Adding CMK changes for PS cmdlets

Author: viparek

src/Sql/Sql.LegacySdk/Generated/Models/EncryptionProtectorCreateOrUpdateProperties.cs

@@ -53,7 +53,7 @@ public string ServerKeyType
             get { return this._serverKeyType; }
             set { this._serverKeyType = value; }
         }
-        
+
         /// <summary>
         /// Initializes a new instance of the
         /// EncryptionProtectorCreateOrUpdateProperties class.

src/Sql/Sql.LegacySdk/Generated/Models/EncryptionProtectorProperties.cs

@@ -62,7 +62,19 @@ public string Uri
             get { return this._uri; }
             set { this._uri = value; }
         }
-        
+
+        private bool? _isAutoRotationEnabled;
+
+        /// <summary>
+        /// Optional. Gets or sets the Azure Sql Server Encryption
+        /// Protector Key Rotation Status
+        /// </summary>
+        public bool? AutoRotationEnabled
+        {
+            get { return this._isAutoRotationEnabled; }
+            set { this._isAutoRotationEnabled = value; }
+        }
+
         /// <summary>
         /// Initializes a new instance of the EncryptionProtectorProperties
         /// class.

src/Sql/Sql.Test/ScenarioTests/TransparentDataEncryptionCrudTests.cs

@@ -55,5 +55,12 @@ public void TestServerTransparentDataEncryptionProtectorSet()
         {
             RunPowerShellTest("Test-SetTransparentDataEncryptionProtector");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestServerTransparentDataEncryptionProtectorSetWithKeyRotation()
+        {
+            RunPowerShellTest("Test-SetTransparentDataEncryptionProtectorWithKeyRotation");
+        }
     }
 }

src/Sql/Sql.Test/ScenarioTests/TransparentDataEncryptionCrudTests.ps1

@@ -154,3 +154,41 @@ function Test-SetTransparentDataEncryptionProtector
 		Remove-ResourceGroupForTest $rg
 	}
 }
+
+<#
+	.SYNOPSIS
+	Tests Setting a server transparent data encryption protector
+#>
+function Test-SetTransparentDataEncryptionProtectorWithKeyRotation
+{
+	# Setup
+	$params = Get-SqlServerKeyVaultKeyTestEnvironmentParameters
+	$rg = Create-ServerKeyVaultKeyTestEnvironment $params
+	$autoRotationEnabled = $true
+
+	try
+	{
+		# Encryption Protector should be set to Service Managed initially
+		$encProtector1 = Get-AzSqlServerTransparentDataEncryptionProtector -ResourceGroupName $params.rgName -ServerName $params.serverName
+		Assert-AreEqual ServiceManaged $encProtector1.Type 
+		Assert-AreEqual ServiceManaged $encProtector1.ServerKeyVaultKeyName 
+
+		# Add server key
+		$keyResult = Add-AzSqlServerKeyVaultKey -ServerName $params.serverName -ResourceGroupName $params.rgName -KeyId $params.keyId
+		Assert-AreEqual $params.keyId $keyResult.Uri
+
+		# Rotate to AKV
+		$job = Set-AzSqlServerTransparentDataEncryptionProtector -ResourceGroupName $params.rgName -ServerName $params.serverName `
+			-Type AzureKeyVault -KeyId $params.keyId -AutoRotationEnabled $autoRotationEnabled -Force -AsJob
+		$job | Wait-Job
+		$encProtector2 = $job.Output
+
+		Assert-AreEqual AzureKeyVault $encProtector2.Type 
+		Assert-AreEqual $params.serverKeyName $encProtector2.ServerKeyVaultKeyName 
+		Assert-AreEqual $autoRotationEnabled $encProtector2.AutoRotationEnabled
+	}
+	finally
+	{
+		Remove-ResourceGroupForTest $rg
+	}
+}

src/Sql/Sql/ManagedInstance/Cmdlet/NewAzureSqlManagedInstance.cs

@@ -323,6 +323,20 @@ public class NewAzureSqlManagedInstance : ManagedInstanceCmdletBase
             HelpMessage = "The Maintenance configuration id for the Sql Azure Managed Instance.")]
         public string MaintenanceConfigurationId { get; set; }
 
