Merge pull request #158 from divyakgupta/ignite

markcowl · markcowl · commit 2153f70964cd · 2015-04-23T16:09:54.000-07:00
Key Vault cmdlet bug fixes
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault.Test/ScenarioTests/KeyVaultManagementTests.ps1 b/src/ResourceManager/KeyVault/Commands.KeyVault.Test/ScenarioTests/KeyVaultManagementTests.ps1
@@ -289,7 +289,14 @@ function Test-ModifyAccessPolicy
 {
 	Param($existingVaultName, $rgName, $upn)
 	
-	# Add perms to start off
+	# Adding nothing should not change the vault
+	$PermToKeys = @()
+	$PermToSecrets = @()	
+	$vault = Set-AzureKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -UserPrincipalName $upn -PermissionsToKeys $PermToKeys -PassThru
+	Assert-NotNull $vault
+	Assert-AreEqual 0 $vault.AccessPolicies.Count
+
+	# Add some perms now
 	$PermToKeys = @("encrypt", "decrypt", "unwrapKey", "wrapKey", "verify", "sign", "get", "list", "update", "create", "import", "delete", "backup", "restore")
 	$PermToSecrets = @("get", "list", "set", "delete")
 	$vault = Set-AzureKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -UPN $upn -PermissionsToKeys $PermToKeys -PermissionsToSecrets $PermToSecrets -PassThru
@@ -311,10 +318,16 @@ function Test-ModifyAccessPolicy
 	$vault = Set-AzureKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -ObjectId $objId -PermissionsToSecrets $PermToSecrets -PassThru
 	CheckVaultAccessPolicy $vault $PermToKeys $PermToSecrets
 
-	# Remove just the secrets perms
+	# Remove just the keys perms
 	$PermToKeys = @()
 	$vault = Set-AzureKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -UserPrincipalName $upn -PermissionsToKeys $PermToKeys -PassThru
-	CheckVaultAccessPolicy $vault $PermToKeys $PermToSecrets	
+	CheckVaultAccessPolicy $vault $PermToKeys $PermToSecrets
+	
+	# Remove secret perms too
+	$PermToSecrets = @()	
+	$vault = Set-AzureKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -UserPrincipalName $upn -PermissionsToKeys $PermToKeys -PermissionsToSecrets $PermToSecrets -PassThru
+	Assert-NotNull $vault
+	Assert-AreEqual 0 $vault.AccessPolicies.Count
 }
 
 function Test-SetAccessPolicyNegativeCases
@@ -327,9 +340,6 @@ function Test-SetAccessPolicyNegativeCases
 
 	# random string in perms
 	Assert-Throws { Set-AzureKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -UserPrincipalName $upn -PermissionsToSecrets blah, get }
-
-	# empty perms
-	Assert-Throws { Set-AzureKeyVaultAccessPolicy -VaultName $existingVaultName -ResourceGroupName $rgName -UserPrincipalName $upn -PermissionsToSecrets @() -PermissionsToKeys @() }
 }
 
 function Test-RemoveNonExistentAccessPolicyDoesNotThrow
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/VaultKeyTests.ps1 b/src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/VaultKeyTests.ps1
@@ -612,7 +612,7 @@ function Test_GetKeyVersions
     } while ($i -le $run)
            
     $keys=Get-AzureKeyVaultKey -VaultName $keyVault -Name $keyname -IncludeVersions
-    Assert-True { $keys.Count -ge $total*$run+1 }
+    Assert-True { $keys.Count -ge $total*$run }
 }
 
 <#
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/VaultSecretTests.ps1 b/src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/VaultSecretTests.ps1
@@ -479,7 +479,7 @@ function Test_GetSecretVersions
     BulkCreateSecretVersions $keyVault $secretname $total
         
     $secs=Get-AzureKeyVaultSecret -VaultName $keyVault -Name $secretname -IncludeVersions
-    Assert-True { $secs.Count -ge $total+1 }
+    Assert-True { $secs.Count -ge $total }
 }
 
