Merge pull request Azure#5963 from dragav/kv-apr-18-bugfixes

Maddie Clayton · web-flow · commit c7557fd2776a · 2018-04-16T18:33:55.000-07:00
KeyVault: adding support for specifying key size on creation
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/AddAzureKeyVaultKey.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/AddAzureKeyVaultKey.cs
@@ -201,6 +201,17 @@ public class AddAzureKeyVaultKey : KeyVaultCmdletBase
         [Alias(Constants.TagsAlias)]
         public Hashtable Tag { get; set; }
 
+
+        [Parameter(Mandatory = false,
+            ParameterSetName = InputObjectCreateParameterSet, 
+            HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")]
+        [Parameter(Mandatory = false,
+            ParameterSetName = InteractiveCreateParameterSet,
+            HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")]
+        [Parameter(Mandatory = false,
+            ParameterSetName = ResourceIdCreateParameterSet,
+            HelpMessage = "RSA key size, in bits. If not specified, the service will provide a safe default.")]
+        public int? Size { get; set; }
         #endregion
 
         public override void ExecuteCmdlet()
@@ -228,7 +239,8 @@ public override void ExecuteCmdlet()
                     keyBundle = this.DataServiceClient.CreateKey(
                             VaultName,
                             Name,
-                            CreateKeyAttributes());
+                            CreateKeyAttributes(),
+                            Size);
                 }
                 else
                 {
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/ManagedStorageAccounts/RemoveAzureKeyVaultManagedStorageAccount.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/ManagedStorageAccounts/RemoveAzureKeyVaultManagedStorageAccount.cs
@@ -17,6 +17,7 @@
 using System.Management.Automation;
 using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties;
 using Microsoft.Azure.Commands.KeyVault.Models.ManagedStorageAccounts;
+using Microsoft.Azure.Commands.KeyVault.Properties;
 
 namespace Microsoft.Azure.Commands.KeyVault
 {
@@ -43,6 +44,13 @@ public class RemoveAzureKeyVaultManagedStorageAccount : KeyVaultCmdletBase
         [Alias( Constants.StorageAccountName, Constants.Name )]
         public string AccountName { get; set; }
 
+        /// <summary>
+        /// If present, operate on the deleted entity.
+        /// </summary>
+        [Parameter(Mandatory = false,
+                    HelpMessage = "Permanently remove the previously deleted managed storage account.")]
+        public SwitchParameter InRemovedState { get; set; }
+
         /// <summary>
         /// If present, do not ask for confirmation
         /// </summary>
@@ -58,6 +66,24 @@ public class RemoveAzureKeyVaultManagedStorageAccount : KeyVaultCmdletBase
 
         public override void ExecuteCmdlet()
         {
+            if (InRemovedState.IsPresent)
+            {
+                ConfirmAction(
+                    Force.IsPresent,
+                    string.Format(
+                        CultureInfo.InvariantCulture,
+                        Resources.RemoveDeletedManagedStorageAccountWarning,
+                        AccountName),
+                    string.Format(
+                        CultureInfo.InvariantCulture,
+                        Resources.RemoveDeletedManagedStorageAccountWhatIfMessage,
+                        AccountName),
+                    AccountName,
+                    () => { DataServiceClient.PurgeManagedStorageAccount(VaultName, AccountName); });
+
+                return;
+            }
+
             PSDeletedKeyVaultManagedStorageAccount managedManagedStorageAccount = null;
             ConfirmAction(
                 Force.IsPresent,
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/RemoveAzureKeyVaultCertificate.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Commands/RemoveAzureKeyVaultCertificate.cs
@@ -69,7 +69,7 @@ public class RemoveAzureKeyVaultCertificate : KeyVaultCmdletBase
         public PSKeyVaultCertificateIdentityItem InputObject { get; set; }
 
         /// <summary>
-        /// If present, operate on the deleted key entity.
+        /// If present, operate on the deleted entity.
         /// </summary>
         [Parameter(Mandatory = false,
                     HelpMessage = "Permanently remove the previously deleted certificate.")]
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Models/IKeyVaultDataServiceClient.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Models/IKeyVaultDataServiceClient.cs
@@ -25,7 +25,7 @@ namespace Microsoft.Azure.Commands.KeyVault.Models
 {
     public interface IKeyVaultDataServiceClient
     {
-        PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes);
+        PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size);
 
         PSKeyVaultKey ImportKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, JsonWebKey webKey, bool? importToHsm);
 
