Skip to content

Commit

Permalink
Added the ability to deploy a Managed HSM in our CI pipelines. (Azure…
Browse files Browse the repository at this point in the history 
…#22319)

* Added the ability to provision a Managed HSM for CI runs.

* Updated Key Vault Administration tests.

* Added HSM tests for Key Vault Keys.

* Removed unused imports.

* Fixed test issues. Added missing recordings.

* Applied PR feedback.

* Applied PR feedback and fixed backup/restore tests.

* Fixed tests playback issue.

* Applied ARM template fixes for MSHM.
  • Loading branch information
@vcolin7
vcolin7 authored Jun 17, 2021
1 parent 264c384 commit d7817f1
Show file tree
Hide file tree
Showing 59 changed files with 1,502 additions and 937 deletions.
3 changes: 3 additions & 0 deletions sdk/keyvault/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
*.class
*.cer
*.key
*.pfx

#External libs
extlib/
Expand Down
12 changes: 12 additions & 0 deletions sdk/keyvault/azure-security-keyvault-administration/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,18 @@
<version>1.7.0</version> <!-- {x-version-update;com.azure:azure-core-http-okhttp;dependency} -->
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-security-keyvault-keys</artifactId>
<version>4.2.8</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;dependency} -->
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-storage-blob</artifactId>
<version>12.12.0</version> <!-- {x-version-update;com.azure:azure-storage-blob;dependency} -->
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
Expand Down
29 changes: 12 additions & 17 deletions ...ain/java/com/azure/security/keyvault/administration/KeyVaultAccessControlAsyncClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@
import com.azure.security.keyvault.administration.implementation.KeyVaultAdministrationUtils;
import com.azure.security.keyvault.administration.implementation.KeyVaultErrorCodeStrings;
import com.azure.security.keyvault.administration.implementation.models.DataAction;
import com.azure.security.keyvault.administration.implementation.models.KeyVaultErrorException;
import com.azure.security.keyvault.administration.implementation.models.Permission;
import com.azure.security.keyvault.administration.implementation.models.RoleAssignment;
import com.azure.security.keyvault.administration.implementation.models.RoleAssignmentCreateParameters;
Expand All @@ -34,8 +33,8 @@
import com.azure.security.keyvault.administration.implementation.models.RoleDefinitionCreateParameters;
import com.azure.security.keyvault.administration.implementation.models.RoleDefinitionProperties;
import com.azure.security.keyvault.administration.implementation.models.RoleScope;
import com.azure.security.keyvault.administration.models.KeyVaultDataAction;
import com.azure.security.keyvault.administration.models.KeyVaultAdministrationException;
import com.azure.security.keyvault.administration.models.KeyVaultDataAction;
import com.azure.security.keyvault.administration.models.KeyVaultPermission;
import com.azure.security.keyvault.administration.models.KeyVaultRoleAssignment;
import com.azure.security.keyvault.administration.models.KeyVaultRoleAssignmentProperties;
Expand Down Expand Up @@ -254,7 +253,7 @@ public Mono<KeyVaultRoleDefinition> setRoleDefinition(KeyVaultRoleScope roleScop
}

/**
* Creates or updates a {@link KeyVaultRoleDefinition}. If no name is provided, then a
* Creates or updates a {@link KeyVaultRoleDefinition}. If no name is provided, then a
* {@link KeyVaultRoleDefinition} will be created with a randomly generated name.
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition}. Managed HSM only
Expand Down Expand Up @@ -456,8 +455,7 @@ Mono<Response<KeyVaultRoleDefinition>> getRoleDefinitionWithResponse(KeyVaultRol
*
* @return A {@link Mono} of a {@link Void}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
Expand All @@ -474,8 +472,7 @@ public Mono<Void> deleteRoleDefinition(KeyVaultRoleScope roleScope, String roleD
*
* @return A {@link Mono} containing a {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
Expand All @@ -494,8 +491,7 @@ public Mono<Response<Void>> deleteRoleDefinitionWithResponse(KeyVaultRoleScope r
*
* @return A {@link Mono} containing a {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
Expand All @@ -518,7 +514,8 @@ Mono<Response<Void>> deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScop
.doOnError(error -> logger.warning("Failed to delete role assignment - {}", roleDefinitionName, error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(response -> (Response<Void>) new SimpleResponse<Void>(response, null))
.onErrorResume(KeyVaultErrorException.class, e -> swallowExceptionForStatusCode(404, e, logger));
.onErrorResume(KeyVaultAdministrationException.class, e ->
swallowExceptionForStatusCode(404, e, logger));
} catch (RuntimeException e) {
return monoError(logger, e);
}
Expand Down Expand Up @@ -839,8 +836,7 @@ Mono<Response<KeyVaultRoleAssignment>> getRoleAssignmentWithResponse(KeyVaultRol
*
* @return A {@link Mono} of a {@link Void}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleAssignmentName} are
* {@code null}.
*/
Expand All @@ -857,8 +853,7 @@ public Mono<Void> deleteRoleAssignment(KeyVaultRoleScope roleScope, String roleA
*
* @return A {@link Mono} containing a {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleAssignmentName} are
* {@code null}.
*/
Expand All @@ -877,8 +872,7 @@ public Mono<Response<Void>> deleteRoleAssignmentWithResponse(KeyVaultRoleScope r
*
* @return A {@link Mono} containing a {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleAssignmentName} are
* {@code null}.
*/
Expand All @@ -900,7 +894,8 @@ Mono<Response<Void>> deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScop
.doOnError(error -> logger.warning("Failed to delete role assignment - {}", roleAssignmentName, error))
.onErrorMap(KeyVaultAdministrationUtils::mapThrowableToKeyVaultAdministrationException)
.map(response -> (Response<Void>) new SimpleResponse<Void>(response, null))
.onErrorResume(KeyVaultErrorException.class, e -> swallowExceptionForStatusCode(404, e, logger));
.onErrorResume(KeyVaultAdministrationException.class, e ->
swallowExceptionForStatusCode(404, e, logger));
} catch (RuntimeException e) {
return monoError(logger, e);
}
Expand Down
14 changes: 5 additions & 9 deletions ...src/main/java/com/azure/security/keyvault/administration/KeyVaultAccessControlClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ public KeyVaultRoleDefinition setRoleDefinition(KeyVaultRoleScope roleScope) {
}

/**
* Creates or updates a {@link KeyVaultRoleDefinition} with a given name. If no name is provided, then a
* Creates or updates a {@link KeyVaultRoleDefinition} with a given name. If no name is provided, then a
* {@link KeyVaultRoleDefinition} will be created with a randomly generated name.
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition}. Managed HSM
Expand Down Expand Up @@ -184,8 +184,7 @@ public Response<KeyVaultRoleDefinition> getRoleDefinitionWithResponse(KeyVaultRo
* only supports '/'.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
Expand All @@ -203,8 +202,7 @@ public void deleteRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinit
*
* @return A {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
Expand Down Expand Up @@ -365,8 +363,7 @@ public Response<KeyVaultRoleAssignment> getRoleAssignmentWithResponse(KeyVaultRo
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException if the {@link KeyVaultRoleScope roleScope} or {@link String roleAssignmentName} are
* {@code null}.
*/
Expand All @@ -384,8 +381,7 @@ public void deleteRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignm
*
* @return A {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException if the {@link KeyVaultRoleScope roleScope} or {@link String roleAssignmentName} are
* {@code null}.
*/
Expand Down
Loading

0 comments on commit d7817f1

Please sign in to comment.