 <#
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault.Test/SessionRecords/Microsoft.Azure.Commands.KeyVault.Test.ScenarioTests.KeyVaultManagementTests/TestModifyAccessPolicy.json b/src/ResourceManager/KeyVault/Commands.KeyVault.Test/SessionRecords/Microsoft.Azure.Commands.KeyVault.Test.ScenarioTests.KeyVaultManagementTests/TestModifyAccessPolicy.json
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/GetAzureKeyVaultKey.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/GetAzureKeyVaultKey.cs
@@ -108,7 +108,7 @@ public override void ExecuteCmdlet()
                      keyBundle = DataServiceClient.GetKey(VaultName, Name, null);
                     if (keyBundle != null)
                         WriteObject(new KeyIdentityItem(keyBundle));
-                    GetAndWriteKeyVersions(VaultName, Name);
+                    GetAndWriteKeyVersions(VaultName, Name, keyBundle.Version);
                     break;
                 case ByVaultNameParameterSet:
                     GetAndWriteKeys(VaultName);
@@ -134,7 +134,7 @@ private void GetAndWriteKeys(string vaultName)
             } while (!string.IsNullOrEmpty(options.NextLink));
         }
 
-        private void GetAndWriteKeyVersions(string vaultName, string name)
+        private void GetAndWriteKeyVersions(string vaultName, string name, string currentKeyVersion)
         {
             KeyVaultObjectFilterOptions options = new KeyVaultObjectFilterOptions
             {
@@ -145,7 +145,7 @@ private void GetAndWriteKeyVersions(string vaultName, string name)
             
             do
             {
-                var pageResults = DataServiceClient.GetKeyVersions(options);
+                var pageResults = DataServiceClient.GetKeyVersions(options).Where(k => k.Version != currentKeyVersion);
                 WriteObject(pageResults, true);
             } while (!string.IsNullOrEmpty(options.NextLink));
         }
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/GetAzureKeyVaultSecret.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/GetAzureKeyVaultSecret.cs
@@ -106,7 +106,7 @@ public override void ExecuteCmdlet()
                     secret = DataServiceClient.GetSecret(VaultName, Name, null);
                     if (secret != null)
                         WriteObject(new SecretIdentityItem(secret));
-                    GetAndWriteSecretVersions(VaultName, Name);
+                    GetAndWriteSecretVersions(VaultName, Name, secret.Version);
                     break;
                 case ByVaultNameParameterSet:
                     GetAndWriteSecrets(VaultName);
@@ -130,7 +130,7 @@ private void GetAndWriteSecrets(string vaultName)
             } while (!string.IsNullOrEmpty(options.NextLink));
         }
 
-        private void GetAndWriteSecretVersions(string vaultName, string name)
+        private void GetAndWriteSecretVersions(string vaultName, string name, string currentSecretVersion)
         {
             KeyVaultObjectFilterOptions options = new KeyVaultObjectFilterOptions
             {
@@ -141,7 +141,8 @@ private void GetAndWriteSecretVersions(string vaultName, string name)
             
             do
             {
-                WriteObject(DataServiceClient.GetSecretVersions(options), true);
+                var secrets = DataServiceClient.GetSecretVersions(options).Where(s => s.Version != currentSecretVersion);
+                WriteObject(secrets, true);
             } while (!string.IsNullOrEmpty(options.NextLink));
         }
     }
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/SetAzureKeyVaultAccessPolicy.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/SetAzureKeyVaultAccessPolicy.cs
@@ -170,10 +170,7 @@ public override void ExecuteCmdlet()
 
                 //Both arrays cannot be null
                 if (PermissionsToKeys == null && PermissionsToSecrets == null)
-                    throw new ArgumentException(PSKeyVaultProperties.Resources.PermissionsNotSpecified);
-                //Both arrays cannot be empty
-                else if ((PermissionsToSecrets != null && PermissionsToSecrets.Length == 0) && (PermissionsToKeys != null && PermissionsToKeys.Length == 0))
-                    throw new ArgumentException(PSKeyVaultProperties.Resources.PermissionsNotSpecified);
+                    throw new ArgumentException(PSKeyVaultProperties.Resources.PermissionsNotSpecified);                
                 else
                 {
                     //Validate 
@@ -193,12 +190,15 @@ public override void ExecuteCmdlet()
 
