[KeyVault] Supported user assigned identity for MHSM (#23130)

* upgrade sdk for mhsm to 2023-07-01

* Supported user assigned identity for Managed HSM in New/Update-AzKeyVaultManagedHsm

* refine output and example

* test case wip

* fix patch identity

* refine examples

* record test cases for new API version

* fix autorest.powershell in 4.0.631 to avoid comments issue in latst version

* code polish

* Update src/KeyVault/KeyVault/help/Update-AzKeyVaultManagedHsm.md

* Update README.md

Author: BethanyZhou

src/KeyVault/KeyVault.Sdk/Generated/MHSMPrivateEndpointConnectionsOperations.cs

@@ -89,7 +89,7 @@ internal MhsmPrivateEndpointConnectionsOperations (KeyVaultManagementClient clie
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "name");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -302,7 +302,7 @@ internal MhsmPrivateEndpointConnectionsOperations (KeyVaultManagementClient clie
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "privateEndpointConnectionName");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -525,7 +525,7 @@ internal MhsmPrivateEndpointConnectionsOperations (KeyVaultManagementClient clie
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "privateEndpointConnectionName");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -790,7 +790,7 @@ internal MhsmPrivateEndpointConnectionsOperations (KeyVaultManagementClient clie
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "privateEndpointConnectionName");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;

src/KeyVault/KeyVault.Sdk/Generated/MHSMPrivateLinkResourcesOperations.cs

@@ -89,7 +89,7 @@ internal MhsmPrivateLinkResourcesOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "name");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;

src/KeyVault/KeyVault.Sdk/Generated/MHSMRegionsOperations.cs

@@ -89,7 +89,7 @@ internal MhsmRegionsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "name");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;

src/KeyVault/KeyVault.Sdk/Generated/ManagedHsmsOperations.cs

@@ -161,7 +161,7 @@ internal ManagedHsmsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -362,7 +362,7 @@ internal ManagedHsmsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -558,7 +558,7 @@ internal ManagedHsmsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -748,7 +748,7 @@ internal ManagedHsmsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -949,7 +949,7 @@ internal ManagedHsmsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -1171,7 +1171,7 @@ internal ManagedHsmsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -1395,7 +1395,7 @@ internal ManagedHsmsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -1645,7 +1645,7 @@ internal ManagedHsmsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -1885,7 +1885,7 @@ internal ManagedHsmsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;
@@ -2082,7 +2082,7 @@ internal ManagedHsmsOperations (KeyVaultManagementClient client)
                 throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
             }
 
-            string apiVersion = "2023-02-01";
+            string apiVersion = "2023-07-01";
             // Tracing
             bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
             string _invocationId = null;

src/KeyVault/KeyVault.Sdk/Generated/Models/ManagedHsm.cs

@@ -46,11 +46,14 @@ public ManagedHsm()
         /// resource.
         /// </param>
 
+        /// <param name="identity">Managed service identity (system assigned and/or user assigned identities)
+        /// </param>
+
         /// <param name="properties">Properties of the managed HSM
         /// </param>
-        public ManagedHsm(string id = default(string), string name = default(string), string type = default(string), string location = default(string), ManagedHsmSku sku = default(ManagedHsmSku), System.Collections.Generic.IDictionary<string, string> tags = default(System.Collections.Generic.IDictionary<string, string>), SystemData systemData = default(SystemData), ManagedHsmProperties properties = default(ManagedHsmProperties))
+        public ManagedHsm(string id = default(string), string name = default(string), string type = default(string), string location = default(string), ManagedHsmSku sku = default(ManagedHsmSku), System.Collections.Generic.IDictionary<string, string> tags = default(System.Collections.Generic.IDictionary<string, string>), SystemData systemData = default(SystemData), ManagedServiceIdentity identity = default(ManagedServiceIdentity), ManagedHsmProperties properties = default(ManagedHsmProperties))
 
