Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set-AzKeyVaultAccessPolicy - Ability to provide "all" as input to permissions #12722

Closed
o-l-a-v opened this issue Aug 21, 2020 · 3 comments · Fixed by #13524
Closed

Set-AzKeyVaultAccessPolicy - Ability to provide "all" as input to permissions #12722

o-l-a-v opened this issue Aug 21, 2020 · 3 comments · Fixed by #13524
Assignees
@isra-fel
Labels
customer-reported feature-request This issue requires a new behavior in the product in order be resolved. KeyVault
Milestone
S179 (2020-12-08)

Comments

@o-l-a-v
Copy link

o-l-a-v commented Aug 21, 2020
edited
Loading

Description of the new feature

API clearly supports "all" for a given permission, as the following screen shot shows (from (Get-AzKeyVault -KeyVaultName $KeyVaultName).'AccessPolicies')

image

But trying to Set-AzKeyVaultAccessPolicy with "all" fails when validated against [ValidateSet()]

image

Because of this, the code that has to be used to set all permissions gets dumb long

Set-AzKeyVaultAccessPolicy -VaultName $KeyVaultName -UserPrincipalName $UserPrincipalName `
    -PermissionsToKeys ('decrypt','encrypt','unwrapKey','wrapKey','verify','sign','get','list','update','create','import','delete','backup','restore','recover','purge') `
    -PermissionsToSecrets ('get','list','set','delete','backup','restore','recover','purge') `
    -PermissionsToCertificates ('get','list','delete','create','import','update','managecontacts','getissuers','listissuers','setissuers','deleteissuers','manageissuers','recover','purge','backup','restore') `
    -PermissionsToStorage ('get','list','delete','set','update','regeneratekey','getsas','listsas','deletesas','setsas','recover','backup','restore','purge')

Proposed implementation details (optional)

Add "all" as valid input to cmdlet, and eventually do what has to be done in regards to the API request.
@ghost ghost added the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label Aug 21, 2020
@dingmeng-xue dingmeng-xue added customer-reported KeyVault Service This issue points to a problem in the service. and removed triage labels Aug 22, 2020
@dingmeng-xue
Copy link
Member

@o-l-a-v , I believe it is due to KeyVault service manages permission according to those keys. Those keys map to features and new key needs to be added when there is new option. You are looking forward to a new key "all" or "*" which can apply to all operations. Please correct me if I understand your requirement incorrectly.

@RandalliLama, @schaabs, @jlichwa, what's your thought?

@isra-fel
Copy link
Member

isra-fel commented Nov 13, 2020
edited
Loading

Key vault team has updated their API spec to accept "all" as an option in Azure/azure-rest-api-specs/pull/11042

We need to:

@isra-fel isra-fel self-assigned this Nov 13, 2020
@isra-fel isra-fel removed the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label Nov 13, 2020
@isra-fel isra-fel added this to the S179 (2020-12-08) milestone Nov 13, 2020
@isra-fel isra-fel mentioned this issue Nov 17, 2020
Merged
8 tasks
@dingmeng-xue dingmeng-xue added feature-request This issue requires a new behavior in the product in order be resolved. and removed Azure PS Team Service This issue points to a problem in the service. labels Nov 23, 2020
@isra-fel
Copy link
Member

Pull request is merged and the feature will be in our next regular release :)

@pmsousa pmsousa mentioned this issue Sep 8, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@isra-fel isra-fel

Labels
customer-reported feature-request This issue requires a new behavior in the product in order be resolved. KeyVault
Projects
None yet
Milestone
S179 (2020-12-08)
Development

Successfully merging a pull request may close this issue.

Supported "all" as an option when setting key vault access policies isra-fel/azure-powershell
3 participants
@o-l-a-v @isra-fel @dingmeng-xue