+        /// <summary>
+        /// Id of the primary user assigned identity
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "The primary user assigned identity id")]
+        public string PrimaryUserAssignedIdentityId { get; set; }
+
+        /// <summary>
+        /// URI of the key to use for encryption
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "URI of the key to use for encryption")]
+        public string KeyId { get; set; }
+
         /// <summary>
         /// Gets or sets whether or not to run this cmdlet in the background as a job
         /// </summary>
@@ -515,6 +529,8 @@ public override void ExecuteCmdlet()
                 MinimalTlsVersion = this.MinimalTlsVersion,
                 BackupStorageRedundancy = this.BackupStorageRedundancy,
                 MaintenanceConfigurationId = this.MaintenanceConfigurationId,
+                PrimaryUserAssignedIdentityId = this.PrimaryUserAssignedIdentityId,
+                KeyId = this.KeyId,
                 Administrators = new Management.Sql.Models.ManagedInstanceExternalAdministrator()
                 {
                     AzureADOnlyAuthentication = (this.EnableActiveDirectoryOnlyAuthentication.IsPresent) ? (bool?)true : null,

src/Sql/Sql/ManagedInstance/Cmdlet/SetAzureSqlManagedInstance.cs

@@ -182,6 +182,20 @@ public class SetAzureSqlManagedInstance : ManagedInstanceCmdletBase
         [PSArgumentCompleter("None", "1.0", "1.1", "1.2")]
         public string MinimalTlsVersion { get; set; }
 
+        /// <summary>
+        /// Id of the primary user assigned identity
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "The primary user assigned identity id")]
+        public string PrimaryUserAssignedIdentityId { get; set; }
+
+        /// <summary>
+        /// URI of the key to use for encryption
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "URI of the key to use for encryption")]
+        public string KeyId { get; set; }
+
         /// <summary>
         /// Defines whether it is ok to skip the requesting of rule removal confirmation
         /// </summary>
@@ -291,7 +305,9 @@ protected override IEnumerable<AzureSqlManagedInstanceModel> ApplyUserInputToMod
                 InstancePoolName = this.InstancePoolName,
                 MinimalTlsVersion = this.MinimalTlsVersion,
                 MaintenanceConfigurationId = this.MaintenanceConfigurationId,
-                AdministratorLogin = model.FirstOrDefault().AdministratorLogin
+                AdministratorLogin = model.FirstOrDefault().AdministratorLogin,
+                PrimaryUserAssignedIdentityId = this.PrimaryUserAssignedIdentityId,
+                KeyId = this.KeyId
             });
             return updateData;
         }

src/Sql/Sql/ManagedInstance/Model/AzureSqlManagedInstanceModel.cs

@@ -149,5 +149,15 @@ public class AzureSqlManagedInstanceModel
         /// Gets or sets the Azure SQL Managed Instance Active Directory administrator
         /// </summary>
         public Management.Sql.Models.ManagedInstanceExternalAdministrator Administrators { get; set; }
+
+        /// <summary>
+        /// Gets or sets the resource id of a user assigned identity to be used
+        /// </summary>
+        public string PrimaryUserAssignedIdentityId { get; set; }
+
+        /// <summary>
+        /// Gets or sets a CMK URI of the key to use for encryption.
+        /// </summary>
+        public string KeyId { get; set; }
     }
 }

src/Sql/Sql/ManagedInstance/Services/AzureSqlManagedInstanceAdapter.cs

@@ -172,7 +172,9 @@ public AzureSqlManagedInstanceModel UpsertManagedInstance(AzureSqlManagedInstanc
                 MinimalTlsVersion = model.MinimalTlsVersion,
                 StorageAccountType = MapExternalBackupStorageRedundancyToInternal(model.BackupStorageRedundancy),
                 MaintenanceConfigurationId = MaintenanceConfigurationHelper.ConvertMaintenanceConfigurationIdArgument(model.MaintenanceConfigurationId, Context.Subscription.Id),
-                Administrators = GetActiveDirectoryInformation(model.Administrators)
+                Administrators = GetActiveDirectoryInformation(model.Administrators),
+                PrimaryUserAssignedIdentityId = model.PrimaryUserAssignedIdentityId,
+                KeyId = model.KeyId
             });
 
             return CreateManagedInstanceModelFromResponse(resp);

src/Sql/Sql/Server/Cmdlet/NewAzureSqlServer.cs

@@ -89,6 +89,20 @@ public class NewAzureSqlServer : AzureSqlServerCmdletBase
         [PSArgumentCompleter("1.0", "1.1", "1.2")]
         public string MinimalTlsVersion { get; set; }
 
+        /// <summary>
+        /// Id of the primary user assigned identity
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "The primary user assigned identity id")]
+        public string PrimaryUserAssignedIdentityId { get; set; }
+
+        /// <summary>
+        /// URI of the key to use for encryption
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "URI of the key to use for encryption")]
+        public string KeyId { get; set; }
+
         /// <summary>
         /// Gets or sets whether or not to run this cmdlet in the background as a job
         /// </summary>
@@ -187,12 +201,14 @@ public override void ExecuteCmdlet()
                 Identity = ResourceIdentityHelper.GetIdentityObjectFromType(this.AssignIdentity.IsPresent),
                 MinimalTlsVersion = this.MinimalTlsVersion,
                 PublicNetworkAccess = this.PublicNetworkAccess,
+                PrimaryUserAssignedIdentityId = this.PrimaryUserAssignedIdentityId,
+                KeyId = this.KeyId,
                 Administrators = new Management.Sql.Models.ServerExternalAdministrator()
                 {
                     AzureADOnlyAuthentication = (this.EnableActiveDirectoryOnlyAuthentication.IsPresent) ? (bool?)true : null,
                     Login = this.ExternalAdminName,
                     Sid = this.ExternalAdminSID
-                }
+                }              
             });
             return newEntity;
         }

