diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/RoleAssignmentCreateParameters.Serialization.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/RoleAssignmentCreateParameters.Serialization.cs
new file mode 100644
index 000000000000..b605492ea950
--- /dev/null
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/RoleAssignmentCreateParameters.Serialization.cs
@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+//
+
+#nullable disable
+
+using System.Text.Json;
+using Azure.Core;
+
+namespace Azure.Security.KeyVault.Administration.Models
+{
+ internal partial class RoleAssignmentCreateParameters : IUtf8JsonSerializable
+ {
+ void IUtf8JsonSerializable.Write(Utf8JsonWriter writer)
+ {
+ writer.WriteStartObject();
+ writer.WritePropertyName("properties");
+ writer.WriteObjectValue(Properties);
+ writer.WriteEndObject();
+ }
+ }
+}
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/RoleAssignmentCreateParameters.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/RoleAssignmentCreateParameters.cs
new file mode 100644
index 000000000000..a2924b58918f
--- /dev/null
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/RoleAssignmentCreateParameters.cs
@@ -0,0 +1,30 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+//
+
+#nullable disable
+
+using System;
+
+namespace Azure.Security.KeyVault.Administration.Models
+{
+ /// Role assignment create parameters.
+ internal partial class RoleAssignmentCreateParameters
+ {
+ /// Initializes a new instance of RoleAssignmentCreateParameters.
+ /// Role assignment properties.
+ public RoleAssignmentCreateParameters(RoleAssignmentProperties properties)
+ {
+ if (properties == null)
+ {
+ throw new ArgumentNullException(nameof(properties));
+ }
+
+ Properties = properties;
+ }
+
+ /// Role assignment properties.
+ public RoleAssignmentProperties Properties { get; }
+ }
+}
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleAssignmentsRestClient.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleAssignmentsRestClient.cs
index f23a849d6fb8..3fb14d14c8fc 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleAssignmentsRestClient.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleAssignmentsRestClient.cs
@@ -141,7 +141,7 @@ public Response Delete(string vaultBaseUrl, string scope, string
}
}
- internal HttpMessage CreateCreateRequest(string vaultBaseUrl, string scope, string roleAssignmentName, RoleAssignmentProperties parameters)
+ internal HttpMessage CreateCreateRequest(string vaultBaseUrl, string scope, string roleAssignmentName, RoleAssignmentCreateParameters parameters)
{
var message = _pipeline.CreateMessage();
var request = message.Request;
@@ -167,7 +167,7 @@ internal HttpMessage CreateCreateRequest(string vaultBaseUrl, string scope, stri
/// The name of the role assignment to create. It can be any valid GUID.
/// Parameters for the role assignment.
/// The cancellation token to use.
- public async Task> CreateAsync(string vaultBaseUrl, string scope, string roleAssignmentName, RoleAssignmentProperties parameters, CancellationToken cancellationToken = default)
+ public async Task> CreateAsync(string vaultBaseUrl, string scope, string roleAssignmentName, RoleAssignmentCreateParameters parameters, CancellationToken cancellationToken = default)
{
if (vaultBaseUrl == null)
{
@@ -215,7 +215,7 @@ public async Task> CreateAsync(string vaultBaseUrl, str
/// The name of the role assignment to create. It can be any valid GUID.
/// Parameters for the role assignment.
/// The cancellation token to use.
