From 60a72ef7d2513202c712e3bd82732d18f342aa7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Thu, 3 Jun 2021 20:47:33 -0700 Subject: [PATCH 01/24] role_definition_name as kwarg --- .../administration/_access_control_client.py | 12 +++++++----- .../administration/aio/_access_control_client.py | 13 ++++++------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index d95dbc9382b1..229dea330aa9 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -112,17 +112,19 @@ def list_role_assignments(self, role_scope, **kwargs): ) @distributed_trace - def set_role_definition(self, role_scope, role_definition_name=None, **kwargs): - # type: (Union[str, KeyVaultRoleScope], Optional[Union[str, UUID]], **Any) -> KeyVaultRoleDefinition + def set_role_definition(self, role_scope, **kwargs): + # type: (Union[str, KeyVaultRoleScope], **Any) -> KeyVaultRoleDefinition """Creates or updates a custom role definition. + To update a role definition, provide the ``role_definition_name`` of the existing definition. + :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. :type role_scope: str or KeyVaultRoleScope - :param role_definition_name: the unique role definition name. Unless a UUID is provided, a new role definition + :keyword role_definition_name: the unique role definition name. Unless a UUID is provided, a new role definition will be created with a generated unique name. Providing the unique name of an existing role definition will update that role definition. - :type role_definition_name: str or uuid.UUID + :paramtype role_definition_name: str or uuid.UUID :keyword str role_name: the role's display name. If unspecified when creating or updating a role definition, the role name will be set to an empty string. :keyword str description: a description of the role definition. If unspecified when creating or updating a role @@ -156,7 +158,7 @@ def set_role_definition(self, role_scope, role_definition_name=None, **kwargs): definition = self._client.role_definitions.create_or_update( vault_base_url=self._vault_url, scope=role_scope, - role_definition_name=str(role_definition_name or uuid4()), + role_definition_name=str(kwargs.pop("role_definition_name", None) or uuid4()), parameters=parameters, **kwargs ) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index 1a3b91e6ec4e..35bd709e76b9 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -118,20 +118,19 @@ def list_role_assignments( @distributed_trace_async async def set_role_definition( - self, - role_scope: "Union[str, KeyVaultRoleScope]", - role_definition_name: "Optional[Union[str, UUID]]" = None, - **kwargs: "Any" + self, role_scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" ) -> "KeyVaultRoleDefinition": """Creates or updates a custom role definition. + To update a role definition, provide the ``role_definition_name`` of the existing definition. + :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. :type role_scope: str or KeyVaultRoleScope - :param role_definition_name: the unique role definition name. Unless a UUID is provided, a new role definition + :keyword role_definition_name: the unique role definition name. Unless a UUID is provided, a new role definition will be created with a generated unique name. Providing the unique name of an existing role definition will update that role definition. - :type role_definition_name: str or uuid.UUID + :paramtype role_definition_name: str or uuid.UUID :keyword str role_name: the role's display name. If unspecified when creating or updating a role definition, the role name will be set to an empty string. :keyword str description: a description of the role definition. If unspecified when creating or updating a role @@ -165,7 +164,7 @@ async def set_role_definition( definition = await self._client.role_definitions.create_or_update( vault_base_url=self._vault_url, scope=role_scope, - role_definition_name=str(role_definition_name or uuid4()), + role_definition_name=str(kwargs.pop("role_definition_name", None) or uuid4()), parameters=parameters, **kwargs ) From 7442201a9d08a828785e494d648f6c63d1a322c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Fri, 4 Jun 2021 12:43:33 -0700 Subject: [PATCH 02/24] Return None on delete --- .../administration/_access_control_client.py | 18 ++++++++---------- .../aio/_access_control_client.py | 14 ++++++-------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 229dea330aa9..9caa9926b589 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -61,7 +61,7 @@ def create_role_assignment(self, role_scope, role_definition_id, principal_id, * @distributed_trace def delete_role_assignment(self, role_scope, role_assignment_name, **kwargs): - # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> KeyVaultRoleAssignment + # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> None """Delete a role assignment. :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" @@ -69,13 +69,12 @@ def delete_role_assignment(self, role_scope, role_assignment_name, **kwargs): :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. :type role_assignment_name: str or uuid.UUID - :returns: the deleted assignment - :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment + :returns: None """ - assignment = self._client.role_assignments.delete( + self._client.role_assignments.delete( vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs ) - return KeyVaultRoleAssignment._from_generated(assignment) + return @distributed_trace def get_role_assignment(self, role_scope, role_assignment_name, **kwargs): @@ -183,7 +182,7 @@ def get_role_definition(self, role_scope, role_definition_name, **kwargs): @distributed_trace def delete_role_definition(self, role_scope, role_definition_name, **kwargs): - # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> KeyVaultRoleDefinition + # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> None """Deletes a custom role definition. :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. @@ -191,13 +190,12 @@ def delete_role_definition(self, role_scope, role_definition_name, **kwargs): :type role_scope: str or KeyVaultRoleScope :param role_definition_name: the role definition's name. :type role_definition_name: str or uuid.UUID - :returns: the deleted role definition - :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition + :returns: None """ - definition = self._client.role_definitions.delete( + self._client.role_definitions.delete( vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs ) - return KeyVaultRoleDefinition._from_generated(definition) + return @distributed_trace def list_role_definitions(self, role_scope, **kwargs): diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index 35bd709e76b9..f084460fb8c6 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -64,7 +64,7 @@ async def create_role_assignment( @distributed_trace_async async def delete_role_assignment( self, role_scope: "Union[str, KeyVaultRoleScope]", role_assignment_name: "Union[str, UUID]", **kwargs: "Any" - ) -> KeyVaultRoleAssignment: + ) -> None: """Delete a role assignment. :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/". @@ -72,13 +72,12 @@ async def delete_role_assignment( :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. :type role_assignment_name: str or uuid.UUID - :returns: the deleted assignment - :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment + :returns: None """ - assignment = await self._client.role_assignments.delete( + await self._client.role_assignments.delete( vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs ) - return KeyVaultRoleAssignment._from_generated(assignment) + return @distributed_trace_async async def get_role_assignment( @@ -191,7 +190,7 @@ async def get_role_definition( @distributed_trace_async async def delete_role_definition( self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_name: "Union[str, UUID]", **kwargs: "Any" - ) -> "KeyVaultRoleDefinition": + ) -> None: """Deletes a custom role definition. :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. @@ -199,8 +198,7 @@ async def delete_role_definition( :type role_scope: str or KeyVaultRoleScope :param role_definition_name: the role definition's name. :type role_definition_name: str or uuid.UUID - :returns: the deleted role definition - :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition + :returns: None """ definition = await self._client.role_definitions.delete( vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs From ec3bc3fe1b0b098767444a7b5278c3e5bca0978a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Fri, 4 Jun 2021 15:56:12 -0700 Subject: [PATCH 03/24] Remove role_ param prefixes --- .../administration/_access_control_client.py | 104 +++++++++--------- .../aio/_access_control_client.py | 104 +++++++++--------- .../tests/test_access_control.py | 21 ++-- .../tests/test_access_control_async.py | 23 ++-- 4 files changed, 121 insertions(+), 131 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 9caa9926b589..4d91998ee144 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -29,101 +29,101 @@ class KeyVaultAccessControlClient(KeyVaultClientBase): # pylint:disable=protected-access @distributed_trace - def create_role_assignment(self, role_scope, role_definition_id, principal_id, **kwargs): + def create_role_assignment(self, scope, definition_id, principal_id, **kwargs): # type: (Union[str, KeyVaultRoleScope], str, str, **Any) -> KeyVaultRoleAssignment """Create a role assignment. - :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common + :param scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type role_scope: str or KeyVaultRoleScope - :param str role_definition_id: ID of the role's definition + :type scope: str or KeyVaultRoleScope + :param str definition_id: ID of the role's definition :param str principal_id: Azure Active Directory object ID of the principal which will be assigned the role. The principal can be a user, service principal, or security group. - :keyword role_assignment_name: a name for the role assignment. Must be a UUID. - :paramtype role_assignment_name: str or uuid.UUID + :keyword assignment_name: a name for the role assignment. Must be a UUID. + :paramtype assignment_name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment """ - role_assignment_name = kwargs.pop("role_assignment_name", None) or uuid4() + assignment_name = kwargs.pop("assignment_name", None) or uuid4() create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters( properties=self._client.role_assignments.models.RoleAssignmentProperties( - principal_id=principal_id, role_definition_id=str(role_definition_id) + principal_id=principal_id, role_definition_id=str(definition_id) ) ) assignment = self._client.role_assignments.create( vault_base_url=self._vault_url, - scope=role_scope, - role_assignment_name=str(role_assignment_name), + scope=scope, + role_assignment_name=str(assignment_name), parameters=create_parameters, **kwargs ) return KeyVaultRoleAssignment._from_generated(assignment) @distributed_trace - def delete_role_assignment(self, role_scope, role_assignment_name, **kwargs): + def delete_role_assignment(self, scope, assignment_name, **kwargs): # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> None """Delete a role assignment. - :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" + :param scope: the assignment's scope, for example "/", "/keys", or "/keys/" :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type role_scope: str or KeyVaultRoleScope - :param role_assignment_name: the assignment's name. - :type role_assignment_name: str or uuid.UUID + :type scope: str or KeyVaultRoleScope + :param assignment_name: the assignment's name. + :type assignment_name: str or uuid.UUID :returns: None """ self._client.role_assignments.delete( - vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs ) return @distributed_trace - def get_role_assignment(self, role_scope, role_assignment_name, **kwargs): + def get_role_assignment(self, scope, assignment_name, **kwargs): # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> KeyVaultRoleAssignment """Get a role assignment. - :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" + :param scope: the assignment's scope, for example "/", "/keys", or "/keys/" :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type role_scope: str or KeyVaultRoleScope - :param role_assignment_name: the assignment's name. - :type role_assignment_name: str or uuid.UUID + :type scope: str or KeyVaultRoleScope + :param assignment_name: the assignment's name. + :type assignment_name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment """ assignment = self._client.role_assignments.get( - vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs ) return KeyVaultRoleAssignment._from_generated(assignment) @distributed_trace - def list_role_assignments(self, role_scope, **kwargs): + def list_role_assignments(self, scope, **kwargs): # type: (Union[str, KeyVaultRoleScope], **Any) -> ItemPaged[KeyVaultRoleAssignment] """List all role assignments for a scope. - :param role_scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad scopes. + :param scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type role_scope: str or KeyVaultRoleScope + :type scope: str or KeyVaultRoleScope :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.KeyVaultRoleAssignment] """ return self._client.role_assignments.list_for_scope( - self._vault_url, - role_scope, + vault_base_url=self._vault_url, + scope=scope, cls=lambda result: [KeyVaultRoleAssignment._from_generated(a) for a in result], **kwargs ) @distributed_trace - def set_role_definition(self, role_scope, **kwargs): + def set_role_definition(self, scope, **kwargs): # type: (Union[str, KeyVaultRoleScope], **Any) -> KeyVaultRoleDefinition """Creates or updates a custom role definition. - To update a role definition, provide the ``role_definition_name`` of the existing definition. + To update a role definition, provide the ``definition_name`` of the existing definition. - :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type role_scope: str or KeyVaultRoleScope - :keyword role_definition_name: the unique role definition name. Unless a UUID is provided, a new role definition + :type scope: str or KeyVaultRoleScope + :keyword definition_name: the unique role definition name. Unless a UUID is provided, a new role definition will be created with a generated unique name. Providing the unique name of an existing role definition will update that role definition. - :paramtype role_definition_name: str or uuid.UUID + :paramtype definition_name: str or uuid.UUID :keyword str role_name: the role's display name. If unspecified when creating or updating a role definition, the role name will be set to an empty string. :keyword str description: a description of the role definition. If unspecified when creating or updating a role @@ -156,60 +156,60 @@ def set_role_definition(self, role_scope, **kwargs): definition = self._client.role_definitions.create_or_update( vault_base_url=self._vault_url, - scope=role_scope, - role_definition_name=str(kwargs.pop("role_definition_name", None) or uuid4()), + scope=scope, + role_definition_name=str(kwargs.pop("definition_name", None) or uuid4()), parameters=parameters, **kwargs ) return KeyVaultRoleDefinition._from_generated(definition) @distributed_trace - def get_role_definition(self, role_scope, role_definition_name, **kwargs): + def get_role_definition(self, scope, definition_name, **kwargs): # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> KeyVaultRoleDefinition """Get the specified role definition. - :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type role_scope: str or KeyVaultRoleScope - :param role_definition_name: the role definition's name. - :type role_definition_name: str or uuid.UUID + :type scope: str or KeyVaultRoleScope + :param definition_name: the role definition's name. + :type definition_name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition """ definition = self._client.role_definitions.get( - vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs ) return KeyVaultRoleDefinition._from_generated(definition) @distributed_trace - def delete_role_definition(self, role_scope, role_definition_name, **kwargs): + def delete_role_definition(self, scope, definition_name, **kwargs): # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> None """Deletes a custom role definition. - :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type role_scope: str or KeyVaultRoleScope - :param role_definition_name: the role definition's name. - :type role_definition_name: str or uuid.UUID + :type scope: str or KeyVaultRoleScope + :param definition_name: the role definition's name. + :type definition_name: str or uuid.UUID :returns: None """ self._client.role_definitions.delete( - vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs ) return @distributed_trace - def list_role_definitions(self, role_scope, **kwargs): + def list_role_definitions(self, scope, **kwargs): # type: (Union[str, KeyVaultRoleScope], **Any) -> ItemPaged[KeyVaultRoleDefinition] """List all role definitions applicable at and above a scope. - :param role_scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad scopes. + :param scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type role_scope: str or KeyVaultRoleScope + :type scope: str or KeyVaultRoleScope :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.KeyVaultRoleDefinition] """ return self._client.role_definitions.list( - self._vault_url, - role_scope, + vault_base_url=self._vault_url, + scope=scope, cls=lambda result: [KeyVaultRoleDefinition._from_generated(d) for d in result], **kwargs ) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index f084460fb8c6..b3de9141de7d 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -31,31 +31,31 @@ class KeyVaultAccessControlClient(AsyncKeyVaultClientBase): @distributed_trace_async async def create_role_assignment( - self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_id: str, principal_id: str, **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", definition_id: str, principal_id: str, **kwargs: "Any" ) -> KeyVaultRoleAssignment: """Create a role assignment. - :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common broad + :param scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type role_scope: str or KeyVaultRoleScope - :param str role_definition_id: ID of the role's definition + :type scope: str or KeyVaultRoleScope + :param str definition_id: ID of the role's definition :param str principal_id: Azure Active Directory object ID of the principal which will be assigned the role. The principal can be a user, service principal, or security group. - :keyword role_assignment_name: a name for the role assignment. Must be a UUID. - :paramtype role_assignment_name: str or uuid.UUID + :keyword assignment_name: a name for the role assignment. Must be a UUID. + :paramtype assignment_name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment """ - role_assignment_name = kwargs.pop("role_assignment_name", None) or uuid4() + assignment_name = kwargs.pop("assignment_name", None) or uuid4() create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters( properties=self._client.role_assignments.models.RoleAssignmentProperties( - principal_id=principal_id, role_definition_id=str(role_definition_id) + principal_id=principal_id, role_definition_id=str(definition_id) ) ) assignment = await self._client.role_assignments.create( vault_base_url=self._vault_url, - scope=role_scope, - role_assignment_name=str(role_assignment_name), + scope=scope, + role_assignment_name=str(assignment_name), parameters=create_parameters, **kwargs ) @@ -63,73 +63,73 @@ async def create_role_assignment( @distributed_trace_async async def delete_role_assignment( - self, role_scope: "Union[str, KeyVaultRoleScope]", role_assignment_name: "Union[str, UUID]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", assignment_name: "Union[str, UUID]", **kwargs: "Any" ) -> None: """Delete a role assignment. - :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/". + :param scope: the assignment's scope, for example "/", "/keys", or "/keys/". :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type role_scope: str or KeyVaultRoleScope - :param role_assignment_name: the assignment's name. - :type role_assignment_name: str or uuid.UUID + :type scope: str or KeyVaultRoleScope + :param assignment_name: the assignment's name. + :type assignment_name: str or uuid.UUID :returns: None """ await self._client.role_assignments.delete( - vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs ) return @distributed_trace_async async def get_role_assignment( - self, role_scope: "Union[str, KeyVaultRoleScope]", role_assignment_name: "Union[str, UUID]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", assignment_name: "Union[str, UUID]", **kwargs: "Any" ) -> KeyVaultRoleAssignment: """Get a role assignment. - :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/". + :param scope: the assignment's scope, for example "/", "/keys", or "/keys/". :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type role_scope: str or KeyVaultRoleScope - :param role_assignment_name: the assignment's name. - :type role_assignment_name: str or uuid.UUID + :type scope: str or KeyVaultRoleScope + :param assignment_name: the assignment's name. + :type assignment_name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment """ assignment = await self._client.role_assignments.get( - vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs ) return KeyVaultRoleAssignment._from_generated(assignment) @distributed_trace def list_role_assignments( - self, role_scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" ) -> "AsyncItemPaged[KeyVaultRoleAssignment]": """List all role assignments for a scope. - :param role_scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad + :param scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type role_scope: str or KeyVaultRoleScope + :type scope: str or KeyVaultRoleScope :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration.KeyVaultRoleAssignment] """ return self._client.role_assignments.list_for_scope( - self._vault_url, - role_scope, + vault_base_url=self._vault_url, + scope=scope, cls=lambda result: [KeyVaultRoleAssignment._from_generated(a) for a in result], **kwargs ) @distributed_trace_async async def set_role_definition( - self, role_scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" ) -> "KeyVaultRoleDefinition": """Creates or updates a custom role definition. - To update a role definition, provide the ``role_definition_name`` of the existing definition. + To update a role definition, provide the ``definition_name`` of the existing definition. - :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type role_scope: str or KeyVaultRoleScope - :keyword role_definition_name: the unique role definition name. Unless a UUID is provided, a new role definition + :type scope: str or KeyVaultRoleScope + :keyword definition_name: the unique role definition name. Unless a UUID is provided, a new role definition will be created with a generated unique name. Providing the unique name of an existing role definition will update that role definition. - :paramtype role_definition_name: str or uuid.UUID + :paramtype definition_name: str or uuid.UUID :keyword str role_name: the role's display name. If unspecified when creating or updating a role definition, the role name will be set to an empty string. :keyword str description: a description of the role definition. If unspecified when creating or updating a role @@ -162,8 +162,8 @@ async def set_role_definition( definition = await self._client.role_definitions.create_or_update( vault_base_url=self._vault_url, - scope=role_scope, - role_definition_name=str(kwargs.pop("role_definition_name", None) or uuid4()), + scope=scope, + role_definition_name=str(kwargs.pop("definition_name", None) or uuid4()), parameters=parameters, **kwargs ) @@ -171,54 +171,54 @@ async def set_role_definition( @distributed_trace_async async def get_role_definition( - self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_name: "Union[str, UUID]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", definition_name: "Union[str, UUID]", **kwargs: "Any" ) -> "KeyVaultRoleDefinition": """Get the specified role definition. - :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type role_scope: str or KeyVaultRoleScope - :param role_definition_name: the role definition's name. - :type role_definition_name: str or uuid.UUID + :type scope: str or KeyVaultRoleScope + :param definition_name: the role definition's name. + :type definition_name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition """ definition = await self._client.role_definitions.get( - vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs ) return KeyVaultRoleDefinition._from_generated(definition) @distributed_trace_async async def delete_role_definition( - self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_name: "Union[str, UUID]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", definition_name: "Union[str, UUID]", **kwargs: "Any" ) -> None: """Deletes a custom role definition. - :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type role_scope: str or KeyVaultRoleScope - :param role_definition_name: the role definition's name. - :type role_definition_name: str or uuid.UUID + :type scope: str or KeyVaultRoleScope + :param definition_name: the role definition's name. + :type definition_name: str or uuid.UUID :returns: None """ definition = await self._client.role_definitions.delete( - vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs ) return KeyVaultRoleDefinition._from_generated(definition) @distributed_trace def list_role_definitions( - self, role_scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" ) -> "AsyncItemPaged[KeyVaultRoleDefinition]": """List all role definitions applicable at and above a scope. - :param role_scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad + :param scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type role_scope: str or KeyVaultRoleScope + :type scope: str or KeyVaultRoleScope :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration.KeyVaultRoleDefinition] """ return self._client.role_definitions.list( - self._vault_url, - role_scope, + vault_base_url=self._vault_url, + scope=scope, cls=lambda result: [KeyVaultRoleDefinition._from_generated(d) for d in result], **kwargs ) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index 0638f061a870..852c254a56d9 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -68,8 +68,8 @@ def test_role_definitions(self): definition_name = self.get_replayable_uuid("definition-name") permissions = [KeyVaultPermission(data_actions=[KeyVaultDataAction.READ_HSM_KEY])] created_definition = client.set_role_definition( - role_scope=scope, - role_definition_name=definition_name, + scope=scope, + definition_name=definition_name, role_name=role_name, description="test", permissions=permissions @@ -87,7 +87,7 @@ def test_role_definitions(self): KeyVaultPermission(data_actions=[], not_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) ] updated_definition = client.set_role_definition( - role_scope=scope, role_definition_name=definition_name, permissions=permissions + scope=scope, definition_name=definition_name, permissions=permissions ) assert updated_definition.role_name == "" assert updated_definition.description == "" @@ -101,14 +101,13 @@ def test_role_definitions(self): assert len(matching_definitions) == 1 # get custom role definition - definition = client.get_role_definition(role_scope=scope, role_definition_name=definition_name) + definition = client.get_role_definition(scope=scope, definition_name=definition_name) assert_role_definitions_equal(definition, updated_definition) # delete custom role definition - deleted_definition = client.delete_role_definition(scope, definition_name) - assert_role_definitions_equal(deleted_definition, definition) + client.delete_role_definition(scope, definition_name) - assert not any(d.id == deleted_definition.id for d in client.list_role_definitions(scope)) + assert not any(d.id == definition.id for d in client.list_role_definitions(scope)) def test_role_assignment(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) @@ -121,7 +120,7 @@ def test_role_assignment(self): principal_id = self.get_service_principal_id() name = self.get_replayable_uuid("some-uuid") - created = client.create_role_assignment(scope, definition.id, principal_id, role_assignment_name=name) + created = client.create_role_assignment(scope, definition.id, principal_id, assignment_name=name) assert created.name == name assert created.properties.principal_id == principal_id assert created.properties.role_definition_id == definition.id @@ -141,11 +140,7 @@ def test_role_assignment(self): assert len(matching_assignments) == 1 # delete the assignment - deleted = client.delete_role_assignment(scope, created.name) - assert deleted.name == created.name - assert deleted.role_assignment_id == created.role_assignment_id - assert deleted.properties.scope == scope - assert deleted.properties.role_definition_id == created.properties.role_definition_id + client.delete_role_assignment(scope, created.name) assert not any(a.role_assignment_id == created.role_assignment_id for a in client.list_role_assignments(scope)) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py index f0ad123bfd7d..ccf3c85335eb 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py @@ -78,8 +78,8 @@ async def test_role_definitions(self): definition_name = self.get_replayable_uuid("definition-name") permissions = [KeyVaultPermission(data_actions=[KeyVaultDataAction.READ_HSM_KEY])] created_definition = await client.set_role_definition( - role_scope=scope, - role_definition_name=definition_name, + scope=scope, + definition_name=definition_name, role_name=role_name, description="test", permissions=permissions @@ -97,7 +97,7 @@ async def test_role_definitions(self): KeyVaultPermission(data_actions=[], not_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) ] updated_definition = await client.set_role_definition( - role_scope=scope, role_definition_name=definition_name, permissions=permissions + scope=scope, definition_name=definition_name, permissions=permissions ) assert updated_definition.role_name == "" assert updated_definition.description == "" @@ -114,15 +114,14 @@ async def test_role_definitions(self): assert len(matching_definitions) == 1 # get custom role definition - definition = await client.get_role_definition(role_scope=scope, role_definition_name=definition_name) + definition = await client.get_role_definition(scope=scope, definition_name=definition_name) assert_role_definitions_equal(definition, updated_definition) # delete custom role definition - deleted_definition = await client.delete_role_definition(scope, definition_name) - assert_role_definitions_equal(deleted_definition, definition) + await client.delete_role_definition(scope, definition_name) - async for definition in client.list_role_definitions(scope): - assert (definition.id != deleted_definition.id), "the role definition should have been deleted" + async for d in client.list_role_definitions(scope): + assert (d.id != definition.id), "the role definition should have been deleted" @AzureTestCase.await_prepared_test async def test_role_assignment(self): @@ -138,7 +137,7 @@ async def test_role_assignment(self): principal_id = self.get_service_principal_id() name = self.get_replayable_uuid("some-uuid") - created = await client.create_role_assignment(scope, definition.id, principal_id, role_assignment_name=name) + created = await client.create_role_assignment(scope, definition.id, principal_id, assignment_name=name) assert created.name == name assert created.properties.principal_id == principal_id assert created.properties.role_definition_id == definition.id @@ -159,11 +158,7 @@ async def test_role_assignment(self): assert len(matching_assignments) == 1 # delete the assignment - deleted = await client.delete_role_assignment(scope, created.name) - assert deleted.name == created.name - assert deleted.role_assignment_id == created.role_assignment_id - assert deleted.properties.scope == scope - assert deleted.properties.role_definition_id == created.properties.role_definition_id + await client.delete_role_assignment(scope, created.name) async for assignment in client.list_role_assignments(scope): assert ( From af9331e92a6d48ccb4e821e5ed170c5011064bf6 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 7 Jun 2021 11:30:35 -0700 Subject: [PATCH 04/24] delete methods don't raise on 404 --- .../administration/_access_control_client.py | 21 ++++++++++++------- .../aio/_access_control_client.py | 21 ++++++++++++------- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 4d91998ee144..569a47e7d2b6 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -5,6 +5,7 @@ from typing import TYPE_CHECKING from uuid import uuid4 +from azure.core.exceptions import ResourceNotFoundError from azure.core.tracing.decorator import distributed_trace from ._models import KeyVaultRoleAssignment, KeyVaultRoleDefinition @@ -71,10 +72,12 @@ def delete_role_assignment(self, scope, assignment_name, **kwargs): :type assignment_name: str or uuid.UUID :returns: None """ - self._client.role_assignments.delete( - vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs - ) - return + try: + self._client.role_assignments.delete( + vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs + ) + except ResourceNotFoundError: + pass @distributed_trace def get_role_assignment(self, scope, assignment_name, **kwargs): @@ -192,10 +195,12 @@ def delete_role_definition(self, scope, definition_name, **kwargs): :type definition_name: str or uuid.UUID :returns: None """ - self._client.role_definitions.delete( - vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs - ) - return + try: + self._client.role_definitions.delete( + vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs + ) + except ResourceNotFoundError: + pass @distributed_trace def list_role_definitions(self, scope, **kwargs): diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index b3de9141de7d..22ebd8ee1368 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -5,6 +5,7 @@ from typing import TYPE_CHECKING from uuid import uuid4 +from azure.core.exceptions import ResourceNotFoundError from azure.core.tracing.decorator import distributed_trace from azure.core.tracing.decorator_async import distributed_trace_async @@ -74,10 +75,12 @@ async def delete_role_assignment( :type assignment_name: str or uuid.UUID :returns: None """ - await self._client.role_assignments.delete( - vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs - ) - return + try: + await self._client.role_assignments.delete( + vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs + ) + except ResourceNotFoundError: + pass @distributed_trace_async async def get_role_assignment( @@ -200,10 +203,12 @@ async def delete_role_definition( :type definition_name: str or uuid.UUID :returns: None """ - definition = await self._client.role_definitions.delete( - vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs - ) - return KeyVaultRoleDefinition._from_generated(definition) + try: + await self._client.role_definitions.delete( + vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs + ) + except ResourceNotFoundError: + pass @distributed_trace def list_role_definitions( From eb0383c369ece3b99ad408d04593abbabfa6ec5e Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 7 Jun 2021 12:36:54 -0700 Subject: [PATCH 05/24] remove prefix from unambiguous name parameters --- .../administration/_access_control_client.py | 40 +++++++++---------- .../aio/_access_control_client.py | 40 +++++++++---------- .../tests/test_access_control.py | 4 +- .../tests/test_access_control_async.py | 4 +- 4 files changed, 44 insertions(+), 44 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 569a47e7d2b6..1ec107bf92c4 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -40,11 +40,11 @@ def create_role_assignment(self, scope, definition_id, principal_id, **kwargs): :param str definition_id: ID of the role's definition :param str principal_id: Azure Active Directory object ID of the principal which will be assigned the role. The principal can be a user, service principal, or security group. - :keyword assignment_name: a name for the role assignment. Must be a UUID. - :paramtype assignment_name: str or uuid.UUID + :keyword name: a name for the role assignment. Must be a UUID. + :paramtype name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment """ - assignment_name = kwargs.pop("assignment_name", None) or uuid4() + name = kwargs.pop("name", None) or uuid4() create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters( properties=self._client.role_assignments.models.RoleAssignmentProperties( @@ -54,45 +54,45 @@ def create_role_assignment(self, scope, definition_id, principal_id, **kwargs): assignment = self._client.role_assignments.create( vault_base_url=self._vault_url, scope=scope, - role_assignment_name=str(assignment_name), + role_assignment_name=str(name), parameters=create_parameters, **kwargs ) return KeyVaultRoleAssignment._from_generated(assignment) @distributed_trace - def delete_role_assignment(self, scope, assignment_name, **kwargs): + def delete_role_assignment(self, scope, name, **kwargs): # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> None """Delete a role assignment. :param scope: the assignment's scope, for example "/", "/keys", or "/keys/" :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. :type scope: str or KeyVaultRoleScope - :param assignment_name: the assignment's name. - :type assignment_name: str or uuid.UUID + :param name: the role assignment's name. + :type name: str or uuid.UUID :returns: None """ try: self._client.role_assignments.delete( - vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(name), **kwargs ) except ResourceNotFoundError: pass @distributed_trace - def get_role_assignment(self, scope, assignment_name, **kwargs): + def get_role_assignment(self, scope, name, **kwargs): # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> KeyVaultRoleAssignment """Get a role assignment. :param scope: the assignment's scope, for example "/", "/keys", or "/keys/" :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. :type scope: str or KeyVaultRoleScope - :param assignment_name: the assignment's name. - :type assignment_name: str or uuid.UUID + :param name: the role assignment's name. + :type name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment """ assignment = self._client.role_assignments.get( - vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(name), **kwargs ) return KeyVaultRoleAssignment._from_generated(assignment) @@ -167,37 +167,37 @@ def set_role_definition(self, scope, **kwargs): return KeyVaultRoleDefinition._from_generated(definition) @distributed_trace - def get_role_definition(self, scope, definition_name, **kwargs): + def get_role_definition(self, scope, name, **kwargs): # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> KeyVaultRoleDefinition """Get the specified role definition. :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. :type scope: str or KeyVaultRoleScope - :param definition_name: the role definition's name. - :type definition_name: str or uuid.UUID + :param name: the role definition's name. + :type name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition """ definition = self._client.role_definitions.get( - vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_definition_name=str(name), **kwargs ) return KeyVaultRoleDefinition._from_generated(definition) @distributed_trace - def delete_role_definition(self, scope, definition_name, **kwargs): + def delete_role_definition(self, scope, name, **kwargs): # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> None """Deletes a custom role definition. :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. :type scope: str or KeyVaultRoleScope - :param definition_name: the role definition's name. - :type definition_name: str or uuid.UUID + :param name: the role definition's name. + :type name: str or uuid.UUID :returns: None """ try: self._client.role_definitions.delete( - vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_definition_name=str(name), **kwargs ) except ResourceNotFoundError: pass diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index 22ebd8ee1368..fdb4fa9e2545 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -42,11 +42,11 @@ async def create_role_assignment( :param str definition_id: ID of the role's definition :param str principal_id: Azure Active Directory object ID of the principal which will be assigned the role. The principal can be a user, service principal, or security group. - :keyword assignment_name: a name for the role assignment. Must be a UUID. - :paramtype assignment_name: str or uuid.UUID + :keyword name: a name for the role assignment. Must be a UUID. + :paramtype name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment """ - assignment_name = kwargs.pop("assignment_name", None) or uuid4() + name = kwargs.pop("name", None) or uuid4() create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters( properties=self._client.role_assignments.models.RoleAssignmentProperties( @@ -56,7 +56,7 @@ async def create_role_assignment( assignment = await self._client.role_assignments.create( vault_base_url=self._vault_url, scope=scope, - role_assignment_name=str(assignment_name), + role_assignment_name=str(name), parameters=create_parameters, **kwargs ) @@ -64,39 +64,39 @@ async def create_role_assignment( @distributed_trace_async async def delete_role_assignment( - self, scope: "Union[str, KeyVaultRoleScope]", assignment_name: "Union[str, UUID]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", name: "Union[str, UUID]", **kwargs: "Any" ) -> None: """Delete a role assignment. :param scope: the assignment's scope, for example "/", "/keys", or "/keys/". :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. :type scope: str or KeyVaultRoleScope - :param assignment_name: the assignment's name. - :type assignment_name: str or uuid.UUID + :param name: the role assignment's name. + :type name: str or uuid.UUID :returns: None """ try: await self._client.role_assignments.delete( - vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(name), **kwargs ) except ResourceNotFoundError: pass @distributed_trace_async async def get_role_assignment( - self, scope: "Union[str, KeyVaultRoleScope]", assignment_name: "Union[str, UUID]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", name: "Union[str, UUID]", **kwargs: "Any" ) -> KeyVaultRoleAssignment: """Get a role assignment. :param scope: the assignment's scope, for example "/", "/keys", or "/keys/". :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. :type scope: str or KeyVaultRoleScope - :param assignment_name: the assignment's name. - :type assignment_name: str or uuid.UUID + :param name: the role