src/Sql/Sql/Server/Cmdlet/SetAzureSqlServer.cs

@@ -83,6 +83,20 @@ public class SetAzureSqlServer : AzureSqlServerCmdletBase
         [PSArgumentCompleter("1.0", "1.1", "1.2")]
         public string MinimalTlsVersion { get; set; }
 
+        /// <summary>
+        /// Id of the primary user assigned identity
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "The primary user assigned identity id")]
+        public string PrimaryUserAssignedIdentityId { get; set; }
+
+        /// <summary>
+        /// URI of the key to use for encryption
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "URI of the key to use for encryption")]
+        public string KeyId { get; set; }
+
         /// <summary>
         /// Defines whether it is ok to skip the requesting of rule removal confirmation
         /// </summary>
@@ -123,7 +137,9 @@ public class SetAzureSqlServer : AzureSqlServerCmdletBase
                 Identity = model.FirstOrDefault().Identity ?? ResourceIdentityHelper.GetIdentityObjectFromType(this.AssignIdentity.IsPresent),
                 PublicNetworkAccess = this.PublicNetworkAccess,
                 MinimalTlsVersion = this.MinimalTlsVersion,
-                SqlAdministratorLogin = model.FirstOrDefault().SqlAdministratorLogin
+                SqlAdministratorLogin = model.FirstOrDefault().SqlAdministratorLogin,
+                PrimaryUserAssignedIdentityId = this.PrimaryUserAssignedIdentityId,
+                KeyId = this.KeyId
             });
             return updateData;
         }

src/Sql/Sql/Server/Model/AzureSqlServerModel.cs

@@ -79,6 +79,7 @@ public class AzureSqlServerModel
         /// </summary>
         public string MinimalTlsVersion { get; set; }
 
+        /// <summary>
         /// Gets or sets the flag to control enable/disable public network access
         /// </summary>
         public string PublicNetworkAccess { get; set; }
@@ -87,5 +88,15 @@ public class AzureSqlServerModel
         /// Gets or sets the Azure SQL Server Active Directory administrator
         /// </summary>
         public Management.Sql.Models.ServerExternalAdministrator Administrators{ get; set; }
+
+        /// <summary>
+        /// Gets or sets the resource id of a user assigned identity to be used
+        /// </summary>
+        public string PrimaryUserAssignedIdentityId { get; set; }
+
+        /// <summary>
+        /// Gets or sets a CMK URI of the key to use for encryption.
+        /// </summary>
+        public string KeyId { get; set; }
     }
 }

src/Sql/Sql/Server/Services/AzureSqlServerAdapter.cs

@@ -140,7 +140,9 @@ public AzureSqlServerModel UpsertServer(AzureSqlServerModel model)
                 Identity = model.Identity,
                 MinimalTlsVersion = model.MinimalTlsVersion,
                 PublicNetworkAccess = model.PublicNetworkAccess,
-                Administrators = GetActiveDirectoryInformation(model.Administrators)
+                Administrators = GetActiveDirectoryInformation(model.Administrators),
+                PrimaryUserAssignedIdentityId = model.PrimaryUserAssignedIdentityId,
+                KeyId = model.KeyId
             });
 
             return CreateServerModelFromResponse(resp);
@@ -188,6 +190,8 @@ private static AzureSqlServerModel CreateServerModelFromResponse(Management.Sql.
             {
                 server.Administrators.AdministratorType = "ActiveDirectory";
             }
+            server.PrimaryUserAssignedIdentityId = resp.PrimaryUserAssignedIdentityId;
+            server.KeyId = resp.KeyId;
 
             return server;
         }

src/Sql/Sql/Sql.csproj

@@ -24,6 +24,10 @@
     <PackageReference Include="Microsoft.Azure.Management.Sql" Version="1.53.0-preview" /> 
     <PackageReference Include="System.Security.Permissions" Version="4.5.0" />
   </ItemGroup>
+  
+  <ItemGroup>
+    <Reference Include="D:\repos\azure-sdk-for-net\artifacts\bin\Microsoft.Azure.Management.Sql\Debug\net461\Microsoft.Azure.Management.Sql.dll" />
+  </ItemGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\Sql.LegacySdk\Sql.LegacySdk.csproj" />      

src/Sql/Sql/TransparentDataEncryption/Cmdlet/SetAzureRmSqlManagedInstanceTransparentDataEncryptionProtector.cs

