From 0ca637cb33da90314db8e599a366db873bff07a3 Mon Sep 17 00:00:00 2001 From: Anthony Kunnel Jose Date: Tue, 3 Mar 2020 15:01:26 -0800 Subject: [PATCH 1/4] [Storage CMK Key Vault Key Auto Rotation] Add read-only properties for current versioned key in use and last rotation timestamp. --- .../stable/2019-06-01/storage.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/storage.json b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/storage.json index 45d964fa6ea0..c46bf188a19f 100644 --- a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/storage.json +++ b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/storage.json @@ -1604,6 +1604,19 @@ "type": "string", "description": "The Uri of KeyVault.", "x-ms-client-name": "KeyVaultUri" + }, + "currentVersionedKeyIdentifier": { + "type": "string", + "readOnly": true, + "description": "The object identifier of the current versioned Key Vault Key in use.", + "x-ms-client-name": "CurrentVersionedKeyIdentifier" + }, + "lastKeyRotationTimestamp": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "Timestamp of last rotation of the Key Vault Key.", + "x-ms-client-name": "LastKeyRotationTimestamp" } } }, From 0370907169995603ede82f240c17e44fe9680e4c Mon Sep 17 00:00:00 2001 From: Anthony Kunnel Jose Date: Fri, 13 Mar 2020 16:03:40 -0700 Subject: [PATCH 2/4] Include example for storage account Customer Managed Keys enable. --- .../examples/StorageAccountEnableCMK.json | 92 +++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json diff --git a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json new file mode 100644 index 000000000000..bbe1754f49b5 --- /dev/null +++ b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "subscriptionId": "{subscription-id}", + "resourceGroupName": "res9407", + "accountName": "sto8596", + "api-version": "2019-06-01", + "monitor": "true", + "parameters": { + "properties": { + "encryption": { + "services": { + "file": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + }, + "blob": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + } + }, + "keySource": "Microsoft.Keyvault", + "keyvaultproperties": { + "keyvaulturi": "https://myvault8569.vault.azure.net", + "keyname": "wrappingKey", + "keyversion": "" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596", + "kind": "Storage", + "location": "eastus2(stage)", + "name": "sto8596", + "properties": { + "creationTime": "2017-06-01T02:42:41.7633306Z", + "encryption": { + "services": { + "file": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + }, + "blob": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + } + }, + "keySource": "Microsoft.Keyvault", + "keyvaultproperties": { + "keyvaulturi": "https://myvault8569.vault.azure.net", + "keyname": "wrappingKey", + "keyversion": "", + "currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad", + "lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z" + } + }, + "primaryEndpoints": { + "web": "https://sto8596.web.core.windows.net/", + "dfs": "https://sto8596.dfs.core.windows.net/", + "blob": "https://sto8596.blob.core.windows.net/", + "file": "https://sto8596.file.core.windows.net/", + "queue": "https://sto8596.queue.core.windows.net/", + "table": "https://sto8596.table.core.windows.net/" + }, + "primaryLocation": "eastus2(stage)", + "provisioningState": "Succeeded", + "secondaryLocation": "northcentralus(stage)", + "statusOfPrimary": "available", + "statusOfSecondary": "available", + "supportsHttpsTrafficOnly": false + }, + "sku": { + "name": "Standard_GRS", + "tier": "Standard" + }, + "tags": { + "key1": "value1", + "key2": "value2" + }, + "type": "Microsoft.Storage/storageAccounts" + } + } + } + } + \ No newline at end of file From 742741627d0b2bce530291ee83a346ce81c8e8e4 Mon Sep 17 00:00:00 2001 From: Anthony Kunnel Jose Date: Tue, 17 Mar 2020 17:39:45 -0700 Subject: [PATCH 3/4] Add more examples and fix avocado checks. --- .../examples/StorageAccountEnableCMK.json | 166 +++++++++--------- ...StorageAccountGetPropertiesCMKEnabled.json | 103 +++++++++++ .../examples/StorageAccountList.json | 90 ++++++++++ .../stable/2019-06-01/storage.json | 6 + 4 files changed, 284 insertions(+), 81 deletions(-) create mode 100644 specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountGetPropertiesCMKEnabled.json