From 480ab2e209b536b43699e2f85e0fa513d0d0482a Mon Sep 17 00:00:00 2001
From: Beisi Zhou <zazbs@qq.com>
Date: Tue, 15 Aug 2023 09:05:11 +0800
Subject: [PATCH 1/2] Add live tests for MHSM Settings

---
 .../TestSetting.ps1                           |   7 +-
 .../LiveTests/TestLiveScenarios.ps1           | 422 +++++++++---------
 .../Setting/UpdateAzKeyVaultSetting.cs        |   5 +-
 3 files changed, 218 insertions(+), 216 deletions(-)

diff --git a/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/TestSetting.ps1 b/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/TestSetting.ps1
index b1db4d1a6381..b6f6c3a7720e 100644
--- a/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/TestSetting.ps1
+++ b/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/TestSetting.ps1
@@ -5,11 +5,10 @@ Invoke-LiveTestScenario -Name "Get and update key vault setting in a MSHM" -Desc
     $rgName = $rg.ResourceGroupName
     $hsmName = "bezmhsm" + (New-LiveTestRandomName -Option AllNumbers)
     $hsmLocation = 'eastus2euap'
-    $adminId = (Get-AzADUser -StartsWith Beisi).Id
+    $appId = (Get-AzContext).Account.Id
+    $adminId = (Get-AzADServicePrincipal -ApplicationId $appId).Id
     $hsmObject = New-AzKeyVaultManagedHsm -HsmName $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $adminId
-    Start-Sleep 1800
-    New-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName "Managed HSM Crypto User" -ObjectId $adminId
-    Export-AzKeyVaultSecurityDomain -Certificates "$PSScriptRoot\sd1.cer", "$PSScriptRoot\sd2.cer", "$PSScriptRoot\sd3.cer" -Quorum 2 -OutputPath $PSScriptRoot/sd.ps.json -Name $hsmName
+    Export-AzKeyVaultSecurityDomain -Certificates "$PSScriptRoot\sd1.cer", "$PSScriptRoot\sd2.cer", "$PSScriptRoot\sd3.cer" -Quorum 2 -OutputPath $PSScriptRoot/sd.ps.json -Name $hsmName -Force
     $setting = $hsmObject | Get-AzKeyVaultSetting -Name "AllowKeyManagementOperationsThroughARM"
     $updatedSetting= $setting | Update-AzKeyVaultSetting -Value true -PassThru
     Assert-AreEqual $updatedSetting.Value "true"
diff --git a/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1 b/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1
index 89623925de63..a23b5f914ba5 100644
--- a/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1
+++ b/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1
@@ -1,211 +1,211 @@
-Invoke-LiveTestScenario -Name "Create new standard key vault" -Description "Test creating a new standard key vault with all default values" -ScenarioScript `
-{
-    param ($rg)
-
-    $rgName = $rg.ResourceGroupName
-    $vaultName = New-LiveTestResourceName
-    $vaultLocation = "westus"
-
-    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-    $actual = Get-AzKeyVault -ResourceGroupName $rgName -VaultName $vaultName
-    Assert-AreEqual $vaultName $actual.VaultName
-    Assert-AreEqual $rgName $actual.ResourceGroupName
-    Assert-AreEqual $vaultLocation $actual.Location
-    Assert-AreEqual "Standard" $actual.Sku
-    Assert-AreEqual $false $actual.EnabledForDeployment
-    Assert-True { $actual.EnableSoftDelete } "By default EnableSoftDelete should be true"
-    Assert-Null $actual.EnablePurgeProtection "By default EnablePurgeProtection should be null"
-    Assert-False { $actual.EnableRbacAuthorization } "By default EnableRbacAuthorization should be false"
-    Assert-AreEqual 90 $actual.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
-}
-
-Invoke-LiveTestScenario -Name "Create new premium key vault" -Description "Test creating a new premium key vault with all default values" -ScenarioScript `
-{
-    param ($rg)
-
-    $rgName = $rg.ResourceGroupName
-    $vaultName = New-LiveTestResourceName
-    $vaultLocation = "eastus"
-
-    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -Sku premium -EnabledForDeployment
-    $actual = Get-AzKeyVault -ResourceGroupName $rgName -VaultName $vaultName
-    Assert-AreEqual $vaultName $actual.VaultName
-    Assert-AreEqual $rgName $actual.ResourceGroupName
-    Assert-AreEqual $vaultLocation $actual.Location
-    Assert-AreEqual "Premium" $actual.Sku
-    Assert-AreEqual $true $actual.EnabledForDeployment
-}
-
-Invoke-LiveTestScenario -Name "Update key vault" -Description "Test updating properties EnableRbacAuthorization and Tag for existing key vault" -ScenarioScript `
-{
-    param ($rg)
-
-    $rgName = $rg.ResourceGroupName
-    $vaultName = New-LiveTestResourceName
-    $vaultLocation = "eastus"
-
-    # Update EnableRbacAuthorization
-    $vault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-
-    $vault = $vault | Update-AzKeyVault -EnableRbacAuthorization $false
-    Assert-False { $vault.EnableRbacAuthorization } "EnableRbacAuthorization should be false"
-
-    # Update Tags
-    $vault = $vault | Update-AzKeyVault -Tag @{ key = "value" }
-    Assert-AreEqual 1 $vault.Tags.Count "Tags should contain a key-value pair (key, value)"
-    Assert-True { $vault.Tags.Contains("key") } "Tags should contain a key-value pair (key, value)"