- public Response Create(string vaultBaseUrl, string scope, string roleAssignmentName, RoleAssignmentProperties parameters, CancellationToken cancellationToken = default)
+ public Response Create(string vaultBaseUrl, string scope, string roleAssignmentName, RoleAssignmentCreateParameters parameters, CancellationToken cancellationToken = default)
{
if (vaultBaseUrl == null)
{
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultAccessControlClient.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultAccessControlClient.cs
index 7c0dc383a423..6aa817e482b3 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultAccessControlClient.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultAccessControlClient.cs
@@ -250,7 +250,7 @@ public virtual Response CreateRoleAssignment(RoleAssignmentScope
try
{
var _name = name == default ? Guid.NewGuid().ToString() : name.ToString();
- return _assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, properties, cancellationToken);
+ return _assignmentsRestClient.Create(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken);
}
catch (Exception ex)
{
@@ -275,7 +275,7 @@ public virtual async Task> CreateRoleAssignmentAsync(Ro
try
{
var _name = name == default ? Guid.NewGuid().ToString() : name.ToString();
- return await _assignmentsRestClient.CreateAsync(VaultUri.AbsoluteUri, roleScope.ToString(), _name, properties, cancellationToken)
+ return await _assignmentsRestClient.CreateAsync(VaultUri.AbsoluteUri, roleScope.ToString(), _name, new RoleAssignmentCreateParameters(properties), cancellationToken)
.ConfigureAwait(false);
}
catch (Exception ex)
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/asdf.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/asdf.cs
new file mode 100644
index 000000000000..7728867d23b3
--- /dev/null
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/asdf.cs
@@ -0,0 +1,9 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+namespace Azure.Security.KeyVault.Administration.Models
+{
+ ///
+ internal partial class RoleAssignmentCreateParameters
+ { }
+}
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/swagger/rbac.json b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/swagger/rbac.json
index 8b4e73deb39e..a15c7e1d7dfb 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/swagger/rbac.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/swagger/rbac.json
@@ -153,7 +153,7 @@
"in": "body",
"required": true,
"schema": {
- "$ref": "#/definitions/RoleAssignmentProperties"
+ "$ref": "#/definitions/RoleAssignmentCreateParameters"
},
"description": "Parameters for the role assignment."
},
@@ -349,7 +349,6 @@
"description": "Role assignment list operation result."
},
"RoleAssignmentProperties": {
- "type":"object",
"properties": {
"roleDefinitionId": {
"type": "string",
@@ -366,6 +365,18 @@
],
"description": "Role assignment properties."
},
+ "RoleAssignmentCreateParameters": {
+ "properties": {
+ "properties": {
+ "$ref": "#/definitions/RoleAssignmentProperties",
+ "description": "Role assignment properties."
+ }
+ },
+ "required": [
+ "properties"
+ ],
+ "description": "Role assignment create parameters."
+ },
"RoleDefinitionFilter": {
"properties": {
"roleName": {
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/AccessControlTestBase.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/AccessControlTestBase.cs
index 9baf6c42353e..351fb822311f 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/AccessControlTestBase.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/AccessControlTestBase.cs
@@ -39,12 +39,12 @@ internal KeyVaultAccessControlClient GetClient(TestRecording recording = null)
[SetUp]
public void ClearChallengeCacheforRecord()
{
+ Client = GetClient();
+
// in record mode we reset the challenge cache before each test so that the challenge call
// is always made. This allows tests to be replayed independently and in any order
if (Mode == RecordedTestMode.Record || Mode == RecordedTestMode.Playback)
{
- Client = GetClient();
-
ChallengeBasedAuthenticationPolicy.AuthenticationChallenge.ClearCache();
}
}
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/CreateRoleAssignment.json b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/CreateRoleAssignment.json
index 1731d81da373..c776c155ccdc 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/CreateRoleAssignment.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/CreateRoleAssignment.json
@@ -5,8 +5,8 @@
"RequestMethod": "GET",
"RequestHeaders": {
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "5e8636028f65bb56594d809618e68b9c",
"x-ms-return-client-request-id": "true"
@@ -18,7 +18,7 @@
"Content-Type": "application/json",
"WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022",
"X-Content-Type-Options": "nosniff",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": "OK"
},
@@ -28,8 +28,8 @@
"RequestHeaders": {
