[Breaking Change] Changed parameter SoftDeleteRetentionInDays in New-AzKeyVaultManagedHsm (#22856)

BethanyZhou · web-flow · commit 566112dabf02 · 2023-09-27T15:55:03.000+08:00
* [Breaking Change] Changed parameter SoftDeleteRetentionInDays in New-AzKeyVaultManagedHsm to mandatory

* update examples

* update test cases

* Update BreakingChangeIssues.csv
diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1 b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
@@ -26,7 +26,7 @@ function Test-ManagedHsmCRUD {
 
     try {
         # Test create a default managed HSM
-        $hsm = New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
+        $hsm = New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator -SoftDeleteRetentionInDays 90
         Assert-AreEqual $hsmName $hsm.Name
         Assert-AreEqual $rgName $hsm.ResourceGroupName
         Assert-AreEqual $hsmLocation $hsm.Location
@@ -46,15 +46,15 @@ function Test-ManagedHsmCRUD {
         Assert-NotNull $got.SecurityDomain
 
         # Test throws for existing managed HSM
-        Assert-Throws { New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator }
+        Assert-Throws { New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator -SoftDeleteRetentionInDays 90}
 
         # Test remove managed HSM
         Remove-AzKeyVaultManagedHsm -InputObject $got -Force
         $deletedMhsm = Get-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName
         Assert-Null $deletedMhsm
 
         # Test throws for resourcegroup nonexistent
-        Assert-Throws {  New-AzKeyVaultManagedHsm -Name (getAssetName) -ResourceGroupName (getAssetName) -Location $hsmLocation -Administrator $administrator }
+        Assert-Throws {  New-AzKeyVaultManagedHsm -Name (getAssetName) -ResourceGroupName (getAssetName) -Location $hsmLocation -Administrator $administrator -SoftDeleteRetentionInDays 90}
     }
 
     finally {
@@ -83,15 +83,15 @@ function Test-CreateManagedHsmWithPublicNetworkAccess{
     New-AzResourceGroup -Name $rgName -Location $rgLocation
     try {
         # Test creating a default managed HSM
-        $hsm = New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
+        $hsm = New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator -SoftDeleteRetentionInDays 90
         Assert-AreEqual "Enabled" $hsm.PublicNetworkAccess "1. The default of PublicNetworkAccess is Enabled"
         
         # Test create a managed HSM with disabled PublicNetworkAccess
-        $hsm2 = New-AzKeyVaultManagedHsm -Name $hsmName2 -ResourceGroupName $rgName -Location $hsmLocation2 -Administrator $administrator -PublicNetworkAccess Disabled
+        $hsm2 = New-AzKeyVaultManagedHsm -Name $hsmName2 -ResourceGroupName $rgName -Location $hsmLocation2 -Administrator $administrator -PublicNetworkAccess Disabled -SoftDeleteRetentionInDays 90
         Assert-AreEqual "Disabled" $hsm2.PublicNetworkAccess "2. create managed HSM with disabled PublicNetworkAccess"
 
         # Test create a managed HSM with enabled PublicNetworkAccess
-        $hsm3 = New-AzKeyVaultManagedHsm -Name $hsmName3 -ResourceGroupName $rgName -Location $hsmLocation3 -Administrator $administrator -PublicNetworkAccess Enabled
+        $hsm3 = New-AzKeyVaultManagedHsm -Name $hsmName3 -ResourceGroupName $rgName -Location $hsmLocation3 -Administrator $administrator -PublicNetworkAccess Enabled -SoftDeleteRetentionInDays 90
         Assert-AreEqual "Enabled" $hsm3.PublicNetworkAccess "3. create managed HSM with enabled PublicNetworkAccess"
 
     }finally{        
@@ -116,7 +116,7 @@ function Test-UpdateManagedHsmWithPublicNetworkAccess{
     New-AzResourceGroup -Name $rgName -Location $rgLocation
     try {
         # Test creating a default managed HSM
-        $hsm = New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
+        $hsm = New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator -SoftDeleteRetentionInDays 90
         Assert-AreEqual "Enabled" $hsm.PublicNetworkAccess "1. The default of PublicNetworkAccess is Enabled"
         
