Skip to content

Commit 4544ed4

Browse files
Merge pull request #219334 from themar-msft/themar-chaos-key-vault-certs
Adds key vault faults to fault library
2 parents 8dee5a0 + 4aadae8 commit 4544ed4

File tree

1 file changed

+164
-0
lines changed

1 file changed

+164
-0
lines changed

articles/chaos-studio/chaos-studio-fault-library.md

Lines changed: 164 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1225,6 +1225,7 @@ Configuring the shutdown fault:
12251225
```
12261226

12271227
## Key Vault Deny Access
1228+
12281229
| Property | Value |
12291230
|-|-|
12301231
| Capability Name | DenyAccess-1.0 |
@@ -1252,3 +1253,166 @@ Configuring the shutdown fault:
12521253
]
12531254
}
12541255
```
1256+
1257+
## Key Vault Disable Certificate
1258+
1259+
1260+
| Property | Value |
1261+
| ---- | --- |
1262+
| Capability Name | DisableCertificate-1.0 |
1263+
| Target Type | Microsoft-KeyVault |
1264+
| Description | Using certificate properties, fault will disable the certificate for specific duration (provided by user) and enables it after this fault duration. |
1265+
| Prerequisites | For OneCert certificates, the domain must be registered with OneCert before attempting to run the fault. |
1266+
| Urn | urn:csci:microsoft:keyvault:disableCertificate/1.0 |
1267+
| Fault Type | Continuous |
1268+
| Parameters (key, value) | |
1269+
| certificateName | Name of AKV certificate on which fault will be executed |
1270+
| version | The certificate version that should be updated; if not specified, the latest version will be updated. |
1271+
1272+
### Sample JSON
1273+
1274+
```json
1275+
{
1276+
"name": "branchOne",
1277+
"actions": [
1278+
{
1279+
"type": "continuous",
1280+
"name": "urn:csci:microsoft:keyvault:disableCertificate/1.0",
1281+
"parameters": [
1282+
{
1283+
"key": "certificateName",
1284+
"value": "<name of AKV certificate>"
1285+
},
1286+
{
1287+
"key": "version",
1288+
"value": "<certificate version>"
1289+
}
1290+
1291+
],
1292+
"duration": "PT10M",
1293+
"selectorid": "myResources"
1294+
}
1295+
]
1296+
}
1297+
```
1298+
1299+
## Key Vault Increment Certificate Version
1300+
1301+
| Property | Value |
1302+
| ---- | --- |
1303+
| Capability Name | IncrementCertificateVersion-1.0 |
1304+
| Target Type | Microsoft-KeyVault |
1305+
| Description | Generates new certificate version and thumbprint using the Key Vault Certificate client library. Current working certificate will be upgraded to this version. |
1306+
| Prerequisites | For OneCert certificates, the domain must be registered with OneCert before attempting to run the fault. |
1307+
| Urn | urn:csci:microsoft:keyvault:incrementCertificateVersion/1.0 |
1308+
| Fault Type | Discrete |
1309+
| Parameters (key, value) | |
1310+
| certificateName | Name of AKV certificate on which fault will be executed |
1311+
1312+
### Sample JSON
1313+
1314+
```json
1315+
{
1316+
"name": "branchOne",
1317+
"actions": [
1318+
{
1319+
"type": "discrete",
1320+
"name": "urn:csci:microsoft:keyvault:incrementCertificateVersion/1.0",
1321+
"parameters": [
1322+
{
1323+
"key": "certificateName",
1324+
"value": "<name of AKV certificate>"
1325+
}
1326+
],
1327+
"duration": "PT10M",
1328+
"selectorid": "myResources"
1329+
}
1330+
]
1331+
}
1332+
```
1333+
1334+
## Key Vault Update Certificate Policy
1335+
1336+
| Property | Value |
1337+
| ---- | --- |
1338+
| Capability Name | UpdateCertificatePolicy-1.0 |
1339+
| Target Type | Microsoft-KeyVault |
1340+
| Description | Certificate policies (examples: certificate validity period, certificate type, key size, or key type) are updated based on the user input and reverted after the fault duration. |
1341+
| Prerequisites | For OneCert certificates, the domain must be registered with OneCert before attempting to run the fault. |
1342+
| Urn | urn:csci:microsoft:keyvault:updateCertificatePolicy/1.0 |
1343+
| Fault Type | Continuous |
1344+
| Parameters (key, value) | |
1345+
| certificateName | Name of AKV certificate on which fault will be executed |
1346+
| version | The certificate version that should be updated; if not specified, the latest version will be updated. |
1347+
| enabled | Bool. Value indicating whether the new certificate version will be enabled |
1348+
| validityInMonths | The validity period of the certificate in months |
1349+
| certificateTransparency | Indicates whether the certificate should be published to the certificate transparency list when created |
1350+
| certificateType | the certificate type |
1351+
| contentType | The content type of the certificate, eg Pkcs12 when the certificate contains raw PFX bytes, or Pem when it contains ASCII PEM-encoded btes. Pkcs12 is the default value assumed |
1352+
| keySize | The size of the RSA key: 2048, 3072, or 4096 |
1353+
| exportable | Boolean. Value indicating if the certificate key is exportable from the vault or secure certificate store |
1354+
| reuseKey | Boolean. Value indicating if the certificate key should be reused when rotating the certificate|
1355+
| keyType | The type of backing key to be generated when issuing new certificates: RSA or EC |
1356+
1357+
### Sample JSON
1358+
1359+
```json
1360+
{
1361+
"name": "branchOne",
1362+
"actions": [
1363+
{
1364+
"type": "continuous",
1365+
"name": "urn:csci:microsoft:keyvault:updateCertificatePolicy/1.0",
1366+
"parameters": [
1367+
{
1368+
"key": "certificateName",
1369+
"value": "<name of AKV certificate>"
1370+
},
1371+
{
1372+
"key": "version",
1373+
"value": "<certificate version>"
1374+
},
1375+
{
1376+
"key": "enabled",
1377+
"value": "True"
1378+
},
1379+
{
1380+
"key": "validityInMonths",
1381+
"value": "12"
1382+
},
1383+
{
1384+
"key": "certificateTransparency",
1385+
"value": "True"
1386+
},
1387+
{
1388+
"key": "certificateType",
1389+
"value": "<certificate type>"
1390+
},
1391+
{
1392+
"key": "contentType",
1393+
"value": "Pem"
1394+
},
1395+
{
1396+
"key": "keySize",
1397+
"value": "4096"
1398+
},
1399+
{
1400+
"key": "exportable",
1401+
"value": "True"
1402+
},
1403+
{
1404+
"key": "reuseKey",
1405+
"value": "False"
1406+
},
1407+
{
1408+
"key": "keyType",
1409+
"value": "RSA"
1410+
}
1411+
1412+
],
1413+
"duration": "PT10M",
1414+
"selectorid": "myResources"
1415+
}
1416+
]
1417+
}
1418+
```

0 commit comments

Comments
 (0)