diff --git a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json index bbe1754f49b5..b0f1085bf948 100644 --- a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json +++ b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json @@ -1,92 +1,96 @@ { + "parameters": { + "subscriptionId": "{subscription-id}", + "resourceGroupName": "res9407", + "accountName": "sto8596", + "api-version": "2019-06-01", + "monitor": "true", "parameters": { - "subscriptionId": "{subscription-id}", - "resourceGroupName": "res9407", - "accountName": "sto8596", - "api-version": "2019-06-01", - "monitor": "true", - "parameters": { - "properties": { - "encryption": { - "services": { - "file": { - "keyType": "Account", - "enabled": true, - "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" - }, - "blob": { - "keyType": "Account", - "enabled": true, - "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" - } - }, - "keySource": "Microsoft.Keyvault", - "keyvaultproperties": { - "keyvaulturi": "https://myvault8569.vault.azure.net", - "keyname": "wrappingKey", - "keyversion": "" - } + "properties": { + "encryption": { + "services": { + "file": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + }, + "blob": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" } + }, + "keySource": "Microsoft.Keyvault", + "keyvaultproperties": { + "keyvaulturi": "https://myvault8569.vault.azure.net", + "keyname": "wrappingKey", + "keyversion": "" + } } } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596", - "kind": "Storage", - "location": "eastus2(stage)", - "name": "sto8596", - "properties": { - "creationTime": "2017-06-01T02:42:41.7633306Z", - "encryption": { - "services": { - "file": { - "keyType": "Account", - "enabled": true, - "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" - }, - "blob": { - "keyType": "Account", - "enabled": true, - "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" - } - }, - "keySource": "Microsoft.Keyvault", - "keyvaultproperties": { - "keyvaulturi": "https://myvault8569.vault.azure.net", - "keyname": "wrappingKey", - "keyversion": "", - "currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad", - "lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z" - } - }, - "primaryEndpoints": { - "web": "https://sto8596.web.core.windows.net/", - "dfs": "https://sto8596.dfs.core.windows.net/", - "blob": "https://sto8596.blob.core.windows.net/", - "file": "https://sto8596.file.core.windows.net/", - "queue": "https://sto8596.queue.core.windows.net/", - "table": "https://sto8596.table.core.windows.net/" + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596", + "identity": { + "principalId": "911871cc-ffd1-4fc4-ac11-7a316433ea66", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "type": "SystemAssigned" + }, + "kind": "Storage", + "location": "eastus2(stage)", + "name": "sto8596", + "properties": { + "creationTime": "2017-06-01T02:42:41.7633306Z", + "encryption": { + "services": { + "file": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + }, + "blob": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + } }, - "primaryLocation": "eastus2(stage)", - "provisioningState": "Succeeded", - "secondaryLocation": "northcentralus(stage)", - "statusOfPrimary": "available", - "statusOfSecondary": "available", - "supportsHttpsTrafficOnly": false - }, - "sku": { - "name": "Standard_GRS", - "tier": "Standard" + "keySource": "Microsoft.Keyvault", + "keyvaultproperties": { + "keyvaulturi": "https://myvault8569.vault.azure.net", + "keyname": "wrappingKey", + "keyversion": "", + "currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad", + "lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z" + } }, - "tags": { - "key1": "value1", - "key2": "value2" + "primaryEndpoints": { + "web": "https://sto8596.web.core.windows.net/", + "dfs": "https://sto8596.dfs.core.windows.net/", + "blob": "https://sto8596.blob.core.windows.net/", + "file": "https://sto8596.file.core.windows.net/", + "queue": "https://sto8596.queue.core.windows.net/", + "table": "https://sto8596.table.core.windows.net/" }, - "type": "Microsoft.Storage/storageAccounts" - } + "primaryLocation": "eastus2(stage)", + "provisioningState": "Succeeded", + "secondaryLocation": "northcentralus(stage)", + "statusOfPrimary": "available", + "statusOfSecondary": "available", + "supportsHttpsTrafficOnly": false + }, + "sku": { + "name": "Standard_GRS", + "tier": "Standard" + }, + "tags": { + "key1": "value1", + "key2": "value2" + }, + "type": "Microsoft.Storage/storageAccounts" } } } - \ No newline at end of file +} diff --git a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountGetPropertiesCMKEnabled.json b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountGetPropertiesCMKEnabled.json new file mode 100644 index 000000000000..08c3e5dfbe3d --- /dev/null +++ b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountGetPropertiesCMKEnabled.json @@ -0,0 +1,103 @@ +{ + "parameters": { + "subscriptionId": "{subscription-id}", + "resourceGroupName": "res9407", + "accountName": "sto8596", + "api-version": "2019-06-01", + "monitor": "true" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596", + "identity": { + "principalId": "911871cc-ffd1-4fc4-ac11-7a316433ea66", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "type": "SystemAssigned" + }, + "kind": "Storage", + "location": "eastus2(stage)", + "name": "sto8596", + "properties": { + "geoReplicationStats": { + "status": "Live", + "lastSyncTime": "2018-10-30T00:25:34Z", + "canFailover": true + }, + "isHnsEnabled": true, + "creationTime": "2017-06-01T02:42:41.7633306Z", + "networkAcls": { + "bypass": "AzureServices", + "defaultAction": "Allow", + "ipRules": [], + "virtualNetworkRules": [] + }, + "primaryEndpoints": { + "web": "https://sto8596.web.core.windows.net/", + "dfs": "https://sto8596.dfs.core.windows.net/", + "blob": "https://sto8596.blob.core.windows.net/", + "file": "https://sto8596.file.core.windows.net/", + "queue": "https://sto8596.queue.core.windows.net/", + "table": "https://sto8596.table.core.windows.net/", + "microsoftEndpoints": { + "web": "https://sto8596-microsoftrouting.web.core.windows.net/", + "dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/", + "blob": "https://sto8596-microsoftrouting.blob.core.windows.net/", + "file": "https://sto8596-microsoftrouting.file.core.windows.net/", + "queue": "https://sto8596-microsoftrouting.queue.core.windows.net/", + "table": "https://sto8596-microsoftrouting.table.core.windows.net/" + }, + "internetEndpoints": { + "web": "https://sto8596-internetrouting.web.core.windows.net/", + "dfs": "https://sto8596-internetrouting.dfs.core.windows.net/", + "blob": "https://sto8596-internetrouting.blob.core.windows.net/", + "file": "https://sto8596-internetrouting.file.core.windows.net/" + } + }, + "primaryLocation": "eastus2(stage)", + "provisioningState": "Succeeded", + "routingPreference": { + "routingChoice": "MicrosoftRouting", + "publishMicrosoftEndpoints": true, + "publishInternetEndpoints": true + }, + "encryption": { + "services": { + "file": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + }, + "blob": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + } + }, + "keySource": "Microsoft.Keyvault", + "keyvaultproperties": { + "keyvaulturi": "https://myvault8569.vault.azure.net", + "keyname": "wrappingKey", + "keyversion": "", + "currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad", + "lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z" + } + }, + "secondaryLocation": "northcentralus(stage)", + "statusOfPrimary": "available", + "statusOfSecondary": "available", + "supportsHttpsTrafficOnly": false + }, + "sku": { + "name": "Standard_GRS", + "tier": "Standard" + }, + "tags": { + "key1": "value1", + "key2": "value2" + }, + "type": "Microsoft.Storage/storageAccounts" + } + } + } +} diff --git a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountList.json b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountList.json index 82b08ef0df0f..d1a76567be23 100644 --- a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountList.json +++ b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountList.json @@ -110,6 +110,96 @@ }, "type": "Microsoft.Storage/storageAccounts" }, + { + "id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596", + "identity": { + "principalId": "911871cc-ffd1-4fc4-ac11-7a316433ea66", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "type": "SystemAssigned" + }, + "kind": "Storage", + "location": "eastus2(stage)", + "name": "sto8596", + "properties": { + "geoReplicationStats": { + "status": "Live", + "lastSyncTime": "2018-10-30T00:25:34Z", + "canFailover": true + }, + "isHnsEnabled": true, + "creationTime": "2017-06-01T02:42:41.7633306Z", + "networkAcls": { + "bypass": "AzureServices", + "defaultAction": "Allow", + "ipRules": [], + "virtualNetworkRules": [] + }, + "primaryEndpoints": { + "web": "https://sto8596.web.core.windows.net/", + "dfs": "https://sto8596.dfs.core.windows.net/", + "blob": "https://sto8596.blob.core.windows.net/", + "file": "https://sto8596.file.core.windows.net/", + "queue": "https://sto8596.queue.core.windows.net/", + "table": "https://sto8596.table.core.windows.net/", + "microsoftEndpoints": { + "web": "https://sto8596-microsoftrouting.web.core.windows.net/", + "dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/", + "blob": "https://sto8596-microsoftrouting.blob.core.windows.net/", + "file": "https://sto8596-microsoftrouting.file.core.windows.net/", + "queue": "https://sto8596-microsoftrouting.queue.core.windows.net/", + "table": "https://sto8596-microsoftrouting.table.core.windows.net/" + }, + "internetEndpoints": { + "web": "https://sto8596-internetrouting.web.core.windows.net/", + "dfs": "https://sto8596-internetrouting.dfs.core.windows.net/", + "blob": "https://sto8596-internetrouting.blob.core.windows.net/", + "file": "https://sto8596-internetrouting.file.core.windows.net/" + } + }, + "primaryLocation": "eastus2(stage)", + "provisioningState": "Succeeded", + "routingPreference": { + "routingChoice": "MicrosoftRouting", + "publishMicrosoftEndpoints": true, + "publishInternetEndpoints": true + }, + "encryption": { + "services": { + "file": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + }, + "blob": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + } + }, + "keySource": "Microsoft.Keyvault", + "keyvaultproperties": { + "keyvaulturi": "https://myvault8569.vault.azure.net", + "keyname": "wrappingKey", + "keyversion": "", + "currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad", + "lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z" + } + }, + "secondaryLocation": "northcentralus(stage)", + "statusOfPrimary": "available", + "statusOfSecondary": "available", + "supportsHttpsTrafficOnly": false + }, + "sku": { + "name": "Standard_GRS", + "tier": "Standard" + }, + "tags": { + "key1": "value1", + "key2": "value2" + }, + "type": "Microsoft.Storage/storageAccounts" + }, { "id": "/subscriptions/{subscription-id}/resourceGroups/testcmk3/providers/Microsoft.Storage/storageAccounts/sto6637", "identity": { diff --git a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/storage.json b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/storage.json index c46bf188a19f..135bd3e3a99a 100644 --- a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/storage.json +++ b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/storage.json @@ -209,6 +209,9 @@ "x-ms-examples": { "StorageAccountGetProperties": { "$ref": "./examples/StorageAccountGetProperties.json" + }, + "StorageAccountGetPropertiesCMKEnabled": { + "$ref": "./examples/StorageAccountGetPropertiesCMKEnabled.json" } }, "parameters": [ @@ -261,6 +264,9 @@ }, "StorageAccountEnableAD": { "$ref": "./examples/StorageAccountEnableAD.json" + }, + "StorageAccountEnableCMK": { + "$ref": "./examples/StorageAccountEnableCMK.json" } }, "parameters": [ From 6647d5d7ef26229c2d63e5aad3ad70d9f2f4d2bf Mon Sep 17 00:00:00 2001 From: Anthony Kunnel Jose Date: Tue, 17 Mar 2020 17:53:04 -0700 Subject: [PATCH 4/4] Fix model validation failures. --- .../stable/2019-06-01/examples/StorageAccountEnableCMK.json | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json index b0f1085bf948..7a393de8eafe 100644 --- a/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json +++ b/specification/storage/resource-manager/Microsoft.Storage/stable/2019-06-01/examples/StorageAccountEnableCMK.json @@ -11,13 +11,11 @@ "services": { "file": { "keyType": "Account", - "enabled": true, - "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + "enabled": true }, "blob": { "keyType": "Account", - "enabled": true, - "lastEnabledTime": "2019-12-11T20:49:31.7036140Z" + "enabled": true } }, "keySource": "Microsoft.Keyvault",