-    Assert-AreEqual "value" $vault.Tags["key"] "Tags should contain a key-value pair (key, value)"
-
-    # Clean Tags
-    $vault = $vault | Update-AzKeyVault -Tag @{}
-    Assert-AreEqual 0 $vault.Tags.Count "Tags should be empty"
-}
-
-Invoke-LiveTestScenario -Name "Delete key vault" -Description "Test deleting key vault" -ScenarioScript `
-{
-    param ($rg)
-
-    $rgName = $rg.ResourceGroupName
-    $vaultName = New-LiveTestResourceName
-    $vaultLocation = "westus"
-
-    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgname -Location $vaultLocation
-    Remove-AzKeyVault -VaultName $vaultName -Force
-
-    $deletedVault = Get-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName
-    Assert-Null $deletedVault
-
-    # purge deleted vault
-    Remove-AzKeyVault -VaultName $vaultName -Location $vaultLocation -InRemovedState -Force
-}
-
-Invoke-LiveTestScenario -Name "Create key vault secret" -Description "Test creating a key vault secret" -ScenarioScript `
-{
-    param ($rg)
-
-    $rgName = $rg.ResourceGroupName
-    $vaultName = New-LiveTestResourceName
-    $vaultLocation = "eastus"
-    $secretName = New-LiveTestResourceName
-
-    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-    $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
-    $objectId = $sp.Id
-    Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
-
-    $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
-    Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
-
-    $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
-    Assert-NotNull $actual
-    Assert-AreEqual $vaultName $actual.VaultName
-    Assert-AreEqual $secretName $actual.Name
-}
-
-Invoke-LiveTestScenario -Name "Create key vault secret with multi-versions" -Description "Test creating a key vault secret with multiple versions" -ScenarioScript `
-{
-    param ($rg)
-
-    $rgName = $rg.ResourceGroupName
-    $vaultName = New-LiveTestResourceName
-    $vaultLocation = "westus"
-    $secretName = New-LiveTestResourceName
-
-    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-    $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
-    $objectId = $sp.Id
-    Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
-
-    $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
-    Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
-    Set-AzKeyVaultSecret -VaultName $vaultName -name $secretName -SecretValue $secretValue
-
-    $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -IncludeVersions -ErrorAction SilentlyContinue
-    Assert-NotNull $actual
-    Assert-AreEqual 2 $actual.Count
-}
-
-Invoke-LiveTestScenario -Name "Update key vault secret attributes" -Description "Test updating attributes of a key vault secret" -ScenarioScript `
-{
-    param ($rg)
-
-    $rgName = $rg.ResourceGroupName
-    $vaultName = New-LiveTestResourceName
-    $vaultLocation = "westus"
-    $secretName = New-LiveTestResourceName
-
-    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-    $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
-    $objectId = $sp.Id
-    Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
-
-    $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
-    Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
-
-    $exp = (Get-Date).AddYears(1).ToUniversalTime()
-    $nbf = (Get-Date).ToUniversalTime()
-    $ctp= "text"
-    $tags = @{ "Severity" = "low" }
-    Update-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -NotBefore $nbf -Expires $exp -ContentType $ctp -Tag $tags -Enable $true
-
-    $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
-    Assert-NotNull $actual
-    Assert-AreEqual $true $actual.Enabled
-    Assert-AreEqual $ctp $actual.ContentType
-}
-
-Invoke-LiveTestScenario -Name "Remove key vault secret" -Description "Test removing a key vault secret" -ScenarioScript `
-{
-    param ($rg)
-
-    $rgName = $rg.ResourceGroupName
-    $vaultName = New-LiveTestResourceName
-    $vaultLocation = "eastus"
-    $secretName = New-LiveTestResourceName
-
-    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-    $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
-    $objectId = $sp.Id
-    Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list, delete
-
-    $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
-    Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
-
-    Remove-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -Force
-
-    $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
-    Assert-Null $actual
-}
-
-Invoke-LiveTestScenario -Name "Backup and restore key vault secret" -Description "Test backing up and restoring a key vault secret" -ScenarioScript `
-{
-    param ($rg)
-
-    $rgName = $rg.ResourceGroupName
-    $vaultName1 = New-LiveTestResourceName
-    $vaultName2 = New-LiveTestResourceName
-    $vaultLocation = "eastus"
-    $secretName = New-LiveTestResourceName
-
