Rename KeyVault Mail parameter to EmailAddress

Author: RandalliLama

src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/ControlPlane/KeyVaultManagementTests.ps1

@@ -440,22 +440,23 @@ function Test-SetRemoveAccessPolicyByUPN
     Assert-AreEqual 0 $vault.AccessPolicies.Count
 }
 
-function Test-SetRemoveAccessPolicyByEmail
+function Test-SetRemoveAccessPolicyByEmailAddress
 {
     Param($existingVaultName, $rgName, $email, $upn)
 
     $PermToKeys = @("encrypt", "decrypt", "unwrapKey", "wrapKey", "verify", "sign", "get", "list", "update", "create", "import", "delete", "backup", "restore")
     $PermToSecrets = @("get", "list", "set", "delete")
     $PermToCertificates = @("get", "list", "create", "delete")
+    $PermToStorage = @("get", "list", "delete")
 
-    $vault = Set-AzureRmKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -Mail $email -PermissionsToKeys $PermToKeys -PermissionsToSecrets $PermToSecrets -PermissionsToCertificates $PermToCertificates -PassThru
+    $vault = Set-AzureRmKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -EmailAddress $email -PermissionsToKeys $PermToKeys -PermissionsToSecrets $PermToSecrets -PermissionsToCertificates $PermToCertificates -PermissionsToStorage $PermToStorage -PassThru
 
-    CheckVaultAccessPolicy $vault $PermToKeys $PermToSecrets $PermToCertificates
+    CheckVaultAccessPolicy $vault $PermToKeys $PermToSecrets $PermToCertificates $PermToStorage
     if (-not $global:noADCmdLetMode) {
         Assert-AreEqual  $vault.AccessPolicies[0].ObjectId (Get-AzureRmADUser -Mail $upn).Id
     }
 
-    $vault = Remove-AzureRmKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -Mail $email -PassThru
+    $vault = Remove-AzureRmKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -EmailAddress $email -PassThru
     Assert-AreEqual 0 $vault.AccessPolicies.Count
 }
 

src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/RunKeyVaultTests.ps1

@@ -183,6 +183,7 @@ function Run-AllControlPlaneTests
     {
         Run-TestProtected { Run-VaultTest { Test_CreateNewPremiumVaultEnabledForDeployment } "Test_CreateNewPremiumVaultEnabledForDeployment" } "Test_CreateNewPremiumVaultEnabledForDeployment"
     }
+
     Run-TestProtected { Run-VaultTest { Test_CreateNewVault } "Test_CreateNewVault" } "Test_CreateNewVault"
     Run-TestProtected { Run-VaultTest { Test_RecreateVaultFails } "Test_RecreateVaultFails" } "Test_RecreateVaultFails"
     Run-TestProtected { Run-VaultTest { Test_CreateVaultInUnknownResGrpFails } "Test_CreateVaultInUnknownResGrpFails" } "Test_CreateVaultInUnknownResGrpFails"
@@ -212,10 +213,8 @@ function Run-AllControlPlaneTests
     # Set-AzureRmKeyVaultAccessPolicy & Remove-AzureRmKeyVaultAccessPolicy tests.
     Run-TestProtected { Run-VaultTest { Test_SetRemoveAccessPolicyByUPN } "Test_SetRemoveAccessPolicyByUPN" } "Test_SetRemoveAccessPolicyByUPN"
 
-    <#
-    This test is disabled because it requires a user with an email address that matches their UPN.
-    Run-TestProtected { Run-VaultTest { Test_SetRemoveAccessPolicyByEmail } "Test_SetRemoveAccessPolicyByEmail" } "Test_SetRemoveAccessPolicyByEmail"
-    #>
+    # This test will fail for users that do not have the same email address as their UPN.
+    Run-TestProtected { Run-VaultTest { Test_SetRemoveAccessPolicyByEmailAddress } "Test_SetRemoveAccessPolicyByEmailAddress" } "Test_SetRemoveAccessPolicyByEmailAddress"
 
