Add endpoints for managed HSM (#227)

* managed hsm endpoints * fix
Azure · Oct 19, 2020 · f716882 · f716882
1 parent 6f6aa32
commit f716882
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 7 deletions.
diff --git a/src/Authentication.Abstractions/AzureEnvironment.cs b/src/Authentication.Abstractions/AzureEnvironment.cs
@@ -28,7 +28,7 @@ namespace Microsoft.Azure.Commands.Common.Authentication.Abstractions
     /// A record of metadata necessary to manage assets in a specific azure cloud, including necessary endpoints,
     /// location fo service-specific endpoints, and information for bootstrapping authentication
     /// </summary>
-    [Serializable]    
+    [Serializable]
     public class AzureEnvironment : IAzureEnvironment, IEquatable<AzureEnvironment>
     {
         private const string ArmMetadataEnvVariable = "ARM_CLOUD_METADATA_URL";
@@ -238,7 +238,7 @@ private static async Task<List<ArmMetadata>> InitializeEnvironmentsFromArm(strin
         /// <param name="azureEnvironments">Collection of AzureEnvironments</param>
         private static void SetExtendedProperties(IDictionary<string, AzureEnvironment> azureEnvironments)
         {
-            if(azureEnvironments.ContainsKey(EnvironmentName.AzureCloud))
+            if (azureEnvironments.ContainsKey(EnvironmentName.AzureCloud))
             {
                 azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.OperationalInsightsEndpoint, AzureEnvironmentConstants.AzureOperationalInsightsEndpoint);
                 azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.OperationalInsightsEndpointResourceId, AzureEnvironmentConstants.AzureOperationalInsightsEndpointResourceId);
@@ -248,28 +248,36 @@ private static void SetExtendedProperties(IDictionary<string, AzureEnvironment>
                 azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.AzureAttestationServiceEndpointResourceId, AzureEnvironmentConstants.AzureAttestationServiceEndpointResourceId);
                 azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.AzureSynapseAnalyticsEndpointSuffix, AzureEnvironmentConstants.AzureSynapseAnalyticsEndpointSuffix);
                 azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId, AzureEnvironmentConstants.AzureSynapseAnalyticsEndpointResourceId);
+                azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointResourceId, AzureEnvironmentConstants.AzureManagedHsmServiceEndpointResourceId);
+                azureEnvironments[EnvironmentName.AzureCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointSuffix, AzureEnvironmentConstants.AzureManagedHsmDnsSuffix);
             }
 
-            if(azureEnvironments.ContainsKey(EnvironmentName.AzureChinaCloud))
+            if (azureEnvironments.ContainsKey(EnvironmentName.AzureChinaCloud))
             {
                 azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointSuffix, AzureEnvironmentConstants.ChinaAnalysisServicesEndpointSuffix);
                 azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointResourceId, AzureEnvironmentConstants.ChinaAnalysisServicesEndpointResourceId);
                 azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.AzureSynapseAnalyticsEndpointSuffix, AzureEnvironmentConstants.ChinaSynapseAnalyticsEndpointSuffix);
                 azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId, AzureEnvironmentConstants.ChinaSynapseAnalyticsEndpointResourceId);
+                azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointResourceId, AzureEnvironmentConstants.ChineManagedHsmServiceEndpointResourceId);
+                azureEnvironments[EnvironmentName.AzureChinaCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointSuffix, AzureEnvironmentConstants.ChinaManagedHsmDnsSuffix);
             }
 
-            if(azureEnvironments.ContainsKey(EnvironmentName.AzureUSGovernment))
+            if (azureEnvironments.ContainsKey(EnvironmentName.AzureUSGovernment))
             {
                 azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.OperationalInsightsEndpoint, AzureEnvironmentConstants.USGovernmentOperationalInsightsEndpoint);
                 azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.OperationalInsightsEndpointResourceId, AzureEnvironmentConstants.USGovernmentOperationalInsightsEndpointResourceId);
                 azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointSuffix, AzureEnvironmentConstants.USGovernmentAnalysisServicesEndpointSuffix);
                 azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointResourceId, AzureEnvironmentConstants.USGovernmentAnalysisServicesEndpointResourceId);
+                azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointResourceId, AzureEnvironmentConstants.USGovernmeneManagedHsmServiceEndpointResourceId);
+                azureEnvironments[EnvironmentName.AzureUSGovernment].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointSuffix, AzureEnvironmentConstants.USGovernmentManagedHsmDnsSuffix);
             }
 
-            if(azureEnvironments.ContainsKey(EnvironmentName.AzureGermanCloud))
+            if (azureEnvironments.ContainsKey(EnvironmentName.AzureGermanCloud))
             {
                 azureEnvironments[EnvironmentName.AzureGermanCloud].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointSuffix, AzureEnvironmentConstants.GermanAnalysisServicesEndpointSuffix);
                 azureEnvironments[EnvironmentName.AzureGermanCloud].SetProperty(ExtendedEndpoint.AnalysisServicesEndpointResourceId, AzureEnvironmentConstants.GermanAnalysisServicesEndpointResourceId);
+                azureEnvironments[EnvironmentName.AzureGermanCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointResourceId, AzureEnvironmentConstants.GermanAzureManagedHsmServiceEndpointResourceId);
+                azureEnvironments[EnvironmentName.AzureGermanCloud].SetProperty(ExtendedEndpoint.ManagedHsmServiceEndpointSuffix, AzureEnvironmentConstants.GermanManagedHsmDnsSuffix);
             }
         }
 
