[Keyvault] BREAKING CHANGE: az keyvault secret/certificate: Migrate…

… to track2 SDK, breaking changes to service response (Azure#26242) * add track2 sdk for keyvault certificates and secrets * tested `secret list/list-deleted/list-versions`, `secret set` is partially done * `az keyvault secret set` done * `az keyvault secret set-attributes` done * `az keyvault secret show` done, reformat _params.py * `az keyvault secret show-deleted` done * `az keyvault secret delete` done * `az keyvault secret purge` done * `az keyvault secret purge` done * `az keyvault secret recover` done * `az keyvault secret download` done * `az keyvault secret backup` done * `az keyvault secret restore` done , `az keyvault secret` done, still need tests * `az keyvault secret` tests passed * `az keyvault certificate create` done * `az keyvault certificate list` done * `az keyvault certificate list-versions` done * `az keyvault certificate list-deleted` done * `az keyvault certificate show` done * `az keyvault certificate show` done * `az keyvault certificate show-deleted` done * `az keyvault certificate delete` done * `az keyvault certificate purge` done * `az keyvault certificate recover` done * `az keyvault certificate set-attributes` done * `az keyvault certificate set-attributes` done * `az keyvault certificate import` done, need to fix x509properties,basic_constraints * `az keyvault certificate import` no need for custom func * `az keyvault certificate download` done * remove basic_constraints as no longer return by track2 sdk * `az keyvault certificate get-default-policy` done * `az keyvault certificate backup` done * `az keyvault certificate restore` done * `az keyvault certificate pending merge` done, testing not finished because (Conflict) A pending object is already complete. BREAKING CHANGE: --not-before and --expires no longer supported by track2 * `az keyvault certificate pending show` done * `az keyvault certificate pending delete` done * `az keyvault certificate contact list` done * `az keyvault certificate contact add` done * `az keyvault certificate contact delete` done, BREAKING CHANGE, if delete would remove the last contact, return an empty list instead of the deleted contact. This is to be consistent where delete would return the remaining list. * `az keyvault certificate issuer create` done, BREAKING CHANGE, "zip" under "organizationDetails" is no longer returned, use 0 as default * `az keyvault certificate issuer update` done * `az keyvault certificate issuer list` done * `az keyvault certificate issuer show` done * `az keyvault certificate issuer delete` done * `az keyvault certificate issuer admin add` done, BREAKING CHANGE: returns the list after the addition instead of only the admin just added, follows `az keyvault certificate contact add` * `az keyvault certificate issuer admin list` done * `az keyvault certificate issuer admin delete` done, fix case when the admin deleted is the last * fix some tests, test_keyvault_certificate_issuers still not fully working because of sdk breaking change * lint * use sdk functions directly to bypass error where cannot set str back to "", remove breaking change for `az keyvault certificate admin add` * pylint fix * Rerun tests from instance 7. See test_results_None_latest_7.parallel.xml for details * Rerun tests from instance 1. See test_results_None_latest_1.serial.xml for details * Rerun tests from instance 2. See test_results_None_latest_2.parallel.xml for details * Rerun tests from instance 3. See test_results_None_latest_3.parallel.xml for details * pylint fix * fix validator for cert policy * fix recordings * fix recordings * Rerun tests from instance 3. See test_results_None_latest_3.parallel.xml for details * fix recordings * fix recordings * fix recordings * fix recordings * fix recordings * old api version keyvault has no soft delete * old api version keyvault mgmt plane has no soft delete * try to fix recording again * BREAKING CHANGE: pending not return by SDK anymore as it is an additional property, should not manually add it, user can use `az keyvault certificate pending show` to find it. * fix recording --------- Co-authored-by: Azure CLI Team <[email protected]>
vishesh155 · May 17, 2023 · 05b8185 · 05b8185
1 parent a77934c
commit 05b8185
Show file tree