                     var secrets = PermissionsToSecrets != null ? PermissionsToSecrets :
                         (existingPolicy != null && existingPolicy.PermissionsToSecrets != null ?
-                         existingPolicy.PermissionsToSecrets.ToArray() : null);
-
-                    var policy = new PSKeyVaultModels.PSVaultAccessPolicy(vault.TenantId, objId, keys, secrets);
-
-                    //Remove old policies for this object ID and add a new one with the right permission arrays
-                    updatedListOfAccessPolicies = vault.AccessPolicies.Where(ap => ap.ObjectId != objId).Concat(new[] { policy }).ToArray();
+                         existingPolicy.PermissionsToSecrets.ToArray() : null);                    
+
+                    //Remove old policies for this object ID and add a new one with the right permissions, iff there were some non-empty permissions
+                    updatedListOfAccessPolicies = vault.AccessPolicies.Where(ap => ap.ObjectId != objId).ToArray();
+                    if ((keys != null && keys.Length > 0) || (secrets != null && secrets.Length > 0))
+                    {
+                        var policy = new PSKeyVaultModels.PSVaultAccessPolicy(vault.TenantId, objId, keys, secrets);
+                        updatedListOfAccessPolicies = updatedListOfAccessPolicies.Concat(new[] { policy }).ToArray();
+                    }
 
                 }
             }
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Microsoft.Azure.Commands.KeyVault.format.ps1xml b/src/ResourceManager/KeyVault/Commands.KeyVault/Microsoft.Azure.Commands.KeyVault.format.ps1xml
@@ -114,9 +114,9 @@
       </ListControl>
     </View>
     <View>
-      <Name>Microsoft.Azure.Commands.KeyVault.Models.VaultIdentityItem</Name>
+      <Name>Microsoft.Azure.Commands.KeyVault.Models.PSVaultIdentityItem</Name>
       <ViewSelectedBy>
-        <TypeName>Microsoft.Azure.Commands.KeyVault.Models.VaultIdentityItem</TypeName>
+        <TypeName>Microsoft.Azure.Commands.KeyVault.Models.PSVaultIdentityItem</TypeName>
       </ViewSelectedBy>
       <ListControl>
         <ListEntries>
@@ -148,9 +148,9 @@
       </ListControl>
     </View>
     <View>
-      <Name>Microsoft.Azure.Commands.KeyVault.Models.Vault</Name>
+      <Name>Microsoft.Azure.Commands.KeyVault.Models.PSVault</Name>
       <ViewSelectedBy>
-        <TypeName>Microsoft.Azure.Commands.KeyVault.Models.Vault</TypeName>
+        <TypeName>Microsoft.Azure.Commands.KeyVault.Models.PSVault</TypeName>
       </ViewSelectedBy>
       <ListControl>
         <ListEntries>
@@ -202,9 +202,9 @@
       </ListControl>
     </View>
     <View>
-      <Name>Microsoft.Azure.Commands.KeyVault.Models.VaultAccessPolicy</Name>
+      <Name>Microsoft.Azure.Commands.KeyVault.Models.PSVaultAccessPolicy</Name>
       <ViewSelectedBy>
-        <TypeName>Microsoft.Azure.Commands.KeyVault.Models.VaultAccessPolicy</TypeName>
+        <TypeName>Microsoft.Azure.Commands.KeyVault.Models.PSVaultAccessPolicy</TypeName>
       </ViewSelectedBy>
       <ListControl>
         <ListEntries>
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.Designer.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.Designer.cs
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.resx b/src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.resx
@@ -118,7 +118,7 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="ADObjectNotFound" xml:space="preserve">
-    <value>Cannot find the Active Directory object '{0}' in tenant '{1}'</value>
+    <value>Cannot find the Active Directory object '{0}' in tenant '{1}'. Please make sure that the user or application service principal you are authorizing is registered in the current subscription's Azure Active directory. The TenantID displayed by the cmdlet 'get-AzureSubscription -current' is the current subscription's Azure Active directory.</value>
   </data>
   <data name="BackupKeyFileNotFound" xml:space="preserve">
     <value>Cannot find backup key file '{0}'</value>

