resole merge conflict

Author: v-savila

articles/azure-functions/functions-reference-python.md

@@ -219,10 +219,13 @@ When you deploy your project to a function app in Azure, the entire contents of
 To connect to Cosmos DB, first [create an account, database, and container](../cosmos-db/nosql/quickstart-portal.md). Then you may connect Functions to Cosmos DB using [trigger and bindings](functions-bindings-cosmosdb-v2.md), like this [example](functions-add-output-binding-cosmos-db-vs-code.md). You may also use the Python library for Cosmos DB, like so:
 
 ```python
-pip install azure-cosmos
+pip install azure-cosmos
+pip install aiohttp
 
-from azure.cosmos import CosmosClient, exceptions
+from azure.cosmos.aio import CosmosClient
+from azure.cosmos import exceptions
 from azure.cosmos.partition_key import PartitionKey
+import asyncio
 
 # Replace these values with your Cosmos DB connection information
 endpoint = "https://azure-cosmos-nosql.documents.azure.com:443/"
@@ -234,41 +237,42 @@ partition_key = "/partition_key"
 # Set the total throughput (RU/s) for the database and container
 database_throughput = 1000
 
-# Initialize the Cosmos client
-client = CosmosClient(endpoint, key)
+# Helper function to get or create database and container
+async def get_or_create_container(client, database_id, container_id, partition_key):
 
-# Create or get a reference to a database
-try:
-    database = client.create_database_if_not_exists(id=database_id)
+    database = await client.create_database_if_not_exists(id=database_id)
     print(f'Database "{database_id}" created or retrieved successfully.')
 
-except exceptions.CosmosResourceExistsError:
-    database = client.get_database_client(database_id)
-    print('Database with id \'{0}\' was found'.format(database_id))
-
-# Create or get a reference to a container
-try:
-    container = database.create_container(id=container_id, partition_key=PartitionKey(path='/partitionKey'))
-    print('Container with id \'{0}\' created'.format(container_id))
-
-except exceptions.CosmosResourceExistsError:
-    container = database.get_container_client(container_id)
-    print('Container with id \'{0}\' was found'.format(container_id))
-
-# Sample document data
-sample_document = {
-    "id": "1",
-    "name": "Doe Smith",
-    "city": "New York",
-    "partition_key": "NY"
-}
-
-# Insert a document
-container.create_item(body=sample_document)
-
-# Query for documents
-query = "SELECT * FROM c where c.id = 1"
-items = list(container.query_items(query, enable_cross_partition_query=True))
+    container = await database.create_container_if_not_exists(id=container_id, partition_key=PartitionKey(path=partition_key))
+    print(f'Container with id "{container_id}" created')
+ 
+    return container
+ 
+async def create_products():
+    async with CosmosClient(endpoint, credential=key) as client:
+        container = await get_or_create_container(client, database_id, container_id, partition_key)
+        for i in range(10):
+            await container.upsert_item({
+                'id': f'item{i}',
+                'productName': 'Widget',
+                'productModel': f'Model {i}'
+            })
+ 
+async def get_products():
+    items = []
+    async with CosmosClient(endpoint, credential=key) as client:
+        container = await get_or_create_container(client, database_id, container_id, partition_key)
+        async for item in container.read_all_items():
+            items.append(item)
+    return items
+ 
+async def main():
+    await create_products()
+    products = await get_products()
+    print(products)
+ 
+if __name__ == "__main__":
+    asyncio.run(main())
 ```
 
 ::: zone pivot="python-mode-decorators"

articles/trusted-signing/TOC.yml

@@ -10,8 +10,6 @@
     items:
     - name: Signing Integrations with Trusted Signing
       href: how-to-signing-integrations.md
-  - name: How-To
-    items:
     - name: Sign CI Policies with Trusted Signing
       href: how-to-sign-ci-policy.md
   - name: Quickstart

articles/trusted-signing/faq.yml

@@ -71,7 +71,7 @@ sections:
           FIPS 140-2 level 3 (mHSMs)
       - question: How to include the appropriate EKU for our certificates into the ELAM driver resources? 
         answer: |
-          - For information regarding ELAM driver config for Protected Anti-Malware Services, refer to the following guidance: "Beginning in 2022, all user mode anti-malware service binaries must be signed by Microsoft's Azure Code Sign signing service. The Trusted Signing issued Authenticode certificate for signing anti-malware binaries is updated every 30 days for security. To prevent the need to update the ELAM driver every time the certificate is updated, we recommend that anti-malware vendors include the Azure Code Sign PCA certificate TBS hash in the CertHash portion of the ELAM driver resource file info. Additionally, the anti-malware vendor must include their unique Trusted Signing EKU identity in the EKU field of the resource file info. The EKU identity will begin with the prefix *1.3.6.1.4.1.311.97.*."
+          - For information regarding ELAM driver config for Protected Anti-Malware Services, refer to the following guidance: "Beginning in 2022, all user mode anti-malware service binaries must be signed by Microsoft's Trusted Signing signing service. The Trusted Signing issued Authenticode certificate for signing anti-malware binaries is updated every 30 days for security. To prevent the need to update the ELAM driver every time the certificate is updated, we recommend that anti-malware vendors include the Trusted Signing PCA certificate TBS hash in the CertHash portion of the ELAM driver resource file info. Additionally, the anti-malware vendor must include their unique Trusted Signing EKU identity in the EKU field of the resource file info. The EKU identity will begin with the prefix *1.3.6.1.4.1.311.97.*."
           - See the [PKI Repository](https://www.microsoft.com/pkiops/docs/repository.htm) page for the Microsoft ID Verified Code Signing PCA 2021 cert.
       - question: What happens if we run Trusted Signing binaries on a signed on machine that doesn't have the Trusted Signing update (especially binaries that are INTEGRITYCHECK-ed)?
         answer: |

