmLocation $hsm.Location
+        Assert-AreEqual 1  $hsm.InitialAdminObjectIds.Count
+        Assert-True  { $hsm.InitialAdminObjectIds.Contains($administrator) } 
+        Assert-AreEqual "StandardB1" $hsm.Sku
+        
+        # Default retention days
+        Assert-AreEqual 90 $hsm.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
+
+        # Test get managed HSM
+        $got = Get-AzManagedHsm -Name $hsmName    
+        Assert-NotNull $got
+        Assert-AreEqual $hsmName $got.Name
+        Assert-AreEqual $rgName $got.ResourceGroupName
+        Assert-AreEqual $hsmLocation $got.Location
+        
+        # Test throws for existing managed HSM
+        Assert-Throws { New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator }
+
+        # Test remove managed HSM
+        Remove-AzManagedHsm -InputObject $got -Force
+        $deletedMhsm = Get-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName
+        Assert-Null $deletedMhsm
+
+        # Test throws for resourcegroup nonexistent
+        Assert-Throws {  New-AzManagedHsm -Name (getAssetName) -ResourceGroupName (getAssetName) -Location $hsmLocation -Administrator $administrator }
+    }
+
+    finally {
+        Remove-AzResourceGroup -Name $rgName -Force
+    }
+}