-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[KeyVault] Handle Nullable Parameters for Certificate Auto-Renewal in Set-AzKeyVaultCertificatePolicy #25844
[KeyVault] Handle Nullable Parameters for Certificate Auto-Renewal in Set-AzKeyVaultCertificatePolicy #25844
Conversation
️✔️Az.Accounts
️✔️Az.Compute
️✔️Az.CosmosDB
️✔️Az.EventHub
|
Type | Cmdlet | Description | Remediation |
---|---|---|---|
Get-AzKeyVaultManagedHsmRegion | Get-AzKeyVaultManagedHsmRegion Changes the ConfirmImpact but does not set the SupportsShouldProcess property to true in the cmdlet attribute. | Determine if the cmdlet should implement ShouldProcess and if so determine if it should implement Force / ShouldContinue | |
Get-AzKeyVaultManagedHsmRegion | Get-AzKeyVaultManagedHsmRegion changes the confirm impact. Please ensure that the change in ConfirmImpact is justified | Verify that ConfirmImpact is changed appropriately by the cmdlet. It is very rare for a cmdlet to change the ConfirmImpact. |
⚠️ Windows PowerShell - Windows
Type | Cmdlet | Description | Remediation |
---|---|---|---|
Get-AzKeyVaultManagedHsmRegion | Get-AzKeyVaultManagedHsmRegion Changes the ConfirmImpact but does not set the SupportsShouldProcess property to true in the cmdlet attribute. | Determine if the cmdlet should implement ShouldProcess and if so determine if it should implement Force / ShouldContinue | |
Get-AzKeyVaultManagedHsmRegion | Get-AzKeyVaultManagedHsmRegion changes the confirm impact. Please ensure that the change in ConfirmImpact is justified | Verify that ConfirmImpact is changed appropriately by the cmdlet. It is very rare for a cmdlet to change the ConfirmImpact. |
️✔️Help Example Check
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Help File Existence Check
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️File Change Check
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️UX Metadata Check
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
⚠️ Test
⚠️ - Linux
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 22.09 % Test coverage for the module cannot be lower than 50%.
⚠️ - MacOS
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 22.09% Test coverage for the module cannot be lower than 50%.
⚠️ PowerShell Core - Windows
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 22.09% Test coverage for the module cannot be lower than 50%.
⚠️ Windows PowerShell - Windows
Type Title Current Coverage Description ⚠️ Test Coverage Less Than 50% 22.09% Test coverage for the module cannot be lower than 50%.
️✔️Az.ManagedServiceIdentity
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Monitor
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Network
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.OperationalInsights
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.PrivateDns
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Resources
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.ServiceBus
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Sql
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Test
️✔️ - Linux
️✔️ - MacOS
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
️✔️Az.Storage
️✔️Build
️✔️PowerShell Core - Windows
️✔️Windows PowerShell - Windows
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
check following issues reported by our CIs. If it's false positive, suppress them by https://github.com/Azure/azure-powershell/blob/main/documentation/Debugging-StaticAnalysis-Errors.md#breaking-changes
D:\a_work\1\s\artifacts/StaticAnalysisResults\BreakingChangeIssues.csv Errors
"Module","ClassName","Target","Severity","ProblemId","Description","Remediation"
"Az.KeyVault","Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultCertificatePolicy","Set-AzKeyVaultCertificatePolicy","0","1050","The parameter set '__AllParameterSets' for cmdlet 'Set-AzKeyVaultCertificatePolicy' has been removed.","Add parameter set '__AllParameterSets' back to cmdlet 'Set-AzKeyVaultCertificatePolicy'."
"Az.KeyVault","Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultCertificatePolicy","Set-AzKeyVaultCertificatePolicy","0","1050","The parameter set 'ByValue' for cmdlet 'Set-AzKeyVaultCertificatePolicy' has been removed.","Add parameter set 'ByValue' back to cmdlet 'Set-AzKeyVaultCertificatePolicy'."
"Az.KeyVault","Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultCertificatePolicy","Set-AzKeyVaultCertificatePolicy","0","1050","The parameter set 'ExpandedRenewNumber' for cmdlet 'Set-AzKeyVaultCertificatePolicy' has been removed.","Add parameter set 'ExpandedRenewNumber' back to cmdlet 'Set-AzKeyVaultCertificatePolicy'."
