Skip to content

Commit dc51584

Browse files
BethanyZhouBethanyZhou
authored
DisableRbacAuthorization by default (#24845)
1 parent 673dd20 commit dc51584

File tree

2 files changed

+12
-12
lines changed

2 files changed

+12
-12
lines changed

src/KeyVault/KeyVault.Test/LiveTests/KeyVaultDataPlaneLiveTests/TestNetworkRuleSet.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ Invoke-LiveTestScenario -Name "Create key vault and specifies network rules" -De
1111
$virtualNetwork = New-AzVirtualNetwork -Name $vnName -ResourceGroupName $rg.ResourceGroupName -Location $vnLocation -AddressPrefix "110.0.0.0/16" -Subnet $frontendSubnet
1212
$myNetworkResId = $virtualNetwork.Subnets[0].Id
1313
$ruleSet = New-AzKeyVaultNetworkRuleSetObject -DefaultAction Allow -Bypass AzureServices -IpAddressRange "110.0.1.0/24" -VirtualNetworkResourceId $myNetworkResId
14-
$keyvault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -NetworkRuleSet $ruleSet
14+
$keyvault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -NetworkRuleSet $ruleSet -DisableRbacAuthorization
1515
Assert-AreEqual $keyvault.NetworkAcls.DefaultAction Allow
1616
Assert-AreEqual $keyvault.NetworkAcls.Bypass AzureServices
1717
# Assert-AreEqual $keyvault.NetworkAcls.VirtualNetworkResourceIds $myNetworkResId

src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ Invoke-LiveTestScenario -Name "Create new standard key vault" -Description "Test
66
$vaultName = New-LiveTestResourceName
77
$vaultLocation = "westus"
88

9-
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
9+
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -DisableRbacAuthorization
1010
$actual = Get-AzKeyVault -ResourceGroupName $rgName -VaultName $vaultName
1111
Assert-AreEqual $vaultName $actual.VaultName
1212
Assert-AreEqual $rgName $actual.ResourceGroupName
@@ -15,7 +15,7 @@ Invoke-LiveTestScenario -Name "Create new standard key vault" -Description "Test
1515
Assert-AreEqual $false $actual.EnabledForDeployment
1616
Assert-True { $actual.EnableSoftDelete } "By default EnableSoftDelete should be true"
1717
Assert-Null $actual.EnablePurgeProtection "By default EnablePurgeProtection should be null"
18-
Assert-False { $actual.EnableRbacAuthorization } "By default EnableRbacAuthorization should be false"
18+
Assert-False { $actual.EnableRbacAuthorization } "EnableRbacAuthorization should be false"
1919
Assert-AreEqual 90 $actual.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
2020
}
2121

@@ -27,7 +27,7 @@ Invoke-LiveTestScenario -Name "Create new premium key vault" -Description "Test
2727
$vaultName = New-LiveTestResourceName
2828
$vaultLocation = "eastus"
2929

30-
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -Sku premium -EnabledForDeployment
30+
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -Sku premium -EnabledForDeployment -DisableRbacAuthorization
3131
$actual = Get-AzKeyVault -ResourceGroupName $rgName -VaultName $vaultName
3232
Assert-AreEqual $vaultName $actual.VaultName
3333
Assert-AreEqual $rgName $actual.ResourceGroupName
@@ -45,7 +45,7 @@ Invoke-LiveTestScenario -Name "Update key vault" -Description "Test updating pro
4545
$vaultLocation = "eastus"
4646

4747
# Update EnableRbacAuthorization
48-
$vault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
48+
$vault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -DisableRbacAuthorization
4949

5050
$vault = $vault | Update-AzKeyVault -DisableRbacAuthorization $true
5151
Assert-False { $vault.EnableRbacAuthorization } "EnableRbacAuthorization should be false"
@@ -69,7 +69,7 @@ Invoke-LiveTestScenario -Name "Delete key vault" -Description "Test deleting key
6969
$vaultName = New-LiveTestResourceName
7070
$vaultLocation = "westus"
7171

72-
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgname -Location $vaultLocation
72+
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgname -Location $vaultLocation -DisableRbacAuthorization
7373
Remove-AzKeyVault -VaultName $vaultName -Force
7474

7575
$deletedVault = Get-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName
@@ -88,7 +88,7 @@ Invoke-LiveTestScenario -Name "Create key vault secret" -Description "Test creat
8888
$vaultLocation = "eastus"
8989
$secretName = New-LiveTestResourceName
9090

91-
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
91+
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -DisableRbacAuthorization
9292
$sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
9393
$objectId = $sp.Id
9494
Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
@@ -111,7 +111,7 @@ Invoke-LiveTestScenario -Name "Create key vault secret with multi-versions" -Des
111111
$vaultLocation = "westus"
112112
$secretName = New-LiveTestResourceName
113113

114-
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
114+
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -DisableRbacAuthorization
115115
$sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
116116
$objectId = $sp.Id
117117
Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
@@ -134,7 +134,7 @@ Invoke-LiveTestScenario -Name "Update key vault secret attributes" -Description
134134
$vaultLocation = "westus"
135135
$secretName = New-LiveTestResourceName
136136

137-
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
137+
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -DisableRbacAuthorization
138138
$sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
139139
$objectId = $sp.Id
140140
Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
@@ -163,7 +163,7 @@ Invoke-LiveTestScenario -Name "Remove key vault secret" -Description "Test remov
163163
$vaultLocation = "eastus"
164164
$secretName = New-LiveTestResourceName
165165

166-
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
166+
New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -DisableRbacAuthorization
167167
$sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
168168
$objectId = $sp.Id
169169
Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list, delete
@@ -187,8 +187,8 @@ Invoke-LiveTestScenario -Name "Backup and restore key vault secret" -Description
187187
$vaultLocation = "eastus"
188188
$secretName = New-LiveTestResourceName
189189

190-
New-AzKeyVault -VaultName $vaultName1 -ResourceGroupName $rgName -Location $vaultLocation
191-
New-AzKeyVault -VaultName $vaultName2 -ResourceGroupName $rgName -Location $vaultLocation
190+
New-AzKeyVault -VaultName $vaultName1 -ResourceGroupName $rgName -Location $vaultLocation -DisableRbacAuthorization
191+
New-AzKeyVault -VaultName $vaultName2 -ResourceGroupName $rgName -Location $vaultLocation -DisableRbacAuthorization
192192
$sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
193193
$objectId = $sp.Id
194194
Set-AzKeyVaultAccessPolicy -VaultName $vaultName1 -ObjectId $objectId -PermissionsToSecrets get, set, list, backup

0 commit comments

Comments
 (0)