diff --git a/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewayManagedHsm.cs b/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewayManagedHsm.cs
new file mode 100644
index 000000000000..f84742df605b
--- /dev/null
+++ b/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewayManagedHsm.cs
@@ -0,0 +1,60 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.Network.Models
+{
+ using System.Linq;
+
+ ///
+ /// Managed HSM properties of an application gateway SSL certificate.
+ ///
+ public partial class ApplicationGatewayManagedHsm
+ {
+ ///
+ /// Initializes a new instance of the ApplicationGatewayManagedHsm class.
+ ///
+ public ApplicationGatewayManagedHsm()
+ {
+ CustomInit();
+ }
+
+ ///
+ /// Initializes a new instance of the ApplicationGatewayManagedHsm class.
+ ///
+
+ /// Key identifier of a key stored in Managed HSM.
+ ///
+
+ /// Base-64 encoded public certificate data corresponding to the key stored
+ /// in Managed HSM.
+ ///
+ public ApplicationGatewayManagedHsm(string keyId = default(string), string publicCertData = default(string))
+
+ {
+ this.KeyId = keyId;
+ this.PublicCertData = publicCertData;
+ CustomInit();
+ }
+
+ ///
+ /// An initialization method that performs custom operations like setting defaults
+ ///
+ partial void CustomInit();
+
+
+ ///
+ /// Gets or sets key identifier of a key stored in Managed HSM.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "keyId")]
+ public string KeyId {get; set; }
+
+ ///
+ /// Gets base-64 encoded public certificate data corresponding to the key
+ /// stored in Managed HSM.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "publicCertData")]
+ public string PublicCertData {get; private set; }
+ }
+}
diff --git a/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewaySslCertificate.cs b/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewaySslCertificate.cs
index cbb4720ec71a..cd7d6719d11b 100644
--- a/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewaySslCertificate.cs
+++ b/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewaySslCertificate.cs
@@ -55,7 +55,10 @@ public ApplicationGatewaySslCertificate()
/// Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate'
/// object stored in KeyVault.
///
- public ApplicationGatewaySslCertificate(string id = default(string), string name = default(string), string etag = default(string), string type = default(string), string provisioningState = default(string), string data = default(string), string password = default(string), string publicCertData = default(string), string keyVaultSecretId = default(string))
+
+ /// Managed HSM properties of the SSL certificate.
+ ///
+ public ApplicationGatewaySslCertificate(string id = default(string), string name = default(string), string etag = default(string), string type = default(string), string provisioningState = default(string), string data = default(string), string password = default(string), string publicCertData = default(string), string keyVaultSecretId = default(string), ApplicationGatewayManagedHsm hsm = default(ApplicationGatewayManagedHsm))
: base(id)
{
@@ -67,6 +70,7 @@ public ApplicationGatewaySslCertificate()
this.Password = password;
this.PublicCertData = publicCertData;
this.KeyVaultSecretId = keyVaultSecretId;
+ this.Hsm = hsm;
CustomInit();
}
@@ -129,5 +133,11 @@ public ApplicationGatewaySslCertificate()
///
[Newtonsoft.Json.JsonProperty(PropertyName = "properties.keyVaultSecretId")]
public string KeyVaultSecretId {get; set; }
+
+ ///
+ /// Gets or sets managed HSM properties of the SSL certificate.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "properties.hsm")]
+ public ApplicationGatewayManagedHsm Hsm {get; set; }
}
}
\ No newline at end of file
diff --git a/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewaySslCertificatePropertiesFormat.cs b/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewaySslCertificatePropertiesFormat.cs
index 5302b835da5d..4cfa2f0e7323 100644
--- a/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewaySslCertificatePropertiesFormat.cs
+++ b/src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewaySslCertificatePropertiesFormat.cs
@@ -42,7 +42,10 @@ public ApplicationGatewaySslCertificatePropertiesFormat()
/// The provisioning state of the SSL certificate resource.
/// Possible values include: 'Failed', 'Succeeded', 'Canceled', 'Creating',
/// 'Updating', 'Deleting'
- public ApplicationGatewaySslCertificatePropertiesFormat(string data = default(string), string password = default(string), string publicCertData = default(string), string keyVaultSecretId = default(string), string provisioningState = default(string))
+
+ /// Managed HSM properties of the SSL certificate.
