Add Managed HSM support to Application Gateway SSL certificate cmdlets

src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewayManagedHsm.cs

@@ -0,0 +1,60 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.Network.Models
+{
+    using System.Linq;
+
+    /// <summary>
+    /// Managed HSM properties of an application gateway SSL certificate.
+    /// </summary>
+    public partial class ApplicationGatewayManagedHsm
+    {
+        /// <summary>
+        /// Initializes a new instance of the ApplicationGatewayManagedHsm class.
+        /// </summary>
+        public ApplicationGatewayManagedHsm()
+        {
+            CustomInit();
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the ApplicationGatewayManagedHsm class.
+        /// </summary>
+
+        /// <param name="keyId">Key identifier of a key stored in Managed HSM.
+        /// </param>
+
+        /// <param name="publicCertData">Base-64 encoded public certificate data corresponding to the key stored
+        /// in Managed HSM.
+        /// </param>
+        public ApplicationGatewayManagedHsm(string keyId = default(string), string publicCertData = default(string))
+
+        {
+            this.KeyId = keyId;
+            this.PublicCertData = publicCertData;
+            CustomInit();
+        }
+
+        /// <summary>
+        /// An initialization method that performs custom operations like setting defaults
+        /// </summary>
+        partial void CustomInit();
+
+
+        /// <summary>
+        /// Gets or sets key identifier of a key stored in Managed HSM.
+        /// </summary>
+        [Newtonsoft.Json.JsonProperty(PropertyName = "keyId")]
+        public string KeyId {get; set; }
+
+        /// <summary>
+        /// Gets base-64 encoded public certificate data corresponding to the key
+        /// stored in Managed HSM.
+        /// </summary>
+        [Newtonsoft.Json.JsonProperty(PropertyName = "publicCertData")]
+        public string PublicCertData {get; private set; }
+    }
+}

src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewaySslCertificate.cs

@@ -55,7 +55,10 @@ public ApplicationGatewaySslCertificate()
         /// <param name="keyVaultSecretId">Secret Id of (base-64 encoded unencrypted pfx) &#39;Secret&#39; or &#39;Certificate&#39;
         /// object stored in KeyVault.
         /// </param>
-        public ApplicationGatewaySslCertificate(string id = default(string), string name = default(string), string etag = default(string), string type = default(string), string provisioningState = default(string), string data = default(string), string password = default(string), string publicCertData = default(string), string keyVaultSecretId = default(string))
+
+        /// <param name="hsm">Managed HSM properties of the SSL certificate.
+        /// </param>
+        public ApplicationGatewaySslCertificate(string id = default(string), string name = default(string), string etag = default(string), string type = default(string), string provisioningState = default(string), string data = default(string), string password = default(string), string publicCertData = default(string), string keyVaultSecretId = default(string), ApplicationGatewayManagedHsm hsm = default(ApplicationGatewayManagedHsm))
 
         : base(id)
         {
@@ -67,6 +70,7 @@ public ApplicationGatewaySslCertificate()
             this.Password = password;
             this.PublicCertData = publicCertData;
             this.KeyVaultSecretId = keyVaultSecretId;
+            this.Hsm = hsm;
             CustomInit();
         }
 
@@ -129,5 +133,11 @@ public ApplicationGatewaySslCertificate()
         /// </summary>
         [Newtonsoft.Json.JsonProperty(PropertyName = "properties.keyVaultSecretId")]
         public string KeyVaultSecretId {get; set; }
+
+        /// <summary>
+        /// Gets or sets managed HSM properties of the SSL certificate.
+        /// </summary>
+        [Newtonsoft.Json.JsonProperty(PropertyName = "properties.hsm")]
+        public ApplicationGatewayManagedHsm Hsm {get; set; }
     }
 }

src/Network/Network.Management.Sdk/Generated/Models/ApplicationGatewaySslCertificatePropertiesFormat.cs

@@ -42,14 +42,18 @@ public ApplicationGatewaySslCertificatePropertiesFormat()
         /// <param name="provisioningState">The provisioning state of the SSL certificate resource.
         /// Possible values include: &#39;Failed&#39;, &#39;Succeeded&#39;, &#39;Canceled&#39;, &#39;Creating&#39;,
         /// &#39;Updating&#39;, &#39;Deleting&#39;</param>
-        public ApplicationGatewaySslCertificatePropertiesFormat(string data = default(string), string password = default(string), string publicCertData = default(string), string keyVaultSecretId = default(string), string provisioningState = default(string))
+
+        /// <param name="hsm">Managed HSM properties of the SSL certificate.
+        /// </param>
+        public ApplicationGatewaySslCertificatePropertiesFormat(string data = default(string), string password = default(string), string publicCertData = default(string), string keyVaultSecretId = default(string), string provisioningState = default(string), ApplicationGatewayManagedHsm hsm = default(ApplicationGatewayManagedHsm))
 
         {
             this.Data = data;
             this.Password = password;
             this.PublicCertData = publicCertData;
             this.KeyVaultSecretId = keyVaultSecretId;
             this.ProvisioningState = provisioningState;
+            this.Hsm = hsm;
             CustomInit();
         }
 