@@ -64,7 +64,17 @@ public class SetAzureRmSqlManagedInstanceTransparentDataEncryptionProtector : Az
             HelpMessage = "The Azure Key Vault KeyId.")]
         [ValidateNotNullOrEmpty]
         public string KeyId { get; set; }
-        
+
+        /// <summary>
+        /// Gets or sets the encryption protector key auto rotation status
+        /// </summary>
+        [Parameter(Mandatory = false,
+        ValueFromPipelineByPropertyName = true,
+            Position = 4,
+            HelpMessage = "The Key Auto Rotation status")]
+        [ValidateNotNullOrEmpty]
+        public SwitchParameter AutoRotationEnabled { get; set; }
+
         /// <summary>
         /// Defines whether it is ok to skip the requesting of setting Transparent Data Encryption protector confirmation
         /// </summary>
@@ -101,7 +111,8 @@ protected override IEnumerable<AzureRmSqlManagedInstanceTransparentDataEncryptio
                 resourceGroupName: this.ResourceGroupName, 
                 managedInstanceName: this.InstanceName, 
                 type: this.Type, 
-                keyId: this.KeyId));
+                keyId: this.KeyId,
+                autoRotatonEnabled: this.AutoRotationEnabled));
 
             return newEntity;
         }

src/Sql/Sql/TransparentDataEncryption/Cmdlet/SetAzureSqlServerTransparentDataEncryptionProtector.cs

@@ -48,6 +48,16 @@ public class SetAzureSqlServerTransparentDataEncryptionProtector : AzureSqlServe
         [ValidateNotNullOrEmpty]
         public string KeyId { get; set; }
 
+        /// <summary>
+        /// Gets or sets the encryption protector key auto rotation status
+        /// </summary>
+        [Parameter(Mandatory = false,
+        ValueFromPipelineByPropertyName = true,
+            Position = 4,
+            HelpMessage = "The Key Auto Rotation status")]
+        [ValidateNotNullOrEmpty]
+        public SwitchParameter AutoRotationEnabled { get; set; }
+
         /// <summary>
         /// Defines whether it is ok to skip the requesting of setting Transparent Data Encryption protector confirmation
         /// </summary>
@@ -84,7 +94,8 @@ public class SetAzureSqlServerTransparentDataEncryptionProtector : AzureSqlServe
                 ServerName = this.ServerName,
                 Type = this.Type,
                 ServerKeyVaultKeyName = TdeKeyHelper.CreateServerKeyNameFromKeyId(this.KeyId),
-                KeyId = this.KeyId
+                KeyId = this.KeyId,
+                AutoRotationEnabled = this.AutoRotationEnabled
             });
             return newEntity;
         }

src/Sql/Sql/TransparentDataEncryption/Model/AzureRmSqlManagedInstanceTransparentDataEncryptionProtectorModel.cs

@@ -30,11 +30,12 @@ public AzureRmSqlManagedInstanceTransparentDataEncryptionProtectorModel(string r
             ManagedInstanceName = managedInstanceName;
         }
 
-        public AzureRmSqlManagedInstanceTransparentDataEncryptionProtectorModel(string resourceGroupName, string managedInstanceName, EncryptionProtectorType type, string keyId) 
+        public AzureRmSqlManagedInstanceTransparentDataEncryptionProtectorModel(string resourceGroupName, string managedInstanceName, EncryptionProtectorType type, string keyId, bool? autoRotatonEnabled) 
             : this(resourceGroupName, managedInstanceName)
         {
             Type = type;
             KeyId = keyId;
+            AutoRotationEnabled = autoRotatonEnabled;
         }
 
         /// <summary>
@@ -62,6 +63,11 @@ public AzureRmSqlManagedInstanceTransparentDataEncryptionProtectorModel(string r
         /// </summary>
         public string KeyId { get; private set; }
 
+        /// <summary>
+        /// Gets or sets the key auto rotation status.
+        /// </summary>
+        public bool? AutoRotationEnabled { get; set; }
+
         /// <summary>
         /// Create a AzureRmSqlManagedInstanceTransparentDataEncryptionProtectorModel from a given ManagedInstanceEncryptionProtector
         /// </summary>
@@ -80,7 +86,8 @@ public static AzureRmSqlManagedInstanceTransparentDataEncryptionProtectorModel F
             {
                 ManagedInstanceKeyVaultKeyName = managedInstanceEncryptionProtector.ServerKeyName,
                 Type = type,
-                KeyId = managedInstanceEncryptionProtector.Uri
+                KeyId = managedInstanceEncryptionProtector.Uri,
+                AutoRotationEnabled = managedInstanceEncryptionProtector.AutoRotationEnabled
             };
         }
     }