Upravit

Sdílet prostřednictvím


Update-AzKeyVaultNetworkRuleSet

Updates the network rule set on a key vault.

Syntax

Update-AzKeyVaultNetworkRuleSet
      [-VaultName] <String>
      [[-ResourceGroupName] <String>]
      [-DefaultAction <PSKeyVaultNetworkRuleDefaultActionEnum>]
      [-Bypass <PSKeyVaultNetworkRuleBypassEnum>]
      [-IpAddressRange <String[]>]
      [-VirtualNetworkResourceId <String[]>]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [-SubscriptionId <String>]
      [<CommonParameters>]
Update-AzKeyVaultNetworkRuleSet
      [-InputObject] <PSKeyVault>
      [-DefaultAction <PSKeyVaultNetworkRuleDefaultActionEnum>]
      [-Bypass <PSKeyVaultNetworkRuleBypassEnum>]
      [-IpAddressRange <String[]>]
      [-VirtualNetworkResourceId <String[]>]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [-SubscriptionId <String>]
      [<CommonParameters>]
Update-AzKeyVaultNetworkRuleSet
      [-ResourceId] <String>
      [-DefaultAction <PSKeyVaultNetworkRuleDefaultActionEnum>]
      [-Bypass <PSKeyVaultNetworkRuleBypassEnum>]
      [-IpAddressRange <String[]>]
      [-VirtualNetworkResourceId <String[]>]
      [-PassThru]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [-SubscriptionId <String>]
      [<CommonParameters>]

Description

The Update-AzKeyVaultNetworkRuleSet command updates the network rules in effect on the specified key vault.

Examples

Example 1

$frontendSubnet = New-AzVirtualNetworkSubnetConfig -Name frontendSubnet -AddressPrefix "10.0.1.0/24" -ServiceEndpoint Microsoft.KeyVault
$virtualNetwork = New-AzVirtualNetwork -Name myVNet -ResourceGroupName myRG -Location westus -AddressPrefix "10.0.0.0/16" -Subnet $frontendSubnet
$myNetworkResId = (Get-AzVirtualNetwork -Name myVNet -ResourceGroupName myRG).Subnets[0].Id
Update-AzKeyVaultNetworkRuleSet -VaultName 'myVault' -ResourceGroupName myRG -Bypass AzureServices -IpAddressRange "10.0.1.0/24" -VirtualNetworkResourceId $myNetworkResId -PassThru

Vault Name                       : myVault
Resource Group Name              : myRG
Location                         : West US
Resource ID                      : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers
                                   /Microsoft.KeyVault/vaults/myvault
Vault URI                        : https://myvault.vault.azure.net/
Tenant ID                        : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
SKU                              : Standard
Enabled For Deployment?          : False
Enabled For Template Deployment? : False
Enabled For Disk Encryption?     : False
Soft Delete Enabled?             :
Access Policies                  :
                                   Tenant ID                                  : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
                                   Object ID                                  : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
                                   Application ID                             :
                                   Display Name                               : User Name (username@microsoft.com)
                                   Permissions to Keys                        : get, create, delete, list, update,
                                   import, backup, restore, recover
                                   Permissions to Secrets                     : get, list, set, delete, backup,
                                   restore, recover
                                   Permissions to Certificates                : get, delete, list, create, import,
                                   update, deleteissuers, getissuers, listissuers, managecontacts, manageissuers,
                                   setissuers, recover, backup, restore
                                   Permissions to (Key Vault Managed) Storage : delete, deletesas, get, getsas, list,
                                   listsas, regeneratekey, set, setsas, update, recover, backup, restore


Network Rule Set                 :
                                   Default Action                             : Allow
                                   Bypass                                     : AzureServices
                                   IP Rules                                   : 10.0.1.0/24
                                   Virtual Network Rules                      : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-
                                   xxxxxxxxxxxxx/resourcegroups/myrg/providers/microsoft.network/virtualnetworks/myvn
                                   et/subnets/frontendsubnet

Tags                             :

This command updates the network ruleset on the vault named 'myVault' for the specified IP range and the virtual network, allowing bypassing of the network rule for Azure services.

Example 2

Updates the network rule set on a key vault. (autogenerated)

Update-AzKeyVaultNetworkRuleSet -DefaultAction Allow -VaultName 'myVault'

Parameters

-Bypass

Specifies bypass of network rule.

Type:Nullable<T>[PSKeyVaultNetworkRuleBypassEnum]
Accepted values:None, AzureServices
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultAction

Specifies default action of network rule.

Type:Nullable<T>[PSKeyVaultNetworkRuleDefaultActionEnum]
Accepted values:Allow, Deny
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

KeyVault object

Type:PSKeyVault
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-IpAddressRange

Specifies allowed network IP address range of network rule.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PassThru

This Cmdlet does not return an object by default. If this switch is specified, it returns the updated key vault object.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Specifies the name of the resource group associated with the key vault whose network rule is being modified.

Type:String
Position:1
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceId

KeyVault Resource Id

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-SubscriptionId

The ID of the subscription. By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user. Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-VaultName

Specifies the name of a key vault whose network rule is being modified.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-VirtualNetworkResourceId

Specifies allowed virtual network resource identifier of network rule.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSKeyVault

String

Nullable<T>[[Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultNetworkRuleDefaultActionEnum, Microsoft.Azure.PowerShell.Cmdlets.KeyVault, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]

Nullable<T>[[Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultNetworkRuleBypassEnum, Microsoft.Azure.PowerShell.Cmdlets.KeyVault, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]

Outputs

PSKeyVault