Implement KeyVault features in KeyVault provider for functional parity

[maddieclayton]

Finish implementing KeyVault features in KeyVault provider:

Implemented

Vaults

Get-AzureRmKeyVault

Get-AzureRmKeyVault
Get-ChildItem -Path mykv:

Get-AzureRmKeyVault -Tag @{"a"="b"}
Get-ChildItem -Path mykv: -Tag @{"a"="b"}

Get-AzureRmKeyVault -VaultName mvault
Get-Item -Path mykv:/mvault

New-AzureRmKeyVault

New-AzureRmKeyVault -Name mvault -ResourceGroupName maddie1 -Location westus -EnableSoftDelete
New-Item -Path mykv:/mvault -ResourceGroupName maddie1 -Location westus -EnableSoftDelete

Remove-AzureRmKeyVault

Remove-AzureRmKeyVault -VaultName mvault
Remove-Item -Path mykv:/mvault

Set/Remove-AzureRmKeyVaultAccessPolicy (ForVault parameter set)

Remove-AzureRmKeyVaultAccessPolicy -EnabledForDeployment
Set-Item -Path mykv:/mvault -EnabledForDeployment $false

Set-AzureRmKeyVaultAccessPolicy -EnabledForDeployment
Set-Item -Path mykv:/mvault -EnabledForDeployment $true

Certificates

Add-AzureKeyVaultCertificate

Add-AzureKeyVaultCertificate -VaultName mvault -Name cert1 -CertificatePolicy $certPolicy
New-Item -Path mykv:/mvault/Certificates/cert1 -CertificatePolicy $certPolicy

Get-AzureKeyVaultCertificate

Get-AzureKeyVaultCertificate -VaultName mvault
Get-ChildItem -Path mykv:/mvault/Certificates

Get-AzureKeyVaultCertificate -VaultName mvault -Name cert1
Get-Item -Path mykv:/mvault/Certificates/cert1 (gets all properties except X509Certificate2)
Get-Content -Path mykv:/mvault/Certificates/cert1 (get X509Certificate2)

Get-AzureKeyVaultCertificate -VaultName mvault -Name cert1 -IncludeVersions
Get-Item -Path mykv:/mvault/Certificates/cert1 -IncludeVersions

Get-AzureKeyVaultCertificate -VaultName mvault -Name cert1 -Version 123
Get-Item -Path mykv:/mvault/Certificates/cert1 -Version 123

Remove-AzureKeyVaultCertificate

Remove-AzureKeyVaultCertificate -VaultName mvault -Name cert1
Remove-Item -Path mykv:/mvault/Certificates/cert1

Update-AzureKeyVaultCertificate

Update-AzureKeyVaultCertificate -VaultName mvault -Name cert1 -Enable
Set-Item -Path mykv:/mvault/Certificates/cert1 -Enable

Keys

Add-AzureKeyVaultKey

Add-AzureKeyVaultKey -VaultName mvault -Name key1 -Destination Software
New-Item -Path mykv:/mvault/Keys/key1 -Destination Software

Get-AzureKeyVaultKey

Get-AzureKeyVaultKey -VaultName mvault
Get-ChildItem -Path mykv:/mvault/Keys

Get-AzureKeyVaultKey -VaultName mvault -Name key1
Get-Item -Path mykv:/mvault/Keys/key1 (gets all properties by JsonWebKey)
Get-Content -Path mykv:/mvault/Keys/key1 (gets JsonWebKey)

Get-AzureKeyVaultKey -VaultName mvault -Name key1 -IncludeVersions
Get-Item -Path mykv:/mvault/Keys/key1 -IncludeVersions

Get-AzureKeyVaultKey -VaultName mvault -Name key1 -Version 123
Get-Item -Path mykv:/mvault/Keys/key1 -Version 123

Remove-AzureKeyVaultKey

Remove-AzureKeyVaultKey -VaultName mvault -Name key1
Remove-Item -Path mykv:/mvault/Keys/key1

Update-AzureKeyVaultKey

Update-AzureKeyVaultKey -VaultName mvault -Name key1 -Enable
Set-Item -Path mykv:/mvault/Keys/key1 -Enable

Secrets

Get-AzureKeyVaultSecret

Get-AzureKeyVaultSecret -VaultName mvault
Get-ChildItem -Path mykv:/mvault/Secrets