"Authorization": "Sanitized",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "5e8636028f65bb56594d809618e68b9c",
"x-ms-return-client-request-id": "true"
@@ -37,12 +37,12 @@
"RequestBody": null,
"StatusCode": 200,
"ResponseHeaders": {
- "Content-Length": "4256",
+ "Content-Length": "5517",
"Content-Type": "application/json",
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"value": [
@@ -56,19 +56,18 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/restore/action",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -100,15 +99,14 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
- "Microsoft.KeyVault/managedHsm/keys/restore/action"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/restore/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/sign/action",
@@ -140,12 +138,12 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/backup/action"
- ],
+ "actions": [],
"dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/backup/action",
+ "Microsoft.KeyVault/managedHsm/keys/create",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -172,13 +170,13 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete"
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"
],
- "dataActions": [],
"notActions": [],
"notDataActions": []
}
@@ -187,6 +185,55 @@
"type": ""
},
"type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "name": "2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Auditor",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17",
+ "name": "33413926-3206-4cdd-b39a-83574fe37a17",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/wrap/action",
+ "Microsoft.KeyVault/managedHsm/keys/unwrap/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Service Encryption",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
}
]
}
@@ -196,19 +243,21 @@
"RequestMethod": "PUT",
"RequestHeaders": {
"Authorization": "Sanitized",
- "Content-Length": "181",
+ "Content-Length": "196",
"Content-Type": "application/json",
- "Request-Id": "|3e6cb37e-4eecfa4a673ebe60.",
+ "traceparent": "00-795ecd5e80915a4391e8149b00f7c932-ebebbe61c4127749-00",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "16093e51ef8cfc750e2d28064b66eddd",
"x-ms-return-client-request-id": "true"
},
"RequestBody": {
- "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
- "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ "properties": {
+ "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
+ "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ }
},
"StatusCode": 201,
"ResponseHeaders": {
@@ -217,7 +266,7 @@
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"id": "/providers/Microsoft.Authorization/roleAssignments/e7ae2aff-eb17-4c9d-84f0-d12f7f468f16",
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/CreateRoleAssignmentAsync.json b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/CreateRoleAssignmentAsync.json
index a0391450d177..3358d0e6e09f 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/CreateRoleAssignmentAsync.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/CreateRoleAssignmentAsync.json
@@ -5,8 +5,8 @@
"RequestMethod": "GET",
"RequestHeaders": {
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "c23c658117723d55cd717f5f53da57f6",
"x-ms-return-client-request-id": "true"
@@ -18,7 +18,7 @@
"Content-Type": "application/json",
"WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022",
"X-Content-Type-Options": "nosniff",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": "OK"
},
@@ -28,8 +28,8 @@
"RequestHeaders": {
"Authorization": "Sanitized",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "c23c658117723d55cd717f5f53da57f6",
"x-ms-return-client-request-id": "true"
@@ -37,12 +37,12 @@
"RequestBody": null,
"StatusCode": 200,
"ResponseHeaders": {
- "Content-Length": "4256",
+ "Content-Length": "5517",
"Content-Type": "application/json",
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"value": [
@@ -56,19 +56,18 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/restore/action",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -100,15 +99,14 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
- "Microsoft.KeyVault/managedHsm/keys/restore/action"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/restore/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/sign/action",
@@ -140,12 +138,12 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/backup/action"
- ],
+ "actions": [],
"dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/backup/action",
+ "Microsoft.KeyVault/managedHsm/keys/create",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -172,13 +170,13 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete"
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"
],
- "dataActions": [],
"notActions": [],
"notDataActions": []
}
@@ -187,6 +185,55 @@
"type": ""
},
