From 42d5df77eecef87663ba9203a18c9ddcf7426296 Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Tue, 15 Apr 2025 04:10:43 +0000 Subject: [PATCH] CodeGen from PR 33562 in Azure/azure-rest-api-specs Merge 8e53d510b9030651f172af089a1c6c91ccb486d5 into 23634f980c6b8fa1b5cbdecb669628ef3b5d5056 --- .../azure-keyvault-administration/MANIFEST.in | 6 +- .../azure-keyvault-administration/_meta.json | 6 + .../apiview-properties.json | 51 ++ .../azure/__init__.py | 4 - .../azure/keyvault/__init__.py | 4 - .../azure/keyvault/administration/__init__.py | 63 +- .../administration/_access_control_client.py | 271 ------- .../keyvault/administration/_backup_client.py | 393 ---------- .../{_generated => }/_client.py | 10 +- .../{_generated => }/_configuration.py | 0 .../azure/keyvault/administration/_enums.py | 93 --- .../administration/_generated/__init__.py | 32 - .../administration/_generated/_version.py | 9 - .../administration/_generated/aio/__init__.py | 29 - .../_generated/operations/_patch.py | 20 - .../administration/_generated/py.typed | 1 - .../_generated/tsp-location.yaml | 8 - .../administration/_internal/__init__.py | 90 --- .../_internal/async_challenge_auth_policy.py | 262 ------- .../_internal/async_client_base.py | 118 --- .../administration/_internal/async_polling.py | 12 - .../_internal/challenge_auth_policy.py | 270 ------- .../administration/_internal/client_base.py | 155 ---- .../_internal/http_challenge.py | 182 ----- .../_internal/http_challenge_cache.py | 93 --- .../administration/_internal/polling.py | 37 - .../{_generated => }/_model_base.py | 5 +- .../azure/keyvault/administration/_models.py | 319 --------- .../administration/{_generated => }/_patch.py | 9 +- .../keyvault/administration/_sdk_moniker.py | 7 - .../{_generated => }/_serialization.py | 32 +- .../administration/_settings_client.py | 87 --- .../{_generated => }/_validation.py | 0 .../{_generated => }/_vendor.py | 0 .../azure/keyvault/administration/_version.py | 13 +- .../keyvault/administration/aio/__init__.py | 38 +- .../aio/_access_control_client.py | 272 ------- .../administration/aio/_backup_client.py | 388 ---------- .../{_generated => }/aio/_client.py | 12 +- .../{_generated => }/aio/_configuration.py | 0 .../{_generated/models => aio}/_patch.py | 9 +- .../administration/aio/_settings_client.py | 90 --- .../{_generated => }/aio/_vendor.py | 0 .../aio/operations/__init__.py | 4 +- .../aio/operations/_operations.py | 614 ++++++++-------- .../{_generated => }/aio/operations/_patch.py | 9 +- .../{_generated => }/models/__init__.py | 0 .../{_generated => }/models/_enums.py | 0 .../{_generated => }/models/_models.py | 259 ++++--- .../{_generated/aio => models}/_patch.py | 9 +- .../{_generated => }/operations/__init__.py | 4 +- .../operations/_operations.py | 674 +++++++++--------- .../administration/operations/_patch.py | 21 + .../azure/keyvault/administration/py.typed | 1 + .../samples/access_control_operations.py | 6 +- .../access_control_operations_async.py | 9 +- .../samples/backup_restore_operations.py | 2 +- .../backup_restore_operations_async.py | 5 +- .../samples/settings_operations.py | 3 +- .../samples/settings_operations_async.py | 4 +- .../azure-keyvault-administration/setup.py | 56 +- .../tests/_async_test_case.py | 14 +- .../tests/_test_case.py | 12 +- .../tests/conftest.py | 17 +- .../perfstress_tests/get_role_definition.py | 8 +- .../tests/test_access_control.py | 22 +- .../tests/test_access_control_async.py | 27 +- .../tests/test_backup_client.py | 4 +- .../tests/test_backup_client_async.py | 13 +- .../tests/test_examples_administration.py | 5 +- .../test_examples_administration_async.py | 3 +- .../tsp-location.yaml | 8 + 72 files changed, 1102 insertions(+), 4211 deletions(-) create mode 100644 sdk/keyvault/azure-keyvault-administration/_meta.json create mode 100644 sdk/keyvault/azure-keyvault-administration/apiview-properties.json delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/_client.py (95%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/_configuration.py (100%) delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/__init__.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_version.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/__init__.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/operations/_patch.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/py.typed delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/tsp-location.yaml delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/__init__.