     Run-TestProtected { Run-VaultTest { Test_SetRemoveAccessPolicyBySPN } "Test_SetRemoveAccessPolicyBySPN" } "Test_SetRemoveAccessPolicyBySPN"
     Run-TestProtected { Run-VaultTest { Test_SetRemoveAccessPolicyByObjectId } "Test_SetRemoveAccessPolicyByObjectId" } "Test_SetRemoveAccessPolicyByObjectId"
@@ -228,7 +227,7 @@ function Run-AllControlPlaneTests
     Run-TestProtected { Run-VaultTest { Test_ModifyAccessPolicyNegativeCases } "Test_ModifyAccessPolicyNegativeCases" } "Test_ModifyAccessPolicyNegativeCases"
     Run-TestProtected { Run-VaultTest { Test_RemoveNonExistentAccessPolicyDoesNotThrow } "Test_RemoveNonExistentAccessPolicyDoesNotThrow" } "Test_RemoveNonExistentAccessPolicyDoesNotThrow"
     Run-TestProtected { Run-VaultTest { Test_AllPermissionExpansion } "Test_AllPermissionExpansion" } "Test_AllPermissionExpansion"
-    
+
 
     # Piping tests.
     Run-TestProtected { Run-VaultTest { Test_CreateDeleteVaultWithPiping } "Test_CreateDeleteVaultWithPiping" } "Test_CreateDeleteVaultWithPiping"
@@ -243,7 +242,7 @@ function Run-AllDataPlaneTests
     Write-Host "Starting the data plane tests..."
 
     # All operations that invlove soft delete
-    if($global:softDeleteEnabled -eq $true) 
+    if($global:softDeleteEnabled -eq $true)
     {
         # Key soft delete tests
         Run-TestProtected { Run-KeyTest {Test_GetDeletedKey} "Test_GetDeletedKey" } "Test_GetDeletedKey"
@@ -274,7 +273,7 @@ function Run-AllDataPlaneTests
         Run-TestProtected { Run-KeyTest {Test_ImportPfxAsHsmWithDefaultAttributes} "Test_ImportPfxAsHsmWithDefaultAttributes" } "Test_ImportPfxAsHsmWithDefaultAttributes"
         Run-TestProtected { Run-KeyTest {Test_ImportPfxAsHsmWithCustomAttributes} "Test_ImportPfxAsHsmWithCustomAttributes" } "Test_ImportPfxAsHsmWithCustomAttributes"
 
-        # All operations involving BYOK keys. For these tests to run correctly, the user running the tests 
+        # All operations involving BYOK keys. For these tests to run correctly, the user running the tests
         # must have a subscription ID that matches the subscription ID of the person who initially
         # generated the dummy *.byok files located in the proddata folder.
         #
@@ -484,7 +483,7 @@ try
             Restore-VaultResource $oldVaultResource
         }
     }
-    
+
     if (@('DataPlane', 'All') -contains $TestMode)
     {
         $oldVaultResource = Get-VaultResource

src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/VaultManagementTests.ps1

@@ -126,12 +126,12 @@ function Test_SetRemoveAccessPolicyByUPN
     Test-SetRemoveAccessPolicyByUPN $global:testVault $global:resourceGroupName $user
 }
 
-function Test_SetRemoveAccessPolicyByEmail
+function Test_SetRemoveAccessPolicyByEmailAddress
 {
     # ASSUMPTION: The logged in users UPN is the same as their email address.
     $user = (Get-AzureRmContext).Account.Id
     Reset-PreCreatedVault
-    Test-SetRemoveAccessPolicyByEmail $global:testVault $global:resourceGroupName $user $user
+    Test-SetRemoveAccessPolicyByEmailAddress $global:testVault $global:resourceGroupName $user $user
 }
 
 function Test_SetRemoveAccessPolicyBySPN
@@ -238,7 +238,7 @@ function Test_AllPermissionExpansion
 {
     Reset-PreCreatedVault
     $user = (Get-AzureRmContext).Account.Id
-    Test-AllPermissionExpansion $global:testVault $global:resourceGroupName $user 
+    Test-AllPermissionExpansion $global:testVault $global:resourceGroupName $user
 }
 