assignment's name. + :type name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment """ assignment = await self._client.role_assignments.get( - vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(assignment_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_assignment_name=str(name), **kwargs ) return KeyVaultRoleAssignment._from_generated(assignment) @@ -174,38 +174,38 @@ async def set_role_definition( @distributed_trace_async async def get_role_definition( - self, scope: "Union[str, KeyVaultRoleScope]", definition_name: "Union[str, UUID]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", name: "Union[str, UUID]", **kwargs: "Any" ) -> "KeyVaultRoleDefinition": """Get the specified role definition. :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. :type scope: str or KeyVaultRoleScope - :param definition_name: the role definition's name. - :type definition_name: str or uuid.UUID + :param name: the role definition's name. + :type name: str or uuid.UUID :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition """ definition = await self._client.role_definitions.get( - vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_definition_name=str(name), **kwargs ) return KeyVaultRoleDefinition._from_generated(definition) @distributed_trace_async async def delete_role_definition( - self, scope: "Union[str, KeyVaultRoleScope]", definition_name: "Union[str, UUID]", **kwargs: "Any" + self, scope: "Union[str, KeyVaultRoleScope]", name: "Union[str, UUID]", **kwargs: "Any" ) -> None: """Deletes a custom role definition. :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. :type scope: str or KeyVaultRoleScope - :param definition_name: the role definition's name. - :type definition_name: str or uuid.UUID + :param name: the role definition's name. + :type name: str or uuid.UUID :returns: None """ try: await self._client.role_definitions.delete( - vault_base_url=self._vault_url, scope=scope, role_definition_name=str(definition_name), **kwargs + vault_base_url=self._vault_url, scope=scope, role_definition_name=str(name), **kwargs ) except ResourceNotFoundError: pass diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index 852c254a56d9..c82686edecf1 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -101,7 +101,7 @@ def test_role_definitions(self): assert len(matching_definitions) == 1 # get custom role definition - definition = client.get_role_definition(scope=scope, definition_name=definition_name) + definition = client.get_role_definition(scope=scope, name=definition_name) assert_role_definitions_equal(definition, updated_definition) # delete custom role definition @@ -120,7 +120,7 @@ def test_role_assignment(self): principal_id = self.get_service_principal_id() name = self.get_replayable_uuid("some-uuid") - created = client.create_role_assignment(scope, definition.id, principal_id, assignment_name=name) + created = client.create_role_assignment(scope, definition.id, principal_id, name=name) assert created.name == name assert created.properties.principal_id == principal_id assert created.properties.role_definition_id == definition.id diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py index ccf3c85335eb..ffd8efac6449 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py @@ -114,7 +114,7 @@ async def test_role_definitions(self): assert len(matching_definitions) == 1 # get custom role definition - definition = await client.get_role_definition(scope=scope, definition_name=definition_name) + definition = await client.get_role_definition(scope=scope, name=definition_name) assert_role_definitions_equal(definition, updated_definition) # delete custom role definition @@ -137,7 +137,7 @@ async def test_role_assignment(self): principal_id = self.get_service_principal_id() name = self.get_replayable_uuid("some-uuid") - created = await client.create_role_assignment(scope, definition.id, principal_id, assignment_name=name) + created = await client.create_role_assignment(scope, definition.id, principal_id, name=name) assert created.name == name assert created.properties.principal_id == principal_id assert created.properties.role_definition_id == definition.id From e6650a648ca5352588665c40b9ff261d3dd172f2 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 7 Jun 2021 16:48:23 -0700 Subject: [PATCH 06/24] merge begin_selective_key_restore into begin_restore --- .../keyvault/administration/_backup_client.py | 68 ++++++++----------- .../administration/aio/_backup_client.py | 67 ++++++++---------- 2 files changed, 57 insertions(+), 78 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py index 7bf6ca03fa58..df3c2bceeecb 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py @@ -2,6 +2,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ +import functools from typing import TYPE_CHECKING from azure.core.polling.base_polling import LROBasePolling @@ -33,8 +34,8 @@ def begin_backup(self, blob_storage_url, sas_token, **kwargs): https://.blob.core.windows.net/backup :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource :keyword str continuation_token: a continuation token to restart polling from a saved state - :returns: An instance of an LROPoller. Call `result()` on the poller object to get a - :class:`KeyVaultBackupOperation`. + :returns: An :class:`~azure.core.polling.LROPoller` instance. Call `result()` on this object to wait for the + operation to complete and get a :class:`KeyVaultBackupOperation`. :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.KeyVaultBackupOperation] """ polling_interval = kwargs.pop("_polling_interval", 5) @@ -50,54 +51,45 @@ def begin_backup(self, blob_storage_url, sas_token, **kwargs): def begin_restore(self, folder_url, sas_token, **kwargs): # type: (str, str, **Any) -> LROPoller[KeyVaultRestoreOperation] - """Restore a full backup of a Key Vault. + """Restore a Key Vault backup. + + This method restores either a complete Key Vault backup or when ``key_name`` has a value, a single key. :param str folder_url: URL of the blob holding the backup. This would be the `folder_url` of a :class:`KeyVaultBackupOperation` returned by :func:`begin_backup` or :func:`get_backup_status`, for example https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.KeyVaultRestoreOperation] + :keyword str continuation_token: a continuation token to restart polling from a saved state + :keyword str key_name: name of a single key in the backup. When set, only this key will be restored. + :rtype: ~azure.core.polling.LROPoller """ - polling_interval = kwargs.pop("_polling_interval", 5) - container_url, folder_name = parse_folder_url(folder_url) - sas_parameter = self._models.SASTokenParameter(storage_resource_uri=container_url, token=sas_token) - restore_details = self._models.RestoreOperationParameters( - sas_token_parameters=sas_parameter, folder_to_restore=folder_name - ) - return self._client.begin_full_restore_operation( - vault_base_url=self._vault_url, - restore_blob_details=restore_details, - cls=KeyVaultRestoreOperation._wrap_generated, - continuation_token=kwargs.pop("continuation_token", None), - polling=LROBasePolling(lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs), - **kwargs - ) - - def begin_selective_key_restore(self, key_name, folder_url, sas_token, **kwargs): - # type: (str, str, str, **Any) -> LROPoller[KeyVaultSelectiveKeyRestoreOperation] - """Restore a single key from a full Key Vault backup. + # LROBasePolling passes its kwargs to pipeline.run(), so we remove unexpected args before constructing it + continuation_token = kwargs.pop("continuation_token", None) + key_name = kwargs.pop("key_name", None) - :param str key_name: name of the key to restore from the backup - :param str folder_url: URL for the blob storage resource, including the path to the blob holding the - backup. This would be the `folder_url` of a :class:`KeyVaultBackupOperation` returned by - :func:`begin_backup` or :func:`get_backup_status`, for example - https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 - :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.KeyVaultSelectiveKeyRestoreOperation] - """ - polling_interval = kwargs.pop("_polling_interval", 5) container_url, folder_name = parse_folder_url(folder_url) sas_parameter = self._models.SASTokenParameter(storage_resource_uri=container_url, token=sas_token) - restore_details = self._models.SelectiveKeyRestoreOperationParameters( - sas_token_parameters=sas_parameter, folder=folder_name + polling = LROBasePolling( + lro_algorithms=[KeyVaultBackupClientPolling()], timeout=kwargs.pop("_polling_interval", 5), **kwargs ) - return self._client.begin_selective_key_restore_operation( + + if key_name: + client_method = functools.partial(self._client.begin_selective_key_restore_operation, key_name=key_name) + restore_details = self._models.SelectiveKeyRestoreOperationParameters( + sas_token_parameters=sas_parameter, folder=folder_name + ) + else: + client_method = self._client.begin_full_restore_operation + restore_details = self._models.RestoreOperationParameters( + sas_token_parameters=sas_parameter, folder_to_restore=folder_name + ) + + return client_method( vault_base_url=self._vault_url, - key_name=key_name, restore_blob_details=restore_details, - cls=KeyVaultSelectiveKeyRestoreOperation._wrap_generated, - continuation_token=kwargs.pop("continuation_token", None), - polling=LROBasePolling(lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs), + cls=lambda *_: None, # poller.result() returns None + continuation_token=continuation_token, + polling=polling, **kwargs ) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py index 34aff71fec5e..f4905dcdbb90 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py @@ -2,6 +2,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ +import functools from typing import TYPE_CHECKING from azure.core.polling.async_base_polling import AsyncLROBasePolling @@ -53,60 +54,46 @@ async def begin_backup( async def begin_restore( self, folder_url: str, sas_token: str, **kwargs: "Any" ) -> "AsyncLROPoller[KeyVaultRestoreOperation]": - """Restore a full backup of a Key Vault. + """Restore a Key Vault backup. + + This method restores either a complete Key Vault backup or when ``key_name`` has a value, a single key. :param str folder_url: URL for the blob storage resource, including the path to the blob holding the backup. This would be the `folder_url` of a :class:`KeyVaultBackupOperation` returned by :func:`begin_backup` or :func:`get_backup_status`, for example https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource + :keyword str continuation_token: a continuation token to restart polling from a saved state + :keyword str key_name: name of a single key in the backup. When set, only this key will be restored. :rtype: ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.KeyVaultRestoreOperation] """ - polling_interval = kwargs.pop("_polling_interval", 5) - container_url, folder_name = parse_folder_url(folder_url) - sas_parameter = self._models.SASTokenParameter(storage_resource_uri=container_url, token=sas_token) - restore_details = self._models.RestoreOperationParameters( - sas_token_parameters=sas_parameter, folder_to_restore=folder_name - ) - return await self._client.begin_full_restore_operation( - vault_base_url=self._vault_url, - restore_blob_details=restore_details, - cls=KeyVaultRestoreOperation._wrap_generated, - continuation_token=kwargs.pop("continuation_token", None), - polling=AsyncLROBasePolling( - lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs - ), - **kwargs - ) + # AsyncLROBasePolling passes its kwargs to pipeline.run(), so we remove unexpected args before constructing it + continuation_token = kwargs.pop("continuation_token", None) + key_name = kwargs.pop("key_name", None) - async def begin_selective_key_restore( - self, key_name: str, folder_url: str, sas_token: str, **kwargs: "Any" - ) -> "AsyncLROPoller[KeyVaultSelectiveKeyRestoreOperation]": - """Restore a single key from a full Key Vault backup. - - :param str key_name: name of the key to restore from the backup - :param str folder_url: URL for the blob storage resource, including the path to the blob holding the - backup. This would be the `folder_url` of a :class:`KeyVaultBackupOperation` returned by - :func:`begin_backup` or :func:`get_backup_status`, for example - https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 - :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource - :rtype: ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.KeyVaultSelectiveKeyRestoreOperation] - """ - polling_interval = kwargs.pop("_polling_interval", 5) container_url, folder_name = parse_folder_url(folder_url) sas_parameter = self._models.SASTokenParameter(storage_resource_uri=container_url, token=sas_token) - restore_details = self._models.SelectiveKeyRestoreOperationParameters( - sas_token_parameters=sas_parameter, folder=folder_name + polling = AsyncLROBasePolling( + lro_algorithms=[KeyVaultBackupClientPolling()], timeout=kwargs.pop("_polling_interval", 5), **kwargs ) - return await self._client.begin_selective_key_restore_operation( + + if key_name: + client_method = functools.partial(self._client.begin_selective_key_restore_operation, key_name=key_name) + restore_details = self._models.SelectiveKeyRestoreOperationParameters( + sas_token_parameters=sas_parameter, folder=folder_name + ) + else: + client_method = self._client.begin_full_restore_operation + restore_details = self._models.RestoreOperationParameters( + sas_token_parameters=sas_parameter, folder_to_restore=folder_name + ) + + return await client_method( vault_base_url=self._vault_url, - key_name=key_name, restore_blob_details=restore_details, - cls=KeyVaultSelectiveKeyRestoreOperation._wrap_generated, - continuation_token=kwargs.pop("continuation_token", None), - polling=AsyncLROBasePolling( - lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs - ), + cls=lambda *_: None, # poller.result() returns None + continuation_token=continuation_token, + polling=polling, **kwargs ) From 61f5af18066edc6dfc3d5a39e9d9dba829df2e83 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 7 Jun 2021 16:48:27 -0700 Subject: [PATCH 07/24] update tests --- .../tests/test_backup_client.py | 4 ++-- .../tests/test_backup_client_async.py | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py index 7acb7929a57d..b6dfbd85ba04 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py @@ -91,7 +91,7 @@ def test_selective_key_restore(self, container_uri, sas_token): assert_successful_operation(backup_status) # restore the key - restore_poller = backup_client.begin_selective_key_restore(key_name, backup_status.folder_url, sas_token) + restore_poller = backup_client.begin_restore(backup_status.folder_url, sas_token, key_name=key_name) # check restore status and result job_id = restore_poller.polling_method().resource().job_id @@ -119,7 +119,7 @@ def test_continuation_token(): backup_client._client = mock_generated_client backup_client.begin_restore("storage uri", "sas", continuation_token=expected_token) backup_client.begin_backup("storage uri", "sas", continuation_token=expected_token) - backup_client.begin_selective_key_restore("storage uri", "sas", "key", continuation_token=expected_token) + backup_client.begin_restore("storage uri", "sas", key_name="key", continuation_token=expected_token) for method in ("begin_full_backup", "begin_full_restore_operation", "begin_selective_key_restore_operation"): mock_method = getattr(mock_generated_client, method) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py index 94776ccadb8e..8c5384c7a35c 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py @@ -95,8 +95,8 @@ async def test_selective_key_restore(self, container_uri, sas_token): assert_successful_operation(backup_status) # restore the key - restore_poller = await backup_client.begin_selective_key_restore( - key_name, backup_status.folder_url, sas_token + restore_poller = await backup_client.begin_restore( + backup_status.folder_url, sas_token, key_name=key_name ) # check restore status and result @@ -136,7 +136,7 @@ async def test_continuation_token(): backup_client._client = mock_generated_client await backup_client.begin_restore("storage uri", "sas", continuation_token=expected_token) await backup_client.begin_backup("storage uri", "sas", continuation_token=expected_token) - await backup_client.begin_selective_key_restore("storage uri", "sas", "key", continuation_token=expected_token) + await backup_client.begin_restore("storage uri", "sas", key_name="key", continuation_token=expected_token) for method in mock_methods: assert method.call_count == 1 From 2e26acc3ed4884730b258bd6daf121b95bbfee14 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 7 Jun 2021 17:38:37 -0700 Subject: [PATCH 08/24] keep only KeyVaultBackupOperation.folder_url --- .../azure/keyvault/administration/__init__.py | 4 -- .../keyvault/administration/_backup_client.py | 6 +- .../azure/keyvault/administration/_models.py | 66 ++++--------------- .../administration/aio/_backup_client.py | 10 ++- 4 files changed, 20 insertions(+), 66 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py index d438d458ece7..335ec8bddfdb 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py @@ -12,8 +12,6 @@ KeyVaultRoleAssignment, KeyVaultRoleAssignmentProperties, KeyVaultRoleDefinition, - KeyVaultRestoreOperation, - KeyVaultSelectiveKeyRestoreOperation, ) @@ -28,6 +26,4 @@ "KeyVaultRoleAssignmentProperties", "KeyVaultRoleDefinition", "KeyVaultRoleScope", - "KeyVaultRestoreOperation", - "KeyVaultSelectiveKeyRestoreOperation", ] diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py index df3c2bceeecb..3ce0170d1c3f 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py @@ -7,7 +7,7 @@ from azure.core.polling.base_polling import LROBasePolling -from ._models import KeyVaultBackupOperation, KeyVaultRestoreOperation, KeyVaultSelectiveKeyRestoreOperation +from ._models import KeyVaultBackupOperation from ._internal import KeyVaultClientBase, parse_folder_url from ._internal.polling import KeyVaultBackupClientPolling @@ -43,14 +43,14 @@ def begin_backup(self, blob_storage_url, sas_token, **kwargs): return self._client.begin_full_backup( vault_base_url=self._vault_url, azure_storage_blob_container_uri=sas_parameter, - cls=KeyVaultBackupOperation._wrap_generated, + cls=KeyVaultBackupOperation._from_generated, continuation_token=kwargs.pop("continuation_token", None), polling=LROBasePolling(lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs), **kwargs ) def begin_restore(self, folder_url, sas_token, **kwargs): - # type: (str, str, **Any) -> LROPoller[KeyVaultRestoreOperation] + # type: (str, str, **Any) -> LROPoller """Restore a Key Vault backup. This method restores either a complete Key Vault backup or when ``key_name`` has a value, a single key. diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py index e5689a1b8bfd..a72b84062cb7 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py @@ -214,59 +214,19 @@ def _from_generated(cls, definition): ) -class _Operation(object): - def __init__(self, **kwargs): - self.status = kwargs.get("status", None) - self.status_details = kwargs.get("status_details", None) - self.error = kwargs.get("error", None) - self.start_time = kwargs.get("start_time", None) - self.end_time = kwargs.get("end_time", None) - self.job_id = kwargs.get("job_id", None) - - @classmethod - def _wrap_generated(cls, response, deserialized_operation, response_headers): # pylint:disable=unused-argument - return cls(**deserialized_operation.__dict__) - - -class KeyVaultBackupOperation(_Operation): - """A Key Vault full backup operation. - - :ivar str status: status of the backup operation - :ivar str status_details: more details of the operation's status - :ivar error: Error encountered, if any, during the operation - :type error: ~key_vault_client.models.Error - :ivar datetime.datetime start_time: UTC start time of the operation - :ivar datetime.datetime end_time: UTC end time of the operation - :ivar str job_id: identifier for the operation - :ivar str folder_url: URL of the Azure blob storage container which contains the backup - """ - - def __init__(self, **kwargs): - self.folder_url = kwargs.pop("azure_storage_blob_container_uri", None) - super(KeyVaultBackupOperation, self).