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_challenge_auth_policy.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_client_base.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_polling.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/challenge_auth_policy.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/client_base.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/http_challenge.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/http_challenge_cache.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/polling.py rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/_model_base.py (99%) delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/_patch.py (61%) delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_sdk_moniker.py rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/_serialization.py (98%) delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_settings_client.py rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/_validation.py (100%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/_vendor.py (100%) delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/aio/_client.py (96%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/aio/_configuration.py (100%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated/models => aio}/_patch.py (61%) delete mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_settings_client.py rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/aio/_vendor.py (100%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/aio/operations/__init__.py (100%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/aio/operations/_operations.py (95%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/aio/operations/_patch.py (61%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/models/__init__.py (100%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/models/_enums.py (100%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/models/_models.py (77%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated/aio => models}/_patch.py (61%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/operations/__init__.py (100%) rename sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/{_generated => }/operations/_operations.py (96%) create mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/operations/_patch.py create mode 100644 sdk/keyvault/azure-keyvault-administration/tsp-location.yaml diff --git a/sdk/keyvault/azure-keyvault-administration/MANIFEST.in b/sdk/keyvault/azure-keyvault-administration/MANIFEST.in index e3240617f61a..903a5953d673 100644 --- a/sdk/keyvault/azure-keyvault-administration/MANIFEST.in +++ b/sdk/keyvault/azure-keyvault-administration/MANIFEST.in @@ -1,7 +1,7 @@ include *.md include LICENSE +include azure/keyvault/administration/py.typed +recursive-include tests *.py +recursive-include samples *.py *.md include azure/__init__.py include azure/keyvault/__init__.py -recursive-include samples *.py -recursive-include tests *.py -include azure/keyvault/administration/py.typed diff --git a/sdk/keyvault/azure-keyvault-administration/_meta.json b/sdk/keyvault/azure-keyvault-administration/_meta.json new file mode 100644 index 000000000000..6fe1a3e9741e --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/_meta.json @@ -0,0 +1,6 @@ +{ + "commit": "3e32fe20d37f48f3d0acd301e71b43586ed85348", + "repository_url": "https://github.com/Azure/azure-rest-api-specs", + "typespec_src": "specification/keyvault/Security.KeyVault.Administration", + "@azure-tools/typespec-python": "0.42.2" +} \ No newline at end of file diff --git a/sdk/keyvault/azure-keyvault-administration/apiview-properties.json b/sdk/keyvault/azure-keyvault-administration/apiview-properties.json new file mode 100644 index 000000000000..081686825565 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/apiview-properties.json @@ -0,0 +1,51 @@ +{ + "CrossLanguagePackageId": "KeyVault", + "CrossLanguageDefinitionId": { + "azure.keyvault.administration.models.FullBackupOperation": "KeyVault.FullBackupOperation", + "azure.keyvault.administration.models.FullBackupOperationError": "KeyVault.FullBackupOperation.error.anonymous", + "azure.keyvault.administration.models.KeyVaultError": "KeyVaultError", + "azure.keyvault.administration.models.Permission": "KeyVault.Permission", + "azure.keyvault.administration.models.PreBackupOperationParameters": "KeyVault.PreBackupOperationParameters", + "azure.keyvault.administration.models.PreRestoreOperationParameters": "KeyVault.PreRestoreOperationParameters", + "azure.keyvault.administration.models.RestoreOperation": "KeyVault.RestoreOperation", + "azure.keyvault.administration.models.RestoreOperationParameters": "KeyVault.RestoreOperationParameters", + "azure.keyvault.administration.models.RoleAssignment": "KeyVault.RoleAssignment", + "azure.keyvault.administration.models.RoleAssignmentCreateParameters": "KeyVault.RoleAssignmentCreateParameters", + "azure.keyvault.administration.models.RoleAssignmentProperties": "KeyVault.RoleAssignmentProperties", + "azure.keyvault.administration.models.RoleAssignmentPropertiesWithScope": "KeyVault.RoleAssignmentPropertiesWithScope", + "azure.keyvault.administration.models.RoleDefinition": "KeyVault.RoleDefinition", + "azure.keyvault.administration.models.RoleDefinitionCreateParameters": "KeyVault.RoleDefinitionCreateParameters", + "azure.keyvault.administration.models.RoleDefinitionProperties": "KeyVault.RoleDefinitionProperties", + "azure.keyvault.administration.models.SASTokenParameter": "KeyVault.SASTokenParameter", + "azure.keyvault.administration.models.SelectiveKeyRestoreOperation": "KeyVault.SelectiveKeyRestoreOperation", + "azure.keyvault.administration.models.SelectiveKeyRestoreOperationParameters": "KeyVault.SelectiveKeyRestoreOperationParameters", + "azure.keyvault.administration.models.Setting": "KeyVault.Setting", + "azure.keyvault.administration.models.SettingsListResult": "KeyVault.SettingsListResult", + "azure.keyvault.administration.models.UpdateSettingRequest": "KeyVault.UpdateSettingRequest", + "azure.keyvault.administration.models.RoleDefinitionType": "KeyVault.RoleDefinitionType", + "azure.keyvault.administration.models.RoleType": "KeyVault.RoleType", + "azure.keyvault.administration.models.DataAction": "KeyVault.DataAction", + "azure.keyvault.administration.models.RoleScope": "KeyVault.RoleScope", + "azure.keyvault.administration.models.OperationStatus": "KeyVault.OperationStatus", + "azure.keyvault.administration.models.SettingTypeEnum": "KeyVault.SettingTypeEnum", + "azure.keyvault.administration.KeyVaultClient.role_definitions.delete": "KeyVault.RoleDefinitions.delete", + "azure.keyvault.administration.KeyVaultClient.role_definitions.create_or_update": "KeyVault.RoleDefinitions.createOrUpdate", + "azure.keyvault.administration.KeyVaultClient.role_definitions.get": "KeyVault.RoleDefinitions.get", + "azure.keyvault.administration.KeyVaultClient.role_definitions.list": "KeyVault.RoleDefinitions.list", + "azure.keyvault.administration.KeyVaultClient.role_assignments.delete": "KeyVault.RoleAssignments.delete", + "azure.keyvault.administration.KeyVaultClient.role_assignments.create": "KeyVault.RoleAssignments.create", + "azure.keyvault.administration.KeyVaultClient.role_assignments.get": "KeyVault.RoleAssignments.get", + "azure.keyvault.administration.KeyVaultClient.role_assignments.list_for_scope": "KeyVault.RoleAssignments.listForScope", + "azure.keyvault.administration.KeyVaultClient.full_backup_status": "KeyVault.fullBackupStatus", + "azure.keyvault.administration.KeyVaultClient.begin_full_backup": "KeyVault.fullBackup", + "azure.keyvault.administration.KeyVaultClient.begin_pre_full_backup": "KeyVault.preFullBackup", + "azure.keyvault.administration.KeyVaultClient.restore_status": "KeyVault.restoreStatus", + "azure.keyvault.administration.KeyVaultClient.begin_full_restore_operation": "KeyVault.fullRestoreOperation", + "azure.keyvault.administration.KeyVaultClient.begin_pre_full_restore_operation": "KeyVault.preFullRestoreOperation", + "azure.keyvault.administration.KeyVaultClient.selective_key_restore_status": "KeyVault.selectiveKeyRestoreStatus", + "azure.keyvault.administration.KeyVaultClient.begin_selective_key_restore_operation": "KeyVault.selectiveKeyRestoreOperation", + "azure.keyvault.administration.KeyVaultClient.update_setting": "KeyVault.updateSetting", + "azure.keyvault.administration.KeyVaultClient.get_setting": "KeyVault.getSetting", + "azure.keyvault.administration.KeyVaultClient.get_settings": "KeyVault.getSettings" + } +} \ No newline at end of file diff --git a/sdk/keyvault/azure-keyvault-administration/azure/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/__init__.py index 679ab6995134..d55ccad1f573 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/__init__.py @@ -1,5 +1 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ __path__ = __import__("pkgutil").extend_path(__path__, __name__) # type: ignore diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/__init__.py index 679ab6995134..d55ccad1f573 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/__init__.py @@ -1,5 +1 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ __path__ = __import__("pkgutil").extend_path(__path__, __name__) # type: ignore diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py index ba7ee01f5ee4..4f7962408227 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py @@ -1,41 +1,32 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from ._access_control_client import KeyVaultAccessControlClient -from ._backup_client import KeyVaultBackupClient -from ._enums import KeyVaultRoleScope, KeyVaultDataAction, KeyVaultSettingType -from ._internal.client_base import ApiVersion -from ._models import ( - KeyVaultBackupOperation, - KeyVaultBackupResult, - KeyVaultPermission, - KeyVaultRestoreOperation, - KeyVaultRoleAssignment, - KeyVaultRoleAssignmentProperties, - KeyVaultRoleDefinition, - KeyVaultSetting, -) -from ._settings_client import KeyVaultSettingsClient +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) Python Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=wrong-import-position +from typing import TYPE_CHECKING -__all__ = [ - "ApiVersion", - "KeyVaultBackupOperation", - "KeyVaultBackupResult", - "KeyVaultAccessControlClient", - "KeyVaultBackupClient", - "KeyVaultDataAction", - "KeyVaultPermission", - "KeyVaultRestoreOperation", - "KeyVaultRoleAssignment", - "KeyVaultRoleAssignmentProperties", - "KeyVaultRoleDefinition", - "KeyVaultRoleScope", - "KeyVaultSetting", - "KeyVaultSettingsClient", - "KeyVaultSettingType", -] +if TYPE_CHECKING: + from ._patch import * # pylint: disable=unused-wildcard-import +from ._client import KeyVaultClient # type: ignore from ._version import VERSION + __version__ = VERSION + +try: + from ._patch import __all__ as _patch_all + from ._patch import * +except ImportError: + _patch_all = [] +from ._patch import patch_sdk as _patch_sdk + +__all__ = [ + "KeyVaultClient", +] +__all__.extend([p for p in _patch_all if p not in __all__]) # pyright: ignore + +_patch_sdk() diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py deleted file mode 100644 index f41733a1a07a..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ /dev/null @@ -1,271 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from typing import Any, List, Optional, Union -from uuid import UUID, uuid4 - -from azure.core.exceptions import ResourceNotFoundError -from azure.core.paging import ItemPaged -from azure.core.tracing.decorator import distributed_trace - -from ._enums import KeyVaultRoleScope -from ._generated.models import ( - Permission, - RoleAssignmentCreateParameters, - RoleAssignmentProperties, - RoleDefinitionCreateParameters, - RoleDefinitionProperties, -) -from ._models import KeyVaultPermission, KeyVaultRoleAssignment, KeyVaultRoleDefinition -from ._internal import KeyVaultClientBase - - -class KeyVaultAccessControlClient(KeyVaultClientBase): - """Manages role-based access to Azure Key Vault. - - :param str vault_url: URL of the vault the client will manage. This is also called the vault's "DNS Name". - You should validate that this URL references a valid Key Vault or Managed HSM resource. - See https://aka.ms/azsdk/blog/vault-uri for details. - :param credential: An object which can provide an access token for the vault, such as a credential from - :mod:`azure.identity` - :type credential: ~azure.core.credentials.TokenCredential - - :keyword api_version: Version of the service API to use. Defaults to the most recent. - :paramtype api_version: ~azure.keyvault.administration.ApiVersion or str - :keyword bool verify_challenge_resource: Whether to verify the authentication challenge resource matches the Key - Vault or Managed HSM domain. Defaults to True. - """ - - # pylint:disable=protected-access - - @distributed_trace - def create_role_assignment( - self, - scope: Union[str, KeyVaultRoleScope], - definition_id: str, - principal_id: str, - *, - name: Optional[Union[str, UUID]] = None, - **kwargs: Any, - ) -> KeyVaultRoleAssignment: - """Create a role assignment. - - :param scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common - broad scopes. Specify a narrower scope as a string. - :type scope: str or KeyVaultRoleScope - :param str definition_id: ID of the role's definition - :param