[KeyVault] Upgrade to MSGraph (Azure#16373)

* Migrate to MSGraph * Warning message and doc * remove extra space
AzureSDKAutomation · Nov 25, 2021 · 9513fbb · 9513fbb
1 parent fefb646
commit 9513fbb
Show file tree

Hide file tree

Showing 34 changed files with 398 additions and 268 deletions.
diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/KeyVaultManagementController.cs b/src/KeyVault/KeyVault.Test/ScenarioTests/KeyVaultManagementController.cs
@@ -26,6 +26,7 @@
 using Microsoft.Azure.Management.Internal.Resources;
 using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
+using Microsoft.Azure.Commands.Common.MSGraph.Version1_0;
 
 namespace Microsoft.Azure.Commands.KeyVault.Test
 {
@@ -41,7 +42,7 @@ public class KeyVaultManagementController
 
         public KeyVaultManagementClient KeyVaultManagementClient { get; private set; }
 
-        public GraphRbacManagementClient GraphClient { get; private set; }
+        public IMicrosoftGraphClient GraphClient { get; private set; }
 
         public string UserDomain { get; private set; }
 
@@ -142,7 +143,7 @@ private static KeyVaultManagementClient GetKeyVaultManagementClient(MockContext
             return context.GetServiceClient<KeyVaultManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
         }
 
-        private GraphRbacManagementClient GetGraphClient(MockContext context)
+        private IMicrosoftGraphClient GetGraphClient(MockContext context)
         {
             var environment = TestEnvironmentFactory.GetTestEnvironment();
             string tenantId = null;
@@ -169,7 +170,7 @@ private GraphRbacManagementClient GetGraphClient(MockContext context)
                 }
             }
 
-            var client = context.GetGraphServiceClient<GraphRbacManagementClient>(environment);
+            var client = context.GetGraphServiceClient<MicrosoftGraphClient>(environment);
             client.TenantID = tenantId;
             if (AzureRmProfileProvider.Instance != null &&
                 AzureRmProfileProvider.Instance.Profile != null &&

diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/KeyVaultManagementTests.cs b/src/KeyVault/KeyVault.Test/ScenarioTests/KeyVaultManagementTests.cs
@@ -23,6 +23,9 @@
 using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
 using Xunit;
 using Microsoft.Azure.ServiceManagement.Common.Models;
+using Microsoft.Azure.Commands.Common.MSGraph.Version1_0.Users;
+using Microsoft.Azure.Commands.Common.MSGraph.Version1_0.Applications;
+using Microsoft.Azure.Commands.Common.MSGraph.Version1_0.Applications.Models;
 
 namespace Microsoft.Azure.Commands.KeyVault.Test.ScenarioTests
 {
@@ -248,8 +251,8 @@ public void TestSetCompoundIdAccessPolicy()
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestSetRemoveAccessPolicyBySPN()
         {
-            Application app = null;
-            ServicePrincipal principal = null;
+            MicrosoftGraphApplication app = null;
+            MicrosoftGraphServicePrincipal principal = null;
 
             KeyVaultManagementController controller = KeyVaultManagementController.NewInstance;
             controller.RunPsTestWorkflow(
@@ -260,9 +263,9 @@ public void TestSetRemoveAccessPolicyBySPN()
                 app = CreateNewAdApp(controller);
                 principal = CreateNewAdServicePrincipal(controller, app.AppId);
                 return new[] { string.Format("{0} {1} {2} {3}", "Test-SetRemoveAccessPolicyBySPN",
-                    _data.PreCreatedVault,
-                    _data.ResourceGroupName,
-                    principal.ServicePrincipalNames.Where(s => s.StartsWith("http")).FirstOrDefault()) };
+                     _data.PreCreatedVault,
+                     _data.ResourceGroupName,
+                     principal.ServicePrincipalNames.Where(s => s.StartsWith("http")).FirstOrDefault()) };
             },
             // cleanup
             () =>
@@ -412,56 +415,53 @@ private string GetUserObjectId(KeyVaultManagementController controllerAdmin, str
         {
             if (HttpMockServer.GetCurrentMode() == HttpRecorderMode.Record)
             {
-                var user = controllerAdmin.GraphClient.Users.Get(upn);
-                HttpMockServer.Variables["ObjectId"] = user.ObjectId;
-                return user.ObjectId;
+                var user = controllerAdmin.GraphClient.Users.GetUser(upn);
+                HttpMockServer.Variables["ObjectId"] = user.Id;
+                return user.Id;
             }
             else
             {
                 return HttpMockServer.Variables["ObjectId"];
             }
         }
 