Hide file tree

Showing 68 changed files with 20,266 additions and 13,854 deletions.
diff --git a/src/azure-cli-core/azure/cli/core/profiles/_shared.py b/src/azure-cli-core/azure/cli/core/profiles/_shared.py
@@ -65,7 +65,9 @@ class ResourceType(Enum):  # pylint: disable=too-few-public-methods
     MGMT_MONITOR = ('azure.mgmt.monitor', 'MonitorManagementClient')
     MGMT_MSI = ('azure.mgmt.msi', 'ManagedServiceIdentityClient')
     DATA_KEYVAULT = ('azure.keyvault', 'KeyVaultClient')
+    DATA_KEYVAULT_CERTIFICATES = ('azure.keyvault.certificates', 'CertificateClient')
     DATA_KEYVAULT_KEYS = ('azure.keyvault.keys', 'KeyClient')
+    DATA_KEYVAULT_SECRETS = ('azure.keyvault.secrets', 'SecretClient')
     DATA_PRIVATE_KEYVAULT = ('azure.cli.command_modules.keyvault.vendored_sdks.azure_keyvault_t1', 'KeyVaultClient')
     DATA_KEYVAULT_ADMINISTRATION_BACKUP = ('azure.keyvault.administration', 'KeyVaultBackupClient')
     DATA_KEYVAULT_ADMINISTRATION_ACCESS_CONTROL = ('azure.keyvault.administration', 'KeyVaultAccessControlClient')
@@ -199,7 +201,9 @@ def default_api_version(self):
         }),
         # The order does make things different.
         # Please keep ResourceType.DATA_KEYVAULT_KEYS before ResourceType.DATA_KEYVAULT
+        ResourceType.DATA_KEYVAULT_CERTIFICATES: None,
         ResourceType.DATA_KEYVAULT_KEYS: None,
+        ResourceType.DATA_KEYVAULT_SECRETS: None,
         ResourceType.DATA_KEYVAULT_ADMINISTRATION_SETTING: None,
         ResourceType.DATA_KEYVAULT: '7.0',
         ResourceType.DATA_PRIVATE_KEYVAULT: '7.2',
@@ -293,7 +297,9 @@ def default_api_version(self):
         }),
         # The order does make things different.
         # Please keep ResourceType.DATA_KEYVAULT_KEYS before ResourceType.DATA_KEYVAULT
+        ResourceType.DATA_KEYVAULT_CERTIFICATES: None,
         ResourceType.DATA_KEYVAULT_KEYS: None,
+        ResourceType.DATA_KEYVAULT_SECRETS: None,
         ResourceType.DATA_KEYVAULT: '2016-10-01',
         ResourceType.DATA_STORAGE: '2018-11-09',
         ResourceType.DATA_STORAGE_BLOB: '2019-07-07',
@@ -338,7 +344,9 @@ def default_api_version(self):
         }),
         # The order does make things different.
         # Please keep ResourceType.DATA_KEYVAULT_KEYS before ResourceType.DATA_KEYVAULT
+        ResourceType.DATA_KEYVAULT_CERTIFICATES: None,
         ResourceType.DATA_KEYVAULT_KEYS: None,
+        ResourceType.DATA_KEYVAULT_SECRETS: None,
         ResourceType.DATA_KEYVAULT: '2016-10-01',
         ResourceType.DATA_STORAGE: '2017-11-09',
         ResourceType.DATA_STORAGE_BLOB: '2017-11-09',
@@ -375,7 +383,9 @@ def default_api_version(self):
         }),
         # The order does make things different.
         # Please keep ResourceType.DATA_KEYVAULT_KEYS before ResourceType.DATA_KEYVAULT
+        ResourceType.DATA_KEYVAULT_CERTIFICATES: None,
         ResourceType.DATA_KEYVAULT_KEYS: None,
+        ResourceType.DATA_KEYVAULT_SECRETS: None,
         ResourceType.DATA_KEYVAULT: '2016-10-01',
         ResourceType.DATA_STORAGE: '2017-04-17',
         ResourceType.DATA_STORAGE_BLOB: '2017-04-17',
@@ -404,7 +414,9 @@ def default_api_version(self):
         }),
         # The order does make things different.
         # Please keep ResourceType.DATA_KEYVAULT_KEYS before ResourceType.DATA_KEYVAULT
+        ResourceType.DATA_KEYVAULT_CERTIFICATES: None,
         ResourceType.DATA_KEYVAULT_KEYS: None,
+        ResourceType.DATA_KEYVAULT_SECRETS: None,
         ResourceType.DATA_KEYVAULT: '2016-10-01',
         ResourceType.DATA_STORAGE: '2015-04-05',
         ResourceType.DATA_STORAGE_BLOB: '2015-04-05',