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Models/KeyVaultDataServiceClient.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Models/KeyVaultDataServiceClient.cs
@@ -12,24 +12,22 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
-using Microsoft.Azure.KeyVault.WebKey;
 using System;
 using System.Collections;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Net;
 using System.Security;
-using Microsoft.Azure.Commands.Common.Authentication;
-using Microsoft.Azure.Commands.Common.Authentication.Models;
 using System.Security.Cryptography.X509Certificates;
 using System.Xml;
-using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties;
-using Microsoft.Azure.KeyVault.Models;
-using Microsoft.Azure.KeyVault;
-using Microsoft.Rest.Azure;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
-using System.Net;
 using Microsoft.Azure.Commands.KeyVault.Models.ManagedStorageAccounts;
+using Microsoft.Azure.KeyVault;
+using Microsoft.Azure.KeyVault.Models;
+using Microsoft.Azure.KeyVault.WebKey;
+using Microsoft.Rest.Azure;
+using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties;
 
 namespace Microsoft.Azure.Commands.KeyVault.Models
 {
@@ -59,7 +57,7 @@ public KeyVaultDataServiceClient()
         {
         }
 
-        public PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes)
+        public PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size)
         {
             if (string.IsNullOrEmpty(vaultName))
                 throw new ArgumentNullException(nameof(vaultName));
@@ -75,9 +73,10 @@ public PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAt
             try
             {
                 keyBundle = this.keyVaultClient.CreateKeyAsync(
-                    vaultAddress,
-                    keyName,
-                    keyAttributes.KeyType,
+                    vaultBaseUrl: vaultAddress,
+                    keyName: keyName,
+                    kty: keyAttributes.KeyType,
+                    keySize: size,
                     keyOps: keyAttributes.KeyOps == null ? null : new List<string> (keyAttributes.KeyOps),
                     keyAttributes: attributes,
                     tags: keyAttributes.TagsDirectionary).GetAwaiter().GetResult();
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Models/PSKeyVaultKeyAttributes.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Models/PSKeyVaultKeyAttributes.cs
@@ -26,8 +26,7 @@ public class PSKeyVaultKeyAttributes
         public PSKeyVaultKeyAttributes()
         { }
 
-        internal PSKeyVaultKeyAttributes(bool? enabled, DateTime? expires, DateTime? notBefore, string keyType,
-            string[] keyOps, Hashtable tags)
+        internal PSKeyVaultKeyAttributes(bool? enabled, DateTime? expires, DateTime? notBefore, string keyType, string[] keyOps, Hashtable tags)
         {
             this.Enabled = enabled;
             this.Expires = expires;
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.Designer.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.Designer.cs
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.resx b/src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.resx
@@ -474,4 +474,10 @@ You can find the object ID using Azure Active Directory Module for Windows Power
   <data name="RecoverManagedStorageSasDefinition" xml:space="preserve">
     <value>Recover KeyVault-managed storage account SAS definition.</value>
   </data>
+  <data name="RemoveDeletedManagedStorageAccountWarning" xml:space="preserve">
+    <value>Are you sure you want to purge managed storage account '{0}'</value>
+  </data>
+  <data name="RemoveDeletedManagedStorageAccountWhatIfMessage" xml:space="preserve">
+    <value>Purge managed storage account</value>
+  </data>
 </root>
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/help/Add-AzureKeyVaultKey.md b/src/ResourceManager/KeyVault/Commands.KeyVault/help/Add-AzureKeyVaultKey.md
@@ -16,7 +16,7 @@ Creates a key in a key vault or imports a key into a key vault.
 ### InteractiveCreate (Default)
 ```
 Add-AzureKeyVaultKey [-VaultName] <String> [-Name] <String> -Destination <String> [-Disable]
- [-KeyOps <String[]>] [-Expires <DateTime>] [-NotBefore <DateTime>] [-Tag <Hashtable>]
+ [-KeyOps <String[]>] [-Expires <DateTime>] [-NotBefore <DateTime>] [-Tag <Hashtable>] [-Size <Int32>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -31,7 +31,7 @@ Add-AzureKeyVaultKey [-VaultName] <String> [-Name] <String> -KeyFilePath <String
 ### InputObjectCreate
 ```
 Add-AzureKeyVaultKey [-InputObject] <PSKeyVault> [-Name] <String> -Destination <String> [-Disable]
- [-KeyOps <String[]>] [-Expires <DateTime>] [-NotBefore <DateTime>] [-Tag <Hashtable>]
+ [-KeyOps <String[]>] [-Expires <DateTime>] [-NotBefore <DateTime>] [-Tag <Hashtable>] [-Size <Int32>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -46,7 +46,7 @@ Add-AzureKeyVaultKey [-InputObject] <PSKeyVault> [-Name] <String> -KeyFilePath <
 ### ResourceIdCreate
 ```
 Add-AzureKeyVaultKey [-ResourceId] <String> [-Name] <String> -Destination <String> [-Disable]
- [-KeyOps <String[]>] [-Expires <DateTime>] [-NotBefore <DateTime>] [-Tag <Hashtable>]
+ [-KeyOps <String[]>] [-Expires <DateTime>] [-NotBefore <DateTime>] [-Tag <Hashtable>] [-Size <Int32>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -399,6 +399,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -Size
+RSA key size, in bits. If not specified, the service will provide a safe default.
+
+```yaml
+Type: Int32
+Parameter Sets: InteractiveCreate, InputObjectCreate, ResourceIdCreate
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Tag
 Key-value pairs in the form of a hash table. For example:
 
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/help/Remove-AzureKeyVaultManagedStorageAccount.md b/src/ResourceManager/KeyVault/Commands.KeyVault/help/Remove-AzureKeyVaultManagedStorageAccount.md
@@ -13,8 +13,8 @@ Removes a Key Vault managed Azure Storage Account and all associated SAS definit
 ## SYNTAX
 