"type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "name": "2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Auditor",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17",
+ "name": "33413926-3206-4cdd-b39a-83574fe37a17",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/wrap/action",
+ "Microsoft.KeyVault/managedHsm/keys/unwrap/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Service Encryption",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
}
]
}
@@ -196,19 +243,21 @@
"RequestMethod": "PUT",
"RequestHeaders": {
"Authorization": "Sanitized",
- "Content-Length": "181",
+ "Content-Length": "196",
"Content-Type": "application/json",
- "Request-Id": "|3e6cb385-4eecfa4a673ebe60.",
+ "traceparent": "00-45c603df1c416548b8c344586076bc5d-4b537456c46dfe42-00",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "8172d5e41db7e9e5c84ad8c05c75332c",
"x-ms-return-client-request-id": "true"
},
"RequestBody": {
- "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
- "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ "properties": {
+ "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
+ "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ }
},
"StatusCode": 201,
"ResponseHeaders": {
@@ -217,7 +266,7 @@
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"id": "/providers/Microsoft.Authorization/roleAssignments/e7ae2aff-eb17-4c9d-84f0-d12f7f468f16",
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/DeleteRoleAssignment.json b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/DeleteRoleAssignment.json
index 70b68394cc29..0313e427f9f5 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/DeleteRoleAssignment.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/DeleteRoleAssignment.json
@@ -5,8 +5,8 @@
"RequestMethod": "GET",
"RequestHeaders": {
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "5f9412fda0f0133d146f7775c4434755",
"x-ms-return-client-request-id": "true"
@@ -18,7 +18,7 @@
"Content-Type": "application/json",
"WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022",
"X-Content-Type-Options": "nosniff",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": "OK"
},
@@ -28,8 +28,8 @@
"RequestHeaders": {
"Authorization": "Sanitized",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "5f9412fda0f0133d146f7775c4434755",
"x-ms-return-client-request-id": "true"
@@ -37,12 +37,12 @@
"RequestBody": null,
"StatusCode": 200,
"ResponseHeaders": {
- "Content-Length": "4256",
+ "Content-Length": "5517",
"Content-Type": "application/json",
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"value": [
@@ -56,19 +56,18 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/restore/action",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -100,15 +99,14 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
- "Microsoft.KeyVault/managedHsm/keys/restore/action"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/restore/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/sign/action",
@@ -140,12 +138,12 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/backup/action"
- ],
+ "actions": [],
"dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/backup/action",
+ "Microsoft.KeyVault/managedHsm/keys/create",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -172,13 +170,13 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete"
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"
],
- "dataActions": [],
"notActions": [],
"notDataActions": []
}
@@ -187,6 +185,55 @@
"type": ""
},
"type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "name": "2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Auditor",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17",
+ "name": "33413926-3206-4cdd-b39a-83574fe37a17",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/wrap/action",
+ "Microsoft.KeyVault/managedHsm/keys/unwrap/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Service Encryption",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
}
]
}
@@ -196,19 +243,21 @@
"RequestMethod": "PUT",
"RequestHeaders": {
"Authorization": "Sanitized",
- "Content-Length": "181",
+ "Content-Length": "196",
"Content-Type": "application/json",
- "Request-Id": "|3e6cb380-4eecfa4a673ebe60.",
+ "traceparent": "00-aebc54bd7fc99e4f891f346fea033cdd-2f6e8b19d3247a43-00",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "a62283a033ccd643d3ca47462f9e8cc5",
"x-ms-return-client-request-id": "true"
},
"RequestBody": {
- "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
- "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ "properties": {
+ "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
+ "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ }
},
"StatusCode": 201,
"ResponseHeaders": {
@@ -217,7 +266,7 @@
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"id": "/providers/Microsoft.Authorization/roleAssignments/e7ae2aff-eb17-4c9d-84f0-d12f7f468f16",
@@ -235,10 +284,10 @@
"RequestMethod": "DELETE",
