[key vault] Regenerate keys (Azure#12101)

Author: iscai-msft

sdk/keyvault/azure-keyvault-keys/CHANGELOG.md

@@ -6,6 +6,8 @@
 - Updated minimum `azure-core` version to 1.4.0
 - `CryptographyClient` will no longer perform encrypt or wrap operations when
   its key has expired or is not yet valid.
+- Users can pass in CustomHookPolicy through the kwarg `custom_hook_policy` when initializing the client
+- RequestIdPolicy is now always set for all requests. This policy sets the id of the request in the header.
 
 ## 4.2.0b1 (2020-03-10)
 - Support for Key Vault API version 7.1-preview

sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/__init__.py

@@ -3,7 +3,7 @@
 # Licensed under the MIT License.
 # -------------------------------------
 from ._enums import KeyCurveName, KeyOperation, KeyType
-from ._shared.multi_api import ApiVersion
+from ._shared.client_base import ApiVersion
 from ._models import DeletedKey, JsonWebKey, KeyProperties, KeyVaultKey
 from ._client import KeyClient
 

sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py

@@ -87,13 +87,19 @@ def create_key(self, name, key_type, **kwargs):
         else:
             attributes = None
 
-        bundle = self._client.create_key(
-            vault_base_url=self.vault_url,
-            key_name=name,
+        parameters = self._models.KeyCreateParameters(
             kty=key_type,
             key_size=kwargs.pop("size", None),
             key_attributes=attributes,
             key_ops=kwargs.pop("key_operations", None),
+            tags=kwargs.pop("tags", None),
+            curve=kwargs.pop("curve", None)
+        )
+
+        bundle = self._client.create_key(
+            vault_base_url=self.vault_url,
+            key_name=name,
+            parameters=parameters,
             error_map=_error_map,
             **kwargs
         )
@@ -439,12 +445,18 @@ def update_key_properties(self, name, version=None, **kwargs):
             attributes = self._models.KeyAttributes(enabled=enabled, not_before=not_before, expires=expires_on)
         else:
             attributes = None
+
+        parameters = self._models.KeyUpdateParameters(
+            key_ops=kwargs.pop("key_operations", None),
+            key_attributes=attributes,
+            tags=kwargs.pop("tags", None)
+        )
+
         bundle = self._client.update_key(
             self.vault_url,
             name,
             key_version=version or "",
-            key_ops=kwargs.pop("key_operations", None),
-            key_attributes=attributes,
+            parameters=parameters,
             error_map=_error_map,
             **kwargs
         )
@@ -500,7 +512,12 @@ def restore_key_backup(self, backup, **kwargs):
                 :caption: Restore a key backup
                 :dedent: 8
         """
-        bundle = self._client.restore_key(self.vault_url, backup, error_map=_error_map, **kwargs)
+        bundle = self._client.restore_key(
+            self.vault_url,
+            parameters=self._models.KeyRestoreParameters(key_bundle_backup=backup),
+            error_map=_error_map,
+            **kwargs
+        )
         return KeyVaultKey._from_key_bundle(bundle)
 
     @distributed_trace
@@ -530,12 +547,18 @@ def import_key(self, name, key, **kwargs):
             attributes = self._models.KeyAttributes(enabled=enabled, not_before=not_before, expires=expires_on)
         else:
             attributes = None
-        bundle = self._client.import_key(
-            self.vault_url,
-            name,
+
+        parameters = self._models.KeyImportParameters(
             key=key._to_generated_model(),
             key_attributes=attributes,
             hsm=kwargs.pop("hardware_protected", None),
+            tags=kwargs.pop("tags", None)
+        )
+
+        bundle = self._client.import_key(
+            self.vault_url,
+            name,
+            parameters=parameters,
             error_map=_error_map,
             **kwargs
         )

sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_0/__init__.py renamed to sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_generated/__init__.py

@@ -1,18 +1,16 @@
 # coding=utf-8
 # --------------------------------------------------------------------------
 # Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-#
+# Licensed under the MIT License. See License.txt in the project root for license information.
 # Code generated by Microsoft (R) AutoRest Code Generator.
-# Changes may cause incorrect behavior and will be lost if the code is
-# regenerated.
+# Changes may cause incorrect behavior and will be lost if the code is regenerated.
 # --------------------------------------------------------------------------
 
 from ._key_vault_client import KeyVaultClient
 __all__ = ['KeyVaultClient']
 
