Dev

src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/Common.ps1

@@ -26,15 +26,7 @@ function Get-KeyVault([bool] $haspermission=$true)
     if ($global:testVault -ne "" -and $haspermission)
     {
         return $global:testVault
-    }
-    elseif ($global:testEnv -eq 'BVT' -and $haspermission)
-    {        
-        return 'powershellbvt'
-    }
-    elseif ($global:testEnv -eq 'BVT')
-    {
-        return 'azkmstestbvteu2'
-    }
+    }   
     elseif ($haspermission)
     {
         return 'azkmspsprodeus'    

src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/RunUITests.ps1

@@ -1,8 +1,5 @@
 Param(
   [Parameter(Mandatory=$True,Position=0)]   
-  [ValidateSet('BVT','PROD')]
-  [string]$testenv,
-  [Parameter(Mandatory=$True,Position=1)]   
   [string]$testns 
 )
 
@@ -17,7 +14,6 @@ $global:passedCount = 0;
 $global:passedTests = @()
 $global:failedTests = @()
 $global:times = @{}
-$global:testEnv = $testenv.ToUpperInvariant()
 $global:testns = $testns+"UI"
 
 function Run-TestProtected

src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/VaultUITests.ps1

@@ -9,7 +9,7 @@ Tests remove a key with two confirmations
 #>
 function Test_RemoveKeyWithTwoConfirmations
 {
-    Write-Host "Type 'Yes' twice"
+    Write-Host -ForegroundColor Yellow "Type 'Yes' twice"
     $keyVault = Get-KeyVault
     $keyname=Get-KeyName 'remove'
     $key=Add-AzureKeyVaultKey -VaultName $keyVault -Name $keyname -Destination 'Software'
@@ -30,7 +30,7 @@ Tests remove a key with one confirmation
 #>
 function Test_RemoveKeyWithOneConfirmations
 {
-    Write-Host "Type 'Yes' once"
+    Write-Host -ForegroundColor Yellow "Type 'Yes' once"
     $keyVault = Get-KeyVault
     $keyname=Get-KeyName 'remove'
     $key=Add-AzureKeyVaultKey -VaultName $keyVault -Name $keyname -Destination 'Software'
@@ -51,7 +51,7 @@ Tests cancel removing a key with once
 #>
 function Test_CancelKeyRemovalOnce
 {
-    Write-Host "Type 'No' once"
+    Write-Host -ForegroundColor Yellow "Type 'No' once"
     $keyVault = Get-KeyVault
     $keyname=Get-KeyName 'remove'
     $key=Add-AzureKeyVaultKey -VaultName $keyVault -Name $keyname -Destination 'Software'
@@ -73,7 +73,7 @@ Tests cancel removing a key with two prompts
 #>
 function Test_ConfirmThenCancelKeyRemoval
 {
-    Write-Host "Type 'Yes' first. Then type 'No'"
+    Write-Host -ForegroundColor Yellow "Type 'Yes' first. Then type 'No'"
     $keyVault = Get-KeyVault
     $keyname=Get-KeyName 'remove'
     $key=Add-AzureKeyVaultKey -VaultName $keyVault -Name $keyname -Destination 'Software'
@@ -97,7 +97,7 @@ Tests remove a secret with two confirmations
 #>
 function Test_RemoveSecretWithTwoConfirmations
 {
-    Write-Host "Type 'Yes' twice"
+    Write-Host -ForegroundColor Yellow "Type 'Yes' twice"
     $keyVault = Get-KeyVault
     $secretname= Get-SecretName 'remove'  
     $sec=Set-AzureKeyVaultSecret -VaultName $keyVault -Name $secretname  -SecretValue $securedata
@@ -118,7 +118,7 @@ Tests remove a secret with one confirmations
 #>
 function Test_RemoveSecretWithOneConfirmations
 {
-    Write-Host "Type 'Yes' once"
+    Write-Host -ForegroundColor Yellow "Type 'Yes' once"
     $keyVault = Get-KeyVault
     $secretname= Get-SecretName 'remove'  
     $sec=Set-AzureKeyVaultSecret -VaultName $keyVault -Name $secretname  -SecretValue $securedata
@@ -139,7 +139,7 @@ Tests cancel removing a secret with once
 #>
 function Test_CancelSecretRemovalOnce
 {
-    Write-Host "Type 'No' once"
+    Write-Host -ForegroundColor Yellow "Type 'No' once"
     $keyVault = Get-KeyVault
     $secretname= Get-SecretName 'remove'  
     $sec=Set-AzureKeyVaultSecret -VaultName $keyVault -Name $secretname  -SecretValue $securedata
@@ -161,7 +161,7 @@ Tests cancel removing a secret with two prompts
 #>
 function Test_ConfirmThenCancelSecretRemoval
 {
-    Write-Host "Type 'Yes' first. Then type 'No'"
+    Write-Host -ForegroundColor Yellow "Type 'Yes' first. Then type 'No'"
     $keyVault = Get-KeyVault
     $secretname= Get-SecretName 'remove'  
     $sec=Set-AzureKeyVaultSecret -VaultName $keyVault -Name $secretname  -SecretValue $securedata