"RequestHeaders": {
"Authorization": "Sanitized",
- "Request-Id": "|3e6cb381-4eecfa4a673ebe60.",
+ "traceparent": "00-2ada8a3a8e46e24a96dc4e1e61048704-7c9081ed35ed7a44-00",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "f213e6c0e20b3b9ee285854e4f62a8b4",
"x-ms-return-client-request-id": "true"
@@ -251,7 +300,7 @@
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"id": "/providers/Microsoft.Authorization/roleAssignments/e7ae2aff-eb17-4c9d-84f0-d12f7f468f16",
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/DeleteRoleAssignmentAsync.json b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/DeleteRoleAssignmentAsync.json
index cb8521a63bd3..c8f4b235b239 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/DeleteRoleAssignmentAsync.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/DeleteRoleAssignmentAsync.json
@@ -5,8 +5,8 @@
"RequestMethod": "GET",
"RequestHeaders": {
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "90089dd99809a512d432fd1a0d8f4b26",
"x-ms-return-client-request-id": "true"
@@ -18,7 +18,7 @@
"Content-Type": "application/json",
"WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022",
"X-Content-Type-Options": "nosniff",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": "OK"
},
@@ -28,8 +28,8 @@
"RequestHeaders": {
"Authorization": "Sanitized",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "90089dd99809a512d432fd1a0d8f4b26",
"x-ms-return-client-request-id": "true"
@@ -37,12 +37,12 @@
"RequestBody": null,
"StatusCode": 200,
"ResponseHeaders": {
- "Content-Length": "4256",
+ "Content-Length": "5517",
"Content-Type": "application/json",
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"value": [
@@ -56,19 +56,18 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/restore/action",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -100,15 +99,14 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
- "Microsoft.KeyVault/managedHsm/keys/restore/action"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/restore/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/sign/action",
@@ -140,12 +138,12 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/backup/action"
- ],
+ "actions": [],
"dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/backup/action",
+ "Microsoft.KeyVault/managedHsm/keys/create",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -172,13 +170,13 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete"
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"
],
- "dataActions": [],
"notActions": [],
"notDataActions": []
}
@@ -187,6 +185,55 @@
"type": ""
},
"type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "name": "2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Auditor",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17",
+ "name": "33413926-3206-4cdd-b39a-83574fe37a17",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/wrap/action",
+ "Microsoft.KeyVault/managedHsm/keys/unwrap/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Service Encryption",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
}
]
}
@@ -196,19 +243,21 @@
"RequestMethod": "PUT",
"RequestHeaders": {
"Authorization": "Sanitized",
- "Content-Length": "181",
+ "Content-Length": "196",
"Content-Type": "application/json",
- "Request-Id": "|3e6cb387-4eecfa4a673ebe60.",
+ "traceparent": "00-7427b92b69836743a1dbdf959a9368e5-4d40873686202a48-00",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "ffce91e513374f917bd26e76b166002d",
"x-ms-return-client-request-id": "true"
},
"RequestBody": {
- "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
- "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ "properties": {
+ "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
+ "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ }
},
"StatusCode": 201,
"ResponseHeaders": {
@@ -217,7 +266,7 @@
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"id": "/providers/Microsoft.Authorization/roleAssignments/e7ae2aff-eb17-4c9d-84f0-d12f7f468f16",
@@ -235,10 +284,10 @@
"RequestMethod": "DELETE",
"RequestHeaders": {
"Authorization": "Sanitized",
- "Request-Id": "|3e6cb388-4eecfa4a673ebe60.",
+ "traceparent": "00-5fb6c9f270d86749b5b5b5843ae1331b-5c5826b3211c1d42-00",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "3d63015b5be35d7e1461862d46efbe59",
"x-ms-return-client-request-id": "true"
@@ -251,7 +300,7 @@
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"id": "/providers/Microsoft.Authorization/roleAssignments/e7ae2aff-eb17-4c9d-84f0-d12f7f468f16",
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleAssignment.json b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleAssignment.json
index 2531a6904840..50bffc2428b0 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleAssignment.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleAssignment.json
@@ -5,8 +5,8 @@
"RequestMethod": "GET",
"RequestHeaders": {