@@ -92,5 +96,11 @@ public ApplicationGatewaySslCertificatePropertiesFormat()
         /// </summary>
         [Newtonsoft.Json.JsonProperty(PropertyName = "provisioningState")]
         public string ProvisioningState {get; private set; }
+
+        /// <summary>
+        /// Gets or sets managed HSM properties of the SSL certificate.
+        /// </summary>
+        [Newtonsoft.Json.JsonProperty(PropertyName = "hsm")]
+        public ApplicationGatewayManagedHsm Hsm {get; set; }
     }
 }

src/Network/Network/ApplicationGateway/SslCertificate/AzureApplicationGatewaySslCertificateBase.cs

@@ -46,6 +46,18 @@ public class AzureApplicationGatewaySslCertificateBase : NetworkBaseCmdlet
         [ValidateNotNullOrEmpty]
         public string KeyVaultSecretId { get; set; }
 
+        [Parameter(
+               Mandatory = false,
+               HelpMessage = "Key identifier of a key stored in Managed HSM.")]
+        [ValidateNotNullOrEmpty]
+        public string HsmKeyId { get; set; }
+
+        [Parameter(
+               Mandatory = false,
+               HelpMessage = "Base-64 encoded public certificate data corresponding to the key stored in Managed HSM.")]
+        [ValidateNotNullOrEmpty]
+        public string HsmPublicCertData { get; set; }
+
         public PSApplicationGatewaySslCertificate NewObject()
         {
             var sslCertificate = new PSApplicationGatewaySslCertificate();
@@ -59,6 +71,15 @@ public PSApplicationGatewaySslCertificate NewObject()
 
             sslCertificate.KeyVaultSecretId = this.KeyVaultSecretId;
 
+            if (!string.IsNullOrEmpty(this.HsmKeyId) || !string.IsNullOrEmpty(this.HsmPublicCertData))
+            {
+                sslCertificate.Hsm = new PSApplicationGatewayManagedHsm
+                {
+                    KeyId = this.HsmKeyId,
+                    PublicCertData = this.HsmPublicCertData
+                };
+            }
+
             sslCertificate.Id =
                 ApplicationGatewayChildResourceHelper.GetResourceNotSetId(
                     this.NetworkClient.NetworkManagementClient.SubscriptionId,

src/Network/Network/ChangeLog.md

@@ -19,6 +19,7 @@
 --->
 
 ## Upcoming Release
+* Added Managed HSM support to Application Gateway SSL certificate cmdlets (`New-AzApplicationGatewaySslCertificate`, `Set-AzApplicationGatewaySslCertificate`, `Add-AzApplicationGatewaySslCertificate`). New parameters `-HsmKeyId` and `-HsmPublicCertData` allow referencing keys stored in Managed HSM.
 * Added cmdlets for cloud service public IP address operations:
     - `Invoke-AzPublicIpAddressCloudServiceReservation`: reserve a cloud service public IP or roll back to dynamic allocation (`-IsRollback`).
     - `Invoke-AzPublicIpAddressDisassociateCloudServiceReservedIp`: disassociate a standalone reserved public IP from a cloud service public IP. Use `-PublicIpArmId` for the Azure Resource Manager (ARM) resource ID of the standalone public IP.

src/Network/Network/Common/NetworkResourceManagerProfile.cs

@@ -1443,6 +1443,7 @@ private static void Initialize()
                 // CNM to MNM
                 cfg.CreateMap<CNM.PSApplicationGateway, MNM.ApplicationGateway>();
                 cfg.CreateMap<CNM.PSApplicationGatewaySku, MNM.ApplicationGatewaySku>();
+                cfg.CreateMap<CNM.PSApplicationGatewayManagedHsm, MNM.ApplicationGatewayManagedHsm>();
                 cfg.CreateMap<CNM.PSApplicationGatewaySslPolicy, MNM.ApplicationGatewaySslPolicy>()
                     .AfterMap((src, dest) =>
                     {
@@ -1548,6 +1549,7 @@ private static void Initialize()
                 // MNM to CNM
                 cfg.CreateMap<MNM.ApplicationGateway, CNM.PSApplicationGateway>();
                 cfg.CreateMap<MNM.ApplicationGatewaySku, CNM.PSApplicationGatewaySku>();
+                cfg.CreateMap<MNM.ApplicationGatewayManagedHsm, CNM.PSApplicationGatewayManagedHsm>();
                 cfg.CreateMap<MNM.ApplicationGatewaySslPolicy, CNM.PSApplicationGatewaySslPolicy>()
                     .AfterMap((src, dest) =>
                     {

src/Network/Network/Models/PSApplicationGatewayManagedHsm.cs

@@ -0,0 +1,23 @@
+//
+// Copyright (c) Microsoft.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+namespace Microsoft.Azure.Commands.Network.Models
+{
+    public class PSApplicationGatewayManagedHsm
+    {
+        public string KeyId { get; set; }
+        public string PublicCertData { get; set; }
+    }
+}