articles/trusted-signing/how-to-sign-ci-policy.md

@@ -29,36 +29,36 @@ Import-Module .\Az.CodeSigning.psd1
 ``` 
 4. Optionally you can create a `metadata.json` file:
 ```
-Endpoint "https://scus.codesigning.azure.net/" 
-CodeSigningAccountName "youracsaccount" 
-CertificateProfileName "youracscertprofile" 
+"Endpoint": "https://xxx.codesigning.azure.net/" 
+"TrustedSigningAccountName": "<Trusted Signing Account Name>", 
+"CertificateProfileName": "<Certificate Profile Name>",
 ```
 5. [Get the root certificate](/powershell/module/az.codesigning/get-azcodesigningrootcert) to be added to the trust store
 ```
 Get-AzCodeSigningRootCert -AccountName TestAccount -ProfileName TestCertProfile -EndpointUrl https://xxx.codesigning.azure.net/ -Destination c:\temp\root.cer
 ```
 Or using a metadata.json
 ```
-Get-AzCodeSigningRootCert -MetadataFilePath C:\temp\metadata.sample.scus.privateci.json https://xxx.codesigning.azure.net/ -Destination c:\temp\root.cer 
+Get-AzCodeSigningRootCert -MetadataFilePath C:\temp\metadata.json https://xxx.codesigning.azure.net/ -Destination c:\temp\root.cer 
 ```
 6. To get the EKU (Extended Key Usage) to insert into your policy:
 ```
-Get-AzCodeSigningCustomerEku -AccountName acstestcanary -ProfileName acstestcanaryCert1 -EndpointUrl https://xxx.codesigning.azure.net/ 
+Get-AzCodeSigningCustomerEku -AccountName TestAccount -ProfileName TestCertProfile -EndpointUrl https://xxx.codesigning.azure.net/ 
 ```
 Or
 
 ```
-Get-AzCodeSigningCustomerEku -MetadataFilePath C:\temp\metadata.sample.scus.privateci.json 
+Get-AzCodeSigningCustomerEku -MetadataFilePath C:\temp\metadata.json 
 ```
 7. To sign your policy, you run the invoke command:
 ``` 
-Invoke-AzCodeSigningCIPolicySigning -accountName acstestcanary -profileName acstestcanaryCert1 -endpointurl "https://xxx.codesigning.azure.net/" -Path C:\Temp\defaultpolicy.bin -Destination C:\Temp\defaultpolicy_signed.bin -TimeStamperUrl: http://timestamp.acs.microsoft.com 
+Invoke-AzCodeSigningCIPolicySigning -accountName TestAccount -profileName TestCertProfile -endpointurl "https://xxx.codesigning.azure.net/" -Path C:\Temp\defaultpolicy.bin -Destination C:\Temp\defaultpolicy_signed.bin -TimeStamperUrl: http://timestamp.acs.microsoft.com 
 ```
 
 Or use a `metadata.json` file and the following command: 
 
 ```
-Invoke-AzCodeSigningCIPolicySigning -MetadataFilePath C:\temp\metadata.sample.scus.privateci.json -Path C:\Temp\defaultpolicy.bin -Destination C:\Temp\defaultpolicy_signed.bin -TimeStamperUrl: http://timestamp.acs.microsoft.com 
+Invoke-AzCodeSigningCIPolicySigning -MetadataFilePath C:\temp\metadata.json -Path C:\Temp\defaultpolicy.bin -Destination C:\Temp\defaultpolicy_signed.bin -TimeStamperUrl: http://timestamp.acs.microsoft.com 
 ```
 
 ## Creating and Deploying a CI Policy

articles/trusted-signing/how-to-signing-integrations.md

@@ -78,7 +78,7 @@ To sign using Trusted Signing, you need to provide the details of your Trusted S
 ```
 { 
   "Endpoint": "<Code Signing Account Endpoint>", 
-  "CodeSigningAccountName": "<Code Signing Account Name>", 
+  "TrustedSigningAccountName": "<Trusted Signing Account Name>", 
   "CertificateProfileName": "<Certificate Profile Name>", 
   "CorrelationId": "<Optional CorrelationId*>" 
 } 

articles/trusted-signing/tutorial-assign-roles.md

@@ -36,8 +36,8 @@ Complete the following steps to assign roles in Trusted Signing.
 4. For more granular access control on the certificate profile level, you can use the Azure CLI to assign roles. The following commands can be used to assign the _Code Signing Certificate Profile Signer_ role to users/service principles to sign files. 
 ```
 az role assignment create --assignee <objectId of user/service principle> 
---role "Code Signing Certificate Profile Signer" 
---scope "/subscriptions/<subscriptionId>/resourceGroups/<resource-group-name>/providers/Microsoft.CodeSigning/codeSigningAccounts/<codesigning-account-name>/certificateProfiles/<profileName>" 
+--role "Trusted Signing Certificate Profile Signer" 
+--scope "/subscriptions/<subscriptionId>/resourceGroups/<resource-group-name>/providers/Microsoft.CodeSigning/trustedSigningAccounts/<trustedsigning-account-name>/certificateProfiles/<profileName>" 
 ```
 
 ## Related content