-        : base(id, name, type, location, sku, tags, systemData)
+        : base(id, name, type, location, sku, tags, systemData, identity)
         {
             this.Properties = properties;
             CustomInit();

src/KeyVault/KeyVault.Sdk/Generated/Models/ManagedHsmResource.cs

@@ -45,7 +45,10 @@ public ManagedHsmResource()
         /// <param name="systemData">Metadata pertaining to creation and last modification of the key vault
         /// resource.
         /// </param>
-        public ManagedHsmResource(string id = default(string), string name = default(string), string type = default(string), string location = default(string), ManagedHsmSku sku = default(ManagedHsmSku), System.Collections.Generic.IDictionary<string, string> tags = default(System.Collections.Generic.IDictionary<string, string>), SystemData systemData = default(SystemData))
+
+        /// <param name="identity">Managed service identity (system assigned and/or user assigned identities)
+        /// </param>
+        public ManagedHsmResource(string id = default(string), string name = default(string), string type = default(string), string location = default(string), ManagedHsmSku sku = default(ManagedHsmSku), System.Collections.Generic.IDictionary<string, string> tags = default(System.Collections.Generic.IDictionary<string, string>), SystemData systemData = default(SystemData), ManagedServiceIdentity identity = default(ManagedServiceIdentity))
 
         {
             this.Id = id;
@@ -55,6 +58,7 @@ public ManagedHsmResource()
             this.Sku = sku;
             this.Tags = tags;
             this.SystemData = systemData;
+            this.Identity = identity;
             CustomInit();
         }
 
@@ -107,6 +111,13 @@ public ManagedHsmResource()
         /// </summary>
         [Newtonsoft.Json.JsonProperty(PropertyName = "systemData")]
         public SystemData SystemData {get; private set; }
+
+        /// <summary>
+        /// Gets or sets managed service identity (system assigned and/or user assigned
+        /// identities)
+        /// </summary>
+        [Newtonsoft.Json.JsonProperty(PropertyName = "identity")]
+        public ManagedServiceIdentity Identity {get; set; }
         /// <summary>
         /// Validate the object.
         /// </summary>
@@ -125,6 +136,10 @@ public virtual void Validate()
             }
 
 
+            if (this.Identity != null)
+            {
+                this.Identity.Validate();
+            }
         }
     }
 }

src/KeyVault/KeyVault.Sdk/Generated/Models/ManagedServiceIdentity.cs

@@ -0,0 +1,108 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.KeyVault.Models
+{
+    using System.Linq;
+
+    /// <summary>
+    /// Managed service identity (system assigned and/or user assigned identities)
+    /// </summary>
+    public partial class ManagedServiceIdentity
+    {
+        /// <summary>
+        /// Initializes a new instance of the ManagedServiceIdentity class.
+        /// </summary>
+        public ManagedServiceIdentity()
+        {
+            CustomInit();
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the ManagedServiceIdentity class.
+        /// </summary>
+
+        /// <param name="principalId">The service principal ID of the system assigned identity. This property
+        /// will only be provided for a system assigned identity.
+        /// </param>
+
+        /// <param name="tenantId">The tenant ID of the system assigned identity. This property will only be
+        /// provided for a system assigned identity.
+        /// </param>
+
+        /// <param name="type">Type of managed service identity (where both SystemAssigned and
+        /// UserAssigned types are allowed).
+        /// Possible values include: 'None', 'SystemAssigned', 'UserAssigned',
+        /// 'SystemAssigned,UserAssigned'</param>
+
+        /// <param name="userAssignedIdentities">The set of user assigned identities associated with the resource. The
+        /// userAssignedIdentities dictionary keys will be ARM resource ids in the
+        /// form:
+        /// &#39;/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.
+        /// The dictionary values can be empty objects ({}) in requests.
+        /// </param>
+        public ManagedServiceIdentity(string type, System.Guid? principalId = default(System.Guid?), System.Guid? tenantId = default(System.Guid?), System.Collections.Generic.IDictionary<string, UserAssignedIdentity> userAssignedIdentities = default(System.Collections.Generic.IDictionary<string, UserAssignedIdentity>))
+
+        {
+            this.PrincipalId = principalId;
+            this.TenantId = tenantId;
+            this.Type = type;
+            this.UserAssignedIdentities = userAssignedIdentities;
+            CustomInit();
+        }
+
+        /// <summary>
+        /// An initialization method that performs custom operations like setting defaults
+        /// </summary>
+        partial void CustomInit();
+
+
+        /// <summary>
+        /// Gets the service principal ID of the system assigned identity. This
+        /// property will only be provided for a system assigned identity.
+        /// </summary>
+        [Newtonsoft.Json.JsonProperty(PropertyName = "principalId")]
+        public System.Guid? PrincipalId {get; private set; }
+
+        /// <summary>
+        /// Gets the tenant ID of the system assigned identity. This property will only
+        /// be provided for a system assigned identity.
+        /// </summary>
+        [Newtonsoft.Json.JsonProperty(PropertyName = "tenantId")]
+        public System.Guid? TenantId {get; private set; }
+
+        /// <summary>
+        /// Gets or sets type of managed service identity (where both SystemAssigned
+        /// and UserAssigned types are allowed). Possible values include: &#39;None&#39;, &#39;SystemAssigned&#39;, &#39;UserAssigned&#39;, &#39;SystemAssigned,UserAssigned&#39;
+        /// </summary>
+        [Newtonsoft.Json.JsonProperty(PropertyName = "type")]
+        public string Type {get; set; }
+
+        /// <summary>
+        /// Gets or sets the set of user assigned identities associated with the
+        /// resource. The userAssignedIdentities dictionary keys will be ARM resource
+        /// ids in the form:
+        /// &#39;/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.
+        /// The dictionary values can be empty objects ({}) in requests.
+        /// </summary>
+        [Newtonsoft.Json.JsonProperty(PropertyName = "userAssignedIdentities")]
+        public System.Collections.Generic.IDictionary<string, UserAssignedIdentity> UserAssignedIdentities {get; set; }
+        /// <summary>
+        /// Validate the object.
+        /// </summary>
+        /// <exception cref="Microsoft.Rest.ValidationException">
+        /// Thrown if validation fails
+        /// </exception>
+        public virtual void Validate()
+        {
+            if (this.Type == null)
+            {
+                throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "Type");
+            }
+
+
+        }
+    }
+}