-    New-AzKeyVault -VaultName $vaultName1 -ResourceGroupName $rgName -Location $vaultLocation
-    New-AzKeyVault -VaultName $vaultName2 -ResourceGroupName $rgName -Location $vaultLocation
-    $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
-    $objectId = $sp.Id
-    Set-AzKeyVaultAccessPolicy -VaultName $vaultName1 -ObjectId $objectId -PermissionsToSecrets get, set, list, backup
-    Set-AzKeyVaultAccessPolicy -VaultName $vaultName2 -ObjectId $objectId -PermissionsToSecrets get, set, list, restore
-
-    $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
-    Set-AzKeyVaultSecret -VaultName $vaultName1 -Name $secretName -SecretValue $secretValue
-
-    Backup-AzKeyVaultSecret -VaultName $vaultName1 -Name $secretName -OutputFile "SecretBackup.blob" -Force
-
-    Restore-AzKeyVaultSecret -VaultName $vaultName2 -InputFile "SecretBackup.blob"
-
-    $actual = Get-AzKeyVaultSecret -VaultName $vaultName2 -Name $secretName -ErrorAction SilentlyContinue
-    Assert-NotNull $actual
-    Assert-AreEqual $vaultName2 $actual.VaultName
-    Assert-AreEqual $secretName $actual.Name
-}
-
-& "$PSScriptRoot\KeyVaultDataPlaneLiveTests\TestNetworkRuleSet.ps1"
-# & "$PSScriptRoot\ManagedHsmDataPlaneLiveTests\TestSetting.ps1"
\ No newline at end of file
+# Invoke-LiveTestScenario -Name "Create new standard key vault" -Description "Test creating a new standard key vault with all default values" -ScenarioScript `
+# {
+#     param ($rg)
+
+#     $rgName = $rg.ResourceGroupName
+#     $vaultName = New-LiveTestResourceName
+#     $vaultLocation = "westus"
+
+#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+#     $actual = Get-AzKeyVault -ResourceGroupName $rgName -VaultName $vaultName
+#     Assert-AreEqual $vaultName $actual.VaultName
+#     Assert-AreEqual $rgName $actual.ResourceGroupName
+#     Assert-AreEqual $vaultLocation $actual.Location
+#     Assert-AreEqual "Standard" $actual.Sku
+#     Assert-AreEqual $false $actual.EnabledForDeployment
+#     Assert-True { $actual.EnableSoftDelete } "By default EnableSoftDelete should be true"
+#     Assert-Null $actual.EnablePurgeProtection "By default EnablePurgeProtection should be null"
+#     Assert-False { $actual.EnableRbacAuthorization } "By default EnableRbacAuthorization should be false"
+#     Assert-AreEqual 90 $actual.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
+# }
+
+# Invoke-LiveTestScenario -Name "Create new premium key vault" -Description "Test creating a new premium key vault with all default values" -ScenarioScript `
+# {
+#     param ($rg)
+
+#     $rgName = $rg.ResourceGroupName
+#     $vaultName = New-LiveTestResourceName
+#     $vaultLocation = "eastus"
+
+#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -Sku premium -EnabledForDeployment
+#     $actual = Get-AzKeyVault -ResourceGroupName $rgName -VaultName $vaultName
+#     Assert-AreEqual $vaultName $actual.VaultName
+#     Assert-AreEqual $rgName $actual.ResourceGroupName
+#     Assert-AreEqual $vaultLocation $actual.Location
+#     Assert-AreEqual "Premium" $actual.Sku
+#     Assert-AreEqual $true $actual.EnabledForDeployment
+# }
+
+# Invoke-LiveTestScenario -Name "Update key vault" -Description "Test updating properties EnableRbacAuthorization and Tag for existing key vault" -ScenarioScript `
+# {
+#     param ($rg)
+
+#     $rgName = $rg.ResourceGroupName
+#     $vaultName = New-LiveTestResourceName
+#     $vaultLocation = "eastus"
+
+#     # Update EnableRbacAuthorization
+#     $vault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+
+#     $vault = $vault | Update-AzKeyVault -EnableRbacAuthorization $false
+#     Assert-False { $vault.EnableRbacAuthorization } "EnableRbacAuthorization should be false"
+
+#     # Update Tags
+#     $vault = $vault | Update-AzKeyVault -Tag @{ key = "value" }
+#     Assert-AreEqual 1 $vault.Tags.Count "Tags should contain a key-value pair (key, value)"
+#     Assert-True { $vault.Tags.Contains("key") } "Tags should contain a key-value pair (key, value)"
+#     Assert-AreEqual "value" $vault.Tags["key"] "Tags should contain a key-value pair (key, value)"
+
+#     # Clean Tags
+#     $vault = $vault | Update-AzKeyVault -Tag @{}
+#     Assert-AreEqual 0 $vault.Tags.Count "Tags should be empty"
+# }
+
+# Invoke-LiveTestScenario -Name "Delete key vault" -Description "Test deleting key vault" -ScenarioScript `
+# {
+#     param ($rg)
+
+#     $rgName = $rg.ResourceGroupName
+#     $vaultName = New-LiveTestResourceName
+#     $vaultLocation = "westus"
+
+#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgname -Location $vaultLocation
+#     Remove-AzKeyVault -VaultName $vaultName -Force
+
+#     $deletedVault = Get-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName
+#     Assert-Null $deletedVault
+
+#     # purge deleted vault
+#     Remove-AzKeyVault -VaultName $vaultName -Location $vaultLocation -InRemovedState -Force
+# }
+
+# Invoke-LiveTestScenario -Name "Create key vault secret" -Description "Test creating a key vault secret" -ScenarioScript `