@@ -305,11 +313,11 @@ private static AzureEnvironment MapArmToAzureEnvironment(ArmMetadata armMetadata
                 ContainerRegistryEndpointSuffix = armMetadata.Suffixes.AcrLoginServer
             };
 
-            // There are mismatches between metadata built in Azure PowerShell/CLI and from ARM endpoint. 
+            // There are mismatches between metadata built in Azure PowerShell/CLI and from ARM endpoint.
             // Considering compatibility, below hard coded logic accommodates those mismatches
             // SqlDatabaseDnsSuffix requires value leading with period
             // ServiceManagementUrl as audience needs to end with slash
-            if(azureEnvironment.SqlDatabaseDnsSuffix != null && !azureEnvironment.SqlDatabaseDnsSuffix.StartsWith("."))
+            if (azureEnvironment.SqlDatabaseDnsSuffix != null && !azureEnvironment.SqlDatabaseDnsSuffix.StartsWith("."))
             {
                 azureEnvironment.SqlDatabaseDnsSuffix = "." + azureEnvironment.SqlDatabaseDnsSuffix;
             }
@@ -635,6 +643,8 @@ public static class ExtendedEndpoint
         {
             public const string OperationalInsightsEndpointResourceId = "OperationalInsightsEndpointResourceId",
                 OperationalInsightsEndpoint = "OperationalInsightsEndpoint",
+                ManagedHsmServiceEndpointSuffix = "ManagedHsmServiceEndpointSuffix",
+                ManagedHsmServiceEndpointResourceId = "ManagedHsmServiceEndpointResourceId",
                 AnalysisServicesEndpointSuffix = "AzureAnalysisServicesEndpointSuffix",
                 AnalysisServicesEndpointResourceId = "AnalysisServicesEndpointResourceId",
                 AzureAttestationServiceEndpointSuffix = "AzureAttestationServiceEndpointSuffix",

diff --git a/src/Authentication.Abstractions/AzureEnvironmentConstants.cs b/src/Authentication.Abstractions/AzureEnvironmentConstants.cs
@@ -112,6 +112,14 @@ public static class AzureEnvironmentConstants
         public const string USGovernmentKeyVaultDnsSuffix = "vault.usgovcloudapi.net";
         public const string GermanKeyVaultDnsSuffix = "vault.microsoftazure.de";
 
+        /// <summary>
+        /// The domain name suffix for azure keyvault managed hsms
+        /// </summary>
+        public const string AzureManagedHsmDnsSuffix = "managedhsm.azure.net";
+        public const string ChinaManagedHsmDnsSuffix = "managedhsm.azure.cn";
+        public const string USGovernmentManagedHsmDnsSuffix = "managedhsm.usgovcloudapi.net";
+        public const string GermanManagedHsmDnsSuffix = "managedhsm.microsoftazure.de";
+
         /// <summary>
         /// The token audience for authorizing KeyVault requests
         /// </summary>
@@ -120,6 +128,14 @@ public static class AzureEnvironmentConstants
         public const string USGovernmentKeyVaultServiceEndpointResourceId = "https://vault.usgovcloudapi.net";
         public const string GermanAzureKeyVaultServiceEndpointResourceId = "https://vault.microsoftazure.de";
 
+        /// <summary>
+        /// The token audience for authorizing managed hsm requests
+        /// </summary>
+        public const string AzureManagedHsmServiceEndpointResourceId = "https://managedhsm.azure.net";
+        public const string ChineManagedHsmServiceEndpointResourceId = "https://managedhsm.azure.cn";
+        public const string USGovernmeneManagedHsmServiceEndpointResourceId = "https://managedhsm.usgovcloudapi.net";
+        public const string GermanAzureManagedHsmServiceEndpointResourceId = "https://managedhsm.microsoftazure.de";
+
         /// <summary>
         /// The token audience for Log Analytics Queries
         /// </summary>

diff --git a/src/Authentication.Abstractions/Extensions/AzureEnvironmentExtensions.cs b/src/Authentication.Abstractions/Extensions/AzureEnvironmentExtensions.cs
@@ -289,6 +289,12 @@ public static void SetEndpoint(this IAzureEnvironment environment, string endpoi
                     case AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId:
                         environment.SetProperty(AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId, propertyValue);
                         break;
+                    case AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointSuffix:
+                        environment.SetProperty(AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointSuffix, propertyValue);
+                        break;
+                    case AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointResourceId:
+                        environment.SetProperty(AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointResourceId, propertyValue);
+                        break;
                 }
             }
         }
@@ -332,6 +338,10 @@ public static string GetTokenAudience(this IAzureEnvironment environment, string
                 case AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId:
                     resource = AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointResourceId;
                     break;
+                case AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointSuffix:
+                case AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointResourceId:
+                    resource = AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointResourceId;
+                    break;
                 default:
                     resource = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId;
                     break;