         # Test updating PublicNetworkAccess as Disabled
@@ -203,7 +203,7 @@ function Test-UndoManagedHsmRemoval{
             New-AzResourceGroup -Name $rgName -Location $rgLocation
 
             # Test: create a managed HSM
-            $hsm = New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
+            $hsm = New-AzKeyVaultManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator -SoftDeleteRetentionInDays 90
 
             Remove-AzKeyVaultManagedHsm -InputObject $hsm -Force
             
diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* [Breaking Change] Changed parameter `SoftDeleteRetentionInDays` in `New-AzKeyVaultManagedHsm` to mandatory.
 
 ## Version 4.12.0
 * Supported splitting `Import-AzKeyVaultSecurityDomain` process into three steps to allow keys to be hidden offline.
@@ -41,7 +42,7 @@
 
 ## Version 4.10.0
 * Added breaking change announcement for parameter `SoftDeleteRetentionInDays` in `New-AzKeyVaultManagedHsm`. The parameter `SoftDeleteRetentionInDays` is becoming mandatory
-    - This change will take effect on version 6.0.0
+    - This change will take effect on version 5.0.0
 * Changed the encoding way from a string into byte array in `Invoke-AzKeyVaultKeyOperation` from ASCII to UTF8. UTF8 is backward-compatible with ASCII. [#21269]
 * Bug fix: Changed the decoding way from byte array into a string from system default encoding to UTF8 to match encoding way. [#21269]
 * Added parameter `PolicyPath` and `PolicyObject` in `Import-AzKeyVaultCertificate` to support custom policy [#20780]
diff --git a/src/KeyVault/KeyVault/Commands/ManagedHsm/NewAzKeyVaultManagedHsm.cs b/src/KeyVault/KeyVault/Commands/ManagedHsm/NewAzKeyVaultManagedHsm.cs
@@ -30,7 +30,7 @@ namespace Microsoft.Azure.Commands.KeyVault.Commands
     /// </summary>
     [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVaultManagedHsm", SupportsShouldProcess = true)]
     [OutputType(typeof(PSManagedHsm))]
-    public class NewAzureManagedHsm : KeyVaultManagementCmdletBase
+    public class NewAzKeyVaultManagedHsm : KeyVaultManagementCmdletBase
     {
         #region Input Parameter Definitions
 
@@ -81,8 +81,8 @@ public class NewAzureManagedHsm : KeyVaultManagementCmdletBase
         [PSArgumentCompleter("StandardB1", "CustomB32")]
         public string Sku { get; set; }
 
-        [Parameter(Mandatory = false,
-            HelpMessage = "Specifies how long the deleted managed hsm pool is retained, and how long until the managed hsm pool in the deleted state can be purged. The default is " + Constants.DefaultSoftDeleteRetentionDaysString + " days.")]
+        [Parameter(Mandatory = true,
+            HelpMessage = "Specifies how long the deleted managed hsm pool is retained, and how long until the managed hsm pool in the deleted state can be purged.")]
         [ValidateRange(Constants.MinSoftDeleteRetentionDays, Constants.MaxSoftDeleteRetentionDays)]
         [ValidateNotNullOrEmpty]
         public int SoftDeleteRetentionInDays { get; set; }
@@ -127,9 +127,7 @@ public override void ExecuteCmdlet()
                     Administrator = this.Administrator,
                     SkuFamilyName = DefaultManagedHsmSkuFamily,
                     // If retention days is not specified, use the default value
-                    SoftDeleteRetentionInDays = this.IsParameterBound(c => c.SoftDeleteRetentionInDays)
-                            ? SoftDeleteRetentionInDays
-                            : Constants.DefaultSoftDeleteRetentionDays,
+                    SoftDeleteRetentionInDays = this.SoftDeleteRetentionInDays,
                     // false is not accepted
                     EnablePurgeProtection = this.EnablePurgeProtection.IsPresent ? true : (bool?)null,
                     // use default network rule set
diff --git a/src/KeyVault/KeyVault/help/New-AzKeyVaultManagedHsm.md b/src/KeyVault/KeyVault/help/New-AzKeyVaultManagedHsm.md
@@ -14,10 +14,9 @@ Creates a managed HSM.
 
 ```
 New-AzKeyVaultManagedHsm [-Name] <String> [-ResourceGroupName] <String> [-Location] <String>
- [-Administrator] <String[]> [-Sku <String>] [-SoftDeleteRetentionInDays <Int32>]
- [-PublicNetworkAccess <String>] [-EnablePurgeProtection] [-Tag <Hashtable>] [-AsJob]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [-SubscriptionId <String>]
- [<CommonParameters>]
+ [-Administrator] <String[]> [-Sku <String>] -SoftDeleteRetentionInDays <Int32> [-PublicNetworkAccess <String>]
+ [-EnablePurgeProtection] [-Tag <Hashtable>] [-AsJob] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [-SubscriptionId <String>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -31,7 +30,7 @@ remove, or list keys in the managed HSM, user should:
 
 ### Example 1: Create a StandardB1 managed HSM
 ```powershell
-New-AzKeyVaultManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+New-AzKeyVaultManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -SoftDeleteRetentionInDays 70
 ```
 