+# {
+#     param ($rg)
+
+#     $rgName = $rg.ResourceGroupName
+#     $vaultName = New-LiveTestResourceName
+#     $vaultLocation = "eastus"
+#     $secretName = New-LiveTestResourceName
+
+#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+#     $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
+#     $objectId = $sp.Id
+#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
+
+#     $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
+#     Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
+
+#     $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
+#     Assert-NotNull $actual
+#     Assert-AreEqual $vaultName $actual.VaultName
+#     Assert-AreEqual $secretName $actual.Name
+# }
+
+# Invoke-LiveTestScenario -Name "Create key vault secret with multi-versions" -Description "Test creating a key vault secret with multiple versions" -ScenarioScript `
+# {
+#     param ($rg)
+
+#     $rgName = $rg.ResourceGroupName
+#     $vaultName = New-LiveTestResourceName
+#     $vaultLocation = "westus"
+#     $secretName = New-LiveTestResourceName
+
+#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+#     $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
+#     $objectId = $sp.Id
+#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
+
+#     $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
+#     Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
+#     Set-AzKeyVaultSecret -VaultName $vaultName -name $secretName -SecretValue $secretValue
+
+#     $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -IncludeVersions -ErrorAction SilentlyContinue
+#     Assert-NotNull $actual
+#     Assert-AreEqual 2 $actual.Count
+# }
+
+# Invoke-LiveTestScenario -Name "Update key vault secret attributes" -Description "Test updating attributes of a key vault secret" -ScenarioScript `
+# {
+#     param ($rg)
+
+#     $rgName = $rg.ResourceGroupName
+#     $vaultName = New-LiveTestResourceName
+#     $vaultLocation = "westus"
+#     $secretName = New-LiveTestResourceName
+
+#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+#     $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
+#     $objectId = $sp.Id
+#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
+
+#     $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
+#     Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
+
+#     $exp = (Get-Date).AddYears(1).ToUniversalTime()
+#     $nbf = (Get-Date).ToUniversalTime()
+#     $ctp= "text"
+#     $tags = @{ "Severity" = "low" }
+#     Update-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -NotBefore $nbf -Expires $exp -ContentType $ctp -Tag $tags -Enable $true
+
+#     $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
+#     Assert-NotNull $actual
+#     Assert-AreEqual $true $actual.Enabled
+#     Assert-AreEqual $ctp $actual.ContentType
+# }
+
+# Invoke-LiveTestScenario -Name "Remove key vault secret" -Description "Test removing a key vault secret" -ScenarioScript `
+# {
+#     param ($rg)
+
+#     $rgName = $rg.ResourceGroupName
+#     $vaultName = New-LiveTestResourceName
+#     $vaultLocation = "eastus"
+#     $secretName = New-LiveTestResourceName
+
+#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+#     $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
+#     $objectId = $sp.Id
+#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list, delete
+
+#     $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
+#     Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
+
+#     Remove-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -Force
+
+#     $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
+#     Assert-Null $actual
+# }
+
+# Invoke-LiveTestScenario -Name "Backup and restore key vault secret" -Description "Test backing up and restoring a key vault secret" -ScenarioScript `
+# {
+#     param ($rg)
+
+#     $rgName = $rg.ResourceGroupName
+#     $vaultName1 = New-LiveTestResourceName
+#     $vaultName2 = New-LiveTestResourceName
+#     $vaultLocation = "eastus"
+#     $secretName = New-LiveTestResourceName
+
+#     New-AzKeyVault -VaultName $vaultName1 -ResourceGroupName $rgName -Location $vaultLocation
+#     New-AzKeyVault -VaultName $vaultName2 -ResourceGroupName $rgName -Location $vaultLocation
+#     $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
+#     $objectId = $sp.Id
+#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName1 -ObjectId $objectId -PermissionsToSecrets get, set, list, backup
+#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName2 -ObjectId $objectId -PermissionsToSecrets get, set, list, restore
+
+#     $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
+#     Set-AzKeyVaultSecret -VaultName $vaultName1 -Name $secretName -SecretValue $secretValue
+
+#     Backup-AzKeyVaultSecret -VaultName $vaultName1 -Name $secretName -OutputFile "SecretBackup.blob" -Force
+
+#     Restore-AzKeyVaultSecret -VaultName $vaultName2 -InputFile "SecretBackup.blob"
+