Get-AzureKeyVaultSecret -VaultName mvault -Name secret1
Get-Item -Path mykv:/mvault/Secrets/secret1 (gets all properties except for SecretValue)
Get-Item -Path mykv:/mvault/Secrets/secret1 (returns SecretValueText)

Get-AzureKeyVaultSecret -VaultName mvault -Name secret1 -IncludeVersions
Get-Item -Path mykv:/mvault/Secrets/secret1 -IncludeVersions

Get-AzureKeyVaultSecret -VaultName mvault -Name secret1 -Version 123
Get-Item -Path mykv:/mvault/Secrets/secret1 -Version 123

Remove-AzureKeyVaultSecret

Remove-AzureKeyVaultSecret -VaultName mvault -Name secret1
Remove-Item -Path mykv:/mvault/Secrets/secret1

Set-AzureKeyVaultSecret

Set-AzureKeyVaultSecret -VaultName mvault -Name secret1 -SecretValue <SecureString>
New-Item -Path mykv:/mvault/Secrets/secret1 -SecretValue <SecureString>

Update-AzureKeyVaultSecret

Update-AzureKeyVaultSecret -VaultName mvault -Name secret1 -Enable
Set-Item -Path mykv:/mvault/Secrets/secret1 -Enable

Access Policies

Remove-AzureRmKeyVaultAccessPolicy

Remove-AzureRmKeyVaultAccessPolicy -VaultName mvault -EmailAddress example@microsoft.com
Remove-Item -Path mykv:/mvault/AccessPolicies/<objectID>

Set-AzureRmKeyVaultAccessPolicy

Set-AzureRmKeyVaultAccessPolicy -VaultName mvault -EmailAddress example@microsoft.com
New-Item -Path mykv:/mvault/AccessPolicies/<name will always be objectId> -EmailAddress example@microsoft.com

Set-AzureRmKeyVaultAccessPolicy -VaultName mvault -EmailAddress example@microsoft.com -PermissionToSecrets get, create, list
Set-Item -Path mykv:/mvault/AccessPolicies/<objectId> -PermissionsToSecrets get, create, list

Not Implemented

Certificate Contacts

Add-AzureKeyVaultCertificateContact

Add-AzureKeyVaultCertificateContact -VaultName mvault -EmailAddress example@microsoft.com
New-Item -Path mykv:/mvault/CertificateContacts/example@microsoft.com

Get-AzureKeyVaultCertificateContact

Get-AzureKeyVaultCertificateContact -VaultName mvault
Get-ChildItem -Path mykv:/mvault/CertificateContact

Remove-AzureKeyVaultCertificateContact

Remove-AzureKeyVaultCertificateContact -VaultName mvault -EmailAddress example@microsoft.com
Remove-Item -Path mykv:/mvault/CertificateContacts/example@microsoft.com

ManagedStorageAccounts

Add-AzureKeyVaultManagedStorageAccount

Add-AzureKeyVaultManagedStorageAccount -VaultName mvault -AccountName storageAccount -AccountResourceId $resourceId -ActiveKeyName key1 -RegenerationPeriod $regenerationPeriod
New-Item -Path mykv:/mvault/ManagedStorageAccounts/storageAccount -AccountResourceId $resourceId -ActiveKeyName key1 -RegenerationPeriod $regenerationPeriod

Get-AzureKeyVaultManagedStorageAccount

Get-AzureKeyVaultManagedStorageAccount -VaultName mvault
Get-ChildItem -Path mykv:/mvault/ManagedStorageAccounts

Get-AzureKeyVaultManagedStorageAccount -VaultName mvault -Name account1
Get-Item -Path mykv:/mvault/ManagedStorageAccounts/account1

Remove-AzureKeyVaultManagedStorageAccount

Remove-AzureKeyVaultManagedStorageAccount -VaultName mvault -AccountName account1
Remove-Item -Path mykv:/mvault/ManagedStorageAccounts/account1

Update-AzureKeyVaultManagedStorageAccount

Update-AzureKeyVaultManagedStorageAccount -VaultName mvault -AccountName account1 -Enable
Set-Item -Path mykv:/mvault/ManagedStorageAccounts/account1 -Enable

ManagedStorageSasDefinition

Get-AzureKeyVaultManagedStorageSasDefinition

Get-AzureKeyVaultManagedStorageSasDefinition -VaultName mvault -AccountName storageAccount
Get-ChildItem -Path mykv:/mvault/ManagedStorageAccounts/storageAccount

Get-AzureKeyVaultManagedStorageSasDefinition -VaultName mvault -AccountName storageAccount -Name definition1
Get-Item -Path mykv:/mvault/ManagedStorageAccounts/storageAccount/definition1

Remove-AzureKeyVaultManagedStorageSasDefinition

Remove-AzureKeyVaultManagedStorageSasDefinition -VaultName mvault -AccountName account1 -Name definition
Remove-Item -Path mykv:/mvault/ManagedStorageAccounts/account1/definition

Set-AzureKeyVaultManagedStorageSasDefinition (other parameter sets?)