 ```output
@@ -46,7 +45,7 @@ value for the *SKU* parameter, it creates a Standard_B1 managed HSM.
 
 ### Example 2: Create a CustomB32 managed HSM
 ```powershell
-New-AzKeyVaultManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -Sku 'CustomB32'
+New-AzKeyVaultManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -Sku 'CustomB32' -SoftDeleteRetentionInDays 70
 ```
 
 ```output
@@ -65,7 +64,7 @@ CustomB32 for the *SKU* parameter to create a CustomB32 managed HSM.
 Initial administrator object id for this managed HSM pool.
 
 ```yaml
-Type: System.String[]
+Type: String[]
 Parameter Sets: (All)
 Aliases:
 
@@ -80,7 +79,7 @@ Accept wildcard characters: False
 Run cmdlet in the background
 
 ```yaml
-Type: System.Management.Automation.SwitchParameter
+Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 
@@ -91,11 +90,26 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -DefaultProfile
 The credentials, account, tenant, and subscription used for communication with Azure.
 
 ```yaml
-Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Type: IAzureContextContainer
 Parameter Sets: (All)
 Aliases: AzContext, AzureRmContext, AzureCredential
 
@@ -110,7 +124,7 @@ Accept wildcard characters: False
 specifying whether protection against purge is enabled for this managed HSM pool. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible.
 
 ```yaml
-Type: System.Management.Automation.SwitchParameter
+Type: SwitchParameter
 Parameter Sets: (All)
 Aliases:
 
@@ -126,7 +140,7 @@ Specifies the Azure region in which to create the key vault.
 Use the command Get-AzResourceProvider with the ProviderNamespace parameter to see your choices.
 
 ```yaml
-Type: System.String
+Type: String
 Parameter Sets: (All)
 Aliases:
 
@@ -144,7 +158,7 @@ The name must start and end with a letter or digit.
 The name must be universally unique.
 
 ```yaml
-Type: System.String
+Type: String
 Parameter Sets: (All)
 Aliases: HsmName
 
@@ -159,7 +173,7 @@ Accept wildcard characters: False
 Controls permission for data plane traffic coming from public networks while private endpoint is enabled.
 
 ```yaml
-Type: System.String
+Type: String
 Parameter Sets: (All)
 Aliases:
 
@@ -174,7 +188,7 @@ Accept wildcard characters: False
 Specifies the name of an existing resource group in which to create the key vault.
 
 ```yaml
-Type: System.String
+Type: String
 Parameter Sets: (All)
 Aliases:
 
@@ -189,7 +203,7 @@ Accept wildcard characters: False
 Specifies the SKU of the managed HSM instance.
 