__init__(**kwargs) +class KeyVaultBackupOperation(object): + """A Key Vault full backup operation""" + def __init__(self, folder_url, **kwargs): + # type: (str, **Any) -> None + self._folder_url = folder_url -class KeyVaultRestoreOperation(_Operation): - """A Key Vault restore operation. - - :ivar str status: status of the operation - :ivar str status_details: more details of the operation's status - :ivar error: Error encountered, if any, during the operation - :type error: ~key_vault_client.models.Error - :ivar datetime.datetime start_time: UTC start time of the operation - :ivar datetime.datetime end_time: UTC end time of the operation - :ivar str job_id: identifier for the operation - """ - - -class KeyVaultSelectiveKeyRestoreOperation(_Operation): - """A Key Vault operation restoring a single key. + @property + def folder_url(self): + # type: () -> str + """URL of the Azure Blob Storage container containing the backup""" + return self._folder_url - :ivar str status: status of the operation - :ivar str status_details: more details of the operation's status - :ivar error: Error encountered, if any, during the operation - :type error: ~key_vault_client.models.Error - :ivar datetime.datetime start_time: UTC start time of the operation - :ivar datetime.datetime end_time: UTC end time of the operation - :ivar str job_id: identifier for the operation - """ + @classmethod + def _from_generated(cls, response, deserialized_operation, response_headers): # pylint:disable=unused-argument + return cls(deserialized_operation.azure_storage_blob_container_uri) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py index f4905dcdbb90..d048e77dda4c 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py @@ -9,7 +9,7 @@ from .._internal import AsyncKeyVaultClientBase, parse_folder_url from .._internal.polling import KeyVaultBackupClientPolling -from .._models import KeyVaultBackupOperation, KeyVaultRestoreOperation, KeyVaultSelectiveKeyRestoreOperation +from .._models import KeyVaultBackupOperation if TYPE_CHECKING: # pylint:disable=unused-import @@ -43,7 +43,7 @@ async def begin_backup( return await self._client.begin_full_backup( vault_base_url=self._vault_url, azure_storage_blob_container_uri=sas_parameter, - cls=KeyVaultBackupOperation._wrap_generated, + cls=KeyVaultBackupOperation._from_generated, continuation_token=kwargs.pop("continuation_token", None), polling=AsyncLROBasePolling( lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs @@ -51,9 +51,7 @@ async def begin_backup( **kwargs ) - async def begin_restore( - self, folder_url: str, sas_token: str, **kwargs: "Any" - ) -> "AsyncLROPoller[KeyVaultRestoreOperation]": + async def begin_restore(self, folder_url: str, sas_token: str, **kwargs: "Any") -> "AsyncLROPoller": """Restore a Key Vault backup. This method restores either a complete Key Vault backup or when ``key_name`` has a value, a single key. @@ -65,7 +63,7 @@ async def begin_restore( :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource :keyword str continuation_token: a continuation token to restart polling from a saved state :keyword str key_name: name of a single key in the backup. When set, only this key will be restored. - :rtype: ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.KeyVaultRestoreOperation] + :rtype: ~azure.core.polling.AsyncLROPoller """ # AsyncLROBasePolling passes its kwargs to pipeline.run(), so we remove unexpected args before constructing it continuation_token = kwargs.pop("continuation_token", None) From d18b9d4f2c0f3bb8ea909e05dc6778c9f2817332 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 7 Jun 2021 17:41:06 -0700 Subject: [PATCH 09/24] remove get_*_status methods --- .../keyvault/administration/_backup_client.py | 28 +------------------ .../administration/aio/_backup_client.py | 24 +--------------- 2 files changed, 2 insertions(+), 50 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py index 3ce0170d1c3f..ceaf02fa69f0 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py @@ -56,7 +56,7 @@ def begin_restore(self, folder_url, sas_token, **kwargs): This method restores either a complete Key Vault backup or when ``key_name`` has a value, a single key. :param str folder_url: URL of the blob holding the backup. This would be the `folder_url` of a - :class:`KeyVaultBackupOperation` returned by :func:`begin_backup` or :func:`get_backup_status`, for example + :class:`KeyVaultBackupOperation` returned by :func:`begin_backup`, for example https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource :keyword str continuation_token: a continuation token to restart polling from a saved state @@ -92,29 +92,3 @@ def begin_restore(self, folder_url, sas_token, **kwargs): polling=polling, **kwargs ) - - def get_backup_status(self, job_id, **kwargs): - # type: (str, **Any) -> KeyVaultBackupOperation - """Returns the status of a full backup operation. - - :param job_id: The job ID returned as part of the backup request - :type job_id: str - :return: The full backup operation status as a :class:`KeyVaultBackupOperation` - :rtype: ~azure.keyvault.administration.KeyVaultBackupOperation - """ - return self._client.full_backup_status( - vault_base_url=self._vault_url, job_id=job_id, cls=KeyVaultBackupOperation._wrap_generated, **kwargs - ) - - def get_restore_status(self, job_id, **kwargs): - # type: (str, **Any) -> KeyVaultRestoreOperation - """Returns the status of a restore operation. - - :param job_id: The job ID returned as part of the restore request - :type job_id: str - :return: The restore operation status as a :class:`KeyVaultRestoreOperation` - :rtype: ~azure.keyvault.administration.KeyVaultRestoreOperation - """ - return self._client.restore_status( - vault_base_url=self.vault_url, job_id=job_id, cls=KeyVaultRestoreOperation._wrap_generated, **kwargs - ) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py index d048e77dda4c..6fb61262ad09 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py @@ -58,7 +58,7 @@ async def begin_restore(self, folder_url: str, sas_token: str, **kwargs: "Any") :param str folder_url: URL for the blob storage resource, including the path to the blob holding the backup. This would be the `folder_url` of a :class:`KeyVaultBackupOperation` returned by - :func:`begin_backup` or :func:`get_backup_status`, for example + :func:`begin_backup`, for example https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource :keyword str continuation_token: a continuation token to restart polling from a saved state @@ -94,25 +94,3 @@ async def begin_restore(self, folder_url: str, sas_token: str, **kwargs: "Any") polling=polling, **kwargs ) - - async def get_backup_status(self, job_id: str, **kwargs: "Any") -> "KeyVaultBackupOperation": - """Returns the status of a full backup operation. - - :param str job_id: The job ID returned as part of the backup request - :returns: The full backup operation status as a :class:`KeyVaultBackupOperation` - :rtype: ~azure.keyvault.administration.KeyVaultBackupOperation - """ - return await self._client.full_backup_status( - vault_base_url=self._vault_url, job_id=job_id, cls=KeyVaultBackupOperation._wrap_generated, **kwargs - ) - - async def get_restore_status(self, job_id: str, **kwargs: "Any") -> "KeyVaultRestoreOperation": - """Returns the status of a restore operation. - - :param str job_id: The ID returned as part of the restore request - :returns: The restore operation status as a :class:`KeyVaultRestoreOperation` - :rtype: ~azure.keyvault.administration.KeyVaultRestoreOperation - """ - return await self._client.restore_status( - vault_base_url=self._vault_url, job_id=job_id, cls=KeyVaultRestoreOperation._wrap_generated, **kwargs - ) From a41fcc6d62556fb58b3392ca39cf6a001d58863a Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Mon, 7 Jun 2021 17:43:21 -0700 Subject: [PATCH 10/24] update tests --- .../tests/test_backup_client.py | 56 ++----------------- .../tests/test_backup_client_async.py | 44 ++------------- 2 files changed, 8 insertions(+), 92 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py index b6dfbd85ba04..3011bf5fa770 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py @@ -46,27 +46,11 @@ def test_full_backup_and_restore(self, container_uri, sas_token): # backup the vault backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential) backup_poller = backup_client.begin_backup(container_uri, sas_token) - - # check backup status and result - job_id = backup_poller.polling_method().resource().job_id - backup_status = backup_client.get_backup_status(job_id) - assert_in_progress_operation(backup_status) backup_operation = backup_poller.result() - assert_successful_operation(backup_operation) - backup_status = backup_client.get_backup_status(job_id) - assert_successful_operation(backup_status) # restore the backup - restore_poller = backup_client.begin_restore(backup_status.folder_url, sas_token) - - # check restore status and result - job_id = restore_poller.polling_method().resource().job_id - restore_status = backup_client.get_restore_status(job_id) - assert_in_progress_operation(restore_status) - restore_operation = restore_poller.result() - assert_successful_operation(restore_operation) - restore_status = backup_client.get_restore_status(job_id) - assert_successful_operation(restore_status) + restore_poller = backup_client.begin_restore(backup_operation.folder_url, sas_token) + restore_poller.wait() @ResourceGroupPreparer(random_name_enabled=True, use_cache=True) @StorageAccountPreparer(random_name_enabled=True) @@ -80,27 +64,11 @@ def test_selective_key_restore(self, container_uri, sas_token): # backup the vault backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential) backup_poller = backup_client.begin_backup(container_uri, sas_token) - - # check backup status and result - job_id = backup_poller.polling_method().resource().job_id - backup_status = backup_client.get_backup_status(job_id) - assert_in_progress_operation(backup_status) backup_operation = backup_poller.result() - assert_successful_operation(backup_operation) - backup_status = backup_client.get_backup_status(job_id) - assert_successful_operation(backup_status) # restore the key - restore_poller = backup_client.begin_restore(backup_status.folder_url, sas_token, key_name=key_name) - - # check restore status and result - job_id = restore_poller.polling_method().resource().job_id - restore_status = backup_client.get_restore_status(job_id) - assert_in_progress_operation(restore_status) - restore_operation = restore_poller.result() - assert_successful_operation(restore_operation) - restore_status = backup_client.get_restore_status(job_id) - assert_successful_operation(restore_status) + restore_poller = backup_client.begin_restore(backup_operation.folder_url, sas_token, key_name=key_name) + restore_poller.wait() # delete the key delete_function = partial(key_client.begin_delete_key, key_name) @@ -128,22 +96,6 @@ def test_continuation_token(): assert kwargs["continuation_token"] == expected_token -def assert_in_progress_operation(operation): - if isinstance(operation, KeyVaultBackupOperation): - assert operation.folder_url is None - assert operation.status == "InProgress" - assert operation.end_time is None - assert isinstance(operation.start_time, datetime) - - -def assert_successful_operation(operation): - if isinstance(operation, KeyVaultBackupOperation): - assert operation.folder_url - assert operation.status == "Succeeded" - assert isinstance(operation.end_time, datetime) - assert operation.start_time < operation.end_time - - @pytest.mark.parametrize( "url,expected_container_url,expected_folder_name", [ diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py index 8c5384c7a35c..ffc221ce5d0b 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py @@ -17,8 +17,6 @@ from _shared.helpers_async import get_completed_future from _shared.test_case_async import KeyVaultTestCase from blob_container_preparer import BlobContainerPreparer -from test_backup_client import assert_in_progress_operation -from test_backup_client import assert_successful_operation @pytest.mark.usefixtures("managed_hsm") @@ -50,27 +48,11 @@ async def test_full_backup_and_restore(self, container_uri, sas_token): # backup the vault backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential) backup_poller = await backup_client.begin_backup(container_uri, sas_token) - - # check backup status and result - job_id = backup_poller.polling_method().resource().job_id - backup_status = await backup_client.get_backup_status(job_id) - assert_in_progress_operation(backup_status) backup_operation = await backup_poller.result() - assert_successful_operation(backup_operation) - backup_status = await backup_client.get_backup_status(job_id) - assert_successful_operation(backup_status) # restore the backup - restore_poller = await backup_client.begin_restore(backup_status.folder_url, sas_token) - - # check restore status and result - job_id = restore_poller.polling_method().resource().job_id - restore_status = await backup_client.get_restore_status(job_id) - assert_in_progress_operation(restore_status) - restore_operation = await restore_poller.result() - assert_successful_operation(restore_operation) - restore_status = await backup_client.get_restore_status(job_id) - assert_successful_operation(restore_status) + restore_poller = await backup_client.begin_restore(backup_operation.folder_url, sas_token) + await restore_poller.wait() @ResourceGroupPreparer(random_name_enabled=True, use_cache=True) @StorageAccountPreparer(random_name_enabled=True) @@ -84,29 +66,11 @@ async def test_selective_key_restore(self, container_uri, sas_token): # backup the vault backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential) backup_poller = await backup_client.begin_backup(container_uri, sas_token) - - # check backup status and result - job_id = backup_poller.polling_method().resource().job_id - backup_status = await backup_client.get_backup_status(job_id) - assert_in_progress_operation(backup_status) backup_operation = await backup_poller.result() - assert_successful_operation(backup_operation) - backup_status = await backup_client.get_backup_status(job_id) - assert_successful_operation(backup_status) # restore the key - restore_poller = await backup_client.begin_restore( - backup_status.folder_url, sas_token, key_name=key_name - ) - - # check restore status and result - job_id = restore_poller.polling_method().resource().job_id - restore_status = await backup_client.get_restore_status(job_id) - assert_in_progress_operation(restore_status) - restore_operation = await restore_poller.result() - assert_successful_operation(restore_operation) - restore_status = await backup_client.get_restore_status(job_id) - assert_successful_operation(restore_status) + restore_poller = await backup_client.begin_restore(backup_operation.folder_url, sas_token, key_name=key_name) + await restore_poller.wait() # delete the key await self._poll_until_no_exception(key_client.delete_key, key_name, expected_exception=ResourceExistsError) From 3a75e4ed6249c166feb447b555221acdebe83ac3 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Tue, 8 Jun 2021 16:20:52 -0700 Subject: [PATCH 11/24] update changelog --- .../CHANGELOG.md | 34 ++++++++++++++----- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md b/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md index 6c15d3376927..e5a2002fdaab 100644 --- a/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md +++ b/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md @@ -3,21 +3,34 @@ ## 4.0.0b4 (Unreleased) ### Changed - Key Vault API version 7.2 is now the default +- `KeyVaultAccessControlClient.delete_role_assignment` and + `.delete_role_definition` no longer raise an error when the resource to be + deleted is not found ### Added -- `KeyVaultAccessControlClient.set_role_definition` accepts an optional +- `KeyVaultAccessControlClient.set_role_definition` accepts an optional `assignable_scopes` keyword-only argument ### Breaking Changes +- `KeyVaultAccessControlClient.delete_role_assignment` and + `.delete_role_definition` return None - Changed parameter order in `KeyVaultAccessControlClient.set_role_definition`. `permissions` is now an optional keyword-only argument -- Renamed `BackupOperation` to `KeyVaultBackupOperation` -- Renamed `RestoreOperation` to `KeyVaultRestoreOperation` -- Renamed `SelectiveKeyRestoreOperation` to - `KeyVaultSelectiveKeyRestoreOperation` -- Renamed `KeyVaultBackupClient.begin_selective_restore` to `begin_selective_key_restore` - - Changed parameter order from `folder_url, sas_token, key_name` to - `key_name, folder_url, sas_token` +- Renamed `BackupOperation` to `KeyVaultBackupOperation`, and removed all but + its `folder_url` property +- Removed `RestoreOperation` and `SelectiveKeyRestoreOperation` classes +- Removed `KeyVaultBackupClient.begin_selective_restore`. To restore a + single key, pass the key's name to `KeyVaultBackupClient.begin__restore`: + ``` + # before (4.0.0b3): + client.begin_selective_restore(folder_url, sas_token, key_name) + + # after: + client.begin_restore(folder_url, sas_token, key_name=key_name) + ``` +- Removed `KeyVaultBackupClient.get_backup_status` and `.get_restore_status`. Use + the pollers returned by `KeyVaultBackupClient.begin_backup` and `.begin_restore` + to check whether an operation has completed - `KeyVaultRoleAssignment`'s `principal_id`, `role_definition_id`, and `scope` are now properties of a `properties` property ``` @@ -32,6 +45,11 @@ - `denied_actions` -> `not_actions` - `allowed_data_actions` -> `data_actions` - `denied_data_actions` -> `denied_data_actions` +- Renamed argument `role_assignment_name` to `name` in + `KeyVaultAccessControlClient.create_role_assignment`, `.delete_role_assignment`, + and `.get_role_assignment` +- Renamed argument `role_definition_name` to `name` in + `KeyVaultAccessControlClient.delete_role_definition` and `.get_role_definition` ## 4.0.0b3 (2021-02-09) ### Added From 8b5cdfadad255f58ed0a2ccdec43024eb3f7d683 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Wed, 9 Jun 2021 09:09:58 -0700 Subject: [PATCH 12/24] remove unused imports --- .../azure/keyvault/administration/_access_control_client.py | 2 +- .../azure/keyvault/administration/aio/_access_control_client.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 1ec107bf92c4..664f87957faa 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -13,7 +13,7 @@ if TYPE_CHECKING: # pylint:disable=ungrouped-imports - from typing import Any, Optional, Union + from typing import Any, Union from uuid import UUID from azure.core.paging import ItemPaged from ._enums import KeyVaultRoleScope diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index fdb4fa9e2545..73315bd94671 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -14,7 +14,7 @@ if TYPE_CHECKING: # pylint:disable=ungrouped-imports - from typing import Any, Optional, Union + from typing import Any, Union from uuid import UUID from azure.core.async_paging import AsyncItemPaged from .._enums import KeyVaultRoleScope From 38b5c41029f39bd35dca675a3fc9bb3c0963f7c5 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Wed, 9 Jun 2021 09:22:17 -0700 Subject: [PATCH 13/24] enums are interchangeable with case-insensitive strings --- .../azure/keyvault/administration/_enums.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py index 3d6f7b89d061..145944292298 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py @@ -3,17 +3,18 @@ # Licensed under the MIT License. # ------------------------------------ from enum import Enum +from six import with_metaclass +from azure.core import CaseInsensitiveEnumMeta -class KeyVaultRoleScope(str, Enum): +class KeyVaultRoleScope(with_metaclass(CaseInsensitiveEnumMeta, str, Enum)): """Collection of well known role scopes. This list is not exhaustive.""" GLOBAL = "/" #: use this if you want role assignments to apply to everything on the resource - KEYS = "/keys" #: use this if you want role assignments to apply to all keys -class KeyVaultDataAction(str, Enum): +class KeyVaultDataAction(with_metaclass(CaseInsensitiveEnumMeta, str, Enum)): """Supported permissions for data actions.""" #: Read HSM key metadata. From 66cf889aa0452eb793a38c79573b82df127a315a Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Wed, 9 Jun 2021 11:24:25 -0700 Subject: [PATCH 14/24] clear challenge cache between tests --- .../tests/test_backup_client.py | 6 ++++++ .../tests/test_backup_client_async.py | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py index 3011bf5fa770..5f9ec07314f2 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py @@ -10,6 +10,7 @@ from azure.core.exceptions import ResourceExistsError from azure.identity import DefaultAzureCredential from azure.keyvault.keys import KeyClient +from azure.keyvault.administration._internal import HttpChallengeCache from azure.keyvault.administration import KeyVaultBackupClient, KeyVaultBackupOperation from azure.keyvault.administration._internal import parse_folder_url from devtools_testutils import ResourceGroupPreparer, StorageAccountPreparer @@ -33,6 +34,11 @@ def setUp(self, *args, **kwargs): self.scrubber.register_name_pair(real.netloc, playback.netloc) super(BackupClientTests, self).setUp(*args, **kwargs) + def tearDown(self): + HttpChallengeCache.clear() + assert len(HttpChallengeCache._cache) == 0 + super(KeyVaultTestCase, self).tearDown() + @property def credential(self): if self.is_live: diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py index ffc221ce5d0b..4c132d262f10 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py @@ -10,6 +10,7 @@ from azure.core.exceptions import ResourceExistsError from azure.identity.aio import DefaultAzureCredential from azure.keyvault.keys.aio import KeyClient +from azure.keyvault.administration._internal import HttpChallengeCache from azure.keyvault.administration.aio import KeyVaultBackupClient from devtools_testutils import ResourceGroupPreparer, StorageAccountPreparer import pytest @@ -31,6 +32,11 @@ def setUp(self, *args, **kwargs): self.scrubber.register_name_pair(real.netloc, playback.netloc) super().setUp(*args, **kwargs) + def tearDown(self): + HttpChallengeCache.clear() + assert len(HttpChallengeCache._cache) == 0 + super(KeyVaultTestCase, self).tearDown() + @property def credential(self): if self.is_live: From 5c368d2fa1dafa5c88f560b517f5efcdc6859dc7 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Wed, 9 Jun 2021 11:25:14 -0700 Subject: [PATCH 15/24] update recordings --- ...p_client.test_full_backup_and_restore.yaml | 281 +++-------------- ...kup_client.test_selective_key_restore.yaml | 286 +++++------------ ...nt_async.test_full_backup_and_restore.yaml | 206 +++--------- ...ient_async.test_selective_key_restore.yaml | 294 +++++------------- 4 files changed, 233 insertions(+), 834 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_full_backup_and_restore.