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "495eaeb69be85f6afeff2958f3da8d60",
"x-ms-return-client-request-id": "true"
@@ -18,7 +18,7 @@
"Content-Type": "application/json",
"WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022",
"X-Content-Type-Options": "nosniff",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": "OK"
},
@@ -28,8 +28,8 @@
"RequestHeaders": {
"Authorization": "Sanitized",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "495eaeb69be85f6afeff2958f3da8d60",
"x-ms-return-client-request-id": "true"
@@ -37,12 +37,12 @@
"RequestBody": null,
"StatusCode": 200,
"ResponseHeaders": {
- "Content-Length": "4256",
+ "Content-Length": "5517",
"Content-Type": "application/json",
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"value": [
@@ -56,19 +56,18 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/restore/action",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -100,15 +99,14 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
- "Microsoft.KeyVault/managedHsm/keys/restore/action"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/restore/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/sign/action",
@@ -140,12 +138,12 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/backup/action"
- ],
+ "actions": [],
"dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/backup/action",
+ "Microsoft.KeyVault/managedHsm/keys/create",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -172,13 +170,13 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete"
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"
],
- "dataActions": [],
"notActions": [],
"notDataActions": []
}
@@ -187,6 +185,55 @@
"type": ""
},
"type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "name": "2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Auditor",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17",
+ "name": "33413926-3206-4cdd-b39a-83574fe37a17",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/wrap/action",
+ "Microsoft.KeyVault/managedHsm/keys/unwrap/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Service Encryption",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
}
]
}
@@ -196,19 +243,21 @@
"RequestMethod": "PUT",
"RequestHeaders": {
"Authorization": "Sanitized",
- "Content-Length": "181",
+ "Content-Length": "196",
"Content-Type": "application/json",
- "Request-Id": "|3e6cb382-4eecfa4a673ebe60.",
+ "traceparent": "00-d2af868f1159df4988cb1cd064be61ef-86ea7b92d28ed84b-00",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "d499b987535015555758ba33a25b0a64",
"x-ms-return-client-request-id": "true"
},
"RequestBody": {
- "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
- "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ "properties": {
+ "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
+ "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ }
},
"StatusCode": 201,
"ResponseHeaders": {
@@ -217,7 +266,7 @@
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"id": "/providers/Microsoft.Authorization/roleAssignments/e7ae2aff-eb17-4c9d-84f0-d12f7f468f16",
@@ -235,10 +284,10 @@
"RequestMethod": "GET",
"RequestHeaders": {
"Authorization": "Sanitized",
- "Request-Id": "|3e6cb383-4eecfa4a673ebe60.",
+ "traceparent": "00-6af0dd670df83746a523a8e34b57a428-6793d98bec069c4b-00",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "599096f85657ea8ac7b19ce201831758",
"x-ms-return-client-request-id": "true"
@@ -251,7 +300,7 @@
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"id": "/providers/Microsoft.Authorization/roleAssignments/e7ae2aff-eb17-4c9d-84f0-d12f7f468f16",
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleAssignmentAsync.json b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleAssignmentAsync.json
index 12c3e3506ff8..90969d34b981 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleAssignmentAsync.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleAssignmentAsync.json
@@ -5,8 +5,8 @@
"RequestMethod": "GET",
"RequestHeaders": {
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "b1527bf3417a79628d90dd6275e693c2",
"x-ms-return-client-request-id": "true"
@@ -18,7 +18,7 @@
"Content-Type": "application/json",
"WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022",
"X-Content-Type-Options": "nosniff",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": "OK"
},
@@ -28,8 +28,8 @@
"RequestHeaders": {
"Authorization": "Sanitized",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "b1527bf3417a79628d90dd6275e693c2",
"x-ms-return-client-request-id": "true"
@@ -37,12 +37,12 @@
"RequestBody": null,
"StatusCode": 200,
"ResponseHeaders": {
- "Content-Length": "4256",
+ "Content-Length": "5517",
"Content-Type": "application/json",
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"value": [