+ ///
+ public ApplicationGatewaySslCertificatePropertiesFormat(string data = default(string), string password = default(string), string publicCertData = default(string), string keyVaultSecretId = default(string), string provisioningState = default(string), ApplicationGatewayManagedHsm hsm = default(ApplicationGatewayManagedHsm))
{
this.Data = data;
@@ -50,6 +53,7 @@ public ApplicationGatewaySslCertificatePropertiesFormat()
this.PublicCertData = publicCertData;
this.KeyVaultSecretId = keyVaultSecretId;
this.ProvisioningState = provisioningState;
+ this.Hsm = hsm;
CustomInit();
}
@@ -92,5 +96,11 @@ public ApplicationGatewaySslCertificatePropertiesFormat()
///
[Newtonsoft.Json.JsonProperty(PropertyName = "provisioningState")]
public string ProvisioningState {get; private set; }
+
+ ///
+ /// Gets or sets managed HSM properties of the SSL certificate.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "hsm")]
+ public ApplicationGatewayManagedHsm Hsm {get; set; }
}
}
\ No newline at end of file
diff --git a/src/Network/Network/ApplicationGateway/SslCertificate/AzureApplicationGatewaySslCertificateBase.cs b/src/Network/Network/ApplicationGateway/SslCertificate/AzureApplicationGatewaySslCertificateBase.cs
index a596b4f74e88..167a99dd9c6d 100644
--- a/src/Network/Network/ApplicationGateway/SslCertificate/AzureApplicationGatewaySslCertificateBase.cs
+++ b/src/Network/Network/ApplicationGateway/SslCertificate/AzureApplicationGatewaySslCertificateBase.cs
@@ -46,6 +46,18 @@ public class AzureApplicationGatewaySslCertificateBase : NetworkBaseCmdlet
[ValidateNotNullOrEmpty]
public string KeyVaultSecretId { get; set; }
+ [Parameter(
+ Mandatory = false,
+ HelpMessage = "Key identifier of a key stored in Managed HSM.")]
+ [ValidateNotNullOrEmpty]
+ public string HsmKeyId { get; set; }
+
+ [Parameter(
+ Mandatory = false,
+ HelpMessage = "Base-64 encoded public certificate data corresponding to the key stored in Managed HSM.")]
+ [ValidateNotNullOrEmpty]
+ public string HsmPublicCertData { get; set; }
+
public PSApplicationGatewaySslCertificate NewObject()
{
var sslCertificate = new PSApplicationGatewaySslCertificate();
@@ -59,6 +71,15 @@ public PSApplicationGatewaySslCertificate NewObject()
sslCertificate.KeyVaultSecretId = this.KeyVaultSecretId;
+ if (!string.IsNullOrEmpty(this.HsmKeyId) || !string.IsNullOrEmpty(this.HsmPublicCertData))
+ {
+ sslCertificate.Hsm = new PSApplicationGatewayManagedHsm
+ {
+ KeyId = this.HsmKeyId,
+ PublicCertData = this.HsmPublicCertData
+ };
+ }
+
sslCertificate.Id =
ApplicationGatewayChildResourceHelper.GetResourceNotSetId(
this.NetworkClient.NetworkManagementClient.SubscriptionId,
diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md
index 2108173fd61c..d6a49664cb5f 100644
--- a/src/Network/Network/ChangeLog.md
+++ b/src/Network/Network/ChangeLog.md
@@ -19,6 +19,7 @@
--->
## Upcoming Release
+* Added Managed HSM support to Application Gateway SSL certificate cmdlets (`New-AzApplicationGatewaySslCertificate`, `Set-AzApplicationGatewaySslCertificate`, `Add-AzApplicationGatewaySslCertificate`). New parameters `-HsmKeyId` and `-HsmPublicCertData` allow referencing keys stored in Managed HSM.
* Added cmdlets for cloud service public IP address operations:
- `Invoke-AzPublicIpAddressCloudServiceReservation`: reserve a cloud service public IP or roll back to dynamic allocation (`-IsRollback`).