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_full_backup_and_restore.yaml index 92b4636c72c7..c117da91305c 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_full_backup_and_restore.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_full_backup_and_restore.yaml @@ -13,7 +13,7 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/backup?api-version=7.2 response: @@ -38,12 +38,13 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-server-latency: - - '1' + - '2' status: code: 401 message: Unauthorized - request: - body: '{"token": "redacted", "storageResourceUri": "https://storname.blob.core.windows.net/containerdws2iww4sv5wrfx"}' + body: '{"storageResourceUri": "https://storname.blob.core.windows.net/container3twjzazwmh2cwvw", + "token": "redacted"}' headers: Accept: - application/json @@ -52,29 +53,29 @@ interactions: Connection: - keep-alive Content-Length: - - '235' + - '233' Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/backup?api-version=7.2 response: body: - string: '{"status":"InProgress","statusDetails":null,"error":{"code":null,"message":null,"innererror":null},"startTime":1622162342,"endTime":null,"jobId":"cc6ecb7f0a58470abd2ab8b95ed13227","azureStorageBlobContainerUri":null}' + string: '{"status":"InProgress","statusDetails":null,"error":null,"startTime":1623262243,"endTime":null,"jobId":"02ceebe3f890458f9dca192b3891edf9","azureStorageBlobContainerUri":null}' headers: azure-asyncoperation: - - https://managedhsm/backup/cc6ecb7f0a58470abd2ab8b95ed13227/pending + - https://managedhsm/backup/02ceebe3f890458f9dca192b3891edf9/pending cache-control: - no-cache content-length: - - '216' + - '174' content-security-policy: - default-src 'self' content-type: - application/json; charset=utf-8 date: - - Fri, 28 May 2021 00:39:02 GMT + - Wed, 09 Jun 2021 18:10:43 GMT server: - Kestrel strict-transport-security: @@ -84,60 +85,14 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - - northeurope + - centralus x-ms-server-latency: - - '2614' + - '2430' status: code: 202 message: '' -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/backup/cc6ecb7f0a58470abd2ab8b95ed13227/pending?api-version=7.2 - response: - body: - string: '{"azureStorageBlobContainerUri":null,"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"cc6ecb7f0a58470abd2ab8b95ed13227","startTime":1622162342,"status":"InProgress","statusDetails":null}' - headers: - cache-control: - - no-cache - content-length: - - '216' - content-security-policy: - - default-src 'self' - content-type: - - application/json; charset=utf-8 - date: - - Fri, 28 May 2021 00:39:04 GMT - server: - - Kestrel - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - x-frame-options: - - SAMEORIGIN - x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: - - northeurope - x-ms-server-latency: - - '2104' - status: - code: 200 - message: OK - request: body: null headers: @@ -148,58 +103,12 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/backup/cc6ecb7f0a58470abd2ab8b95ed13227/pending - response: - body: - string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/containerdws2iww4sv5wrfx/mhsm-mcpatinotesthsm-2021052800390261","endTime":1622162353,"error":null,"jobId":"cc6ecb7f0a58470abd2ab8b95ed13227","startTime":1622162342,"status":"Succeeded","statusDetails":null}' - headers: - cache-control: - - no-cache - content-length: - - '294' - content-security-policy: - - default-src 'self' - content-type: - - application/json; charset=utf-8 - date: - - Fri, 28 May 2021 00:39:14 GMT - server: - - Kestrel - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - x-frame-options: - - SAMEORIGIN - x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: - - northeurope - x-ms-server-latency: - - '2107' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/backup/cc6ecb7f0a58470abd2ab8b95ed13227/pending?api-version=7.2 + uri: https://managedhsm/backup/02ceebe3f890458f9dca192b3891edf9/pending response: body: - string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/containerdws2iww4sv5wrfx/mhsm-mcpatinotesthsm-2021052800390261","endTime":1622162353,"error":null,"jobId":"cc6ecb7f0a58470abd2ab8b95ed13227","startTime":1622162342,"status":"Succeeded","statusDetails":null}' + string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/container3twjzazwmh2cwvw/mhsm-mcpatinotesthsm-2021060918104369","endTime":1623262252,"error":null,"jobId":"02ceebe3f890458f9dca192b3891edf9","startTime":1623262243,"status":"Succeeded","statusDetails":null}' headers: cache-control: - no-cache @@ -210,7 +119,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 28 May 2021 00:39:17 GMT + - Wed, 09 Jun 2021 18:10:57 GMT server: - Kestrel strict-transport-security: @@ -220,19 +129,19 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop + - 1.0.20210520-1-d6634624-develop x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - - northeurope + - centralus x-ms-server-latency: - - '2184' + - '4139' status: code: 200 message: OK - request: - body: '{"sasTokenParameters": {"token": "redacted", "storageResourceUri": "https://storname.blob.core.windows.net/containerdws2iww4sv5wrfx"}, - "folderToRestore": "mhsm-mcpatinotesthsm-2021052800390261"}' + body: '{"sasTokenParameters": {"storageResourceUri": "https://storname.blob.core.windows.net/container3twjzazwmh2cwvw", + "token": "redacted"}, "folderToRestore": "mhsm-mcpatinotesthsm-2021060918104369"}' headers: Accept: - application/json @@ -241,29 +150,29 @@ interactions: Connection: - keep-alive Content-Length: - - '319' + - '317' Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: PUT uri: https://managedhsm/restore?api-version=7.2 response: body: - string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"eb8b8c6ce64f4c63aa4d1eed47c6b928","startTime":1622162359,"status":"InProgress","statusDetails":null}' + string: '{"endTime":null,"error":null,"jobId":"135e9be3e38c43f69e1d4f8b25262b52","startTime":1623262260,"status":"InProgress","statusDetails":null}' headers: azure-asyncoperation: - - https://managedhsm/restore/eb8b8c6ce64f4c63aa4d1eed47c6b928/pending + - https://managedhsm/restore/135e9be3e38c43f69e1d4f8b25262b52/pending cache-control: - no-cache content-length: - - '180' + - '138' content-security-policy: - default-src 'self' content-type: - application/json; charset=utf-8 date: - - Fri, 28 May 2021 00:39:19 GMT + - Wed, 09 Jun 2021 18:11:00 GMT server: - Kestrel strict-transport-security: @@ -273,60 +182,14 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - - northeurope + - centralus x-ms-server-latency: - - '2288' + - '2245' status: code: 202 message: '' -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/restore/eb8b8c6ce64f4c63aa4d1eed47c6b928/pending?api-version=7.2 - response: - body: - string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"eb8b8c6ce64f4c63aa4d1eed47c6b928","startTime":1622162359,"status":"InProgress","statusDetails":null}' - headers: - cache-control: - - no-cache - content-length: - - '180' - content-security-policy: - - default-src 'self' - content-type: - - application/json; charset=utf-8 - date: - - Fri, 28 May 2021 00:39:21 GMT - server: - - Kestrel - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - x-frame-options: - - SAMEORIGIN - x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: - - northeurope - x-ms-server-latency: - - '2026' - status: - code: 200 - message: OK - request: body: null headers: @@ -337,23 +200,23 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/restore/eb8b8c6ce64f4c63aa4d1eed47c6b928/pending + uri: https://managedhsm/restore/135e9be3e38c43f69e1d4f8b25262b52/pending response: body: - string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"eb8b8c6ce64f4c63aa4d1eed47c6b928","startTime":1622162359,"status":"InProgress","statusDetails":null}' + string: '{"endTime":null,"error":null,"jobId":"135e9be3e38c43f69e1d4f8b25262b52","startTime":1623262260,"status":"InProgress","statusDetails":null}' headers: cache-control: - no-cache content-length: - - '180' + - '138' content-security-policy: - default-src 'self' content-type: - application/json; charset=utf-8 date: - - Fri, 28 May 2021 00:39:31 GMT + - Wed, 09 Jun 2021 18:11:12 GMT server: - Kestrel strict-transport-security: @@ -363,13 +226,13 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop + - 1.0.20210520-1-d6634624-develop x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - - northeurope + - centralus x-ms-server-latency: - - '2340' + - '2398' status: code: 200 message: OK @@ -383,58 +246,12 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/restore/eb8b8c6ce64f4c63aa4d1eed47c6b928/pending - response: - body: - string: '{"endTime":1622162377,"error":null,"jobId":"eb8b8c6ce64f4c63aa4d1eed47c6b928","startTime":1622162359,"status":"Succeeded","statusDetails":null}' - headers: - cache-control: - - no-cache - content-length: - - '143' - content-security-policy: - - default-src 'self' - content-type: - - application/json; charset=utf-8 - date: - - Fri, 28 May 2021 00:39:38 GMT - server: - - Kestrel - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - x-frame-options: - - SAMEORIGIN - x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: - - northeurope - x-ms-server-latency: - - '2112' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/restore/eb8b8c6ce64f4c63aa4d1eed47c6b928/pending?api-version=7.2 + uri: https://managedhsm/restore/135e9be3e38c43f69e1d4f8b25262b52/pending response: body: - string: '{"endTime":1622162377,"error":null,"jobId":"eb8b8c6ce64f4c63aa4d1eed47c6b928","startTime":1622162359,"status":"Succeeded","statusDetails":null}' + string: '{"endTime":1623262276,"error":null,"jobId":"135e9be3e38c43f69e1d4f8b25262b52","startTime":1623262260,"status":"Succeeded","statusDetails":null}' headers: cache-control: - no-cache @@ -445,7 +262,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 28 May 2021 00:39:41 GMT + - Wed, 09 Jun 2021 18:11:19 GMT server: - Kestrel strict-transport-security: @@ -455,13 +272,13 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop + - 1.0.20210520-1-d6634624-develop x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - - northeurope + - centralus x-ms-server-latency: - - '2307' + - '2170' status: code: 200 message: OK diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_selective_key_restore.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_selective_key_restore.yaml index 71cec1dfcda3..f0548125b14b 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_selective_key_restore.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_selective_key_restore.yaml @@ -13,7 +13,7 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.4.0b5 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-keys/4.4.0b5 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/keys/selective-restore-test-keya85a1290/create?api-version=7.2 response: @@ -38,7 +38,7 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-server-latency: - - '2' + - '1' status: code: 401 message: Unauthorized @@ -56,12 +56,12 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.4.0b5 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-keys/4.4.0b5 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/keys/selective-restore-test-keya85a1290/create?api-version=7.2 response: body: - string: '{"attributes":{"created":1622737142,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1622737142},"key":{"e":"AQAB","key_ops":["wrapKey","decrypt","encrypt","unwrapKey","sign","verify"],"kid":"https://managedhsm/keys/selective-restore-test-keya85a1290/0e9ab81292cb4b541fbbeed9637f05ae","kty":"RSA-HSM","n":"pUyv-QHMnTAnicJCsXz9uGQEPsXZgvpA4_DBool3RKXy7hxNbjzgy0WbgmOEl_bQpe6uOHhws7170CpnX-Y-rDV5UoDf-lJ_jC53KDskjkNDNrqvUTrRyla_RgajKvSL6gT4XzIAPgx6-OIcoeqT--7D52NUZDWi4_0vDIIjmriYF-Hog0TsflvrqIQO-P6Hv7JOPziMz-pmB_5pWFWuo-nM_Vy6N6DE1TTmPyR50v4RnrA4MiLdiOxpI3z6Orp95M83liX8ouA7LNCK1kinoOuOmiPvbp9AlEgFy7MZm-dSmjAUO_AuXb-vKe17MqGiOObz8pjXNAWuMci6oByFdw"}}' + string: '{"attributes":{"created":1623262318,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1623262318},"key":{"e":"AQAB","key_ops":["wrapKey","decrypt","encrypt","unwrapKey","sign","verify"],"kid":"https://managedhsm/keys/selective-restore-test-keya85a1290/6dd019b9ef08000fa727b16f761cb863","kty":"RSA-HSM","n":"yXwJAiPX3WroEVxUbPo13vDu_Xx_VJeCkB7kyrM5138VAU7X4mWMcsnqee47IveGIoRg-pTxZ88Eu2PdBc32BhSUgNxjnpcZg0W4Xake0X1XLqC-5AnM1hG5EEbASAFHDOd5gOnCB_ugZu9i0-j0hy4wUXEkC1iB6LFy7oVrrF5qW-1LIDrnB43Om_Jti66MU4fIB1byvA_BJh5brZrD7jcrqpQzw5p8ofLHRpDO6NJtA50sDtTPm8wcAbl0ZxGq5QF97btzqdXWaF0nTZpYUVN18lgoEfYsTAqIg3pBxRANSyxpJp95GRVCtP6P3l2G7gRSfLI31BVhX5gBg_Ndvw"}}' headers: cache-control: - no-cache @@ -78,11 +78,11 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - centralus x-ms-server-latency: - - '337' + - '266' status: code: 200 message: OK @@ -100,7 +100,7 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/backup?api-version=7.2 response: @@ -125,12 +125,13 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-server-latency: - - '2' + - '1' status: code: 401 message: Unauthorized - request: - body: '{"token": "redacted", "storageResourceUri": "https://storname.blob.core.windows.net/containerka5azvb2rgv3lem"}' + body: '{"storageResourceUri": "https://storname.blob.core.windows.net/containerbn5dlzh7x3wmuxh", + "token": "redacted"}' headers: Accept: - application/json @@ -139,19 +140,19 @@ interactions: Connection: - keep-alive Content-Length: - - '235' + - '233' Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/backup?api-version=7.2 response: body: - string: '{"status":"InProgress","statusDetails":null,"error":null,"startTime":1622737146,"endTime":null,"jobId":"42bf0ff2f78245b8afe8218ea58752e9","azureStorageBlobContainerUri":null}' + string: '{"status":"InProgress","statusDetails":null,"error":null,"startTime":1623262328,"endTime":null,"jobId":"26592776e1c34074a6cd1eb685b532d8","azureStorageBlobContainerUri":null}' headers: azure-asyncoperation: - - https://managedhsm/backup/42bf0ff2f78245b8afe8218ea58752e9/pending + - https://managedhsm/backup/26592776e1c34074a6cd1eb685b532d8/pending cache-control: - no-cache content-length: @@ -161,7 +162,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 03 Jun 2021 16:19:06 GMT + - Wed, 09 Jun 2021 18:12:08 GMT server: - Kestrel strict-transport-security: @@ -171,60 +172,14 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - centralus x-ms-server-latency: - - '2994' + - '2180' status: code: 202 message: '' -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/backup/42bf0ff2f78245b8afe8218ea58752e9/pending?api-version=7.2 - response: - body: - string: '{"azureStorageBlobContainerUri":null,"endTime":null,"error":null,"jobId":"42bf0ff2f78245b8afe8218ea58752e9","startTime":1622737146,"status":"InProgress","statusDetails":null}' - headers: - cache-control: - - no-cache - content-length: - - '174' - content-security-policy: - - default-src 'self' - content-type: - - application/json; charset=utf-8 - date: - - Thu, 03 Jun 2021 16:19:08 GMT - server: - - Kestrel - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - x-frame-options: - - SAMEORIGIN - x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: - - centralus - x-ms-server-latency: - - '2123' - status: - code: 200 - message: OK - request: body: null headers: @@ -235,12 +190,12 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/backup/42bf0ff2f78245b8afe8218ea58752e9/pending + uri: https://managedhsm/backup/26592776e1c34074a6cd1eb685b532d8/pending response: body: - string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/containerka5azvb2rgv3lem/mhsm-mcpatinotesthsm-2021060316190640","endTime":1622737156,"error":null,"jobId":"42bf0ff2f78245b8afe8218ea58752e9","startTime":1622737146,"status":"Succeeded","statusDetails":null}' + string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/containerbn5dlzh7x3wmuxh/mhsm-mcpatinotesthsm-2021060918120897","endTime":1623262337,"error":null,"jobId":"26592776e1c34074a6cd1eb685b532d8","startTime":1623262328,"status":"Succeeded","statusDetails":null}' headers: cache-control: - no-cache @@ -251,7 +206,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 03 Jun 2021 16:19:19 GMT + - Wed, 09 Jun 2021 18:12:21 GMT server: - Kestrel strict-transport-security: @@ -261,65 +216,19 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop + - 1.0.20210520-1-d6634624-develop x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - centralus x-ms-server-latency: - - '2207' + - '2102' status: code: 200 message: OK - request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/backup/42bf0ff2f78245b8afe8218ea58752e9/pending?api-version=7.2 - response: - body: - string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/containerka5azvb2rgv3lem/mhsm-mcpatinotesthsm-2021060316190640","endTime":1622737156,"error":null,"jobId":"42bf0ff2f78245b8afe8218ea58752e9","startTime":1622737146,"status":"Succeeded","statusDetails":null}' - headers: - cache-control: - - no-cache - content-length: - - '294' - content-security-policy: - - default-src 'self' - content-type: - - application/json; charset=utf-8 - date: - - Thu, 03 Jun 2021 16:19:21 GMT - server: - - Kestrel - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - x-frame-options: - - SAMEORIGIN - x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: - - centralus - x-ms-server-latency: - - '2160' - status: - code: 200 - message: OK -- request: - body: '{"sasTokenParameters": {"token": "redacted", "storageResourceUri": "https://storname.blob.core.windows.net/containerka5azvb2rgv3lem"}, - "folder": "mhsm-mcpatinotesthsm-2021060316190640"}' + body: '{"sasTokenParameters": {"storageResourceUri": "https://storname.blob.core.windows.net/containerbn5dlzh7x3wmuxh", + "token": "redacted"}, "folder": "mhsm-mcpatinotesthsm-2021060918120897"}' headers: Accept: - application/json @@ -328,19 +237,19 @@ interactions: Connection: - keep-alive Content-Length: - - '310' + - '308' Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: PUT uri: https://managedhsm/keys/selective-restore-test-keya85a1290/restore?api-version=7.2 response: body: - string: '{"endTime":null,"error":null,"jobId":"42efd9c0ce6f423fabfdf6cff961f2d6","startTime":1622737163,"status":"InProgress","statusDetails":null}' + string: '{"endTime":null,"error":null,"jobId":"5c85355819254ba985c6f46543362149","startTime":1623262343,"status":"InProgress","statusDetails":null}' headers: azure-asyncoperation: - - https://managedhsm/restore/42efd9c0ce6f423fabfdf6cff961f2d6/pending + - https://managedhsm/restore/5c85355819254ba985c6f46543362149/pending cache-control: - no-cache content-length: @@ -350,7 +259,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 03 Jun 2021 16:19:23 GMT + - Wed, 09 Jun 2021 18:12:22 GMT server: - Kestrel strict-transport-security: @@ -360,60 +269,14 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - centralus x-ms-server-latency: - - '2458' + - '2137' status: code: 202 message: '' -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/restore/42efd9c0ce6f423fabfdf6cff961f2d6/pending?api-version=7.2 - response: - body: - string: '{"endTime":null,"error":null,"jobId":"42efd9c0ce6f423fabfdf6cff961f2d6","startTime":1622737163,"status":"InProgress","statusDetails":null}' - headers: - cache-control: - - no-cache - content-length: - - '138' - content-security-policy: - - default-src 'self' - content-type: - - application/json; charset=utf-8 - date: - - Thu, 03 Jun 2021 16:19:26 GMT - server: - - Kestrel - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - x-frame-options: - - SAMEORIGIN - x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: - - centralus - x-ms-server-latency: - - '2349' - status: - code: 200 - message: OK - request: body: null headers: @@ -424,12 +287,12 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/restore/42efd9c0ce6f423fabfdf6cff961f2d6/pending + uri: https://managedhsm/restore/5c85355819254ba985c6f46543362149/pending response: body: - string: '{"endTime":null,"error":null,"jobId":"42efd9c0ce6f423fabfdf6cff961f2d6","startTime":1622737163,"status":"InProgress","statusDetails":null}' + string: '{"endTime":null,"error":null,"jobId":"5c85355819254ba985c6f46543362149","startTime":1623262343,"status":"InProgress","statusDetails":null}' headers: cache-control: - no-cache @@ -440,7 +303,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 03 Jun 2021 16:19:36 GMT + - Wed, 09 Jun 2021 18:12:35 GMT server: - Kestrel strict-transport-security: @@ -450,13 +313,13 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop + - 1.0.20210520-1-d6634624-develop x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - centralus x-ms-server-latency: - - '2077' + - '2217' status: code: 200 message: OK @@ -470,12 +333,12 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/restore/42efd9c0ce6f423fabfdf6cff961f2d6/pending + uri: https://managedhsm/restore/5c85355819254ba985c6f46543362149/pending response: body: - string: '{"endTime":1622737180,"error":null,"jobId":"42efd9c0ce6f423fabfdf6cff961f2d6","startTime":1622737163,"status":"Succeeded","statusDetails":"Number + string: '{"endTime":1623262359,"error":null,"jobId":"5c85355819254ba985c6f46543362149","startTime":1623262343,"status":"Succeeded","statusDetails":"Number of successful key versions restored: 0, Number of key versions could not overwrite: 2"}' headers: @@ -488,7 +351,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Thu, 03 Jun 2021 16:19:43 GMT + - Wed, 09 Jun 2021 18:12:42 GMT server: - Kestrel strict-transport-security: @@ -498,13 +361,13 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop + - 1.0.20210520-1-d6634624-develop x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - centralus x-ms-server-latency: - - '3394' + - '2391' status: code: 200 message: OK @@ -517,45 +380,36 @@ interactions: - gzip, deflate Connection: - keep-alive + Content-Length: + - '0' User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/restore/42efd9c0ce6f423fabfdf6cff961f2d6/pending?api-version=7.2 + - azsdk-python-keyvault-keys/4.4.0b5 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) + method: DELETE + uri: https://managedhsm/keys/selective-restore-test-keya85a1290?api-version=7.2 response: body: - string: '{"endTime":1622737180,"error":null,"jobId":"42efd9c0ce6f423fabfdf6cff961f2d6","startTime":1622737163,"status":"Succeeded","statusDetails":"Number - of successful key versions restored: 0, Number of key versions could not overwrite: - 2"}' + string: '{"error":{"code":"Conflict","message":"User triggered Restore operation + is in progress. Retry after the restore operation (Activity ID: 492e7342-c94e-11eb-80e2-002248449b1c)"}}' headers: cache-control: - no-cache content-length: - - '233' + - '176' content-security-policy: - default-src 'self' content-type: - application/json; charset=utf-8 - date: - - Thu, 03 Jun 2021 16:19:46 GMT - server: - - Kestrel strict-transport-security: - max-age=31536000; includeSubDomains x-content-type-options: - nosniff x-frame-options: - SAMEORIGIN - x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: - - centralus x-ms-server-latency: - - '2112' + - '0' status: - code: 200 - message: OK + code: 409 + message: '' - request: body: null headers: @@ -568,12 +422,12 @@ interactions: Content-Length: - '0' User-Agent: - - azsdk-python-keyvault-keys/4.4.0b5 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-keys/4.4.0b5 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: DELETE uri: https://managedhsm/keys/selective-restore-test-keya85a1290?api-version=7.2 response: body: - string: '{"attributes":{"created":1622737142,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1622737142},"deletedDate":1622737187,"key":{"e":"AQAB","key_ops":["wrapKey","encrypt","decrypt","unwrapKey","sign","verify"],"kid":"https://managedhsm/keys/selective-restore-test-keya85a1290/0e9ab81292cb4b541fbbeed9637f05ae","kty":"RSA-HSM","n":"pUyv-QHMnTAnicJCsXz9uGQEPsXZgvpA4_DBool3RKXy7hxNbjzgy0WbgmOEl_bQpe6uOHhws7170CpnX-Y-rDV5UoDf-lJ_jC53KDskjkNDNrqvUTrRyla_RgajKvSL6gT4XzIAPgx6-OIcoeqT--7D52NUZDWi4_0vDIIjmriYF-Hog0TsflvrqIQO-P6Hv7JOPziMz-pmB_5pWFWuo-nM_Vy6N6DE1TTmPyR50v4RnrA4MiLdiOxpI3z6Orp95M83liX8ouA7LNCK1kinoOuOmiPvbp9AlEgFy7MZm-dSmjAUO_AuXb-vKe17MqGiOObz8pjXNAWuMci6oByFdw"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-keya85a1290","scheduledPurgeDate":1630513187}' + string: '{"attributes":{"created":1623262318,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1623262318},"deletedDate":1623262366,"key":{"e":"AQAB","key_ops":["wrapKey","encrypt","decrypt","unwrapKey","sign","verify"],"kid":"https://managedhsm/keys/selective-restore-test-keya85a1290/6dd019b9ef08000fa727b16f761cb863","kty":"RSA-HSM","n":"yXwJAiPX3WroEVxUbPo13vDu_Xx_VJeCkB7kyrM5138VAU7X4mWMcsnqee47IveGIoRg-pTxZ88Eu2PdBc32BhSUgNxjnpcZg0W4Xake0X1XLqC-5AnM1hG5EEbASAFHDOd5gOnCB_ugZu9i0-j0hy4wUXEkC1iB6LFy7oVrrF5qW-1LIDrnB43Om_Jti66MU4fIB1byvA_BJh5brZrD7jcrqpQzw5p8ofLHRpDO6NJtA50sDtTPm8wcAbl0ZxGq5QF97btzqdXWaF0nTZpYUVN18lgoEfYsTAqIg3pBxRANSyxpJp95GRVCtP6P3l2G7gRSfLI31BVhX5gBg_Ndvw"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-keya85a1290","scheduledPurgeDate":1631038366}' headers: cache-control: - no-cache @@ -590,11 +444,11 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - centralus x-ms-server-latency: - - '151' + - '145' status: code: 200 message: OK @@ -608,12 +462,12 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-keys/4.4.0b5 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-keys/4.4.0b5 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET uri: https://managedhsm/deletedkeys/selective-restore-test-keya85a1290?api-version=7.2 response: body: - string: '{"attributes":{"created":1622737142,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1622737142},"deletedDate":1622737187,"key":{"e":"AQAB","key_ops":["verify","sign","unwrapKey","encrypt","decrypt","wrapKey"],"kid":"https://managedhsm/keys/selective-restore-test-keya85a1290/0e9ab81292cb4b541fbbeed9637f05ae","kty":"RSA-HSM","n":"pUyv-QHMnTAnicJCsXz9uGQEPsXZgvpA4_DBool3RKXy7hxNbjzgy0WbgmOEl_bQpe6uOHhws7170CpnX-Y-rDV5UoDf-lJ_jC53KDskjkNDNrqvUTrRyla_RgajKvSL6gT4XzIAPgx6-OIcoeqT--7D52NUZDWi4_0vDIIjmriYF-Hog0TsflvrqIQO-P6Hv7JOPziMz-pmB_5pWFWuo-nM_Vy6N6DE1TTmPyR50v4RnrA4MiLdiOxpI3z6Orp95M83liX8ouA7LNCK1kinoOuOmiPvbp9AlEgFy7MZm-dSmjAUO_AuXb-vKe17MqGiOObz8pjXNAWuMci6oByFdw"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-keya85a1290","scheduledPurgeDate":1630513187}' + string: '{"attributes":{"created":1623262318,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1623262318},"deletedDate":1623262366,"key":{"e":"AQAB","key_ops":["verify","sign","unwrapKey","encrypt","decrypt","wrapKey"],"kid":"https://managedhsm/keys/selective-restore-test-keya85a1290/6dd019b9ef08000fa727b16f761cb863","kty":"RSA-HSM","n":"yXwJAiPX3WroEVxUbPo13vDu_Xx_VJeCkB7kyrM5138VAU7X4mWMcsnqee47IveGIoRg-pTxZ88Eu2PdBc32BhSUgNxjnpcZg0W4Xake0X1XLqC-5AnM1hG5EEbASAFHDOd5gOnCB_ugZu9i0-j0hy4wUXEkC1iB6LFy7oVrrF5qW-1LIDrnB43Om_Jti66MU4fIB1byvA_BJh5brZrD7jcrqpQzw5p8ofLHRpDO6NJtA50sDtTPm8wcAbl0ZxGq5QF97btzqdXWaF0nTZpYUVN18lgoEfYsTAqIg3pBxRANSyxpJp95GRVCtP6P3l2G7gRSfLI31BVhX5gBg_Ndvw"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-keya85a1290","scheduledPurgeDate":1631038366}' headers: cache-control: - no-cache @@ -630,13 +484,13 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20210407-3-27236ed1-develop + - 1.0.20210520-1-d6634624-develop x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - centralus x-ms-server-latency: - - '29' + - '38' status: code: 200 message: OK @@ -652,7 +506,7 @@ interactions: Content-Length: - '0' User-Agent: - - azsdk-python-keyvault-keys/4.4.0b5 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-keys/4.4.0b5 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: DELETE uri: https://managedhsm/deletedkeys/selective-restore-test-keya85a1290?api-version=7.2 response: @@ -674,11 +528,11 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-keyvault-network-info: - - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + - conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: - centralus x-ms-server-latency: - - '118' + - '103' status: code: 204 message: '' diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_full_backup_and_restore.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_full_backup_and_restore.yaml index 8235ffe88e08..7f5361a2d939 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_full_backup_and_restore.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_full_backup_and_restore.yaml @@ -9,7 +9,7 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/backup?api-version=7.2 response: @@ -25,42 +25,42 @@ interactions: resource="https://managedhsm.azure.net" x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-server-latency: '1' + x-ms-server-latency: '0' status: code: 401 message: Unauthorized url: https://mcpatinotesthsm.managedhsm.azure.net/backup?api-version=7.2 - request: - body: '{"storageResourceUri": "https://storname.blob.core.windows.net/containerqxkgduttbmklr57", + body: '{"storageResourceUri": "https://storname.blob.core.windows.net/container37sfaze3bkss4j3", "token": "redacted"}' headers: Accept: - application/json Content-Length: - - '233' + - '235' Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/backup?api-version=7.2 response: body: - string: '{"status":"InProgress","statusDetails":null,"error":null,"startTime":1622698732,"endTime":null,"jobId":"a399c70cf38d4b2e95ceac3bc0150a97","azureStorageBlobContainerUri":null}' + string: '{"status":"InProgress","statusDetails":null,"error":null,"startTime":1623262396,"endTime":null,"jobId":"e1a391e096fd4462a2a79d536e17afd8","azureStorageBlobContainerUri":null}' headers: - azure-asyncoperation: https://managedhsm/backup/a399c70cf38d4b2e95ceac3bc0150a97/pending + azure-asyncoperation: https://managedhsm/backup/e1a391e096fd4462a2a79d536e17afd8/pending cache-control: no-cache content-length: '174' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 - date: Thu, 03 Jun 2021 05:38:51 GMT + date: Wed, 09 Jun 2021 18:13:15 GMT server: Kestrel strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: centralus - x-ms-server-latency: '2385' + x-ms-server-latency: '2128' status: code: 202 message: '' @@ -68,240 +68,120 @@ interactions: - request: body: null headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/backup/a399c70cf38d4b2e95ceac3bc0150a97/pending?api-version=7.2 - response: - body: - string: '{"azureStorageBlobContainerUri":null,"endTime":null,"error":null,"jobId":"a399c70cf38d4b2e95ceac3bc0150a97","startTime":1622698732,"status":"InProgress","statusDetails":null}' - headers: - cache-control: no-cache - content-length: '174' - content-security-policy: default-src 'self' - content-type: application/json; charset=utf-8 - date: Thu, 03 Jun 2021 05:38:54 GMT - server: Kestrel - strict-transport-security: max-age=31536000; includeSubDomains - x-content-type-options: nosniff - x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: centralus - x-ms-server-latency: '1968' - status: - code: 200 - message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/backup/a399c70cf38d4b2e95ceac3bc0150a97/pending?api-version=7.2 -- request: - body: null - headers: - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/backup/a399c70cf38d4b2e95ceac3bc0150a97/pending - response: - body: - string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/containerqxkgduttbmklr57/mhsm-mcpatinotesthsm-2021060305385228","endTime":1622698740,"error":null,"jobId":"a399c70cf38d4b2e95ceac3bc0150a97","startTime":1622698732,"status":"Succeeded","statusDetails":null}' - headers: - cache-control: no-cache - content-length: '294' - content-security-policy: default-src 'self' - content-type: application/json; charset=utf-8 - date: Thu, 03 Jun 2021 05:39:06 GMT - server: Kestrel - strict-transport-security: max-age=31536000; includeSubDomains - x-content-type-options: nosniff - x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: centralus - x-ms-server-latency: '2239' - status: - code: 200 - message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/backup/a399c70cf38d4b2e95ceac3bc0150a97/pending -- request: - body: null - headers: - Accept: - - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/backup/a399c70cf38d4b2e95ceac3bc0150a97/pending?api-version=7.2 + uri: https://managedhsm/backup/e1a391e096fd4462a2a79d536e17afd8/pending response: body: - string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/containerqxkgduttbmklr57/mhsm-mcpatinotesthsm-2021060305385228","endTime":1622698740,"error":null,"jobId":"a399c70cf38d4b2e95ceac3bc0150a97","startTime":1622698732,"status":"Succeeded","statusDetails":null}' + string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/container37sfaze3bkss4j3/mhsm-mcpatinotesthsm-2021060918131647","endTime":1623262405,"error":null,"jobId":"e1a391e096fd4462a2a79d536e17afd8","startTime":1623262396,"status":"Succeeded","statusDetails":null}' headers: cache-control: no-cache content-length: '294' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 - date: Thu, 03 Jun 2021 05:39:08 GMT + date: Wed, 09 Jun 2021 18:13:28 GMT server: Kestrel strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + x-ms-build-version: 1.0.20210520-1-d6634624-develop + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: centralus - x-ms-server-latency: '2177' + x-ms-server-latency: '1971' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/backup/a399c70cf38d4b2e95ceac3bc0150a97/pending?api-version=7.2 + url: https://mcpatinotesthsm.managedhsm.azure.net/backup/e1a391e096fd4462a2a79d536e17afd8/pending - request: - body: '{"sasTokenParameters": {"storageResourceUri": "https://storname.blob.core.windows.net/containerqxkgduttbmklr57", - "token": "redacted"}, "folderToRestore": "mhsm-mcpatinotesthsm-2021060305385228"}' + body: '{"sasTokenParameters": {"storageResourceUri": "https://storname.blob.core.windows.net/container37sfaze3bkss4j3", + "token": "redacted"}, "folderToRestore": "mhsm-mcpatinotesthsm-2021060918131647"}' headers: Accept: - application/json Content-Length: - - '317' + - '319' Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: PUT uri: https://managedhsm/restore?api-version=7.2 response: body: - string: '{"endTime":null,"error":null,"jobId":"148ca181249f4824b73a6748e6593582","startTime":1622698750,"status":"InProgress","statusDetails":null}' + string: '{"endTime":null,"error":null,"jobId":"4fcf1426713543abb14fd9360dd40754","startTime":1623262410,"status":"InProgress","statusDetails":null}' headers: - azure-asyncoperation: https://managedhsm/restore/148ca181249f4824b73a6748e6593582/pending + azure-asyncoperation: https://managedhsm/restore/4fcf1426713543abb14fd9360dd40754/pending cache-control: no-cache content-length: '138' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 - date: Thu, 03 Jun 2021 05:39:11 GMT + date: Wed, 09 Jun 2021 18:13:30 GMT server: Kestrel strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: centralus - x-ms-server-latency: '2131' + x-ms-server-latency: '2144' status: code: 202 message: '' url: https://mcpatinotesthsm.managedhsm.azure.net/restore?api-version=7.2 -- request: - body: null - headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/restore/148ca181249f4824b73a6748e6593582/pending?api-version=7.2 - response: - body: - string: '{"endTime":null,"error":null,"jobId":"148ca181249f4824b73a6748e6593582","startTime":1622698750,"status":"InProgress","statusDetails":null}' - headers: - cache-control: no-cache - content-length: '138' - content-security-policy: default-src 'self' - content-type: application/json; charset=utf-8 - date: Thu, 03 Jun 2021 05:39:12 GMT - server: Kestrel - strict-transport-security: max-age=31536000; includeSubDomains - x-content-type-options: nosniff - x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: centralus - x-ms-server-latency: '1919' - status: - code: 200 - message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/restore/148ca181249f4824b73a6748e6593582/pending?api-version=7.2 - request: body: null headers: User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/restore/148ca181249f4824b73a6748e6593582/pending + uri: https://managedhsm/restore/4fcf1426713543abb14fd9360dd40754/pending response: body: - string: '{"endTime":null,"error":null,"jobId":"148ca181249f4824b73a6748e6593582","startTime":1622698750,"status":"InProgress","statusDetails":null}' + string: '{"endTime":null,"error":null,"jobId":"4fcf1426713543abb14fd9360dd40754","startTime":1623262410,"status":"InProgress","statusDetails":null}' headers: cache-control: no-cache content-length: '138' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 - date: Thu, 03 Jun 2021 05:39:24 GMT + date: Wed, 09 Jun 2021 18:13:42 GMT server: Kestrel strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + x-ms-build-version: 1.0.20210520-1-d6634624-develop + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: centralus - x-ms-server-latency: '2003' + x-ms-server-latency: '2282' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/restore/148ca181249f4824b73a6748e6593582/pending + url: https://mcpatinotesthsm.managedhsm.azure.net/restore/4fcf1426713543abb14fd9360dd40754/pending - request: body: null headers: User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/restore/148ca181249f4824b73a6748e6593582/pending - response: - body: - string: '{"endTime":1622698767,"error":null,"jobId":"148ca181249f4824b73a6748e6593582","startTime":1622698750,"status":"Succeeded","statusDetails":null}' - headers: - cache-control: no-cache - content-length: '143' - content-security-policy: default-src 'self' - content-type: application/json; charset=utf-8 - date: Thu, 03 Jun 2021 05:39:32 GMT - server: Kestrel - strict-transport-security: max-age=31536000; includeSubDomains - x-content-type-options: nosniff - x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: centralus - x-ms-server-latency: '2259' - status: - code: 200 - message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/restore/148ca181249f4824b73a6748e6593582/pending -- request: - body: null - headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/restore/148ca181249f4824b73a6748e6593582/pending?api-version=7.2 + uri: https://managedhsm/restore/4fcf1426713543abb14fd9360dd40754/pending response: body: - string: '{"endTime":1622698767,"error":null,"jobId":"148ca181249f4824b73a6748e6593582","startTime":1622698750,"status":"Succeeded","statusDetails":null}' + string: '{"endTime":1623262427,"error":null,"jobId":"4fcf1426713543abb14fd9360dd40754","startTime":1623262410,"status":"Succeeded","statusDetails":null}' headers: cache-control: no-cache content-length: '143' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 - date: Thu, 03 Jun 2021 05:39:34 GMT + date: Wed, 09 Jun 2021 18:13:49 GMT server: Kestrel strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; + x-ms-build-version: 1.0.20210520-1-d6634624-develop + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; x-ms-keyvault-region: centralus - x-ms-server-latency: '2864' + x-ms-server-latency: '2154' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/restore/148ca181249f4824b73a6748e6593582/pending?api-version=7.2 + url: https://mcpatinotesthsm.managedhsm.azure.net/restore/4fcf1426713543abb14fd9360dd40754/pending version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_selective_key_restore.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_selective_key_restore.yaml index 285a78a57395..1d1cf157e6b7 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_selective_key_restore.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_selective_key_restore.yaml @@ -1,35 +1,4 @@ interactions: -- request: - body: null - headers: - Accept: - - application/json - Content-Length: - - '0' - Content-Type: - - application/json - User-Agent: - - azsdk-python-keyvault-keys/4.3.2 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: POST - uri: https://managedhsm/keys/selective-restore-test-key20e5150d/create?api-version=7.2 - response: - body: - string: '' - headers: - cache-control: no-cache - content-length: '0' - content-security-policy: default-src 'self' - content-type: application/json; charset=utf-8 - strict-transport-security: max-age=31536000; includeSubDomains - www-authenticate: Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", - resource="https://managedhsm.azure.net" - x-content-type-options: nosniff - x-frame-options: SAMEORIGIN - x-ms-server-latency: '2' - status: - code: 401 - message: Unauthorized - url: https://mcpatinotesthsm.managedhsm.azure.net/keys/selective-restore-test-key20e5150d/create?api-version=7.2 - request: body: '{"kty": "RSA"}' headers: @@ -40,12 +9,12 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.4.0b5 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-keys/4.4.0b5 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/keys/selective-restore-test-key20e5150d/create?api-version=7.2 response: body: - string: '{"attributes":{"created":1622162557,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1622162557},"key":{"e":"AQAB","key_ops":["wrapKey","decrypt","encrypt","unwrapKey","sign","verify"],"kid":"https://managedhsm/keys/selective-restore-test-key20e5150d/92cb688133d94a439631aeea1763b653","kty":"RSA-HSM","n":"sEzVIoux6z3Z0ZTLaDYtkx5xHzwRXq3X7NHBavY_upaawwX8heO23ZKTj3ZwPfz8dsCUF0llFpmiyvNBBa1Kfa_rJ6pU5sABaNHvpF8DJJwFoDZFKmND7h0Am0mooJM20V05TnDVhfOwrWbPH1BYyQu1_SVLHxNQSIktjcq0ljtLMWUGeoFQS43Jb0JUA2UwKmT1yh7cgIjO8n50Jb6TV7JhnDKIVcm7zFGOYzszpYOyQbQ_11atoeGudyQ9zkwKbVh12DkWAD8jt0sxBztEIK9yros82myMrX77JdaSBhhqggXiK1u5QKhtQxjkheb3Em6VZQN5KqAM93APjWQ_KQ"}}' + string: '{"attributes":{"created":1623262460,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1623262460},"key":{"e":"AQAB","key_ops":["wrapKey","decrypt","encrypt","unwrapKey","sign","verify"],"kid":"https://managedhsm/keys/selective-restore-test-key20e5150d/fdb338900b1b46b9adfc17b863005796","kty":"RSA-HSM","n":"tzdfZzYkPwiOfqZ3dPpfMZr3TR_gPpEVGCVJh6J6M-HPIOaHiL3C-MwnTMdisi7_G3YUY93AOdc87oAckZa1uw6SYfOKJdWuZPTcbclDKF9Nu4mxGRZWLtHmHnQpOx-DYN1RvoCMX1G1sTWdDlHesVqu0EuTcqBxiYsxvS1Prh60cz6Z3sCsbkijeYH8hautGVhUubMLv9c3TgcJkTZGA7uO0PqzJ2WsY1z9kwsnH_DDvBYHdVJ7u3IJECd91sp1w35Te2Z7w43xz-jkipnz5b_LYHFy_aLFy-KTaZ8-eMhUB77ayGGTUDzazDSamoxCAs_RdeFwuBAlW8rcMDVfTQ"}}' headers: cache-control: no-cache content-length: '733' @@ -54,9 +23,9 @@ interactions: strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '251' + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; + x-ms-keyvault-region: centralus + x-ms-server-latency: '269' status: code: 200 message: OK @@ -71,7 +40,7 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/backup?api-version=7.2 response: @@ -83,17 +52,18 @@ interactions: content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 strict-transport-security: max-age=31536000; includeSubDomains - www-authenticate: Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", + www-authenticate: Bearer authorization="https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000", resource="https://managedhsm.azure.net" x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-server-latency: '2' + x-ms-server-latency: '1' status: code: 401 message: Unauthorized url: https://mcpatinotesthsm.managedhsm.azure.net/backup?api-version=7.2 - request: - body: '{"token": "redacted", "storageResourceUri": "https://storname.blob.core.windows.net/container4r2xp7ocy5bg22j"}' + body: '{"storageResourceUri": "https://storname.blob.core.windows.net/container7xmlakhatcpfzln", + "token": "redacted"}' headers: Accept: - application/json @@ -102,26 +72,26 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: POST uri: https://managedhsm/backup?api-version=7.2 response: body: - string: '{"status":"InProgress","statusDetails":null,"error":{"code":null,"message":null,"innererror":null},"startTime":1622162561,"endTime":null,"jobId":"6c8a6f72fc924f00af656cb17a287710","azureStorageBlobContainerUri":null}' + string: '{"status":"InProgress","statusDetails":null,"error":null,"startTime":1623262463,"endTime":null,"jobId":"6c606cadf88e497e88d7d940f94a9833","azureStorageBlobContainerUri":null}' headers: - azure-asyncoperation: https://managedhsm/backup/6c8a6f72fc924f00af656cb17a287710/pending + azure-asyncoperation: https://managedhsm/backup/6c606cadf88e497e88d7d940f94a9833/pending cache-control: no-cache - content-length: '216' + content-length: '174' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 - date: Fri, 28 May 2021 00:42:41 GMT + date: Wed, 09 Jun 2021 18:14:22 GMT server: Kestrel strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '2771' + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; + x-ms-keyvault-region: centralus + x-ms-server-latency: '2240' status: code: 202 message: '' @@ -129,94 +99,34 @@ interactions: - request: body: null headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/backup/6c8a6f72fc924f00af656cb17a287710/pending?api-version=7.2 - response: - body: - string: '{"azureStorageBlobContainerUri":null,"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"6c8a6f72fc924f00af656cb17a287710","startTime":1622162561,"status":"InProgress","statusDetails":null}' - headers: - cache-control: no-cache - content-length: '216' - content-security-policy: default-src 'self' - content-type: application/json; charset=utf-8 - date: Fri, 28 May 2021 00:42:42 GMT - server: Kestrel - strict-transport-security: max-age=31536000; includeSubDomains - x-content-type-options: nosniff - x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '2187' - status: - code: 200 - message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/backup/6c8a6f72fc924f00af656cb17a287710/pending?api-version=7.2 -- request: - body: null - headers: - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/backup/6c8a6f72fc924f00af656cb17a287710/pending - response: - body: - string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/container4r2xp7ocy5bg22j/mhsm-mcpatinotesthsm-2021052800424125","endTime":1622162572,"error":null,"jobId":"6c8a6f72fc924f00af656cb17a287710","startTime":1622162561,"status":"Succeeded","statusDetails":null}' - headers: - cache-control: no-cache - content-length: '294' - content-security-policy: default-src 'self' - content-type: application/json; charset=utf-8 - date: Fri, 28 May 2021 00:42:55 GMT - server: Kestrel - strict-transport-security: max-age=31536000; includeSubDomains - x-content-type-options: nosniff - x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '2153' - status: - code: 200 - message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/backup/6c8a6f72fc924f00af656cb17a287710/pending -- request: - body: null - headers: - Accept: - - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/backup/6c8a6f72fc924f00af656cb17a287710/pending?api-version=7.2 + uri: https://managedhsm/backup/6c606cadf88e497e88d7d940f94a9833/pending response: body: - string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/container4r2xp7ocy5bg22j/mhsm-mcpatinotesthsm-2021052800424125","endTime":1622162572,"error":null,"jobId":"6c8a6f72fc924f00af656cb17a287710","startTime":1622162561,"status":"Succeeded","statusDetails":null}' + string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/container7xmlakhatcpfzln/mhsm-mcpatinotesthsm-2021060918142333","endTime":1623262472,"error":null,"jobId":"6c606cadf88e497e88d7d940f94a9833","startTime":1623262463,"status":"Succeeded","statusDetails":null}' headers: cache-control: no-cache content-length: '294' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 - date: Fri, 28 May 2021 00:42:57 GMT + date: Wed, 09 Jun 2021 18:14:35 GMT server: Kestrel strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '2197' + x-ms-build-version: 1.0.20210520-1-d6634624-develop + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; + x-ms-keyvault-region: centralus + x-ms-server-latency: '1928' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/backup/6c8a6f72fc924f00af656cb17a287710/pending?api-version=7.2 + url: https://mcpatinotesthsm.managedhsm.azure.net/backup/6c606cadf88e497e88d7d940f94a9833/pending - request: - body: '{"sasTokenParameters": {"token": "redacted", "storageResourceUri": "https://storname.blob.core.windows.net/container4r2xp7ocy5bg22j"}, - "folder": "mhsm-mcpatinotesthsm-2021052800424125"}' + body: '{"sasTokenParameters": {"storageResourceUri": "https://storname.blob.core.windows.net/container7xmlakhatcpfzln", + "token": "redacted"}, "folder": "mhsm-mcpatinotesthsm-2021060918142333"}' headers: Accept: - application/json @@ -225,130 +135,68 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: PUT uri: https://managedhsm/keys/selective-restore-test-key20e5150d/restore?api-version=7.2 response: body: - string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"bcc6bffb1feb4d9182409acb1cbc1f86","startTime":1622162580,"status":"InProgress","statusDetails":null}' + string: '{"endTime":null,"error":null,"jobId":"74b1bd129ed94ae6bc4628c2ffe7f9ad","startTime":1623262477,"status":"InProgress","statusDetails":null}' headers: - azure-asyncoperation: https://managedhsm/restore/bcc6bffb1feb4d9182409acb1cbc1f86/pending + azure-asyncoperation: https://managedhsm/restore/74b1bd129ed94ae6bc4628c2ffe7f9ad/pending cache-control: no-cache - content-length: '180' + content-length: '138' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 - date: Fri, 28 May 2021 00:43:00 GMT + date: Wed, 09 Jun 2021 18:14:37 GMT server: Kestrel strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '2319' + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; + x-ms-keyvault-region: centralus + x-ms-server-latency: '2032' status: code: 202 message: '' url: https://mcpatinotesthsm.managedhsm.azure.net/keys/selective-restore-test-key20e5150d/restore?api-version=7.2 -- request: - body: null - headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/restore/bcc6bffb1feb4d9182409acb1cbc1f86/pending?api-version=7.2 - response: - body: - string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"bcc6bffb1feb4d9182409acb1cbc1f86","startTime":1622162580,"status":"InProgress","statusDetails":null}' - headers: - cache-control: no-cache - content-length: '180' - content-security-policy: default-src 'self' - content-type: application/json; charset=utf-8 - date: Fri, 28 May 2021 00:43:03 GMT - server: Kestrel - strict-transport-security: max-age=31536000; includeSubDomains - x-content-type-options: nosniff - x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '2261' - status: - code: 200 - message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/restore/bcc6bffb1feb4d9182409acb1cbc1f86/pending?api-version=7.2 -- request: - body: null - headers: - User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://managedhsm/restore/bcc6bffb1feb4d9182409acb1cbc1f86/pending - response: - body: - string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"bcc6bffb1feb4d9182409acb1cbc1f86","startTime":1622162580,"status":"InProgress","statusDetails":null}' - headers: - cache-control: no-cache - content-length: '180' - content-security-policy: default-src 'self' - content-type: application/json; charset=utf-8 - date: Fri, 28 May 2021 00:43:14 GMT - server: Kestrel - strict-transport-security: max-age=31536000; includeSubDomains - x-content-type-options: nosniff - x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '2179' - status: - code: 200 - message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/restore/bcc6bffb1feb4d9182409acb1cbc1f86/pending - request: body: null headers: User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/restore/bcc6bffb1feb4d9182409acb1cbc1f86/pending + uri: https://managedhsm/restore/74b1bd129ed94ae6bc4628c2ffe7f9ad/pending response: body: - string: '{"endTime":1622162597,"error":null,"jobId":"bcc6bffb1feb4d9182409acb1cbc1f86","startTime":1622162580,"status":"Succeeded","statusDetails":"Number - of successful key versions restored: 0, Number of key versions could not overwrite: - 2"}' + string: '{"endTime":null,"error":null,"jobId":"74b1bd129ed94ae6bc4628c2ffe7f9ad","startTime":1623262477,"status":"InProgress","statusDetails":null}' headers: cache-control: no-cache - content-length: '233' + content-length: '138' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 - date: Fri, 28 May 2021 00:43:22 GMT + date: Wed, 09 Jun 2021 18:14:49 GMT server: Kestrel strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '2924' + x-ms-build-version: 1.0.20210520-1-d6634624-develop + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; + x-ms-keyvault-region: centralus + x-ms-server-latency: '2022' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/restore/bcc6bffb1feb4d9182409acb1cbc1f86/pending + url: https://mcpatinotesthsm.managedhsm.azure.net/restore/74b1bd129ed94ae6bc4628c2ffe7f9ad/pending - request: body: null headers: - Accept: - - application/json User-Agent: - - azsdk-python-keyvault-administration/4.0.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-administration/4.0.0b4 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET - uri: https://managedhsm/restore/bcc6bffb1feb4d9182409acb1cbc1f86/pending?api-version=7.2 + uri: https://managedhsm/restore/74b1bd129ed94ae6bc4628c2ffe7f9ad/pending response: body: - string: '{"endTime":1622162597,"error":null,"jobId":"bcc6bffb1feb4d9182409acb1cbc1f86","startTime":1622162580,"status":"Succeeded","statusDetails":"Number + string: '{"endTime":1623262494,"error":null,"jobId":"74b1bd129ed94ae6bc4628c2ffe7f9ad","startTime":1623262477,"status":"Succeeded","statusDetails":"Number of successful key versions restored: 0, Number of key versions could not overwrite: 2"}' headers: @@ -356,31 +204,31 @@ interactions: content-length: '233' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 - date: Fri, 28 May 2021 00:43:25 GMT + date: Wed, 09 Jun 2021 18:14:56 GMT server: Kestrel strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '2303' + x-ms-build-version: 1.0.20210520-1-d6634624-develop + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; + x-ms-keyvault-region: centralus + x-ms-server-latency: '1970' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/restore/bcc6bffb1feb4d9182409acb1cbc1f86/pending?api-version=7.2 + url: https://mcpatinotesthsm.managedhsm.azure.net/restore/74b1bd129ed94ae6bc4628c2ffe7f9ad/pending - request: body: null headers: Accept: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.4.0b5 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-keys/4.4.0b5 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: DELETE uri: https://managedhsm/keys/selective-restore-test-key20e5150d?api-version=7.2 response: body: - string: '{"attributes":{"created":1622162557,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1622162557},"deletedDate":1622162607,"key":{"e":"AQAB","key_ops":["wrapKey","encrypt","decrypt","unwrapKey","sign","verify"],"kid":"https://managedhsm/keys/selective-restore-test-key20e5150d/92cb688133d94a439631aeea1763b653","kty":"RSA-HSM","n":"sEzVIoux6z3Z0ZTLaDYtkx5xHzwRXq3X7NHBavY_upaawwX8heO23ZKTj3ZwPfz8dsCUF0llFpmiyvNBBa1Kfa_rJ6pU5sABaNHvpF8DJJwFoDZFKmND7h0Am0mooJM20V05TnDVhfOwrWbPH1BYyQu1_SVLHxNQSIktjcq0ljtLMWUGeoFQS43Jb0JUA2UwKmT1yh7cgIjO8n50Jb6TV7JhnDKIVcm7zFGOYzszpYOyQbQ_11atoeGudyQ9zkwKbVh12DkWAD8jt0sxBztEIK9yros82myMrX77JdaSBhhqggXiK1u5QKhtQxjkheb3Em6VZQN5KqAM93APjWQ_KQ"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-key20e5150d","scheduledPurgeDate":1629938607}' + string: '{"attributes":{"created":1623262460,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1623262460},"deletedDate":1623262497,"key":{"e":"AQAB","key_ops":["wrapKey","encrypt","decrypt","unwrapKey","sign","verify"],"kid":"https://managedhsm/keys/selective-restore-test-key20e5150d/fdb338900b1b46b9adfc17b863005796","kty":"RSA-HSM","n":"tzdfZzYkPwiOfqZ3dPpfMZr3TR_gPpEVGCVJh6J6M-HPIOaHiL3C-MwnTMdisi7_G3YUY93AOdc87oAckZa1uw6SYfOKJdWuZPTcbclDKF9Nu4mxGRZWLtHmHnQpOx-DYN1RvoCMX1G1sTWdDlHesVqu0EuTcqBxiYsxvS1Prh60cz6Z3sCsbkijeYH8hautGVhUubMLv9c3TgcJkTZGA7uO0PqzJ2WsY1z9kwsnH_DDvBYHdVJ7u3IJECd91sp1w35Te2Z7w43xz-jkipnz5b_LYHFy_aLFy-KTaZ8-eMhUB77ayGGTUDzazDSamoxCAs_RdeFwuBAlW8rcMDVfTQ"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-key20e5150d","scheduledPurgeDate":1631038497}' headers: cache-control: no-cache content-length: '897' @@ -389,9 +237,9 @@ interactions: strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '154' + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; + x-ms-keyvault-region: centralus + x-ms-server-latency: '168' status: code: 200 message: OK @@ -402,12 +250,12 @@ interactions: Accept: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.4.0b5 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-keys/4.4.0b5 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: GET uri: https://managedhsm/deletedkeys/selective-restore-test-key20e5150d?api-version=7.2 response: body: - string: '{"attributes":{"created":1622162557,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1622162557},"deletedDate":1622162607,"key":{"e":"AQAB","key_ops":["verify","sign","unwrapKey","encrypt","decrypt","wrapKey"],"kid":"https://managedhsm/keys/selective-restore-test-key20e5150d/92cb688133d94a439631aeea1763b653","kty":"RSA-HSM","n":"sEzVIoux6z3Z0ZTLaDYtkx5xHzwRXq3X7NHBavY_upaawwX8heO23ZKTj3ZwPfz8dsCUF0llFpmiyvNBBa1Kfa_rJ6pU5sABaNHvpF8DJJwFoDZFKmND7h0Am0mooJM20V05TnDVhfOwrWbPH1BYyQu1_SVLHxNQSIktjcq0ljtLMWUGeoFQS43Jb0JUA2UwKmT1yh7cgIjO8n50Jb6TV7JhnDKIVcm7zFGOYzszpYOyQbQ_11atoeGudyQ9zkwKbVh12DkWAD8jt0sxBztEIK9yros82myMrX77JdaSBhhqggXiK1u5QKhtQxjkheb3Em6VZQN5KqAM93APjWQ_KQ"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-key20e5150d","scheduledPurgeDate":1629938607}' + string: '{"attributes":{"created":1623262460,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1623262460},"deletedDate":1623262497,"key":{"e":"AQAB","key_ops":["verify","sign","unwrapKey","encrypt","decrypt","wrapKey"],"kid":"https://managedhsm/keys/selective-restore-test-key20e5150d/fdb338900b1b46b9adfc17b863005796","kty":"RSA-HSM","n":"tzdfZzYkPwiOfqZ3dPpfMZr3TR_gPpEVGCVJh6J6M-HPIOaHiL3C-MwnTMdisi7_G3YUY93AOdc87oAckZa1uw6SYfOKJdWuZPTcbclDKF9Nu4mxGRZWLtHmHnQpOx-DYN1RvoCMX1G1sTWdDlHesVqu0EuTcqBxiYsxvS1Prh60cz6Z3sCsbkijeYH8hautGVhUubMLv9c3TgcJkTZGA7uO0PqzJ2WsY1z9kwsnH_DDvBYHdVJ7u3IJECd91sp1w35Te2Z7w43xz-jkipnz5b_LYHFy_aLFy-KTaZ8-eMhUB77ayGGTUDzazDSamoxCAs_RdeFwuBAlW8rcMDVfTQ"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-key20e5150d","scheduledPurgeDate":1631038497}' headers: cache-control: no-cache content-length: '897' @@ -416,10 +264,10 @@ interactions: strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20210407-3-27236ed1-develop - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '51' + x-ms-build-version: 1.0.20210520-1-d6634624-develop + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; + x-ms-keyvault-region: centralus + x-ms-server-latency: '32' status: code: 200 message: OK @@ -430,7 +278,7 @@ interactions: Accept: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.4.0b5 Python/3.5.3 (Windows-10-10.0.19041-SP0) + - azsdk-python-keyvault-keys/4.4.0b5 Python/3.6.9 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-Ubuntu-18.04-bionic) method: DELETE uri: https://managedhsm/deletedkeys/selective-restore-test-key20e5150d?api-version=7.2 response: @@ -444,9 +292,9 @@ interactions: strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=Ipv4; - x-ms-keyvault-region: northeurope - x-ms-server-latency: '115' + x-ms-keyvault-network-info: conn_type=Ipv4;addr=24.17.201.78;act_addr_fam=Ipv4; + x-ms-keyvault-region: centralus + x-ms-server-latency: '143' status: code: 204 message: '' From 34b9551c66aef6dbf4ef245a69f7a786eb00ebd0 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Wed, 9 Jun 2021 09:10:19 -0700 Subject: [PATCH 16/24] remove model properties --- .../azure/keyvault/administration/_models.py | 177 +++++------------- 1 file changed, 51 insertions(+), 126 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py index a72b84062cb7..f4cb4e20cde4 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py @@ -8,9 +8,6 @@ from typing import Any -# pylint:disable=protected-access - - class KeyVaultPermission(object): """Role definition permissions. @@ -40,45 +37,28 @@ def _from_generated(cls, permissions): class KeyVaultRoleAssignment(object): - """Represents the assignment to a principal of a role over a scope""" + """Represents the assignment to a principal of a role over a scope + + :ivar str name: the assignment's name + :ivar KeyVaultRoleAssignmentProperties properties: the assignment's properties + :ivar str role_assignment_id: unique identifier for the assignment + :ivar str type: type of the assignment + """ def __init__(self, **kwargs): # type: (**Any) -> None - self._role_assignment_id = kwargs.get("role_assignment_id") - self._name = kwargs.get("name") - self._properties = kwargs.get("properties") - self._type = kwargs.get("assignment_type") + self.name = kwargs.get("name") + self.properties = kwargs.get("properties") + self.role_assignment_id = kwargs.get("role_assignment_id") + self.type = kwargs.get("assignment_type") def __repr__(self): # type: () -> str - return "KeyVaultRoleAssignment<{}>".format(self._role_assignment_id) - - @property - def role_assignment_id(self): - # type: () -> str - """Unique identifier for this assignment""" - return self._role_assignment_id - - @property - def name(self): - # type: () -> str - """Name of the assignment""" - return self._name - - @property - def properties(self): - # type: () -> KeyVaultRoleAssignmentProperties - """Properties of the assignment""" - return self._properties - - @property - def type(self): - # type: () -> str - """The type of this assignment""" - return self._type + return "KeyVaultRoleAssignment<{}>".format(self.role_assignment_id) @classmethod def _from_generated(cls, role_assignment): + # pylint:disable=protected-access return cls( role_assignment_id=role_assignment.id, name=role_assignment.name, @@ -88,34 +68,19 @@ def _from_generated(cls, role_assignment): class KeyVaultRoleAssignmentProperties(object): - """Properties of a role assignment.""" + """Properties of a role assignment + + :ivar str principal_id: ID of the principal the assignment applies to. This maps to an Active Directory user, + service principal, or security group. + :ivar str role_definition_id: ID of the scope's role definition + :ivar str scope: the scope of the assignment + """ def __init__(self, **kwargs): # type: (**Any) -> None - self._principal_id = kwargs.get("principal_id") - self._role_definition_id = kwargs.get("role_definition_id") - self._scope = kwargs.get("scope") - - @property - def principal_id(self): - # type: () -> str - """ID of the principal this assignment applies to. - - This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group. - """ - return self._principal_id - - @property - def role_definition_id(self): - # type: () -> str - """ID of the role's definition""" - return self._role_definition_id - - @property - def scope(self): - # type: () -> str - """Scope of the assignment""" - return self._scope + self.principal_id = kwargs.get("principal_id") + self.role_definition_id = kwargs.get("role_definition_id") + self.scope = kwargs.get("scope") def __repr__(self): # type: () -> str @@ -135,73 +100,36 @@ def _from_generated(cls, role_assignment_properties): class KeyVaultRoleDefinition(object): - """Represents the definition of a role over a scope.""" + """The definition of a role over one or more scopes + + :ivar list[str] assignable_scopes: scopes the role can be assigned over + :ivar str description: description of the role definition + :ivar str id: unique identifier for this role definition + :ivar str name: the role definition's name + :ivar list[KeyVaultPermission] permissions: permissions defined for the role + :ivar str role_name: the role's name + :ivar str role_type: type of the role + :ivar str type: type of the role definition + """ def __init__(self, **kwargs): # type: (**Any) -> None - self._id = kwargs.get("id") - self._name = kwargs.get("name") - self._role_name = kwargs.get("role_name") - self._description = kwargs.get("description") - self._role_type = kwargs.get("role_type") - self._type = kwargs.get("type") - self._permissions = kwargs.get("permissions") - self._assignable_scopes = kwargs.get("assignable_scopes") + self.assignable_scopes = kwargs.get("assignable_scopes") + self.description = kwargs.get("description") + self.id = kwargs.get("id") + self.name = kwargs.get("name") + self.permissions = kwargs.get("permissions") + self.role_name = kwargs.get("role_name") + self.role_type = kwargs.get("role_type") + self.type = kwargs.get("type") def __repr__(self): # type: () -> str - return "KeyVaultRoleDefinition<{}>".format(self._id) - - @property - def id(self): - # type: () -> str - """Unique identifier for this role definition""" - return self._id - - @property - def name(self): - # type: () -> str - """Name of the role definition""" - return self._name - - @property - def role_name(self): - # type: () -> str - """Name of the role""" - return self._role_name - - @property - def description(self): - # type: () -> str - """Description of the role definition""" - return self._description - - @property - def role_type(self): - # type: () -> str - """Type of the role""" - return self._role_type - - @property - def type(self): - # type: () -> str - """Type of the role definition""" - return self._type - - @property - def permissions(self): - # type: () -> list[KeyVaultPermission] - """Permissions defined for the role""" - return self._permissions - - @property - def assignable_scopes(self): - # type: () -> list[str] - """Scopes that can be assigned to the role""" - return self._assignable_scopes + return "KeyVaultRoleDefinition<{}>".format(self.id) @classmethod def _from_generated(cls, definition): + # pylint:disable=protected-access return cls( assignable_scopes=definition.assignable_scopes, description=definition.description, @@ -215,18 +143,15 @@ def _from_generated(cls, definition): class KeyVaultBackupOperation(object): - """A Key Vault full backup operation""" + """A Key Vault full backup operation - def __init__(self, folder_url, **kwargs): - # type: (str, **Any) -> None - self._folder_url = folder_url + :ivar str folder_url: URL of the Azure Blob Storage container containing the backup + """ - @property - def folder_url(self): - # type: () -> str - """URL of the Azure Blob Storage container containing the backup""" - return self._folder_url + def __init__(self, **kwargs): + # type: (**Any) -> None + self.folder_url = kwargs.get("folder_url") @classmethod def _from_generated(cls, response, deserialized_operation, response_headers): # pylint:disable=unused-argument - return cls(deserialized_operation.azure_storage_blob_container_uri) + return cls(folder_url=deserialized_operation.azure_storage_blob_container_uri) From 06d0967fedf64039b6b67a74fecd77e2c30a0927 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Wed, 9 Jun 2021 13:05:55 -0700 Subject: [PATCH 17/24] need at least azure-core 1.11.0 --- sdk/keyvault/azure-keyvault-administration/CHANGELOG.md | 1 + sdk/keyvault/azure-keyvault-administration/setup.