Added default access policies for Key Vault key as 'All but purge' (Azure#16820)

BethanyZhou · web-flow · commit 7e51c66654c3 · 2022-01-13T13:26:06.000+08:00
diff --git a/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj b/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj
@@ -13,7 +13,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.KeyVault.WebKey" Version="3.0.1" />
-    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.1.0-preview.2" />
+    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.1.0" />
     <PackageReference Include="Microsoft.Azure.Management.Network" Version="21.0.0" />
   </ItemGroup>
 
diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Added default access policies for Key Vault key as "All but purge"
 * Absorbed KeyOps from parameter when importing key from certificate on managed HSM [#16773]
 * Fixed a bug when updating key operations on managed HSM [#16774]
 * Fixed the issue when importing no-password certificate [#16742]
diff --git a/src/KeyVault/KeyVault/KeyVault.csproj b/src/KeyVault/KeyVault/KeyVault.csproj
@@ -17,7 +17,7 @@
     <PackageReference Include="Portable.BouncyCastle" Version="1.8.8" />
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.KeyVault.WebKey" Version="3.0.1" />
-    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.1.0-preview.2" />
+    <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.1.0" />
     <PackageReference Include="System.Security.Cryptography.Cng" Version="4.5.0" />
   </ItemGroup>
 
diff --git a/src/KeyVault/KeyVault/Models/KeyVaultManagementCmdletBase.cs b/src/KeyVault/KeyVault/Models/KeyVaultManagementCmdletBase.cs
@@ -357,17 +357,10 @@ protected bool IsValidObjectIdSyntax(string objectId)
             return DefaultProfile.DefaultContext.Environment.OnPremise || IsValidGUid(objectId);
         }
 
+        // All but purge
         protected readonly string[] DefaultPermissionsToKeys =
         {
-            KeyPerms.Get,
-            KeyPerms.Create,
-            KeyPerms.Delete,
-            KeyPerms.List,
-            KeyPerms.Update,
-            KeyPerms.Import,
-            KeyPerms.Backup,
-            KeyPerms.Restore,
-            KeyPerms.Recover
+            KeyPerms.All
         };
 
         protected readonly string[] DefaultPermissionsToSecrets =