diff --git a/src/azure-cli-testsdk/azure/cli/testsdk/preparers.py b/src/azure-cli-testsdk/azure/cli/testsdk/preparers.py
@@ -176,13 +176,15 @@ def _get_resource_group(self, **kwargs):
 class KeyVaultPreparer(NoTrafficRecordingPreparer, SingleValueReplacer):
     def __init__(self, name_prefix='clitest', sku='standard', location='westus',
                  parameter_name='key_vault', resource_group_parameter_name='resource_group', skip_delete=False,
+                 skip_purge=False,
                  dev_setting_name='AZURE_CLI_TEST_DEV_KEY_VAULT_NAME', key='kv', name_len=24, additional_params=None):
         super(KeyVaultPreparer, self).__init__(name_prefix, name_len)
         self.cli_ctx = get_dummy_cli()
         self.location = location
         self.sku = sku
         self.resource_group_parameter_name = resource_group_parameter_name
         self.skip_delete = skip_delete
+        self.skip_purge = skip_purge
         self.parameter_name = parameter_name
         self.key = key
         self.additional_params = additional_params
@@ -208,6 +210,8 @@ def remove_resource(self, name, **kwargs):
             group = self._get_resource_group(**kwargs)
             self.live_only_execute(self.cli_ctx, 'az keyvault delete -n {} -g {}'.format(name, group))
             from azure.core.exceptions import HttpResponseError
+            if self.skip_purge:
+                return
             try:
                 self.live_only_execute(self.cli_ctx, 'az keyvault purge -n {} -l {}'.format(name, self.location))
             except HttpResponseError:

diff --git a/...zure-cli/azure/cli/command_modules/acr/tests/latest/recordings/test_acr_image_import.yaml b/...zure-cli/azure/cli/command_modules/acr/tests/latest/recordings/test_acr_image_import.yaml
@@ -18,7 +18,7 @@ interactions:
       accept-language:
       - en-US
     method: GET
-    uri: https://cliimportkv73021.vault.azure.net/secrets/SPusername/?api-version=7.0
+    uri: https://cliimportkv73021.vault.azure.net/secrets/SPusername/?api-version=7.4
   response:
     body:
       string: '{"error":{"code":"Unauthorized","message":"AKV10000: Request is missing
@@ -71,7 +71,7 @@ interactions:
       accept-language:
       - en-US
     method: GET
-    uri: https://cliimportkv73021.vault.azure.net/secrets/SPusername/?api-version=7.0
+    uri: https://cliimportkv73021.vault.azure.net/secrets/SPusername/?api-version=7.4
   response:
     body:
       string: '{"value":"48f3eac9-fc0f-4a89-8ceb-1bcf16318a46","id":"https://cliimportkv73021.vault.azure.net/secrets/SPusername/a10cceb994ca428d8e8489358473b82c","attributes":{"enabled":true,"created":1627689801,"updated":1627689801,"recoveryLevel":"Recoverable+Purgeable"}}'
@@ -118,7 +118,7 @@ interactions:
       accept-language:
       - en-US
     method: GET
-    uri: https://cliimportkv73021.vault.azure.net/secrets/SPpassword/?api-version=7.0
+    uri: https://cliimportkv73021.vault.azure.net/secrets/SPpassword/?api-version=7.4
   response:
     body:
       string: '{"value":"93qegDf7Q.OQ~-lttx6TQp7Xeb_7cD8fIP","id":"https://cliimportkv73021.vault.azure.net/secrets/SPpassword/a444beb8c32644b5a9a44448a192b12b","attributes":{"enabled":true,"created":1627689824,"updated":1627689824,"recoveryLevel":"Recoverable+Purgeable"}}'