-        private Application CreateNewAdApp(KeyVaultManagementController controllerAdmin)
+        private MicrosoftGraphApplication CreateNewAdApp(KeyVaultManagementController controllerAdmin)
         {
             var appName = TestUtilities.GenerateName("adApplication");
             var url = string.Format("http://{0}/home", appName);
-            var appParam = new ApplicationCreateParameters
+            var app = new MicrosoftGraphApplication()
             {
-                AvailableToOtherTenants = false,
                 DisplayName = appName,
-                Homepage = url,
-                IdentifierUris = new[] { url },
-                ReplyUrls = new[] { url }
+                IdentifierUris = new[] { url }
             };
 
-            return controllerAdmin.GraphClient.Applications.Create(appParam);
+            return controllerAdmin.GraphClient.Applications.CreateApplication(app);
         }
 
-        private ServicePrincipal CreateNewAdServicePrincipal(KeyVaultManagementController controllerAdmin, string appId)
+        private MicrosoftGraphServicePrincipal CreateNewAdServicePrincipal(KeyVaultManagementController controllerAdmin, string appId)
         {
-            var spParam = new ServicePrincipalCreateParameters
+            var sp = new MicrosoftGraphServicePrincipal
             {
                 AppId = appId,
                 AccountEnabled = true
             };
 
-            return controllerAdmin.GraphClient.ServicePrincipals.Create(spParam);
+            return controllerAdmin.GraphClient.ServicePrincipals.CreateServicePrincipal(sp);
         }
 
-        private void DeleteAdApp(KeyVaultManagementController controllerAdmin, Application app)
+        private void DeleteAdApp(KeyVaultManagementController controllerAdmin, MicrosoftGraphApplication app)
         {
             if (app != null)
             {
-                controllerAdmin.GraphClient.Applications.Delete(app.ObjectId);
+                controllerAdmin.GraphClient.Applications.DeleteApplication(app.Id);
             }
         }
 
-        private void DeleteAdServicePrincipal(KeyVaultManagementController controllerAdmin, ServicePrincipal newServicePrincipal)
+        private void DeleteAdServicePrincipal(KeyVaultManagementController controllerAdmin, MicrosoftGraphServicePrincipal newServicePrincipal)
         {
             if (newServicePrincipal != null)
             {
-                controllerAdmin.GraphClient.ServicePrincipals.Delete(newServicePrincipal.ObjectId);
+                controllerAdmin.GraphClient.ServicePrincipals.DeleteServicePrincipal(newServicePrincipal.Id);
             }
         }
         #endregion

diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Migrated AAD Graph API to MSGraph API.
 * Added a message to `Set-AzKeyVaultAccessPolicy` stating that for the Permissions parameters, using the 'All' option will not include the 'Purge' permission.
 
 ## Version 3.6.1

diff --git a/src/KeyVault/KeyVault/Commands/Constants.cs b/src/KeyVault/KeyVault/Commands/Constants.cs
@@ -31,9 +31,6 @@ public static class Constants
         public const string DefaultSoftDeleteRetentionDaysString = "90";
 
         public const string KeyOpsImport = "import";
-
-        public const string BreakingChangeMSGraphMigration = @"This cmdlet will use Microsoft Graph in Az 7.x and later.
-Visit https://go.microsoft.com/fwlink/?linkid=2174792 for migration guide and breaking changes.";
     }
 
     public static class CmdletNoun

diff --git a/src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs
@@ -14,17 +14,15 @@
 