- `Invoke-AzPublicIpAddressDisassociateCloudServiceReservedIp`: disassociate a standalone reserved public IP from a cloud service public IP. Use `-PublicIpArmId` for the Azure Resource Manager (ARM) resource ID of the standalone public IP.
diff --git a/src/Network/Network/Common/NetworkResourceManagerProfile.cs b/src/Network/Network/Common/NetworkResourceManagerProfile.cs
index 04af6bf67c38..1a2a2a65d519 100644
--- a/src/Network/Network/Common/NetworkResourceManagerProfile.cs
+++ b/src/Network/Network/Common/NetworkResourceManagerProfile.cs
@@ -1443,6 +1443,7 @@ private static void Initialize()
// CNM to MNM
cfg.CreateMap();
cfg.CreateMap();
+ cfg.CreateMap();
cfg.CreateMap()
.AfterMap((src, dest) =>
{
@@ -1548,6 +1549,7 @@ private static void Initialize()
// MNM to CNM
cfg.CreateMap();
cfg.CreateMap();
+ cfg.CreateMap();
cfg.CreateMap()
.AfterMap((src, dest) =>
{
diff --git a/src/Network/Network/Models/PSApplicationGatewayManagedHsm.cs b/src/Network/Network/Models/PSApplicationGatewayManagedHsm.cs
new file mode 100644
index 000000000000..24011d2f872b
--- /dev/null
+++ b/src/Network/Network/Models/PSApplicationGatewayManagedHsm.cs
@@ -0,0 +1,23 @@
+//
+// Copyright (c) Microsoft. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+namespace Microsoft.Azure.Commands.Network.Models
+{
+ public class PSApplicationGatewayManagedHsm
+ {
+ public string KeyId { get; set; }
+ public string PublicCertData { get; set; }
+ }
+}
diff --git a/src/Network/Network/Models/PSApplicationGatewaySslCertificate.cs b/src/Network/Network/Models/PSApplicationGatewaySslCertificate.cs
index a2dce2197daf..ad146cdc4adc 100644
--- a/src/Network/Network/Models/PSApplicationGatewaySslCertificate.cs
+++ b/src/Network/Network/Models/PSApplicationGatewaySslCertificate.cs
@@ -24,6 +24,7 @@ public class PSApplicationGatewaySslCertificate : PSChildResource
public SecureString Password { get; set; }
public string PublicCertData { get; set; }
public string KeyVaultSecretId { get; set; }
+ public PSApplicationGatewayManagedHsm Hsm { get; set; }
[Ps1Xml(Target = ViewControl.Table)]
public string ProvisioningState { get; set; }
public string Type { get; set; }
diff --git a/src/Network/Network/help/Add-AzApplicationGatewaySslCertificate.md b/src/Network/Network/help/Add-AzApplicationGatewaySslCertificate.md
index 4f292281c48c..b818ff026807 100644
--- a/src/Network/Network/help/Add-AzApplicationGatewaySslCertificate.md
+++ b/src/Network/Network/help/Add-AzApplicationGatewaySslCertificate.md
@@ -16,6 +16,7 @@ Adds an SSL certificate to an application gateway.
```
Add-AzApplicationGatewaySslCertificate -ApplicationGateway -Name
[-CertificateFile ] [-Password ] [-KeyVaultSecretId ]
+ [-HsmKeyId ] [-HsmPublicCertData ]
[-DefaultProfile ] []
```
@@ -55,6 +56,14 @@ $AppGW = Add-AzApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name
Get the secret and reference it in the `Add-AzApplicationGatewaySslCertificate` to add it to the Application Gateway with name `Cert01`.
Note: If it is required that Application Gateway syncs the certificate with the KeyVault, please provide the version-less secretId.
+### Example 4: Add an SSL certificate using Managed HSM to an application gateway.
+```powershell
+$AppGW = Get-AzApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
+$AppGW = Add-AzApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name "Cert01" -HsmKeyId "https://myhsm.managedhsm.azure.net/keys/mykey/abc123"
+```
+
+Add an SSL certificate referencing a key stored in Managed HSM to the Application Gateway.
+
## PARAMETERS
### -ApplicationGateway
@@ -102,6 +111,36 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -HsmKeyId
+Key identifier of a key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmPublicCertData
+Base-64 encoded public certificate data corresponding to the key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -KeyVaultSecretId
SecretId (uri) of the KeyVault Secret. Use this option when a specific version of secret needs to be used.
diff --git a/src/Network/Network/help/New-AzApplicationGatewaySslCertificate.md b/src/Network/Network/help/New-AzApplicationGatewaySslCertificate.md
index 36d05065b5d8..60d044010bf3 100644
--- a/src/Network/Network/help/New-AzApplicationGatewaySslCertificate.md
+++ b/src/Network/Network/help/New-AzApplicationGatewaySslCertificate.md
@@ -15,8 +15,8 @@ Creates an SSL certificate for an Azure application gateway.