+#     $actual = Get-AzKeyVaultSecret -VaultName $vaultName2 -Name $secretName -ErrorAction SilentlyContinue
+#     Assert-NotNull $actual
+#     Assert-AreEqual $vaultName2 $actual.VaultName
+#     Assert-AreEqual $secretName $actual.Name
+# }
+
+# & "$PSScriptRoot\KeyVaultDataPlaneLiveTests\TestNetworkRuleSet.ps1"
+& "$PSScriptRoot\ManagedHsmDataPlaneLiveTests\TestSetting.ps1"
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Commands/Setting/UpdateAzKeyVaultSetting.cs b/src/KeyVault/KeyVault/Commands/Setting/UpdateAzKeyVaultSetting.cs
index 98cac3956bb3..d795240484a6 100644
--- a/src/KeyVault/KeyVault/Commands/Setting/UpdateAzKeyVaultSetting.cs
+++ b/src/KeyVault/KeyVault/Commands/Setting/UpdateAzKeyVaultSetting.cs
@@ -111,7 +111,10 @@ private void NormalizeParameterSets()
                     HsmName = HsmObject.VaultName; 
                     break;
                 case UpdateSettingViaInputObjectParameterSet:
-                    InputObject.HsmName = HsmName;
+                    if (this.IsParameterBound(c => c.HsmName))
+                    {
+                        InputObject.HsmName = HsmName;
+                    }
                     break;
             }
             if (!ParameterSetName.Equals(UpdateSettingViaInputObjectParameterSet))

From 6d91b5948be9f454c45d907db90343f0fc490a2b Mon Sep 17 00:00:00 2001
From: Beisi Zhou <zazbs@qq.com>
Date: Tue, 15 Aug 2023 09:06:47 +0800
Subject: [PATCH 2/2] enable all test cases

---
 .../LiveTests/TestLiveScenarios.ps1           | 420 +++++++++---------
 1 file changed, 210 insertions(+), 210 deletions(-)

diff --git a/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1 b/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1
index a23b5f914ba5..f065d688d7d2 100644
--- a/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1
+++ b/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1
@@ -1,211 +1,211 @@
-# Invoke-LiveTestScenario -Name "Create new standard key vault" -Description "Test creating a new standard key vault with all default values" -ScenarioScript `
-# {
-#     param ($rg)
-
-#     $rgName = $rg.ResourceGroupName
-#     $vaultName = New-LiveTestResourceName
-#     $vaultLocation = "westus"
-
-#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-#     $actual = Get-AzKeyVault -ResourceGroupName $rgName -VaultName $vaultName
-#     Assert-AreEqual $vaultName $actual.VaultName
-#     Assert-AreEqual $rgName $actual.ResourceGroupName
-#     Assert-AreEqual $vaultLocation $actual.Location
-#     Assert-AreEqual "Standard" $actual.Sku
-#     Assert-AreEqual $false $actual.EnabledForDeployment
-#     Assert-True { $actual.EnableSoftDelete } "By default EnableSoftDelete should be true"
-#     Assert-Null $actual.EnablePurgeProtection "By default EnablePurgeProtection should be null"
-#     Assert-False { $actual.EnableRbacAuthorization } "By default EnableRbacAuthorization should be false"
-#     Assert-AreEqual 90 $actual.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
-# }
-
-# Invoke-LiveTestScenario -Name "Create new premium key vault" -Description "Test creating a new premium key vault with all default values" -ScenarioScript `
-# {
-#     param ($rg)
-
-#     $rgName = $rg.ResourceGroupName
-#     $vaultName = New-LiveTestResourceName
-#     $vaultLocation = "eastus"
-
-#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -Sku premium -EnabledForDeployment
-#     $actual = Get-AzKeyVault -ResourceGroupName $rgName -VaultName $vaultName
-#     Assert-AreEqual $vaultName $actual.VaultName
-#     Assert-AreEqual $rgName $actual.ResourceGroupName
-#     Assert-AreEqual $vaultLocation $actual.Location
-#     Assert-AreEqual "Premium" $actual.Sku
-#     Assert-AreEqual $true $actual.EnabledForDeployment
-# }
-
-# Invoke-LiveTestScenario -Name "Update key vault" -Description "Test updating properties EnableRbacAuthorization and Tag for existing key vault" -ScenarioScript `
-# {
-#     param ($rg)
-
-#     $rgName = $rg.ResourceGroupName
-#     $vaultName = New-LiveTestResourceName
-#     $vaultLocation = "eastus"
-
-#     # Update EnableRbacAuthorization
-#     $vault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-
-#     $vault = $vault | Update-AzKeyVault -EnableRbacAuthorization $false
-#     Assert-False { $vault.EnableRbacAuthorization } "EnableRbacAuthorization should be false"
-
-#     # Update Tags
-#     $vault = $vault | Update-AzKeyVault -Tag @{ key = "value" }
-#     Assert-AreEqual 1 $vault.Tags.Count "Tags should contain a key-value pair (key, value)"
-#     Assert-True { $vault.Tags.Contains("key") } "Tags should contain a key-value pair (key, value)"
-#     Assert-AreEqual "value" $vault.Tags["key"] "Tags should contain a key-value pair (key, value)"
-
-#     # Clean Tags
-#     $vault = $vault | Update-AzKeyVault -Tag @{}
-#     Assert-AreEqual 0 $vault.Tags.Count "Tags should be empty"
-# }
-
-# Invoke-LiveTestScenario -Name "Delete key vault" -Description "Test deleting key vault" -ScenarioScript `