 ```
-Remove-AzureKeyVaultManagedStorageAccount [-VaultName] <String> [-AccountName] <String> [-Force] [-PassThru]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+Remove-AzureKeyVaultManagedStorageAccount [-VaultName] <String> [-AccountName] <String> [-InRemovedState]
+ [-Force] [-PassThru] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -36,6 +36,18 @@ PS C:\> Remove-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -AccountN
 
 Disassociates Azure Storage Account 'mystorageaccount' from Key Vault 'myvault' and stops Key Vault from managing its keys. The account 'mystorageaccount' will not be removed. All Key Vault managed Storage SAS definitions associated with this account will be removed.
 
+### Example 3: Permanently delete (purge) a Key Vault managed Azure Storage Account and all associated SAS definitions from a soft-delete-enabled vault.
+```
+PS C:\> Remove-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -AccountName 'mystorageaccount' 
+PS C:\> Get-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -AccountName 'mystorageaccount' -InRemovedState
+PS C:\> Remove-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -AccountName 'mystorageaccount' -InRemovedState 
+```
+
+The example assumes that soft-delete is enabled for this vault. Verify whether that is the case by examining the vault properties, or the RecoveryLevel attribute of an entity in the vault.
+The first cmdlet disassociates Azure Storage Account 'mystorageaccount' from Key Vault 'myvault' and stops Key Vault from managing its keys. The account 'mystorageaccount' will not be removed. All Key Vault managed Storage SAS definitions associated with this account will be removed.
+The second cmdlet verifies that the storage account is in a deleted, but recoverable state. Reaching this state may require some time, please allow ~30s before attempting.
+The third cmdlet permanently removes the storage account - recovery will no longer be possible.
+
 ## PARAMETERS
 
 ### -AccountName
@@ -83,6 +95,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -InRemovedState
+Permanently remove the previously deleted managed storage account.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -PassThru
 Cmdlet does not return an object by default.
 If this switch is specified, cmdlet returns the managed storage account that was deleted.

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ namespace Microsoft.Azure.Commands.KeyVault.Models`
`25`	`25`	`{`
`26`	`26`	`public interface IKeyVaultDataServiceClient`
`27`	`27`	`{`
`28`		`- PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes);`
	`28`	`+ PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size);`
`29`	`29`
`30`	`30`	`PSKeyVaultKey ImportKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, JsonWebKey webKey, bool? importToHsm);`
`31`	`31`
Original file line number	Diff line number	Diff line change
`@@ -26,8 +26,7 @@ public class PSKeyVaultKeyAttributes`
`26`	`26`	`public PSKeyVaultKeyAttributes()`
`27`	`27`	`{ }`
`28`	`28`
`29`		`- internal PSKeyVaultKeyAttributes(bool? enabled, DateTime? expires, DateTime? notBefore, string keyType,`
`30`		`- string[] keyOps, Hashtable tags)`
	`29`	`+ internal PSKeyVaultKeyAttributes(bool? enabled, DateTime? expires, DateTime? notBefore, string keyType, string[] keyOps, Hashtable tags)`
`31`	`30`	`{`
`32`	`31`	`this.Enabled = enabled;`
`33`	`32`	`this.Expires = expires;`