From 82a1816fa92386908d207e2417e05e475daf7aa8 Mon Sep 17 00:00:00 2001 From: Deepthi Male Date: Fri, 2 Oct 2020 11:43:42 -0700 Subject: [PATCH 1/3] uai for cmk --- .../examples/createWorkspace.json | 18 ++++++++++----- .../examples/getWorkspace.json | 6 +++-- .../machineLearningServices.json | 22 +++++++++++++++---- 3 files changed, 34 insertions(+), 12 deletions(-) diff --git a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json index 1edd946727e7..0368aaec5228 100644 --- a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json +++ b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json @@ -22,10 +22,12 @@ "storageAccount": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/accountcrud-1234/providers/Microsoft.Storage/storageAccounts/testStorageAccount", "encryption": { "status": "Enabled", + "identity": { + "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" + }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", - "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb", - "identityClientId": "" + "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" } }, "hbiWorkspace": false, @@ -70,10 +72,12 @@ "description": "test description", "encryption": { "status": "Enabled", + "identity": { + "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" + }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", - "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb", - "identityClientId": "" + "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" } }, "hbiWorkspace": false, @@ -113,10 +117,12 @@ "description": "test description", "encryption": { "status": "Enabled", + "identity": { + "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" + }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", - "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb", - "identityClientId": "" + "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" } }, "hbiWorkspace": false, diff --git a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json index 6e7461be23ca..a29ea8c207b6 100644 --- a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json +++ b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json @@ -27,10 +27,12 @@ "description": "test description", "encryption": { "status": "Enabled", + "identity": { + "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" + }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", - "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb", - "identityClientId": "" + "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" } }, "hbiWorkspace": false, diff --git a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json index 3c283424747c..a232aad58cfa 100644 --- a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json +++ b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json @@ -4218,6 +4218,10 @@ "modelAsString": true } }, + "identity": { + "$ref": "#/definitions/IdentityForCmk", + "description": "The identity that will be used to access the key vault for encryption at rest." + }, "keyVaultProperties": { "$ref": "#/definitions/KeyVaultProperties", "description": "Customer Key vault properties." @@ -4225,6 +4229,7 @@ }, "required": [ "status", + "identity", "keyVaultProperties" ], "type": "object" @@ -4238,10 +4243,6 @@ "keyIdentifier": { "description": "Key vault uri to access the encryption key.", "type": "string" - }, - "identityClientId": { - "description": "For future use - The client id of the identity which will be used to access key vault.", - "type": "string" } }, "required": [ @@ -4250,6 +4251,19 @@ ], "type": "object" }, + "IdentityForCmk": { + "description": "Identity that will be used to access key vault for encryption at rest", + "type": "object", + "properties": { + "userAssignedIdentity": { + "description": "The ArmId of the user assigned identity that will be used to access the customer managed key vault", + "type": "string" + } + }, + "required": [ + "userAssignedIdentity" + ] + }, "LinkedServiceResponse": { "description": "Linked service.", "type": "object", From b0a456cf53d39954aaa465bf20e9ad6bf2f8f247 Mon Sep 17 00:00:00 2001 From: Deepthi Male Date: Sun, 4 Oct 2020 21:57:47 -0700 Subject: [PATCH 2/3] fix prettier --- .../examples/createWorkspace.json | 18 +++++++++--------- .../examples/getWorkspace.json | 6 +++--- .../machineLearningServices.json | 8 ++++---- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json index 0368aaec5228..25d4a7429489 100644 --- a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json +++ b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json @@ -22,9 +22,9 @@ "storageAccount": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/accountcrud-1234/providers/Microsoft.Storage/storageAccounts/testStorageAccount", "encryption": { "status": "Enabled", - "identity": { - "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" - }, + "identity": { + "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" + }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" @@ -72,9 +72,9 @@ "description": "test description", "encryption": { "status": "Enabled", - "identity": { - "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" - }, + "identity": { + "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" + }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" @@ -117,9 +117,9 @@ "description": "test description", "encryption": { "status": "Enabled", - "identity": { - "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" - }, + "identity": { + "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" + }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" diff --git a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json index a29ea8c207b6..8a60e4f4bedc 100644 --- a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json +++ b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json @@ -27,9 +27,9 @@ "description": "test description", "encryption": { "status": "Enabled", - "identity": { - "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" - }, + "identity": { + "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai" + }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" diff --git a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json index a232aad58cfa..08dd3b4de64f 100644 --- a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json +++ b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json @@ -4218,10 +4218,10 @@ "modelAsString": true } }, - "identity": { - "$ref": "#/definitions/IdentityForCmk", - "description": "The identity that will be used to access the key vault for encryption at rest." - }, + "identity": { + "$ref": "#/definitions/IdentityForCmk", + "description": "The identity that will be used to access the key vault for encryption at rest." + }, "keyVaultProperties": { "$ref": "#/definitions/KeyVaultProperties", "description": "Customer Key vault properties." From 4aebd281666bb795b0b673d02f1f69ea934decc6 Mon Sep 17 00:00:00 2001 From: Deepthi Male Date: Wed, 9 Dec 2020 10:53:46 -0800 Subject: [PATCH 3/3] retained identityclientId --- .../examples/createWorkspace.json | 13 ++++++++----- .../2020-09-01-preview/examples/getWorkspace.json | 3 ++- .../2020-09-01-preview/machineLearningServices.json | 4 ++++ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json index 25d4a7429489..d6bb0ca3edbc 100644 --- a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json +++ b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/createWorkspace.json @@ -11,7 +11,7 @@ "tier": "Basic" }, "identity": { - "type": "SystemAssigned" + "type": "SystemAssigned, UserAssigned" }, "properties": { "friendlyName": "HelloName", @@ -27,7 +27,8 @@ }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", - "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" + "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb", + "identityClientId": "" } }, "hbiWorkspace": false, @@ -55,7 +56,7 @@ "identity": { "principalId": "00000000-1111-2222-3333-444444444444", "tenantId": "00000000-1111-2222-3333-444444444444", - "type": "SystemAssigned" + "type": "SystemAssigned, UserAssigned" }, "sku": { "name": "Basic", @@ -77,7 +78,8 @@ }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", - "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" + "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb", + "identityClientId": "" } }, "hbiWorkspace": false, @@ -122,7 +124,8 @@ }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", - "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" + "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb", + "identityClientId": "" } }, "hbiWorkspace": false, diff --git a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json index 8a60e4f4bedc..aaab01f00d1a 100644 --- a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json +++ b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/examples/getWorkspace.json @@ -32,7 +32,8 @@ }, "keyVaultProperties": { "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv", - "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb" + "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb", + "identityClientId": "" } }, "hbiWorkspace": false, diff --git a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json index 08dd3b4de64f..1ad15b36f2f9 100644 --- a/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json +++ b/specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/preview/2020-09-01-preview/machineLearningServices.json @@ -4243,6 +4243,10 @@ "keyIdentifier": { "description": "Key vault uri to access the encryption key.", "type": "string" + }, + "identityClientId": { + "description": "For future use - The client id of the identity which will be used to access key vault.", + "type": "string" } }, "required": [