@@ -56,19 +56,18 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/restore/action",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -100,15 +99,14 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
- "Microsoft.KeyVault/managedHsm/keys/restore/action"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/restore/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/sign/action",
@@ -140,12 +138,12 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/backup/action"
- ],
+ "actions": [],
"dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/backup/action",
+ "Microsoft.KeyVault/managedHsm/keys/create",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -172,13 +170,13 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete"
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"
],
- "dataActions": [],
"notActions": [],
"notDataActions": []
}
@@ -187,6 +185,55 @@
"type": ""
},
"type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "name": "2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Auditor",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17",
+ "name": "33413926-3206-4cdd-b39a-83574fe37a17",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/wrap/action",
+ "Microsoft.KeyVault/managedHsm/keys/unwrap/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Service Encryption",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
}
]
}
@@ -196,19 +243,21 @@
"RequestMethod": "PUT",
"RequestHeaders": {
"Authorization": "Sanitized",
- "Content-Length": "181",
+ "Content-Length": "196",
"Content-Type": "application/json",
- "Request-Id": "|3e6cb389-4eecfa4a673ebe60.",
+ "traceparent": "00-379c4e72dce7e241926f9b839757f7ce-1f11d260e94a3b4a-00",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "97ca12c57d1eafa690e4cfbfaa6b1783",
"x-ms-return-client-request-id": "true"
},
"RequestBody": {
- "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
- "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ "properties": {
+ "roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b",
+ "principalId": "693a17da-7022-4cdd-9d4e-4e72e4ad449d"
+ }
},
"StatusCode": 201,
"ResponseHeaders": {
@@ -217,7 +266,7 @@
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"id": "/providers/Microsoft.Authorization/roleAssignments/e7ae2aff-eb17-4c9d-84f0-d12f7f468f16",
@@ -235,10 +284,10 @@
"RequestMethod": "GET",
"RequestHeaders": {
"Authorization": "Sanitized",
- "Request-Id": "|3e6cb38a-4eecfa4a673ebe60.",
+ "traceparent": "00-c6005ad9233cf6459c6ddbf2857b04d6-56bcc6265f7f0749-00",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "e8814a7bcc82cbf1a39bc7d83ee0eb34",
"x-ms-return-client-request-id": "true"
@@ -251,7 +300,7 @@
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "040cdf98-a06d-11ea-af9a-0242ac12000b"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"id": "/providers/Microsoft.Authorization/roleAssignments/e7ae2aff-eb17-4c9d-84f0-d12f7f468f16",
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleDefinitions.json b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleDefinitions.json
index 384b3b6cb434..162d9a5d8d0c 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleDefinitions.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleDefinitions.json
@@ -5,8 +5,8 @@
"RequestMethod": "GET",
"RequestHeaders": {
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "ceef6d0ab68b4b8d6235ca38ce984db2",
"x-ms-return-client-request-id": "true"
@@ -18,7 +18,7 @@
"Content-Type": "application/json",
"WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022",
"X-Content-Type-Options": "nosniff",
- "x-ms-request-id": "03c34d72-a07e-11ea-b186-0242ac12000a"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": "OK"
},
@@ -28,8 +28,8 @@
"RequestHeaders": {
"Authorization": "Sanitized",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "ceef6d0ab68b4b8d6235ca38ce984db2",
"x-ms-return-client-request-id": "true"
@@ -37,12 +37,12 @@
"RequestBody": null,
"StatusCode": 200,
"ResponseHeaders": {
- "Content-Length": "4256",
+ "Content-Length": "5517",
"Content-Type": "application/json",
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "03c34d72-a07e-11ea-b186-0242ac12000a"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"value": [
@@ -56,19 +56,18 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/restore/action",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -100,15 +99,14 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
- "Microsoft.KeyVault/managedHsm/keys/restore/action"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/restore/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/sign/action",
@@ -140,12 +138,12 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/backup/action"
- ],
+ "actions": [],
"dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/backup/action",
+ "Microsoft.KeyVault/managedHsm/keys/create",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -172,13 +170,13 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete"