src/KeyVault/KeyVault.Sdk/Generated/Models/ManagedServiceIdentityType.cs

@@ -0,0 +1,21 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.KeyVault.Models
+{
+
+    /// <summary>
+    /// Defines values for ManagedServiceIdentityType.
+    /// </summary>
+
+
+    public static class ManagedServiceIdentityType
+    {
+        public const string None = "None";
+        public const string SystemAssigned = "SystemAssigned";
+        public const string UserAssigned = "UserAssigned";
+        public const string SystemAssignedUserAssigned = "SystemAssigned,UserAssigned";
+    }
+}

src/KeyVault/KeyVault.Sdk/Generated/Models/MhsmPrivateLinkResource.cs

@@ -47,6 +47,9 @@ public MhsmPrivateLinkResource()
         /// resource.
         /// </param>
 
+        /// <param name="identity">Managed service identity (system assigned and/or user assigned identities)
+        /// </param>
+
         /// <param name="groupId">Group identifier of private link resource.
         /// </param>
 
@@ -55,9 +58,9 @@ public MhsmPrivateLinkResource()
 
         /// <param name="requiredZoneNames">Required DNS zone names of the the private link resource.
         /// </param>
-        public MhsmPrivateLinkResource(string id = default(string), string name = default(string), string type = default(string), string location = default(string), ManagedHsmSku sku = default(ManagedHsmSku), System.Collections.Generic.IDictionary<string, string> tags = default(System.Collections.Generic.IDictionary<string, string>), SystemData systemData = default(SystemData), string groupId = default(string), System.Collections.Generic.IList<string> requiredMembers = default(System.Collections.Generic.IList<string>), System.Collections.Generic.IList<string> requiredZoneNames = default(System.Collections.Generic.IList<string>))
+        public MhsmPrivateLinkResource(string id = default(string), string name = default(string), string type = default(string), string location = default(string), ManagedHsmSku sku = default(ManagedHsmSku), System.Collections.Generic.IDictionary<string, string> tags = default(System.Collections.Generic.IDictionary<string, string>), SystemData systemData = default(SystemData), ManagedServiceIdentity identity = default(ManagedServiceIdentity), string groupId = default(string), System.Collections.Generic.IList<string> requiredMembers = default(System.Collections.Generic.IList<string>), System.Collections.Generic.IList<string> requiredZoneNames = default(System.Collections.Generic.IList<string>))
 
-        : base(id, name, type, location, sku, tags, systemData)
+        : base(id, name, type, location, sku, tags, systemData, identity)
         {
             this.GroupId = groupId;
             this.RequiredMembers = requiredMembers;