```
New-AzApplicationGatewaySslCertificate -Name [-CertificateFile ] [-Password ]
- [-KeyVaultSecretId ] [-DefaultProfile ]
- []
+ [-KeyVaultSecretId ] [-HsmKeyId ] [-HsmPublicCertData ]
+ [-DefaultProfile ] []
```
## DESCRIPTION
@@ -52,6 +52,13 @@ $cert = New-AzApplicationGatewaySslCertificate -Name "Cert01" -KeyVaultSecretId
Get the secret and create an SSL Certificate using `New-AzApplicationGatewaySslCertificate`.
Note: If it is required that Application Gateway syncs the certificate with the KeyVault, please provide the version-less secretId.
+### Example 4: Create an SSL certificate using Managed HSM and add to an application gateway.
+```powershell
+$cert = New-AzApplicationGatewaySslCertificate -Name "Cert01" -HsmKeyId "https://myhsm.managedhsm.azure.net/keys/mykey/abc123"
+```
+
+Create an SSL Certificate referencing a key stored in Managed HSM using `New-AzApplicationGatewaySslCertificate`.
+
## PARAMETERS
### -CertificateFile
@@ -84,6 +91,36 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -HsmKeyId
+Key identifier of a key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmPublicCertData
+Base-64 encoded public certificate data corresponding to the key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -KeyVaultSecretId
SecretId (uri) of the KeyVault Secret. Use this option when a specific version of secret needs to be used.
diff --git a/src/Network/Network/help/Set-AzApplicationGatewaySslCertificate.md b/src/Network/Network/help/Set-AzApplicationGatewaySslCertificate.md
index cef9f8c4d4bc..5cd0c757e5b9 100644
--- a/src/Network/Network/help/Set-AzApplicationGatewaySslCertificate.md
+++ b/src/Network/Network/help/Set-AzApplicationGatewaySslCertificate.md
@@ -16,6 +16,7 @@ Updates an SSL certificate for an application gateway.
```
Set-AzApplicationGatewaySslCertificate -ApplicationGateway -Name
[-CertificateFile ] [-Password ] [-KeyVaultSecretId ]
+ [-HsmKeyId ] [-HsmPublicCertData ]
[-DefaultProfile ] []
```
@@ -52,6 +53,14 @@ $cert = Set-AzApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name
Get the secret and update an existing SSL Certificate using `Set-AzApplicationGatewaySslCertificate`.
Note: If it is required that Application Gateway syncs the certificate with the KeyVault, please provide the version-less secretId.
+### Example 4: Update an existing SSL certificate using Managed HSM on Application Gateway
+```powershell
+$appGW = Get-AzApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
+$cert = Set-AzApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name "Cert01" -HsmKeyId "https://myhsm.managedhsm.azure.net/keys/mykey/abc123"
+```
+
+Update an existing SSL certificate to reference a key stored in Managed HSM.
+
## PARAMETERS
### -ApplicationGateway
@@ -99,6 +108,36 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -HsmKeyId
+Key identifier of a key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmPublicCertData
+Base-64 encoded public certificate data corresponding to the key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -KeyVaultSecretId
SecretId (uri) of the KeyVault Secret. Use this option when a specific version of secret needs to be used.
diff --git a/tools/StaticAnalysis/Exceptions/Az.Network/GeneratedSdkIssues.csv b/tools/StaticAnalysis/Exceptions/Az.Network/GeneratedSdkIssues.csv
new file mode 100644
index 000000000000..9f819c8ed120
--- /dev/null
+++ b/tools/StaticAnalysis/Exceptions/Az.Network/GeneratedSdkIssues.csv
@@ -0,0 +1,2 @@
+"Module","Sdk","Severity","ProblemId","Description","Remediation"
+"Az.Network","src/Network/Network.Management.Sdk","1","9090","Generated code for Az.Network is not up to date or you have updated generated Sdk.","Manually added ApplicationGatewayManagedHsm SDK model for Managed HSM support (swagger PR #42137). Will be replaced by autorest-generated code when 2025-07-01 TypeSpec-consolidated specs are fully integrated."