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"
],
- "dataActions": [],
"notActions": [],
"notDataActions": []
}
@@ -187,6 +185,55 @@
"type": ""
},
"type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "name": "2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Auditor",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17",
+ "name": "33413926-3206-4cdd-b39a-83574fe37a17",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/wrap/action",
+ "Microsoft.KeyVault/managedHsm/keys/unwrap/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Service Encryption",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
}
]
}
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleDefinitionsAsync.json b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleDefinitionsAsync.json
index aec2dc60b73c..3ed767c231aa 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleDefinitionsAsync.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/SessionRecords/AccessControlClientLiveTests/GetRoleDefinitionsAsync.json
@@ -5,8 +5,8 @@
"RequestMethod": "GET",
"RequestHeaders": {
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "e053ba5483ab0ec55202f62324301f5e",
"x-ms-return-client-request-id": "true"
@@ -18,7 +18,7 @@
"Content-Type": "application/json",
"WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022",
"X-Content-Type-Options": "nosniff",
- "x-ms-request-id": "03c34d72-a07e-11ea-b186-0242ac12000a"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": "OK"
},
@@ -28,8 +28,8 @@
"RequestHeaders": {
"Authorization": "Sanitized",
"User-Agent": [
- "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200608.1",
- "(.NET Core 4.6.28801.04; Microsoft Windows 10.0.18363 )"
+ "azsdk-net-Security.KeyVault.Administration/4.1.0-dev.20200617.1",
+ "(.NET Core 4.6.28928.01; Microsoft Windows 10.0.18363 )"
],
"x-ms-client-request-id": "e053ba5483ab0ec55202f62324301f5e",
"x-ms-return-client-request-id": "true"
@@ -37,12 +37,12 @@
"RequestBody": null,
"StatusCode": 200,
"ResponseHeaders": {
- "Content-Length": "4256",
+ "Content-Length": "5517",
"Content-Type": "application/json",
"X-Content-Type-Options": "nosniff",
"x-ms-keyvault-network-info": "addr=72.176.254.191",
"x-ms-keyvault-region": "EASTUS",
- "x-ms-request-id": "03c34d72-a07e-11ea-b186-0242ac12000a"
+ "x-ms-request-id": "7a0bdfa8-b0eb-11ea-9d3b-0242ac12000a"
},
"ResponseBody": {
"value": [
@@ -56,19 +56,18 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/restore/action",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -100,15 +99,14 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read",
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action",
"Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
- "Microsoft.KeyVault/managedHsm/keys/restore/action"
- ],
- "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/restore/action",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/sign/action",
@@ -140,12 +138,12 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/keys/read",
- "Microsoft.KeyVault/managedHsm/keys/write",
- "Microsoft.KeyVault/managedHsm/keys/backup/action"
- ],
+ "actions": [],
"dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/write/action",
+ "Microsoft.KeyVault/managedHsm/keys/backup/action",
+ "Microsoft.KeyVault/managedHsm/keys/create",
"Microsoft.KeyVault/managedHsm/keys/encrypt/action",
"Microsoft.KeyVault/managedHsm/keys/decrypt/action",
"Microsoft.KeyVault/managedHsm/keys/wrap/action",
@@ -172,13 +170,13 @@
"description": "",
"permissions": [
{
- "actions": [
- "Microsoft.KeyVault/managedHsm/roleDefinitions/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/read",
- "Microsoft.KeyVault/managedHsm/roleAssignments/write",
- "Microsoft.KeyVault/managedHsm/roleAssignments/delete"
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/read/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/write/action",
+ "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"
],
- "dataActions": [],
"notActions": [],
"notDataActions": []
}
@@ -187,6 +185,55 @@
"type": ""
},
"type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "name": "2c18b078-7c48-4d3a-af88-5a3a1b3f82b3",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Auditor",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
+ },
+ {
+ "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17",
+ "name": "33413926-3206-4cdd-b39a-83574fe37a17",
+ "properties": {
+ "assignableScopes": [
+ "/"
+ ],
+ "description": "",
+ "permissions": [
+ {
+ "actions": [],
+ "dataActions": [
+ "Microsoft.KeyVault/managedHsm/keys/read/action",
+ "Microsoft.KeyVault/managedHsm/keys/wrap/action",
+ "Microsoft.KeyVault/managedHsm/keys/unwrap/action"
+ ],
+ "notActions": [],
+ "notDataActions": []
+ }
+ ],
+ "roleName": "Azure Key Vault Managed HSM Crypto Service Encryption",
+ "type": ""
+ },
+ "type": "Microsoft.Authorization/roleDefinitions"
}
]
}