Set-AzureKeyVaultManagedStorageSasDefinition -VaultName mvault -AccountName account1 -Name definition1 -TemplateUri $templateUri -SasType type1
New-Item -Path mykv:/mvault/ManagedStorageAccounts/account1/definition1 -TemplateUri $templateUri -SasType type1

Certificate Issuers

Get-AzureKeyVaultCertificateIssuer

Get-AzureKeyVaultCertificateIssuer -VaultName mvault
Get-ChildItem -Path mykv:/mvault/CertificateIssuers

Get-AzureKeyVaultCertificateIssuer -VaultName mvault -Name issuer1
Get-Item -Path mykv:/mvault/CertificateIssuers/issuer1

Remove-AzureKeyVaultCertificateIssuer

Remove-AzureKeyVaultCertificateIssuer -VaultName mvault -Name issuer1
Remove-Item -Path mykv:/mvault/CertificateIssuers/issuer1

Set-AzureKeyVaultCertificateIssuer

Set-AzureKeyVaultCertificateIssuer -VaultName mvault -Name issuer1 -IssuerProvider test
New-Item -Path mykv:/mvault/CertificateIssuers/issuer1 -IssuerProvider test

No implementation details

Deleted Certificates, Keys, ManagedStorageAccounts, Vaults, and Secrets

Get-AzureRmKeyVault -InRemovedState

Remove-AzureRmKeyVault -InRemovedState

Undo-AzureRmKeyVaultRemoval

Get-AzureKeyVaultCertificate -InRemovedState

Remove-AzureKeyVaultCertificate -InRemovedState

Undo-AzureKeyVaultCertificateRemoval

Get-AzureKeyVaultKey -InRemovedState

Remove-AzureKeyVaultKey -InRemovedState

Undo-AzureKeyVaultKeyRemoval

Get-AzureKeyVaultManagedStorageAccount -InRemovedState

Remove-AzureKeyVaultManagedStorageAccount -InRemovedState

Undo-AzureKeyVaultManagedStorageAccountRemoval

Get-AzureKeyVaultManagedStorageSasDefinition -InRemovedState

Undo-AzureKeyVaultManagedStorageSasDefinitionRemoval

Get-AzureKeyVaultSecret -InRemovedState

Remove-AzureKeyVaultSecret -InRemovedState

Undo-AzureKeyVaultSecretRemoval

Backup

Backup-AzureKeyVaultKey

Backup-AzureKeyVaultSecret

Backup-AzureKeyVaultCertificate

Backup-AzureKeyVaultManagedStorageAccount

Restore

Restore-AzureKeyVaultCertificate

Restore-AzureKeyVaultKey

Restore-AzureKeyVaultManagedStorageAccount

Restore-AzureKeyVaultSecret

Import

Import-AzureKeyVaultCertificate

Certificate Operations

Get-AzureKeyVaultCertificateOperation

Remove-AzureKeyVaultCertificateOperation

Stop-AzureKeyVaultCertificateOperation

Certificate Policies

Get-AzureKeyVaultCertificatePolicy

Set-AzureKeyVaultCertificatePolicy

Network Rules

Add-AzureRmKeyVaultNetworkRule

Remove-AzureRmKeyVaultNetworkRule

Update-AzureRmKeyVaultNetworkRule

In memory creation

New-AzureKeyVaultCertificateAdministratorDetails

New-AzureKeyVaultCertificateOrganizationDetails

New-AzureKeyVaultCertificatePolicy

Other

Update-AzureKeyVaultManagedStorageAccountKey

[maddieclayton]

Related issues: https://github.com/Azure/azure-powershell/issues/6152, https://github.com/Azure/azure-powershell/issues/6154

[maddieclayton]

Branch with provider code: https://github.com/Azure/azure-powershell/tree/KVprov1