 #-------------------------------------------------------------------------------------
@@ -454,7 +454,7 @@ function Cleanup-TemporaryState([bool]$tempResourceGroup, [bool]$tempVault)
     elseif ($tempVault)
     {
         Write-Host "Starting the deletion of the temporary vault. This can take a minute or so..."
-        $vaultRemoved = Remove-AzureRmKeyVault -VaultName $global:testVault -Force -Confirm:$false
+        $vaultRemoved = Remove-AzureRmKeyVault -VaultName $global:testVault -ResourceGroupName $global:resourceGroupname -Force -Confirm:$false
         if ($vaultRemoved)
         {
             $global:testVault = ""

src/ResourceManager/KeyVault/Commands.KeyVault/Commands/RemoveAzureKeyVaultAccessPolicy.cs

@@ -98,7 +98,7 @@ public class RemoveAzureKeyVaultAccessPolicy : KeyVaultManagementCmdletBase
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies the email address of the user in Azure Active Directory for which to grant permissions.")]
         [ValidateNotNullOrEmpty()]
-        public string Mail { get; set; }
+        public string EmailAddress { get; set; }
 
         /// <summary>
         /// Id of the application to which a user delegate to
@@ -174,11 +174,11 @@ public override void ExecuteCmdlet()
                 if (!string.IsNullOrEmpty(UserPrincipalName)
                     || !string.IsNullOrEmpty(ServicePrincipalName)
                     || !string.IsNullOrWhiteSpace(this.ObjectId)
-                    || !string.IsNullOrWhiteSpace(this.Mail))
+                    || !string.IsNullOrWhiteSpace(this.EmailAddress))
                 {
                     if (string.IsNullOrWhiteSpace(this.ObjectId))
                     {
-                        ObjectId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.Mail, this.ServicePrincipalName);
+                        ObjectId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.EmailAddress, this.ServicePrincipalName);
                     }
                     updatedPolicies = existingVault.AccessPolicies.Where(ap => !ShallBeRemoved(ap, ObjectId, this.ApplicationId)).ToArray();
                 }

src/ResourceManager/KeyVault/Commands.KeyVault/Commands/SetAzureKeyVaultAccessPolicy.cs

@@ -91,7 +91,7 @@ public class SetAzureKeyVaultAccessPolicy : KeyVaultManagementCmdletBase
         private const string ByObjectId = "ByObjectId";
         private const string ByServicePrincipalName = "ByServicePrincipalName";
         private const string ByUserPrincipalName = "ByUserPrincipalName";
-        private const string ByEmail = "ByEmail";
+        private const string ByEmailAddress = "ByEmailAddress";
         private const string ForVault = "ForVault";
 
         #endregion
@@ -154,11 +154,11 @@ public class SetAzureKeyVaultAccessPolicy : KeyVaultManagementCmdletBase
         /// Email address
         /// </summary>
         [Parameter(Mandatory = true,
-            ParameterSetName = ByEmail,
+            ParameterSetName = ByEmailAddress,
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies the email address of the user in Azure Active Directory for which to grant permissions.")]
         [ValidateNotNullOrEmpty()]
-        public string Mail { get; set; }
+        public string EmailAddress { get; set; }
 
         /// <summary>
         /// Id of the application to which a user delegate to
@@ -185,7 +185,7 @@ public class SetAzureKeyVaultAccessPolicy : KeyVaultManagementCmdletBase
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies key operation permissions to grant to a user or service principal.")]
         [Parameter(Mandatory = false,
-            ParameterSetName = ByEmail,
+            ParameterSetName = ByEmailAddress,
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies key operation permissions to grant to a user or service principal.")]
         [ValidateSet("decrypt", "encrypt", "unwrapKey", "wrapKey", "verify", "sign", "get", "list", "update", "create", "import", "delete", "backup", "restore", "recover", "purge", "all")]
@@ -207,9 +207,9 @@ public class SetAzureKeyVaultAccessPolicy : KeyVaultManagementCmdletBase
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies secret operation permissions to grant to a user or service principal.")]
         [Parameter(Mandatory = false,
-            ParameterSetName = ByEmail,
+            ParameterSetName = ByEmailAddress,
             ValueFromPipelineByPropertyName = true,
-            HelpMessage = "Specifies key operation permissions to grant to a user or service principal.")]
+            HelpMessage = "Specifies secret operation permissions to grant to a user or service principal.")]
         [ValidateSet("get", "list", "set", "delete", "backup", "restore", "recover", "purge", "all")]
         public string[] PermissionsToSecrets { get; set; }
 