 using System;
 using System.Collections;
-using System.Collections.Generic;
 using System.Management.Automation;
+using Microsoft.Azure.Commands.KeyVault.Helpers;
 using Microsoft.Azure.Commands.KeyVault.Models;
 using Microsoft.Azure.Commands.KeyVault.Properties;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 
 namespace Microsoft.Azure.Commands.KeyVault
 {
-    [GenericBreakingChange(Constants.BreakingChangeMSGraphMigration)]
-    [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVault",DefaultParameterSetName = GetVaultParameterSet)]
+    [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVault", DefaultParameterSetName = GetVaultParameterSet)]
     [OutputType(typeof(PSKeyVault), typeof(PSKeyVaultIdentityItem), typeof(PSDeletedKeyVault))]
     public class GetAzureKeyVault : KeyVaultManagementCmdletBase
     {
@@ -94,12 +92,14 @@ public class GetAzureKeyVault : KeyVaultManagementCmdletBase
             Mandatory = false,
             ParameterSetName = GetVaultParameterSet,
             ValueFromPipelineByPropertyName = true,
-            HelpMessage = "Specifies the key and optional value of the specified tag to filter the list of key vaults by.")]        
+            HelpMessage = "Specifies the key and optional value of the specified tag to filter the list of key vaults by.")]
         public Hashtable Tag { get; set; }
 
         #endregion
         public override void ExecuteCmdlet()
         {
+            MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);
+
             switch (ParameterSetName)
             {
                 case GetVaultParameterSet:
@@ -110,14 +110,14 @@ public override void ExecuteCmdlet()
                         PSKeyVault vault = KeyVaultManagementClient.GetVault(
                                                     VaultName,
                                                     ResourceGroupName,
-                                                    ActiveDirectoryClient);
+                                                    GraphClient);
                         WriteObject(FilterByTag(vault, Tag));
                     }
                     else
                     {
                         WriteObject(TopLevelWildcardFilter(ResourceGroupName, VaultName, ListVaults(ResourceGroupName, Tag)), true);
                     }
-                    
+
                     break;
 
                 case GetDeletedVaultParameterSet:

diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
@@ -1,12 +1,11 @@
-using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.KeyVault.Helpers;
+using Microsoft.Azure.Commands.KeyVault.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 using System.Collections;
 using System.Management.Automation;
 
 namespace Microsoft.Azure.Commands.KeyVault.Commands
 {
-    [GenericBreakingChange(Constants.BreakingChangeMSGraphMigration)]
     [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVaultManagedHsm")]
     [OutputType(typeof(PSManagedHsm), typeof(PSKeyVaultIdentityItem))]
     public class GetAzureManagedHsm : KeyVaultManagementCmdletBase
@@ -58,16 +57,16 @@ public override void ExecuteCmdlet()
                 PSManagedHsm mhsm = KeyVaultManagementClient.GetManagedHsm(
                                                 Name,
                                                 ResourceGroupName,
-                                                ActiveDirectoryClient);
+                                                GraphClient);
                 WriteObject(FilterByTag(mhsm, Tag));
             }
             else
-            {              
+            {
                 WriteObject(
                     TopLevelWildcardFilter(
                         ResourceGroupName, Name,
                         FilterByTag(
-                            KeyVaultManagementClient.ListManagedHsms(ResourceGroupName, ActiveDirectoryClient), Tag)),
+                            KeyVaultManagementClient.ListManagedHsms(ResourceGroupName, GraphClient), Tag)),
                     true);
             }
         }

diff --git a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
@@ -12,6 +12,7 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Microsoft.Azure.Commands.KeyVault.Helpers;
 using Microsoft.Azure.Commands.KeyVault.Models;
 using Microsoft.Azure.Commands.KeyVault.Properties;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
@@ -27,7 +28,6 @@ namespace Microsoft.Azure.Commands.KeyVault
     /// <summary>
     /// Create a new key vault.
     /// </summary>
-    [GenericBreakingChange(Constants.BreakingChangeMSGraphMigration)]
     [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVault", SupportsShouldProcess = true)]
     [OutputType(typeof(PSKeyVault))]
     public class NewAzureKeyVault : KeyVaultManagementCmdletBase
@@ -116,6 +116,8 @@ public class NewAzureKeyVault : KeyVaultManagementCmdletBase
 
