Lusitanian

Lusitanian

Member Since 9 years ago

@Microsoft , Seattle, WA

Experience Points
58
follower
Lessons Completed
5
follow
Lessons Completed
44
stars
Best Reply Awards
30
repos

9 contributions in the last year

Pinned
⚡ PHP 5.3+ oAuth 1/2 Client Library
⚡ Money pattern implementation for PHP 5.3+
⚡ A PHP 5.3+ engine for event-driven applications
⚡ Symfony2 Datagrid Bundle (Sorien DataGridBundle 2.0)
⚡ PHP Wrapper for GNU units command line application.
Activity
Jan
5
2 weeks ago
Activity icon
issue

Lusitanian issue Azure/azure-powershell

Lusitanian
Lusitanian

Update-AzKeyVaultKey cannot update "key ops" on Managed HSM

Description

When attempting to set the key ops on a Managed HSM instance, powershell fails with "Update-AzKeyVaultKey : Specified cast is not valid."

Issue script & Debug output

PS C:\Users\dadesber> $ops
wrapKey
verify
sign
unwrapKey
encrypt
decrypt
PS C:\Users\dadesber> Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps $ops
Update-AzKeyVaultKey : Specified cast is not valid.
At line:1 char:1
+ Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Update-AzKeyVaultKey], InvalidCastException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.UpdateAzureKeyVaultKey

PS C:\Users\dadesber>

Environment data

PS C:\Users\dadesber> $ops
wrapKey
verify
sign
unwrapKey
encrypt
decrypt
PS C:\Users\dadesber> Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps $ops
Update-AzKeyVaultKey : Specified cast is not valid.
At line:1 char:1
+ Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Update-AzKeyVaultKey], InvalidCastException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.UpdateAzureKeyVaultKey

PS C:\Users\dadesber>

Module versions

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     2.7.1      Az.Accounts                         {Add-AzEnvironment, Clear-AzContext, Clear-AzDefault, Conn...
Script     4.2.0      Az.KeyVault                         {Add-AzKeyVaultCertificate, Add-AzKeyVaultCertificateConta...

Error output

HistoryId: 39


Message        : Specified cast is not valid.
StackTrace     :    at Microsoft.Azure.Commands.KeyVault.Track2Models.Track2HsmClient.UpdateKey(KeyClient client,
                 String keyName, String keyVersion, PSKeyVaultKeyAttributes keyAttributes)
                    at Microsoft.Azure.Commands.KeyVault.UpdateAzureKeyVaultKey.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.InvalidCastException
InvocationInfo : {Update-AzKeyVaultKey}
Line           : Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps $ops
Position       : At line:1 char:1
                 + Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps  ...
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 39



   HistoryId: 37


Message        : Specified cast is not valid.
StackTrace     :    at Microsoft.Azure.Commands.KeyVault.Track2Models.Track2HsmClient.UpdateKey(KeyClient client,
                 String keyName, String keyVersion, PSKeyVaultKeyAttributes keyAttributes)
                    at Microsoft.Azure.Commands.KeyVault.UpdateAzureKeyVaultKey.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.InvalidCastException
InvocationInfo : {Update-AzKeyVaultKey}
Line           : Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps $ops
Position       : At line:1 char:1
                 + Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps  ...
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 37
Activity icon
issue

Lusitanian issue Azure/azure-powershell

Lusitanian
Lusitanian

AddAzureKeyVaultKey does not respect "key ops" parameter when importing key from file

Description

When importing a key from a file to Managed HSM, the "key ops" param is not respected or forwarded to the service. This can be seen from the command's code here: https://github.com/Azure/azure-powershell/blob/main/src/KeyVault/KeyVault/Commands/Key/AddAzureKeyVaultKey.cs#L397 which does not pass in any attributes.

This is inconsistent with the Azure CLI behavior, which passes the key ops to the backend service.

Issue script & Debug output

$key = Add-AzKeyVaultKey -HsmName $HsmName -Name $KeyName -KeyFilePath $PrivateKey -KeyFilePassword $SecurePassword -KeyOps $keyOps

Environment data

Name Value
---- -----
PSVersion 5.1.18362.1801
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.18362.1801
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Module versions

ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 2.5.3 Az.Accounts {Add-AzEnvironment, Clear-AzCon...
Script 3.4.5 Az.KeyVault {Add-AzKeyVaultCertificate, Add..

Error output

No response