-from .version import VERSION
-
-__version__ = VERSION
-
+try:
+    from ._patch import patch_sdk  # type: ignore
+    patch_sdk()
+except ImportError:
+    pass

sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/_configuration.py renamed to sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_generated/_configuration.py

@@ -8,40 +8,42 @@
 # Changes may cause incorrect behavior and will be lost if the code is
 # regenerated.
 # --------------------------------------------------------------------------
+from typing import Any
+
 from azure.core.configuration import Configuration
 from azure.core.pipeline import policies
 
-from .version import VERSION
+from ._version import VERSION
 
 
 class KeyVaultClientConfiguration(Configuration):
-    """Configuration for KeyVaultClient
+    """Configuration for KeyVaultClient.
+
     Note that all parameters used to create this instance are saved as instance
     attributes.
-
-    :param credentials: Credentials needed for the client to connect to Azure.
-    :type credentials: :mod:`A msrestazure Credentials
-     object<msrestazure.azure_active_directory>`
     """
 
-    def __init__(self, credentials, **kwargs):
-
-        if credentials is None:
-            raise ValueError("Parameter 'credentials' must not be None.")
-
+    def __init__(
+        self,
+        **kwargs  # type: Any
+    ):
+        # type: (...) -> None
         super(KeyVaultClientConfiguration, self).__init__(**kwargs)
-        self._configure(**kwargs)
 
-        self.user_agent_policy.add_user_agent('azsdk-python-azure-keyvault/{}'.format(VERSION))
-        self.generate_client_request_id = True
-
-        self.credentials = credentials
+        kwargs.setdefault('sdk_moniker', 'azure-keyvault/{}'.format(VERSION))
+        self._configure(**kwargs)
 
-    def _configure(self, **kwargs):
+    def _configure(
+        self,
+        **kwargs  # type: Any
+    ):
+        # type: (...) -> None
         self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs)
         self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs)
         self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs)
         self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs)
+        self.http_logging_policy = kwargs.get('http_logging_policy') or policies.HttpLoggingPolicy(**kwargs)
         self.retry_policy = kwargs.get('retry_policy') or policies.RetryPolicy(**kwargs)
         self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs)
         self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs)
+        self.authentication_policy = kwargs.get('authentication_policy')

sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_generated/_key_vault_client.py