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md b/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md index e5a2002fdaab..61d2b05962c5 100644 --- a/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md +++ b/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md @@ -6,6 +6,7 @@ - `KeyVaultAccessControlClient.delete_role_assignment` and `.delete_role_definition` no longer raise an error when the resource to be deleted is not found +- Raised minimum azure-core version to 1.11.0 ### Added - `KeyVaultAccessControlClient.set_role_definition` accepts an optional diff --git a/sdk/keyvault/azure-keyvault-administration/setup.py b/sdk/keyvault/azure-keyvault-administration/setup.py index 49e8a3530879..f4b488b4239b 100644 --- a/sdk/keyvault/azure-keyvault-administration/setup.py +++ b/sdk/keyvault/azure-keyvault-administration/setup.py @@ -81,7 +81,7 @@ "azure.keyvault", ] ), - install_requires=["azure-common~=1.1", "azure-core<2.0.0,>=1.7.0", "msrest>=0.6.21"], + install_requires=["azure-common~=1.1", "azure-core<2.0.0,>=1.11.0", "msrest>=0.6.21"], extras_require={ ":python_version<'3.0'": ["azure-keyvault-nspkg"], ":python_version<'3.4'": ["enum34>=1.0.4"], From 1d8cfd18d62f832da471eeb0190d75335ddebf61 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Wed, 9 Jun 2021 13:07:42 -0700 Subject: [PATCH 18/24] don't claim to support 3.5 --- sdk/keyvault/azure-keyvault-administration/setup.py | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk/keyvault/azure-keyvault-administration/setup.py b/sdk/keyvault/azure-keyvault-administration/setup.py index f4b488b4239b..307b1ef511fc 100644 --- a/sdk/keyvault/azure-keyvault-administration/setup.py +++ b/sdk/keyvault/azure-keyvault-administration/setup.py @@ -64,7 +64,6 @@ "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", From a48553fdc145a8354e3fb2492397d073e04de242 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Thu, 10 Jun 2021 15:48:40 -0700 Subject: [PATCH 19/24] Update sdk/keyvault/azure-keyvault-administration/CHANGELOG.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: McCoy PatiƱo <39780829+mccoyp@users.noreply.github.com> --- sdk/keyvault/azure-keyvault-administration/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md b/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md index 61d2b05962c5..199c98764c5b 100644 --- a/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md +++ b/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md @@ -21,7 +21,7 @@ its `folder_url` property - Removed `RestoreOperation` and `SelectiveKeyRestoreOperation` classes - Removed `KeyVaultBackupClient.begin_selective_restore`. To restore a - single key, pass the key's name to `KeyVaultBackupClient.begin__restore`: + single key, pass the key's name to `KeyVaultBackupClient.begin_restore`: ``` # before (4.0.0b3): client.begin_selective_restore(folder_url, sas_token, key_name) From 78bdc9ea46f90c5457bcc4367707080f89eaf2ea Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Thu, 10 Jun 2021 16:52:18 -0700 Subject: [PATCH 20/24] definition_name -> name --- .../administration/_access_control_client.py | 12 ++++++------ .../administration/aio/_access_control_client.py | 12 ++++++------ .../tests/test_access_control.py | 4 ++-- .../tests/test_access_control_async.py | 4 ++-- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 664f87957faa..8c49d1778fb7 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -118,15 +118,15 @@ def set_role_definition(self, scope, **kwargs): # type: (Union[str, KeyVaultRoleScope], **Any) -> KeyVaultRoleDefinition """Creates or updates a custom role definition. - To update a role definition, provide the ``definition_name`` of the existing definition. + To update a role definition, specify the definition's ``name``. :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. :type scope: str or KeyVaultRoleScope - :keyword definition_name: the unique role definition name. Unless a UUID is provided, a new role definition - will be created with a generated unique name. Providing the unique name of an existing role definition will - update that role definition. - :paramtype definition_name: str or uuid.UUID + :keyword name: the role definition's name, a UUID. When this argument has a value, the client will create a new + role definition with this name or update an existing role definition, if one exists with the given name. + When this argument has no value, a new role definition will be created with a generated name. + :paramtype name: str or uuid.UUID :keyword str role_name: the role's display name. If unspecified when creating or updating a role definition, the role name will be set to an empty string. :keyword str description: a description of the role definition. If unspecified when creating or updating a role @@ -160,7 +160,7 @@ def set_role_definition(self, scope, **kwargs): definition = self._client.role_definitions.create_or_update( vault_base_url=self._vault_url, scope=scope, - role_definition_name=str(kwargs.pop("definition_name", None) or uuid4()), + role_definition_name=str(kwargs.pop("name", None) or uuid4()), parameters=parameters, **kwargs ) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index 73315bd94671..ff6e22455cc1 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -124,15 +124,15 @@ async def set_role_definition( ) -> "KeyVaultRoleDefinition": """Creates or updates a custom role definition. - To update a role definition, provide the ``definition_name`` of the existing definition. + To update a role definition, specify the definition's ``name``. :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. :type scope: str or KeyVaultRoleScope - :keyword definition_name: the unique role definition name. Unless a UUID is provided, a new role definition - will be created with a generated unique name. Providing the unique name of an existing role definition will - update that role definition. - :paramtype definition_name: str or uuid.UUID + :keyword name: the role definition's name, a UUID. When this argument has a value, the client will create a new + role definition with this name or update an existing role definition, if one exists with the given name. + When this argument has no value, a new role definition will be created with a generated name. + :paramtype name: str or uuid.UUID :keyword str role_name: the role's display name. If unspecified when creating or updating a role definition, the role name will be set to an empty string. :keyword str description: a description of the role definition. If unspecified when creating or updating a role @@ -166,7 +166,7 @@ async def set_role_definition( definition = await self._client.role_definitions.create_or_update( vault_base_url=self._vault_url, scope=scope, - role_definition_name=str(kwargs.pop("definition_name", None) or uuid4()), + role_definition_name=str(kwargs.pop("name", None) or uuid4()), parameters=parameters, **kwargs ) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index c82686edecf1..c806ee7deb46 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -69,7 +69,7 @@ def test_role_definitions(self): permissions = [KeyVaultPermission(data_actions=[KeyVaultDataAction.READ_HSM_KEY])] created_definition = client.set_role_definition( scope=scope, - definition_name=definition_name, + name=definition_name, role_name=role_name, description="test", permissions=permissions @@ -87,7 +87,7 @@ def test_role_definitions(self): KeyVaultPermission(data_actions=[], not_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) ] updated_definition = client.set_role_definition( - scope=scope, definition_name=definition_name, permissions=permissions + scope=scope, name=definition_name, permissions=permissions ) assert updated_definition.role_name == "" assert updated_definition.description == "" diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py index ffd8efac6449..4b422b4d2383 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py @@ -79,7 +79,7 @@ async def test_role_definitions(self): permissions = [KeyVaultPermission(data_actions=[KeyVaultDataAction.READ_HSM_KEY])] created_definition = await client.set_role_definition( scope=scope, - definition_name=definition_name, + name=definition_name, role_name=role_name, description="test", permissions=permissions @@ -97,7 +97,7 @@ async def test_role_definitions(self): KeyVaultPermission(data_actions=[], not_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) ] updated_definition = await client.set_role_definition( - scope=scope, definition_name=definition_name, permissions=permissions + scope=scope, name=definition_name, permissions=permissions ) assert updated_definition.role_name == "" assert updated_definition.description == "" From a3dab4fe598e1ddc44287fca944f4858dd02476d Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Thu, 10 Jun 2021 17:04:52 -0700 Subject: [PATCH 21/24] update readme --- .../azure-keyvault-administration/README.md | 72 +++++++++---------- 1 file changed, 35 insertions(+), 37 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/README.md b/sdk/keyvault/azure-keyvault-administration/README.md index 3d4ccdc396ab..2da914b4a2cf 100644 --- a/sdk/keyvault/azure-keyvault-administration/README.md +++ b/sdk/keyvault/azure-keyvault-administration/README.md @@ -81,7 +81,7 @@ a more appropriate name for your service principal. ```Bash az keyvault create --hsm-name "" --resource-group "" --administrators --location "" ``` - + * Activate your managed HSM to enable key and role management. Detailed instructions can be found in [this quickstart guide](https://docs.microsoft.com/azure/key-vault/managed-hsm/quick-create-cli#activate-your-managed-hsm). Create three self signed certificates and download the [Security Domain](https://docs.microsoft.com/azure/key-vault/managed-hsm/security-domain) for your managed HSM: > **Important:** Create and store the RSA key pairs and security domain file generated in this step securely. ```Bash @@ -165,12 +165,12 @@ credential = DefaultAzureCredential() client = KeyVaultAccessControlClient(vault_url="https://my-managed-hsm-name.managedhsm.azure.net/", credential=credential) # this will list all role definitions available for assignment -role_definitions = client.list_role_definitions(role_scope=KeyVaultRoleScope.GLOBAL) +role_definitions = client.list_role_definitions(KeyVaultRoleScope.GLOBAL) -for role_definition in role_definitions: - print(role_definition.id) - print(role_definition.role_name) - print(role_definition.description) +for definition in role_definitions: + print(definition.id) + print(definition.role_name) + print(definition.description) ``` ### Set, Get, and Delete a role definition @@ -180,33 +180,34 @@ for role_definition in role_definitions: ```python import uuid from azure.identity import DefaultAzureCredential -from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultDataAction, KeyVaultPermission +from azure.keyvault.administration import ( + KeyVaultAccessControlClient, + KeyVaultDataAction, + KeyVaultPermission, + KeyVaultRoleScope +) credential = DefaultAzureCredential() client = KeyVaultAccessControlClient(vault_url="https://my-managed-hsm-name.managedhsm.azure.net/", credential=credential) -# create the custom role definition -role_scope = "/" # the global scope -definition_name = uuid.uuid4() +# create a custom role definition permissions = [KeyVaultPermission(allowed_data_actions=[KeyVaultDataAction.READ_HSM_KEY])] -created_definition = client.set_role_definition( - role_scope=role_scope, permissions=permissions, role_definition_name=definition_name -) +created_definition = client.set_role_definition(KeyVaultRoleScope.GLOBAL, permissions=permissions) # update the custom role definition permissions = [ KeyVaultPermission(allowed_data_actions=[], denied_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) ] updated_definition = client.set_role_definition( - role_scope=role_scope, permissions=permissions, role_definition_name=definition_name + KeyVaultRoleScope.GLOBAL, permissions=permissions, role_name=created_definition.name ) # get the custom role definition -definition = client.get_role_definition(role_scope=role_scope, role_definition_name=definition_name) +definition = client.get_role_definition(KeyVaultRoleScope.GLOBAL, role_name=definition_name) # delete the custom role definition -deleted_definition = client.delete_role_definition(role_scope=role_scope, role_definition_name=definition_name) +deleted_definition = client.delete_role_definition(KeyVaultRoleScope.GLOBAL, role_name=definition_name) ``` ### List all role assignments @@ -221,12 +222,12 @@ credential = DefaultAzureCredential() client = KeyVaultAccessControlClient(vault_url="https://my-managed-hsm-name.managedhsm.azure.net/", credential=credential) # this will list all role assignments -role_assignments = client.list_role_assignments(role_scope=KeyVaultRoleScope.GLOBAL) +role_assignments = client.list_role_assignments(KeyVaultRoleScope.GLOBAL) -for role_assignment in role_assignments: - print(role_assignment.name) - print(role_assignment.principal_id) - print(role_assignment.role_definition_id) +for assignment in role_assignments: + print(assignment.name) + print(assignment.principal_id) + print(assignment.role_definition_id) ``` ### Create, Get, and Delete a role assignment @@ -234,30 +235,29 @@ Assign a role to a service principal. This will require a role definition id fro ```python from azure.identity import DefaultAzureCredential -from azure.keyvault.administration import KeyVaultAccessControlClient +from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope credential = DefaultAzureCredential() client = KeyVaultAccessControlClient(vault_url="https://my-managed-hsm-name.managedhsm.azure.net/", credential=credential) -role_scope = "/" # the global scope role_definition_id = "" # Replace with the id of a definition returned from the previous example principal_id = "" # first, let's create the role assignment -role_assignment = client.create_role_assignment(role_scope, role_definition_id, principal_id) +role_assignment = client.create_role_assignment(KeyVaultRoleScope.GLOBAL, role_definition_id, principal_id) print(role_assignment.name) print(role_assignment.principal_id) print(role_assignment.role_definition_id) # now, we get it -role_assignment = client.get_role_assignment(role_scope, role_assignment.name) +role_assignment = client.get_role_assignment(KeyVaultRoleScope.GLOBAL, role_assignment.name) print(role_assignment.name) print(role_assignment.principal_id) print(role_assignment.role_definition_id) # finally, we delete this role assignment -role_assignment = client.delete_role_assignment(role_scope, role_assignment.name) +role_assignment = client.delete_role_assignment(KeyVaultRoleScope.GLOBAL, role_assignment.name) print(role_assignment.name) print(role_assignment.principal_id) print(role_assignment.role_definition_id) @@ -280,13 +280,13 @@ client = KeyVaultBackupClient(vault_url="https://my-managed-hsm-name.managedhsm. blob_storage_url = "" sas_token = "" # replace with a sas token to your storage account -# performing a full key backup is a long-running operation. Calling result() on the poller will wait -# until the backup is completed, then return an object representing the backup operation. -backup_operation = client.begin_backup(blob_storage_url, sas_token).result() +# Backup is a long-running operation. The client returns a poller object whose result() method +# blocks until the backup is complete, then returns an object representing the backup operation. +backup_poller = client.begin_backup(blob_storage_url, sas_token) +backup_operation = backup_poller.result() +# this is the Azure Storage Blob URL of the backup print(backup_operation.folder_url) -print(backup_operation.status) -print(backup_operation.job_id) ``` @@ -309,12 +309,10 @@ sas_token = "" # replace with a sas token to your storage accou # URL to a storage blob, for example https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 blob_url = "" -# performing a full key restore is a long-running operation. Calling `result()` on the poller will wait -# until the restore is completed, then return an object representing the restore operation. -restore_operation = client.begin_restore(blob_url, sas_token).result() - -print(restore_operation.status) -print(restore_operation.job_id) +# Restore is a long-running operation. The client returns a poller object whose wait() method +# blocks until the restore is complete. +restore_poller = client.begin_restore(blob_url, sas_token) +restore_poller.wait() ``` ## Troubleshooting From 4115cdde639ae9c89b8d0b9cd8fc2c078953d2d5 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Fri, 11 Jun 2021 12:29:47 -0700 Subject: [PATCH 22/24] update shared_requirements --- shared_requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared_requirements.txt b/shared_requirements.txt index 649fb757dc3c..a84204f380bc 100644 --- a/shared_requirements.txt +++ b/shared_requirements.txt @@ -135,13 +135,13 @@ pyjwt>=1.7.1 #override azure-eventhub azure-core<2.0.0,>=1.14.0 #override azure-identity azure-core<2.0.0,>=1.0.0 #override azure-keyvault-administration msrest>=0.6.21 +#override azure-keyvault-administration azure-core<2.0.0,>=1.11.0 #override azure-keyvault-certificates msrest>=0.6.21 #override azure-keyvault-keys msrest>=0.6.21 #override azure-keyvault-secrets msrest>=0.6.21 #override azure-keyvault-certificates azure-core<2.0.0,>=1.7.0 #override azure-keyvault-keys azure-core<2.0.0,>=1.7.0 #override azure-keyvault-secrets azure-core<2.0.0,>=1.7.0 -#override azure-keyvault-administration azure-core<2.0.0,>=1.7.0 #override azure-ai-textanalytics msrest>=0.6.0 #override azure-ai-textanalytics azure-core<2.0.0,>=1.14.0 #override azure-search-documents azure-core<2.0.0,>=1.14.0 From d1f6c633203fe2c02151ec5b79d36113ff9651ec Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Fri, 11 Jun 2021 12:36:37 -0700 Subject: [PATCH 23/24] more changelog --- sdk/keyvault/azure-keyvault-administration/CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md b/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md index 199c98764c5b..3e30819fa84d 100644 --- a/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md +++ b/sdk/keyvault/azure-keyvault-administration/CHANGELOG.md @@ -51,6 +51,7 @@ and `.get_role_assignment` - Renamed argument `role_definition_name` to `name` in `KeyVaultAccessControlClient.delete_role_definition` and `.get_role_definition` +- Renamed argument `role_scope` to `scope` in `KeyVaultAccessControlClient` methods ## 4.0.0b3 (2021-02-09) ### Added From ad1334f010fee127ba51aa88dabe440736c4f820 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Fri, 11 Jun 2021 14:46:51 -0700 Subject: [PATCH 24/24] protect pylint from six.with_metaclass --- .../azure/keyvault/administration/_enums.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py index 145944292298..1109ef610c32 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py @@ -7,6 +7,9 @@ from azure.core import CaseInsensitiveEnumMeta +# pylint:skip-file (avoids crash due to six.with_metaclass https://github.com/PyCQA/astroid/issues/713) + + class KeyVaultRoleScope(with_metaclass(CaseInsensitiveEnumMeta, str, Enum)): """Collection of well known role scopes. This list is not exhaustive."""