-# {
-#     param ($rg)
-
-#     $rgName = $rg.ResourceGroupName
-#     $vaultName = New-LiveTestResourceName
-#     $vaultLocation = "westus"
-
-#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgname -Location $vaultLocation
-#     Remove-AzKeyVault -VaultName $vaultName -Force
-
-#     $deletedVault = Get-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName
-#     Assert-Null $deletedVault
-
-#     # purge deleted vault
-#     Remove-AzKeyVault -VaultName $vaultName -Location $vaultLocation -InRemovedState -Force
-# }
-
-# Invoke-LiveTestScenario -Name "Create key vault secret" -Description "Test creating a key vault secret" -ScenarioScript `
-# {
-#     param ($rg)
-
-#     $rgName = $rg.ResourceGroupName
-#     $vaultName = New-LiveTestResourceName
-#     $vaultLocation = "eastus"
-#     $secretName = New-LiveTestResourceName
-
-#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-#     $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
-#     $objectId = $sp.Id
-#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
-
-#     $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
-#     Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
-
-#     $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
-#     Assert-NotNull $actual
-#     Assert-AreEqual $vaultName $actual.VaultName
-#     Assert-AreEqual $secretName $actual.Name
-# }
-
-# Invoke-LiveTestScenario -Name "Create key vault secret with multi-versions" -Description "Test creating a key vault secret with multiple versions" -ScenarioScript `
-# {
-#     param ($rg)
-
-#     $rgName = $rg.ResourceGroupName
-#     $vaultName = New-LiveTestResourceName
-#     $vaultLocation = "westus"
-#     $secretName = New-LiveTestResourceName
-
-#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-#     $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
-#     $objectId = $sp.Id
-#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
-
-#     $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
-#     Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
-#     Set-AzKeyVaultSecret -VaultName $vaultName -name $secretName -SecretValue $secretValue
-
-#     $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -IncludeVersions -ErrorAction SilentlyContinue
-#     Assert-NotNull $actual
-#     Assert-AreEqual 2 $actual.Count
-# }
-
-# Invoke-LiveTestScenario -Name "Update key vault secret attributes" -Description "Test updating attributes of a key vault secret" -ScenarioScript `
-# {
-#     param ($rg)
-
-#     $rgName = $rg.ResourceGroupName
-#     $vaultName = New-LiveTestResourceName
-#     $vaultLocation = "westus"
-#     $secretName = New-LiveTestResourceName
-
-#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-#     $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
-#     $objectId = $sp.Id
-#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
-
-#     $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
-#     Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
-
-#     $exp = (Get-Date).AddYears(1).ToUniversalTime()
-#     $nbf = (Get-Date).ToUniversalTime()
-#     $ctp= "text"
-#     $tags = @{ "Severity" = "low" }
-#     Update-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -NotBefore $nbf -Expires $exp -ContentType $ctp -Tag $tags -Enable $true
-
-#     $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
-#     Assert-NotNull $actual
-#     Assert-AreEqual $true $actual.Enabled
-#     Assert-AreEqual $ctp $actual.ContentType
-# }
-
-# Invoke-LiveTestScenario -Name "Remove key vault secret" -Description "Test removing a key vault secret" -ScenarioScript `
-# {
-#     param ($rg)
-
-#     $rgName = $rg.ResourceGroupName
-#     $vaultName = New-LiveTestResourceName
-#     $vaultLocation = "eastus"
-#     $secretName = New-LiveTestResourceName
-
-#     New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
-#     $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
-#     $objectId = $sp.Id
-#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list, delete
-
-#     $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
-#     Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
-
-#     Remove-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -Force
-
-#     $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
-#     Assert-Null $actual
-# }
-
-# Invoke-LiveTestScenario -Name "Backup and restore key vault secret" -Description "Test backing up and restoring a key vault secret" -ScenarioScript `
-# {
-#     param ($rg)
-
-#     $rgName = $rg.ResourceGroupName
-#     $vaultName1 = New-LiveTestResourceName
-#     $vaultName2 = New-LiveTestResourceName
-#     $vaultLocation = "eastus"
-#     $secretName = New-LiveTestResourceName
-
-#     New-AzKeyVault -VaultName $vaultName1 -ResourceGroupName $rgName -Location $vaultLocation
-#     New-AzKeyVault -VaultName $vaultName2 -ResourceGroupName $rgName -Location $vaultLocation
-#     $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