 ```yaml
-Type: System.String
+Type: String
 Parameter Sets: (All)
 Aliases:
 
@@ -201,14 +215,14 @@ Accept wildcard characters: False
 ```
 
 ### -SoftDeleteRetentionInDays
-Specifies how long the deleted managed hsm pool is retained, and how long until the managed hsm pool in the deleted state can be purged. The default is 90 days.
+Specifies how long the deleted managed hsm pool is retained, and how long until the managed hsm pool in the deleted state can be purged.
 
 ```yaml
-Type: System.Int32
+Type: Int32
 Parameter Sets: (All)
 Aliases:
 
-Required: False
+Required: True
 Position: Named
 Default value: None
 Accept pipeline input: False
@@ -221,7 +235,7 @@ By default, cmdlets are executed in the subscription that is set in the current
 Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.
 
 ```yaml
-Type: System.String
+Type: String
 Parameter Sets: (All)
 Aliases:
 
@@ -236,7 +250,7 @@ Accept wildcard characters: False
 A hash table which represents resource tags.
 
 ```yaml
-Type: System.Collections.Hashtable
+Type: Hashtable
 Parameter Sets: (All)
 Aliases: Tags
 
@@ -247,27 +261,12 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
-### -Confirm
-Prompts you for confirmation before running the cmdlet.
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: (All)
-Aliases: cf
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -WhatIf
 Shows what would happen if the cmdlet runs.
 The cmdlet is not run.
 
 ```yaml
-Type: System.Management.Automation.SwitchParameter
+Type: SwitchParameter
 Parameter Sets: (All)
 Aliases: wi
 
diff --git a/tools/StaticAnalysis/Exceptions/Az.KeyVault/BreakingChangeIssues.csv b/tools/StaticAnalysis/Exceptions/Az.KeyVault/BreakingChangeIssues.csv
@@ -1,4 +1,5 @@
 "Module","ClassName","Target","Severity","ProblemId","Description","Remediation"
 "Az.KeyVault","Microsoft.Azure.Commands.KeyVault.AddAzureKeyVaultCertificateContact","Add-AzKeyVaultCertificateContact","0","3010","The property 'IpRules' of type 'Microsoft.Azure.Management.KeyVault.Models.NetworkRuleSet' has been removed.","Add the property 'IpRules' back to type 'Microsoft.Azure.Management.KeyVault.Models.NetworkRuleSet'."
 "Az.KeyVault","Microsoft.Azure.Commands.KeyVault.AddAzureKeyVaultKey","Add-AzKeyVaultKey","0","3010","The property 'IpRules' of type 'Microsoft.Azure.Management.KeyVault.Models.MhsmNetworkRuleSet' has been removed.","Add the property 'IpRules' back to type 'Microsoft.Azure.Management.KeyVault.Models.MhsmNetworkRuleSet'."
-"Az.KeyVault","Microsoft.Azure.Commands.KeyVault.SecurityDomain.Cmdlets.RestoreSecurityDomain","Import-AzKeyVaultSecurityDomain","0","1050","The parameter set '__AllParameterSets' for cmdlet 'Import-AzKeyVaultSecurityDomain' has been removed.","Add parameter set '__AllParameterSets' back to cmdlet 'Import-AzKeyVaultSecurityDomain'."
+"Az.KeyVault","Microsoft.Azure.Commands.KeyVault.SecurityDomain.Cmdlets.RestoreSecurityDomain","Import-AzKeyVaultSecurityDomain","0","1050","The parameter set '__AllParameterSets' for cmdlet 'Import-AzKeyVaultSecurityDomain' has been removed.","Add parameter set '__AllParameterSets' back to cmdlet 'Import-AzKeyVaultSecurityDomain'."
+"Az.KeyVault","Microsoft.Azure.Commands.KeyVault.Commands.NewAzureManagedHsm","New-AzKeyVaultManagedHsm","0","1050","The parameter set '__AllParameterSets' for cmdlet 'New-AzKeyVaultManagedHsm' has been removed.","Add parameter set '__AllParameterSets' back to cmdlet 'New-AzKeyVaultManagedHsm'."