src/ResourceManager/KeyVault/Commands.KeyVault.Test/Scripts/readme.txt

@@ -2,7 +2,10 @@ This folder contains ps1 scripts testing Azure Key Vault cmdlets.
 Test environments and accounts:
 1. Copy this folder on a server 2012 R2 and windows 8.1 machine with Azure Powershell msi installed.    
 2. Setup Azure account. Please refer to "Key Vault Powershell Sign-off criteria" in spec store for user account setup.
-   Both OrgId user and Live user need to be tested.   
+Run tests for three types of account:
+   - Service principal (DataPlane tests)
+   - OrgId
+   - LiveId
 Run testing scripts:
 1. Run scripting tests using RunKeyVaultTests.ps1. 
 2. Run tests required user inputs using RunUITests.ps1.

src/ResourceManager/KeyVault/Commands.KeyVault/Models/DataServiceCredential.cs

@@ -55,17 +55,24 @@ public Task<string> OnAuthentication(string authority, string resource, string s
 
         private Tuple<IAccessToken, string> GetToken(IAuthenticationFactory authFactory, AzureContext context)
         {
-            if (context.Subscription == null)
-                throw new ArgumentException(KeyVaultProperties.Resources.InvalidCurrentSubscription);
             if (context.Account == null)
-                throw new ArgumentException(KeyVaultProperties.Resources.InvalidSubscriptionState);
-            if (context.Account.Type != AzureAccount.AccountType.User)
+                throw new ArgumentException(KeyVaultProperties.Resources.ArmAccountNotFound);
+
+            if (context.Account.Type != AzureAccount.AccountType.User &&
+                context.Account.Type != AzureAccount.AccountType.ServicePrincipal )
                 throw new ArgumentException(string.Format(KeyVaultProperties.Resources.UnsupportedAccountType, context.Account.Type));
-            var tenant = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants)
-                  .Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants))
-                  .FirstOrDefault();
-            if (tenant == null)
-                throw new ArgumentException(KeyVaultProperties.Resources.InvalidSubscriptionState);
+
+            string tenant = null;
+            if (context.Subscription != null && context.Account != null)
+                tenant = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants)
+                       .Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants))
+                       .FirstOrDefault();               
+
+            if (tenant == null && context.Tenant != null && context.Tenant.Id != Guid.Empty)
+                tenant = context.Tenant.Id.ToString();                      
+
+            if (string.IsNullOrWhiteSpace(tenant))
+                throw new ArgumentException(KeyVaultProperties.Resources.NoTenantInContext);
 
             try
             {

src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.resx

@@ -120,6 +120,9 @@
   <data name="ADObjectNotFound" xml:space="preserve">
     <value>Cannot find the Active Directory object '{0}' in tenant '{1}'. Please make sure that the user or application service principal you are authorizing is registered in the current subscription's Azure Active directory. The TenantID displayed by the cmdlet 'Get-AzureRmContext' is the current subscription's Azure Active directory.</value>
   </data>
+  <data name="ArmAccountNotFound" xml:space="preserve">
+    <value>No account found in the context. Please login using Login-AzureRMAccount.</value>
+  </data>
   <data name="BackupKeyFileAlreadyExists" xml:space="preserve">
     <value>The backup key file '{0}' already exists.</value>
   </data>
@@ -178,7 +181,7 @@
     <value>No subscription is currently selected. Use Set-AzureRmContext to activate a subscription.</value>
   </data>
   <data name="InvalidSubscriptionState" xml:space="preserve">
-    <value>Your Azure credentials have not been set up or have expired, please run Add-AzureRmAccount to set up your Azure credentials.</value>
+    <value>Your Azure credentials have not been set up or have expired, please run Login-AzureRmAccount to set up your Azure credentials.</value>
   </data>
   <data name="InvalidTagFormat" xml:space="preserve">
     <value>Invalid tag format. Expect @{Name = "tagName"} or @{Name = "tagName"; Value = "tagValue"}</value>
@@ -195,6 +198,9 @@
   <data name="NoDefaultUserAccount" xml:space="preserve">
     <value>There is no default user account associated with this subscription. Certificate accounts are not supported with Azure Key Vault.</value>
   </data>
+  <data name="NoTenantInContext" xml:space="preserve">
+    <value>No tenant found in the context.  Please ensure that the credentials you provided are authorized to access an Azure subscription, then run Login-AzureRMAccount to login.</value>
+  </data>
   <data name="PermissionSetIncludesAllPlusOthers" xml:space="preserve">
     <value>Invalid permissions to {0}. The list contains "all" along with other permissions. Please remove "all" from the list or include only "all" in the list.</value>
   </data>