@@ -0,0 +1,157 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from azure.core import PipelineClient
+from msrest import Serializer, Deserializer
+
+from azure.profiles import KnownProfiles, ProfileDefinition
+from azure.profiles.multiapiclient import MultiApiClientMixin
+from ._configuration import KeyVaultClientConfiguration
+from ._operations_mixin import KeyVaultClientOperationsMixin
+class _SDKClient(object):
+    def __init__(self, *args, **kwargs):
+        """This is a fake class to support current implemetation of MultiApiClientMixin."
+        Will be removed in final version of multiapi azure-core based client
+        """
+        pass
+
+class KeyVaultClient(KeyVaultClientOperationsMixin, MultiApiClientMixin, _SDKClient):
+    """The key vault client performs cryptographic key operations and vault operations against the Key Vault service.
+
+    This ready contains multiple API versions, to help you deal with all of the Azure clouds
+    (Azure Stack, Azure Government, Azure China, etc.).
+    By default, it uses the latest API version available on public Azure.
+    For production, you should stick to a particular api-version and/or profile.
+    The profile sets a mapping between an operation group and its API version.
+    The api-version parameter sets the default API version if the operation
+    group is not described in the profile.
+    :param str api_version: API version to use if no profile is provided, or if
+     missing in profile.
+    :param profile: A profile definition, from KnownProfiles to dict.
+    :type profile: azure.profiles.KnownProfiles
+    :keyword int polling_interval: Default waiting time between two polls for LRO operations if no Retry-After header is present.
+    """
+
+    DEFAULT_API_VERSION = '7.1'
+    _PROFILE_TAG = "azure.keyvault.KeyVaultClient"
+    LATEST_PROFILE = ProfileDefinition({
+        _PROFILE_TAG: {
+            None: DEFAULT_API_VERSION,
+            'backup_certificate': '7.0',
+            'backup_secret': '7.0',
+            'backup_storage_account': '7.0',
+            'create_certificate': '7.0',
+            'delete_certificate': '7.0',
+            'delete_certificate_contacts': '7.0',
+            'delete_certificate_issuer': '7.0',
+            'delete_certificate_operation': '7.0',
+            'delete_sas_definition': '7.0',
+            'delete_secret': '7.0',
+            'delete_storage_account': '7.0',
+            'get_certificate': '7.0',
+            'get_certificate_contacts': '7.0',
+            'get_certificate_issuer': '7.0',
+            'get_certificate_issuers': '7.0',
+            'get_certificate_operation': '7.0',
+            'get_certificate_policy': '7.0',
+            'get_certificate_versions': '7.0',
+            'get_certificates': '7.0',
+            'get_deleted_certificate': '7.0',
+            'get_deleted_certificates': '7.0',
+            'get_deleted_sas_definition': '7.0',
+            'get_deleted_sas_definitions': '7.0',
+            'get_deleted_secret': '7.0',
+            'get_deleted_secrets': '7.0',
+            'get_deleted_storage_account': '7.0',
+            'get_deleted_storage_accounts': '7.0',
+            'get_sas_definition': '7.0',
+            'get_sas_definitions': '7.0',
+            'get_secret': '7.0',
+            'get_secret_versions': '7.0',
+            'get_secrets': '7.0',
+            'get_storage_account': '7.0',
+            'get_storage_accounts': '7.0',
+            'import_certificate': '7.0',
+            'merge_certificate': '7.0',
+            'purge_deleted_certificate': '7.0',
+            'purge_deleted_secret': '7.0',
+            'purge_deleted_storage_account': '7.0',
+            'recover_deleted_certificate': '7.0',
+            'recover_deleted_sas_definition': '7.0',
+            'recover_deleted_secret': '7.0',
+            'recover_deleted_storage_account': '7.0',
+            'regenerate_storage_account_key': '7.0',
+            'restore_certificate': '7.0',
+            'restore_secret': '7.0',
+            'restore_storage_account': '7.0',
+            'set_certificate_contacts': '7.0',
+            'set_certificate_issuer': '7.0',
+            'set_sas_definition': '7.0',
+            'set_secret': '7.0',
+            'set_storage_account': '7.0',
+            'update_certificate': '7.0',
+            'update_certificate_issuer': '7.0',
+            'update_certificate_operation': '7.0',
+            'update_certificate_policy': '7.0',
+            'update_sas_definition': '7.0',
+            'update_secret': '7.0',
+            'update_storage_account': '7.0',
+        }},
+        _PROFILE_TAG + " latest"
+    )
+
+    def __init__(
+        self,
+        api_version=None,
+        profile=KnownProfiles.default,
+        **kwargs  # type: Any
+    ):
+        if api_version == '2016-10-01' or api_version == '7.0' or api_version == '7.1':
+            base_url = '{vaultBaseUrl}'
+        else:
+            raise NotImplementedError("APIVersion {} is not available".format(api_version))
+        self._config = KeyVaultClientConfiguration(**kwargs)
+        self._client = PipelineClient(base_url=base_url, config=self._config, **kwargs)
+        super(KeyVaultClient, self).__init__(
+            api_version=api_version,
+            profile=profile
+        )
+
+    @classmethod
+    def _models_dict(cls, api_version):
+        return {k: v for k, v in cls.models(api_version).__dict__.items() if isinstance(v, type)}
+
+    @classmethod
+    def models(cls, api_version=DEFAULT_API_VERSION):
+        """Module depends on the API version:
+
+           * 2016-10-01: :mod:`v2016_10_01.models<azure.keyvault.v2016_10_01.models>`
+           * 7.0: :mod:`v7_0.models<azure.keyvault.v7_0.models>`
+           * 7.1: :mod:`v7_1.models<azure.keyvault.v7_1.models>`
+        """
+        if api_version == '2016-10-01':
+            from .v2016_10_01 import models
+            return models
+        elif api_version == '7.0':
+            from .v7_0 import models
+            return models
+        elif api_version == '7.1':
+            from .v7_1 import models
+            return models
+        raise NotImplementedError("APIVersion {} is not available".format(api_version))
+
+    def close(self):
+        self._client.close()
+    def __enter__(self):
+        self._client.__enter__()
+        return self
+    def __exit__(self, *exc_details):
+        self._client.__exit__(*exc_details)