-#     $objectId = $sp.Id
-#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName1 -ObjectId $objectId -PermissionsToSecrets get, set, list, backup
-#     Set-AzKeyVaultAccessPolicy -VaultName $vaultName2 -ObjectId $objectId -PermissionsToSecrets get, set, list, restore
-
-#     $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
-#     Set-AzKeyVaultSecret -VaultName $vaultName1 -Name $secretName -SecretValue $secretValue
-
-#     Backup-AzKeyVaultSecret -VaultName $vaultName1 -Name $secretName -OutputFile "SecretBackup.blob" -Force
-
-#     Restore-AzKeyVaultSecret -VaultName $vaultName2 -InputFile "SecretBackup.blob"
-
-#     $actual = Get-AzKeyVaultSecret -VaultName $vaultName2 -Name $secretName -ErrorAction SilentlyContinue
-#     Assert-NotNull $actual
-#     Assert-AreEqual $vaultName2 $actual.VaultName
-#     Assert-AreEqual $secretName $actual.Name
-# }
-
-# & "$PSScriptRoot\KeyVaultDataPlaneLiveTests\TestNetworkRuleSet.ps1"
+Invoke-LiveTestScenario -Name "Create new standard key vault" -Description "Test creating a new standard key vault with all default values" -ScenarioScript `
+{
+    param ($rg)
+
+    $rgName = $rg.ResourceGroupName
+    $vaultName = New-LiveTestResourceName
+    $vaultLocation = "westus"
+
+    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+    $actual = Get-AzKeyVault -ResourceGroupName $rgName -VaultName $vaultName
+    Assert-AreEqual $vaultName $actual.VaultName
+    Assert-AreEqual $rgName $actual.ResourceGroupName
+    Assert-AreEqual $vaultLocation $actual.Location
+    Assert-AreEqual "Standard" $actual.Sku
+    Assert-AreEqual $false $actual.EnabledForDeployment
+    Assert-True { $actual.EnableSoftDelete } "By default EnableSoftDelete should be true"
+    Assert-Null $actual.EnablePurgeProtection "By default EnablePurgeProtection should be null"
+    Assert-False { $actual.EnableRbacAuthorization } "By default EnableRbacAuthorization should be false"
+    Assert-AreEqual 90 $actual.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
+}
+
+Invoke-LiveTestScenario -Name "Create new premium key vault" -Description "Test creating a new premium key vault with all default values" -ScenarioScript `
+{
+    param ($rg)
+
+    $rgName = $rg.ResourceGroupName
+    $vaultName = New-LiveTestResourceName
+    $vaultLocation = "eastus"
+
+    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -Sku premium -EnabledForDeployment
+    $actual = Get-AzKeyVault -ResourceGroupName $rgName -VaultName $vaultName
+    Assert-AreEqual $vaultName $actual.VaultName
+    Assert-AreEqual $rgName $actual.ResourceGroupName
+    Assert-AreEqual $vaultLocation $actual.Location
+    Assert-AreEqual "Premium" $actual.Sku
+    Assert-AreEqual $true $actual.EnabledForDeployment
+}
+
+Invoke-LiveTestScenario -Name "Update key vault" -Description "Test updating properties EnableRbacAuthorization and Tag for existing key vault" -ScenarioScript `
+{
+    param ($rg)
+
+    $rgName = $rg.ResourceGroupName
+    $vaultName = New-LiveTestResourceName
+    $vaultLocation = "eastus"
+
+    # Update EnableRbacAuthorization
+    $vault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+
+    $vault = $vault | Update-AzKeyVault -EnableRbacAuthorization $false
+    Assert-False { $vault.EnableRbacAuthorization } "EnableRbacAuthorization should be false"
+
+    # Update Tags
+    $vault = $vault | Update-AzKeyVault -Tag @{ key = "value" }
+    Assert-AreEqual 1 $vault.Tags.Count "Tags should contain a key-value pair (key, value)"
+    Assert-True { $vault.Tags.Contains("key") } "Tags should contain a key-value pair (key, value)"
+    Assert-AreEqual "value" $vault.Tags["key"] "Tags should contain a key-value pair (key, value)"
+
+    # Clean Tags
+    $vault = $vault | Update-AzKeyVault -Tag @{}
+    Assert-AreEqual 0 $vault.Tags.Count "Tags should be empty"
+}
+
+Invoke-LiveTestScenario -Name "Delete key vault" -Description "Test deleting key vault" -ScenarioScript `
+{
+    param ($rg)
+
+    $rgName = $rg.ResourceGroupName
+    $vaultName = New-LiveTestResourceName
+    $vaultLocation = "westus"
+
+    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgname -Location $vaultLocation
+    Remove-AzKeyVault -VaultName $vaultName -Force
+
+    $deletedVault = Get-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName
+    Assert-Null $deletedVault
+
+    # purge deleted vault
+    Remove-AzKeyVault -VaultName $vaultName -Location $vaultLocation -InRemovedState -Force
+}
+
+Invoke-LiveTestScenario -Name "Create key vault secret" -Description "Test creating a key vault secret" -ScenarioScript `
+{
+    param ($rg)
+
+    $rgName = $rg.ResourceGroupName
+    $vaultName = New-LiveTestResourceName
+    $vaultLocation = "eastus"
+    $secretName = New-LiveTestResourceName
+
+    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+    $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
+    $objectId = $sp.Id
+    Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