@@ -229,9 +229,9 @@ public class SetAzureKeyVaultAccessPolicy : KeyVaultManagementCmdletBase
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies certificate operation permissions to grant to a user or service principal.")]
         [Parameter(Mandatory = false,
-            ParameterSetName = ByEmail,
+            ParameterSetName = ByEmailAddress,
             ValueFromPipelineByPropertyName = true,
-            HelpMessage = "Specifies key operation permissions to grant to a user or service principal.")]
+            HelpMessage = "Specifies certificate operation permissions to grant to a user or service principal.")]
         [ValidateSet("get", "list", "delete", "create", "import", "update", "managecontacts", "getissuers", "listissuers", "setissuers", "deleteissuers", "manageissuers", "all")]
         public string[] PermissionsToCertificates { get; set; }
 
@@ -250,6 +250,10 @@ public class SetAzureKeyVaultAccessPolicy : KeyVaultManagementCmdletBase
             ParameterSetName = ByUserPrincipalName,
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies managed storage account and sas definition operation permissions to grant to a user or service principal." )]
+        [Parameter(Mandatory = false,
+            ParameterSetName = ByEmailAddress,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "Specifies managed storage account and sas definition  operation permissions to grant to a user or service principal.")]
         [ValidateSet( "get", "list", "delete", "set", "update", "regeneratekey", "getsas", "listsas", "deletesas", "setsas", "all" )]
         public string[] PermissionsToStorage { get; set; }
 
@@ -319,12 +323,12 @@ public override void ExecuteCmdlet()
                 if (!string.IsNullOrEmpty(UserPrincipalName)
                     || !string.IsNullOrEmpty(ServicePrincipalName)
                     || !string.IsNullOrWhiteSpace(this.ObjectId)
-                    || !string.IsNullOrWhiteSpace(this.Mail))
+                    || !string.IsNullOrWhiteSpace(this.EmailAddress))
                 {
                     var objId = this.ObjectId;
                     if (!this.BypassObjectIdValidation.IsPresent)
                     {
-                        objId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.Mail, this.ServicePrincipalName);
+                        objId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.EmailAddress, this.ServicePrincipalName);
                     }
 
                     if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)

src/ResourceManager/KeyVault/Commands.KeyVault/help/Remove-AzureRmKeyVaultAccessPolicy.md

@@ -24,10 +24,10 @@ Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <
  -UserPrincipalName <String> [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
-### ByUserMail
+### ByUserEmailAddress
 ```
 Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>]
- -Mail <String> [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>]
+ -EmailAddress <String> [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### ByObjectId
@@ -236,12 +236,12 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
-### -Mail
-Specifies the user email of the user whose access you want to remove.
+### -EmailAddress
+Specifies the user email address of the user whose access you want to remove.
 
 ```yaml
 Type: String
-Parameter Sets: ByUserMail
+Parameter Sets: ByUserEmailAddress
 
 Required: True
 Position: Named

src/ResourceManager/KeyVault/Commands.KeyVault/help/Set-AzureRmKeyVaultAccessPolicy.md

@@ -28,10 +28,10 @@ Set-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <Str
  [<CommonParameters>]
 ```
 
-### ByUserMail
+### ByUserEmailAddress
 ```
 Set-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>]
- -Mail <String> [-PermissionsToKeys <String[]>] [-PermissionsToSecrets <String[]>]
+ -EmailAddress <String> [-PermissionsToKeys <String[]>] [-PermissionsToSecrets <String[]>]
  [-PermissionsToCertificates <String[]>] [-PermissionsToStorage <String[]>] [-PassThru] [-WhatIf] [-Confirm]
  [<CommonParameters>]
 
@@ -427,13 +427,13 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
-### -Mail
-Specifies the user email of the user to whom to grant permissions.
-This email must exist in the directory associated with the current subscription and be unique.
+### -EmailAddress
+Specifies the user email address of the user to whom to grant permissions.
+This email address must exist in the directory associated with the current subscription and be unique.
 
 ```yaml
 Type: String
-Parameter Sets: ByUserMail
+Parameter Sets: ByUserEmailAddress
 
 Required: True
 Position: Named