Original file line number	Diff line number	Diff line change
`@@ -612,7 +612,7 @@ function Test_GetKeyVersions`
`612`	`612`	`} while ($i -le $run)`
`613`	`613`
`614`	`614`	`$keys=Get-AzureKeyVaultKey -VaultName $keyVault -Name $keyname -IncludeVersions`
`615`		`- Assert-True { $keys.Count -ge $total*$run+1 }`
	`615`	`+ Assert-True { $keys.Count -ge $total*$run }`
`616`	`616`	`}`
`617`	`617`
`618`	`618`	`<#`
Original file line number	Diff line number	Diff line change
`@@ -479,7 +479,7 @@ function Test_GetSecretVersions`
`479`	`479`	`BulkCreateSecretVersions $keyVault $secretname $total`
`480`	`480`
`481`	`481`	`$secs=Get-AzureKeyVaultSecret -VaultName $keyVault -Name $secretname -IncludeVersions`
`482`		`- Assert-True { $secs.Count -ge $total+1 }`
	`482`	`+ Assert-True { $secs.Count -ge $total }`
`483`	`483`	`}`
`484`	`484`
`485`	`485`	`<#`
Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ public override void ExecuteCmdlet()`
`108`	`108`	`keyBundle = DataServiceClient.GetKey(VaultName, Name, null);`
`109`	`109`	`if (keyBundle != null)`
`110`	`110`	`WriteObject(new KeyIdentityItem(keyBundle));`
`111`		`- GetAndWriteKeyVersions(VaultName, Name);`
	`111`	`+ GetAndWriteKeyVersions(VaultName, Name, keyBundle.Version);`
`112`	`112`	`break;`
`113`	`113`	`case ByVaultNameParameterSet:`
`114`	`114`	`GetAndWriteKeys(VaultName);`
`@@ -134,7 +134,7 @@ private void GetAndWriteKeys(string vaultName)`
`134`	`134`	`} while (!string.IsNullOrEmpty(options.NextLink));`
`135`	`135`	`}`
`136`	`136`
`137`		`- private void GetAndWriteKeyVersions(string vaultName, string name)`
	`137`	`+ private void GetAndWriteKeyVersions(string vaultName, string name, string currentKeyVersion)`
`138`	`138`	`{`
`139`	`139`	`KeyVaultObjectFilterOptions options = new KeyVaultObjectFilterOptions`
`140`	`140`	`{`
`@@ -145,7 +145,7 @@ private void GetAndWriteKeyVersions(string vaultName, string name)`
`145`	`145`
`146`	`146`	`do`
`147`	`147`	`{`
`148`		`- var pageResults = DataServiceClient.GetKeyVersions(options);`
	`148`	`+ var pageResults = DataServiceClient.GetKeyVersions(options).Where(k => k.Version != currentKeyVersion);`
`149`	`149`	`WriteObject(pageResults, true);`
`150`	`150`	`} while (!string.IsNullOrEmpty(options.NextLink));`
`151`	`151`	`}`
Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ public override void ExecuteCmdlet()`
`106`	`106`	`secret = DataServiceClient.GetSecret(VaultName, Name, null);`
`107`	`107`	`if (secret != null)`
`108`	`108`	`WriteObject(new SecretIdentityItem(secret));`
`109`		`- GetAndWriteSecretVersions(VaultName, Name);`
	`109`	`+ GetAndWriteSecretVersions(VaultName, Name, secret.Version);`
`110`	`110`	`break;`
`111`	`111`	`case ByVaultNameParameterSet:`
`112`	`112`	`GetAndWriteSecrets(VaultName);`
`@@ -130,7 +130,7 @@ private void GetAndWriteSecrets(string vaultName)`
`130`	`130`	`} while (!string.IsNullOrEmpty(options.NextLink));`
`131`	`131`	`}`
`132`	`132`
`133`		`- private void GetAndWriteSecretVersions(string vaultName, string name)`
	`133`	`+ private void GetAndWriteSecretVersions(string vaultName, string name, string currentSecretVersion)`
`134`	`134`	`{`
`135`	`135`	`KeyVaultObjectFilterOptions options = new KeyVaultObjectFilterOptions`
`136`	`136`	`{`
`@@ -141,7 +141,8 @@ private void GetAndWriteSecretVersions(string vaultName, string name)`
`141`	`141`
`142`	`142`	`do`
`143`	`143`	`{`
`144`		`- WriteObject(DataServiceClient.GetSecretVersions(options), true);`
	`144`	`+ var secrets = DataServiceClient.GetSecretVersions(options).Where(s => s.Version != currentSecretVersion);`
	`145`	`+ WriteObject(secrets, true);`
`145`	`146`	`} while (!string.IsNullOrEmpty(options.NextLink));`
`146`	`147`	`}`
`147`	`148`	`}`