+
+    $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
+    Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
+
+    $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
+    Assert-NotNull $actual
+    Assert-AreEqual $vaultName $actual.VaultName
+    Assert-AreEqual $secretName $actual.Name
+}
+
+Invoke-LiveTestScenario -Name "Create key vault secret with multi-versions" -Description "Test creating a key vault secret with multiple versions" -ScenarioScript `
+{
+    param ($rg)
+
+    $rgName = $rg.ResourceGroupName
+    $vaultName = New-LiveTestResourceName
+    $vaultLocation = "westus"
+    $secretName = New-LiveTestResourceName
+
+    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+    $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
+    $objectId = $sp.Id
+    Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
+
+    $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
+    Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
+    Set-AzKeyVaultSecret -VaultName $vaultName -name $secretName -SecretValue $secretValue
+
+    $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -IncludeVersions -ErrorAction SilentlyContinue
+    Assert-NotNull $actual
+    Assert-AreEqual 2 $actual.Count
+}
+
+Invoke-LiveTestScenario -Name "Update key vault secret attributes" -Description "Test updating attributes of a key vault secret" -ScenarioScript `
+{
+    param ($rg)
+
+    $rgName = $rg.ResourceGroupName
+    $vaultName = New-LiveTestResourceName
+    $vaultLocation = "westus"
+    $secretName = New-LiveTestResourceName
+
+    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+    $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
+    $objectId = $sp.Id
+    Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list
+
+    $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
+    Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
+
+    $exp = (Get-Date).AddYears(1).ToUniversalTime()
+    $nbf = (Get-Date).ToUniversalTime()
+    $ctp= "text"
+    $tags = @{ "Severity" = "low" }
+    Update-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -NotBefore $nbf -Expires $exp -ContentType $ctp -Tag $tags -Enable $true
+
+    $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
+    Assert-NotNull $actual
+    Assert-AreEqual $true $actual.Enabled
+    Assert-AreEqual $ctp $actual.ContentType
+}
+
+Invoke-LiveTestScenario -Name "Remove key vault secret" -Description "Test removing a key vault secret" -ScenarioScript `
+{
+    param ($rg)
+
+    $rgName = $rg.ResourceGroupName
+    $vaultName = New-LiveTestResourceName
+    $vaultLocation = "eastus"
+    $secretName = New-LiveTestResourceName
+
+    New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation
+    $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
+    $objectId = $sp.Id
+    Set-AzKeyVaultAccessPolicy -VaultName $vaultName -ObjectId $objectId -PermissionsToSecrets get, set, list, delete
+
+    $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
+    Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretValue
+
+    Remove-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -Force
+
+    $actual = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -ErrorAction SilentlyContinue
+    Assert-Null $actual
+}
+
+Invoke-LiveTestScenario -Name "Backup and restore key vault secret" -Description "Test backing up and restoring a key vault secret" -ScenarioScript `
+{
+    param ($rg)
+
+    $rgName = $rg.ResourceGroupName
+    $vaultName1 = New-LiveTestResourceName
+    $vaultName2 = New-LiveTestResourceName
+    $vaultLocation = "eastus"
+    $secretName = New-LiveTestResourceName
+
+    New-AzKeyVault -VaultName $vaultName1 -ResourceGroupName $rgName -Location $vaultLocation
+    New-AzKeyVault -VaultName $vaultName2 -ResourceGroupName $rgName -Location $vaultLocation
+    $sp = Get-AzADServicePrincipal -ApplicationId (Get-AzContext).Account.Id
+    $objectId = $sp.Id
+    Set-AzKeyVaultAccessPolicy -VaultName $vaultName1 -ObjectId $objectId -PermissionsToSecrets get, set, list, backup
+    Set-AzKeyVaultAccessPolicy -VaultName $vaultName2 -ObjectId $objectId -PermissionsToSecrets get, set, list, restore
+
+    $secretValue = ConvertTo-SecureString -String 'Password' -AsPlainText -Force
+    Set-AzKeyVaultSecret -VaultName $vaultName1 -Name $secretName -SecretValue $secretValue
+
+    Backup-AzKeyVaultSecret -VaultName $vaultName1 -Name $secretName -OutputFile "SecretBackup.blob" -Force
+
+    Restore-AzKeyVaultSecret -VaultName $vaultName2 -InputFile "SecretBackup.blob"
+
+    $actual = Get-AzKeyVaultSecret -VaultName $vaultName2 -Name $secretName -ErrorAction SilentlyContinue
+    Assert-NotNull $actual
+    Assert-AreEqual $vaultName2 $actual.VaultName
+    Assert-AreEqual $secretName $actual.Name
+}
+
+& "$PSScriptRoot\KeyVaultDataPlaneLiveTests\TestNetworkRuleSet.ps1"
 & "$PSScriptRoot\ManagedHsmDataPlaneLiveTests\TestSetting.ps1"
\ No newline at end of file