         public override void ExecuteCmdlet()
         {
+            MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);
+
             if (ShouldProcess(Name, Properties.Resources.CreateKeyVault))
             {
                 if (VaultExistsInCurrentSubscription(Name))
@@ -178,7 +180,7 @@ public override void ExecuteCmdlet()
                     NetworkAcls = new NetworkRuleSet(),     // New key-vault takes in default network rule set
                     Tags = this.Tag
                 },
-                    ActiveDirectoryClient,
+                    GraphClient,
                     NetworkRuleSet);
 
                 this.WriteObject(newVault);

diff --git a/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
@@ -1,7 +1,7 @@
-using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.KeyVault.Helpers;
+using Microsoft.Azure.Commands.KeyVault.Models;
 using Microsoft.Azure.Commands.KeyVault.Properties;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 using System;
 using System.Collections;
 using System.Management.Automation;
@@ -11,7 +11,6 @@ namespace Microsoft.Azure.Commands.KeyVault.Commands
     /// <summary>
     /// Create a new managed HSM.
     /// </summary>
-    [GenericBreakingChange(Constants.BreakingChangeMSGraphMigration)]
     [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVaultManagedHsm", SupportsShouldProcess = true)]
     [OutputType(typeof(PSManagedHsm))]
     public class NewAzureManagedHsm : KeyVaultManagementCmdletBase
@@ -97,7 +96,7 @@ public override void ExecuteCmdlet()
                     SkuFamilyName = DefaultManagedHsmSkuFamily
                 };
 
-                this.WriteObject(KeyVaultManagementClient.CreateNewManagedHsm(vaultCreationParameter, ActiveDirectoryClient));
+                this.WriteObject(KeyVaultManagementClient.CreateNewManagedHsm(vaultCreationParameter, GraphClient));
             }
         }
 

diff --git a/src/KeyVault/KeyVault/Commands/RBAC/GetAzureManagedHsmRoleAssignment.cs b/src/KeyVault/KeyVault/Commands/RBAC/GetAzureManagedHsmRoleAssignment.cs
@@ -12,10 +12,12 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Microsoft.Azure.Commands.Common.MSGraph.Version1_0.Applications;
+using Microsoft.Azure.Commands.Common.MSGraph.Version1_0.Applications.Models;
+using Microsoft.Azure.Commands.Common.MSGraph.Version1_0.Users;
+using Microsoft.Azure.Commands.KeyVault.Helpers;
 using Microsoft.Azure.Commands.KeyVault.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory;
-using Microsoft.Azure.Graph.RBAC.Version1_6.Models;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using System;
 using System.Linq;
@@ -74,6 +76,8 @@ public class GetAzureManagedHsmRoleAssignment : RbacCmdletBase
 
         public override void ExecuteCmdlet()
         {
+            MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);
+
             switch (ParameterSetName)
             {
                 case ListParameterSet:
@@ -111,15 +115,14 @@ private PSKeyVaultRoleAssignment[] FilterAssignments(PSKeyVaultRoleAssignment[]
             }
             if (!string.IsNullOrEmpty(SignInName))
             {
-                var filter = new ADObjectFilterOptions() { UPN = SignInName };
-                var user = ActiveDirectoryClient.FilterUsers(filter).FirstOrDefault();
-                ObjectId = user?.Id.ToString();
+                var user = GraphClient.Users.GetUser(SignInName);
+                ObjectId = user?.Id;
             }
             if (!string.IsNullOrEmpty(ApplicationId))
             {
-                var odataQuery = new Rest.Azure.OData.ODataQuery<Application>(s => string.Equals(s.AppId, ApplicationId, StringComparison.OrdinalIgnoreCase));
-                var app = ActiveDirectoryClient.GetApplicationWithFilters(odataQuery).FirstOrDefault();
-                ObjectId = app?.ObjectId.ToString();
+                var filter = ODataHelper.FormatFilterString<MicrosoftGraphServicePrincipal>(sp => sp.AppId == ApplicationId);
+                var servicePrincipal = GraphClient.ServicePrincipals.ListServicePrincipal(filter: filter).Value.FirstOrDefault();
+                ObjectId = servicePrincipal?.Id;
             }
             if (!string.IsNullOrEmpty(RoleDefinitionId))
             {