Skip to content

Add default provider support to Az.Attestation module #12317

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
VeryEarly merged 13 commits into from
Jul 6, 2020
Merged

Add default provider support to Az.Attestation module #12317

VeryEarly merged 13 commits into from
Jul 6, 2020

Conversation

@yinqchen
Copy link
Contributor

@yinqchen yinqchen commented Jul 3, 2020
edited
Loading

Description

Design review:
https://github.com/Azure/azure-powershell-cmdlet-review-pr/issues/623

Added default provider support to Az.Attestation module
- Added Location and DefaultProvider to Get-AzAttestation
- Added Location and DefaultProvider to policy signer management cmdlets
- Added Location and DefaultProvider to policy management cmdlets

Updated claim name from aas-policyCertificate to maa-policyCertificate for policy signer cmdlets

Checklist

  • I have read the Submitting Changes section of CONTRIBUTING.md
  • The title of the PR is clear and informative
  • The appropriate ChangeLog.md file(s) has been updated:
    • For any service, the ChangeLog.md file can be found at src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md
    • A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header -- no new version header should be added
  • The PR does not introduce breaking changes
  • If applicable, the changes made in the PR have proper test coverage
  • For public API changes to cmdlets:
    • a cmdlet design review was approved for the changes in this repository (Microsoft internal only)
    • the markdown help files have been regenerated using the commands listed here

@adxsdkps
Copy link
Collaborator

adxsdkps commented Jul 3, 2020

Can one of the admins verify this patch?

@VeryEarly VeryEarly self-assigned this Jul 3, 2020
VeryEarly
VeryEarly requested changes Jul 3, 2020
View reviewed changes
Copy link
Collaborator

@VeryEarly VeryEarly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

switch parameter represent only two states, if it's mandatory, it means there is only one state.

You can remove this parameter

VeryEarly
VeryEarly reviewed Jul 3, 2020
View reviewed changes
@yinqchen
Copy link
Contributor Author

yinqchen commented Jul 3, 2020

@VeryEarly Can you please elaborate on this?

switch parameter represent only two states, if it's mandatory, it means there is only one state.
You can remove this parameter

Remove SwitchParameter DefaultProvider for Get-AzAttestation, Get-AzAttestationPolicy and Get-AzAttestationPolicySigners?

  • For Get-AzAttestation

    • DefaultProvider is mandatory for DefaultProviderParameterSet. Inside DefaultProviderParameterSet, there is another
      optional parameter Location.
      If Location is not specified, this cmd lists all available default providers
      If Location is specified, this cmd lists default provider from that location
    • We need this DefaultProvider switch for customers to distinguish this is a regional default Provider, not a regular attestation
      provider.
    • We will support Get-AzAttestation with no parameter to list all regular attestation providers from in customer's
      subscription later

  • For Get-AzAttestationPolicy and Get-AzAttestationPolicySigners
    We don't support List all default providers' policy or policy Signers. Location parameter is required in
    DefaultProviderParameterSet.
    We still add SwitchParameter DefaultProvider in DefaultProviderParameterSet because

    • For customers to distinguish this is a regional default Provider, not a regular attestation provider.
    • Enable same experience with Get-AzAttestation cmd

@VeryEarly
Copy link
Collaborator

VeryEarly commented Jul 3, 2020

@VeryEarly Can you please elaborate on this?

switch parameter represent only two states, if it's mandatory, it means there is only one state.
You can remove this parameter

Remove SwitchParameter DefaultProvider for Get-AzAttestation, Get-AzAttestationPolicy and Get-AzAttestationPolicySigners?

  • For Get-AzAttestation

    • DefaultProvider is mandatory for DefaultProviderParameterSet. Inside DefaultProviderParameterSet, there is another
      optional parameter Location.
      If Location is not specified, this cmd lists all available default providers
      If Location is specified, this cmd lists default provider from that location
    • We need this DefaultProvider switch for customers to distinguish this is a regional default Provider, not a regular attestation
      provider.
    • We will support Get-AzAttestation with no parameter to list all regular attestation providers from in customer's
      subscription later

  • For Get-AzAttestationPolicy and Get-AzAttestationPolicySigners
    We don't support List all default providers' policy or policy Signers. Location parameter is required in
    DefaultProviderParameterSet.
    We still add SwitchParameter DefaultProvider in DefaultProviderParameterSet because

    • For customers to distinguish this is a regional default Provider, not a regular attestation provider.
    • Enable same experience with Get-AzAttestation cmd

Make sense. Thanks for the explanation.

@VeryEarly
Copy link
Collaborator

VeryEarly commented Jul 3, 2020

please also suppress credentials in this file:
https://github.com/yinqchen/azure-powershell/blob/claire/tools/SecurityTools/CredScanSuppressions.json

@yinqchen
Copy link
Contributor Author

yinqchen commented Jul 4, 2020

please also suppress credentials in this file:
https://github.com/yinqchen/azure-powershell/blob/claire/tools/SecurityTools/CredScanSuppressions.json

Added the suppression.

@VeryEarly VeryEarly merged commit 602a49e into Azure:master Jul 6, 2020
@yinqchen yinqchen added this to the S172 (2020-07-14) milestone Jul 6, 2020
litchiyangMSFT pushed a commit to litchiyangMSFT/azure-powershell that referenced this pull request Aug 4, 2020
@yinqchen @litchiyangMSFT
Add default provider support to Az.Attestation module (Azure#12317)
ad3618a 
* Update GetAzureAttestationPolicy.cs

* Update GetAzureAttestationPolicySigners.cs

* Update AttestationDataServiceClient.cs

* attestation update

* default provider change

* update policy and policy cert files

* default provider update

* update helper md

* update changelog.md

* address cr comments

* try new sessionrecords before whitelist them

* suppress credentials
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@VeryEarly VeryEarly VeryEarly approved these changes

Assignees

@VeryEarly VeryEarly

Labels

needs-review

Projects

None yet

Milestone

S172 (2020-07-14)

Development

Successfully merging this pull request may close these issues.

4 participants

@yinqchen @adxsdkps @VeryEarly @azuresdkci