src/Network/Network/Models/PSApplicationGatewaySslCertificate.cs

@@ -24,6 +24,7 @@ public class PSApplicationGatewaySslCertificate : PSChildResource
         public SecureString Password { get; set; }
         public string PublicCertData { get; set; }
         public string KeyVaultSecretId { get; set; }
+        public PSApplicationGatewayManagedHsm Hsm { get; set; }
         [Ps1Xml(Target = ViewControl.Table)]
         public string ProvisioningState { get; set; }
         public string Type { get; set; }

src/Network/Network/help/Add-AzApplicationGatewaySslCertificate.md

@@ -16,6 +16,7 @@ Adds an SSL certificate to an application gateway.
 ```
 Add-AzApplicationGatewaySslCertificate -ApplicationGateway <PSApplicationGateway> -Name <String>
  [-CertificateFile <String>] [-Password <SecureString>] [-KeyVaultSecretId <String>]
+ [-HsmKeyId <String>] [-HsmPublicCertData <String>]
  [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
@@ -55,6 +56,14 @@ $AppGW = Add-AzApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name
 Get the secret and reference it in the `Add-AzApplicationGatewaySslCertificate` to add it to the Application Gateway with name `Cert01`.
 Note: If it is required that Application Gateway syncs the certificate with the KeyVault, please provide the version-less secretId.
 
+### Example 4: Add an SSL certificate using Managed HSM to an application gateway.
+```powershell
+$AppGW = Get-AzApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
+$AppGW = Add-AzApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name "Cert01" -HsmKeyId "https://myhsm.managedhsm.azure.net/keys/mykey/abc123"
+```
+
+Add an SSL certificate referencing a key stored in Managed HSM to the Application Gateway.
+
 ## PARAMETERS
 
 ### -ApplicationGateway
@@ -102,6 +111,36 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -HsmKeyId
+Key identifier of a key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmPublicCertData
+Base-64 encoded public certificate data corresponding to the key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -KeyVaultSecretId
 SecretId (uri) of the KeyVault Secret. Use this option when a specific version of secret needs to be used.
 

src/Network/Network/help/New-AzApplicationGatewaySslCertificate.md

@@ -15,8 +15,8 @@ Creates an SSL certificate for an Azure application gateway.
 
 ```
 New-AzApplicationGatewaySslCertificate -Name <String> [-CertificateFile <String>] [-Password <SecureString>]
- [-KeyVaultSecretId <String>] [-DefaultProfile <IAzureContextContainer>]
- [<CommonParameters>]
+ [-KeyVaultSecretId <String>] [-HsmKeyId <String>] [-HsmPublicCertData <String>]
+ [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -52,6 +52,13 @@ $cert = New-AzApplicationGatewaySslCertificate -Name "Cert01" -KeyVaultSecretId
 Get the secret and create an SSL Certificate using `New-AzApplicationGatewaySslCertificate`.
 Note: If it is required that Application Gateway syncs the certificate with the KeyVault, please provide the version-less secretId.
 
+### Example 4: Create an SSL certificate using Managed HSM and add to an application gateway.
+```powershell
+$cert = New-AzApplicationGatewaySslCertificate -Name "Cert01" -HsmKeyId "https://myhsm.managedhsm.azure.net/keys/mykey/abc123"
+```
+
+Create an SSL Certificate referencing a key stored in Managed HSM using `New-AzApplicationGatewaySslCertificate`.
+
 ## PARAMETERS
 
 ### -CertificateFile
@@ -84,6 +91,36 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -HsmKeyId
+Key identifier of a key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmPublicCertData
+Base-64 encoded public certificate data corresponding to the key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -KeyVaultSecretId
 SecretId (uri) of the KeyVault Secret. Use this option when a specific version of secret needs to be used.
 

src/Network/Network/help/Set-AzApplicationGatewaySslCertificate.md

@@ -16,6 +16,7 @@ Updates an SSL certificate for an application gateway.
 ```
 Set-AzApplicationGatewaySslCertificate -ApplicationGateway <PSApplicationGateway> -Name <String>
  [-CertificateFile <String>] [-Password <SecureString>] [-KeyVaultSecretId <String>]
+ [-HsmKeyId <String>] [-HsmPublicCertData <String>]
  [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
@@ -52,6 +53,14 @@ $cert = Set-AzApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name
 Get the secret and update an existing SSL Certificate using `Set-AzApplicationGatewaySslCertificate`.
 Note: If it is required that Application Gateway syncs the certificate with the KeyVault, please provide the version-less secretId.
 
+### Example 4: Update an existing SSL certificate using Managed HSM on Application Gateway
+```powershell
+$appGW = Get-AzApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
+$cert = Set-AzApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name "Cert01" -HsmKeyId "https://myhsm.managedhsm.azure.net/keys/mykey/abc123"
+```
+
+Update an existing SSL certificate to reference a key stored in Managed HSM.
+
 ## PARAMETERS
 
 ### -ApplicationGateway
@@ -99,6 +108,36 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -HsmKeyId
+Key identifier of a key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmPublicCertData
+Base-64 encoded public certificate data corresponding to the key stored in Managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -KeyVaultSecretId
 SecretId (uri) of the KeyVault Secret. Use this option when a specific version of secret needs to be used.