"Az.KeyVault","Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultCertificatePolicy","Set-AzKeyVaultCertificatePolicy","0","1050","The parameter set 'ExpandedRenewPercentage' for cmdlet 'Set-AzKeyVaultCertificatePolicy' has been removed.","Add parameter set 'ExpandedRenewPercentage' back to cmdlet 'Set-AzKeyVaultCertificatePolicy'."
src/KeyVault/KeyVault/Commands/Certificate/Policy/SetAzureKeyVaultCertificatePolicy.cs
Show resolved
Hide resolved
src/KeyVault/KeyVault/Commands/Certificate/Policy/SetAzureKeyVaultCertificatePolicy.cs
Outdated
Show resolved
Hide resolved
src/KeyVault/KeyVault/Commands/Certificate/Policy/SetAzureKeyVaultCertificatePolicy.cs
Outdated
Show resolved
Hide resolved
…hhh/azure-powershell into fix/28957664-disable-auto-renewal
This PR was labeled "needs-revision" because it has unresolved review comments or CI failures. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add Pester tests or Live tests for modified data plane cmdlets
src/KeyVault/KeyVault/Commands/Certificate/Policy/SetAzureKeyVaultCertificatePolicy.cs
Outdated
Show resolved
Hide resolved
src/KeyVault/KeyVault/Commands/Certificate/Policy/SetAzureKeyVaultCertificatePolicy.cs
Outdated
Show resolved
Hide resolved
src/KeyVault/KeyVault/Commands/Certificate/Policy/SetAzureKeyVaultCertificatePolicy.cs
Show resolved
Hide resolved
src/KeyVault/KeyVault/Commands/Certificate/Policy/SetAzureKeyVaultCertificatePolicy.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
… Set-AzKeyVaultCertificatePolicy (#25844) * Added manual validation for piped attributes * Updated ChangeLog * Validate using a helper function * Added back ValueFromPipeline Testing * Removed ValueFromPipelineProperty * Added Suggested Changes * Dummy Commit * Added Pester Testing * Added CI error suppression * Updated Help Docs for cmdlet --------- Co-authored-by: Yash Patil <[email protected]>
… Set-AzKeyVaultCertificatePolicy (#25844) (#26055) * Added manual validation for piped attributes * Updated ChangeLog * Validate using a helper function * Added back ValueFromPipeline Testing * Removed ValueFromPipelineProperty * Added Suggested Changes * Dummy Commit * Added Pester Testing * Added CI error suppression * Updated Help Docs for cmdlet --------- Co-authored-by: Yash <[email protected]> Co-authored-by: Yash Patil <[email protected]>
Description
This PR addresses issue #25649, where users were unable to disable auto-renewal on a KeyVault certificate policy. The changes include:
Manual Validation for Nullable Parameters: The parameters
RenewAtNumberOfDaysBeforeExpiry
andRenewAtPercentageLifetime
were originally set with ValidateRange attributes, which caused issues when trying to set them to null. The validation logic has been moved to theExecuteCmdlet
method to manually validate these parameters only when they are not null.Updated Command Behavior: Adjusted the behavior of
Set-AzKeyVaultCertificatePolicy
to allow for proper handling of nullable parameters, ensuring that users can disable auto-renewal by setting these parameters to null.Improved Pipeline Handling: Addressed an issue where the
Curve
,KeySize
, andCertificateTransparency
properties were incorrectly being validated from the pipeline due toValueFromPipelineByPropertyNam
e. These validations have been adjusted to prevent incorrect mappings and allow the command to function as expected.Mandatory Checklist
Please choose the target release of Azure PowerShell. (⚠️ Target release is a different concept from API readiness. Please click below links for details.)
Check this box to confirm: I have read the Submitting Changes section of
CONTRIBUTING.md
and reviewed the following information:Additional Notes:
This PR improves the usability of the Set-AzKeyVaultCertificatePolicy cmdlet and ensures that it behaves as expected when managing certificate policies within Azure KeyVault.
ChangeLog.md
file(s) appropriatelysrc/{{SERVICE}}/{{SERVICE}}/ChangeLog.md
.## Upcoming Release
header in the past tense.ChangeLog.md
if no new release is required, such as fixing test case only.