TestCases/SVT/KeyVault/KeyVaultResource.ps1
|
Set-StrictMode -Version Latest class KeyVaultResource:TestResource{ KeyVaultResource([TestCase] $testcase, [TestSettings] $testsettings):Base($testcase, $testsettings){ } #Setting the properties as required by this resource type. [void]SetDerivedResourceProps(){ $this.SetTenantId() #Pick the resource name from Params file if its not null if(![string]::IsNullOrEmpty($this.Params)){ $this.ResourceName = $this.GetResourceNameFromARMJson($this.Params, "ResName", "value") } else{ $this.ResourceName = "azsdktestkeyvault" #Else set the default resource name } $this.ResourceType = "Microsoft.KeyVault/vaults" } [void]RemoveKeyVault() { try{ Remove-AzureRmResource -ResourceName $this.ResourceName -ResourceGroupName $this.ResourceGroupName -ResourceType $this.ResourceType -Force } catch{ [CommonHelper]::Log("Error while Removing KeyVault " + $this.ResourceName, [MessageType]::Error) } } [void]SetKVDiagnosticsOn() { try{ $storageAccount=$this.IfCommonStorageExists() ��������������if(!$storageAccount){ ����������������������������$this.CreateCommonStorage() } $resourceId = (Get-AzureRmResource -ResourceName $this.ResourceName -ResourceGroupName $this.ResourceGroupName).ResourceId $diagnosticStorageAccountId = (Get-AzureRmResource -ResourceName $this.settings.CommonStorageAcctName -ResourceGroupName $this.ResourceGroupName).ResourceId Set-AzureRmDiagnosticSetting -ResourceId $resourceId ` -Enable $true ` -StorageAccountId $diagnosticStorageAccountId ` -RetentionInDays 365 ` -RetentionEnabled $true ` -ErrorAction Stop } catch{ [CommonHelper]::Log("Error while setting Diagnostics setting On" + $this.ResourceName, [MessageType]::Error) } } [void]SetKVDiagnosticsOff() { try{ $storageAccount=$this.IfCommonStorageExists() ��������������if(!$storageAccount){ ����������������������������$this.CreateCommonStorage() } $resourceId = (Get-AzureRmResource -ResourceName $this.ResourceName -ResourceGroupName $this.ResourceGroupName).ResourceId $diagnosticStorageAccountId = (Get-AzureRmResource -ResourceName $this.settings.CommonStorageAcctName -ResourceGroupName $this.ResourceGroupName).ResourceId Set-AzureRmDiagnosticSetting -ResourceId $resourceId ` -Enable $False ` -StorageAccountId $diagnosticStorageAccountId ` -RetentionInDays 10 ` -RetentionEnabled $False ` -ErrorAction Stop } catch{ [CommonHelper]::Log("Error while setting Diagnostics setting On" + $this.ResourceName, [MessageType]::Error) } } [void]SetAllAdvanceAcessPolicies() { try{ Set-AzureRmKeyVaultAccessPolicy -VaultName $this.ResourceName -ResourceGroupName $this.ResourceGroupName -EnabledForDeployment -EnabledForTemplateDeployment -EnabledForDiskEncryption } catch{ [CommonHelper]::Log("Error while setting Advance Access Policies"+ $this.ResourceName, [MessageType]::Error) } } [void]ResetAllAdvanceAcessPolicies() { try{ Remove-AzureRmKeyVaultAccessPolicy -VaultName $this.ResourceName -ResourceGroupName $this.ResourceGroupName -EnabledForDeployment -EnabledForTemplateDeployment -EnabledForDiskEncryption } catch{ [CommonHelper]::Log("Error while re-setting Advance Access Policies"+ $this.ResourceName, [MessageType]::Error) } } [void]GetReadAcessOnKey(){ try{ $adUserDtls = (Get-AzureRmADUser -UserPrincipalName (Get-AzureRmContext).Account.Id) $ObjId = $adUserDtls.Id.Guid Set-AzureRmKeyVaultAccessPolicy -VaultName $this.ResourceName -ResourceGroupName $this.ResourceGroupName -PermissionsToKeys all -PermissionsToSecrets all -ObjectId $ObjId } catch{ [CommonHelper]::Log("Error while setting Access Policies:"+ $this.ResourceName, [MessageType]::Error) } } [void]SetAllAcessPolicies() { try{ $adUserDtls = (Get-AzureRmADUser -UserPrincipalName (Get-AzureRmContext).Account.Id) $ObjId = $adUserDtls.Id.Guid Set-AzureRmKeyVaultAccessPolicy -VaultName $this.ResourceName -ResourceGroupName $this.ResourceGroupName -PermissionsToKeys all -PermissionsToSecrets all -PermissionsToCertificates all ` -ObjectId $ObjId } catch{ [CommonHelper]::Log("Error while setting Access Policies:"+ $this.ResourceName, [MessageType]::Error) } } [void]ResetAllAcessPolicies() { try{ $adUserDtls = (Get-AzureRmADUser -UserPrincipalName (Get-AzureRmContext).Account.Id) $ObjId = $adUserDtls.Id.Guid Set-AzureRmKeyVaultAccessPolicy -VaultName $this.ResourceName -ResourceGroupName $this.ResourceGroupName -PermissionsToKeys list -PermissionsToSecrets list -PermissionsToCertificates get ` -ObjectId $ObjId } catch{ [CommonHelper]::Log("Error while re-setting Access Policies"+ $this.ResourceName, [MessageType]::Error) } } [void]AddNonHSMKeyWithExpiryDate() { try{ Add-AzureKeyVaultKey -VaultName $this.ResourceName -Name "AzSDKTestKey01" -Expires (get-date).AddDays(90) -Destination Software } catch{ [CommonHelper]::Log("Error while adding Non-HSM key with expiry date:"+ $this.ResourceName, [MessageType]::Error) } } [void] SetTenantId(){ try{ $Subscription=Get-AzureRmSubscription -SubscriptionId $this.settings.SubscriptionId | select -Property TenantId $paramFile = [CommonHelper]::GetRootPath() + "\TestCases\"+$this.TestCase.Feature+"\"+$this.TestCase.ModuleName+"\TestData\"+$this.TestCase.ParamFileName if(!([string]::IsNullOrEmpty($paramFile))){ [CommonHelper]::SetValueIntoJson($paramFile, "tenant", "value", $Subscription.TenantId) } } catch{ [CommonHelper]::Log("Failed to set tenant id in template file!", [MessageType]::Error) } } } |