str principal_id: Azure Active Directory object ID of the principal which will be assigned the role. The - principal can be a user, service principal, or security group. - - :keyword name: a name for the role assignment. Must be a UUID. - :paramtype name: str or uuid.UUID or None - - :returns: The created role assignment. - :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment - """ - assignment_name = name or uuid4() - - create_parameters = RoleAssignmentCreateParameters( - properties=RoleAssignmentProperties( - principal_id=principal_id, role_definition_id=str(definition_id) - ) - ) - assignment = self._client.role_assignments.create( - scope=scope, - role_assignment_name=str(assignment_name), - parameters=create_parameters, - **kwargs - ) - return KeyVaultRoleAssignment._from_generated(assignment) - - @distributed_trace - def delete_role_assignment( - self, scope: Union[str, KeyVaultRoleScope], name: Union[str, UUID], **kwargs: Any - ) -> None: - """Delete a role assignment. - - :param scope: the assignment's scope, for example "/", "/keys", or "/keys/" - :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type scope: str or KeyVaultRoleScope - :param name: the role assignment's name. - :type name: str or uuid.UUID - - :returns: None - :rtype: None - """ - try: - self._client.role_assignments.delete( - scope=scope, role_assignment_name=str(name), **kwargs - ) - except ResourceNotFoundError: - pass - - @distributed_trace - def get_role_assignment( - self, scope: Union[str, KeyVaultRoleScope], name: Union[str, UUID], **kwargs: Any - ) -> KeyVaultRoleAssignment: - """Get a role assignment. - - :param scope: the assignment's scope, for example "/", "/keys", or "/keys/" - :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type scope: str or KeyVaultRoleScope - :param name: the role assignment's name. - :type name: str or uuid.UUID - - :returns: The fetched role assignment. - :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment - """ - assignment = self._client.role_assignments.get( - scope=scope, role_assignment_name=str(name), **kwargs - ) - return KeyVaultRoleAssignment._from_generated(assignment) - - @distributed_trace - def list_role_assignments( - self, scope: Union[str, KeyVaultRoleScope], **kwargs: Any - ) -> ItemPaged[KeyVaultRoleAssignment]: - """List all role assignments for a scope. - - :param scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad scopes. - Specify a narrower scope as a string. - :type scope: str or KeyVaultRoleScope - - :returns: A paged response containing the role assignments for the specified scope. - :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.KeyVaultRoleAssignment] - """ - return self._client.role_assignments.list_for_scope( - scope=scope, - cls=lambda result: [KeyVaultRoleAssignment._from_generated(a) for a in result], - **kwargs - ) - - @distributed_trace - def set_role_definition( - self, - scope: Union[str, KeyVaultRoleScope], - *, - name: Optional[Union[str, UUID]] = None, - role_name: Optional[str] = None, - description: Optional[str] = None, - permissions: Optional[List[KeyVaultPermission]] = None, - assignable_scopes: Optional[List[Union[str, KeyVaultRoleScope]]] = None, - **kwargs: Any, - ) -> KeyVaultRoleDefinition: - """Creates or updates a custom role definition. - - To update a role definition, specify the definition's ``name``. - - :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. - Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type scope: str or KeyVaultRoleScope - - :keyword name: the role definition's name, a UUID. When this argument has a value, the client will create a new - role definition with this name or update an existing role definition, if one exists with the given name. - When this argument has no value, a new role definition will be created with a generated name. - :paramtype name: str or uuid.UUID or None - :keyword role_name: the role's display name. If unspecified when creating or updating a role definition, the - role name will be set to an empty string. - :paramtype role_name: str or None - :keyword description: a description of the role definition. If unspecified when creating or updating a role - definition, the description will be set to an empty string. - :paramtype description: str or None - :keyword permissions: the role definition's permissions. If unspecified when creating or updating a role - definition, the role definition will have no action permissions. - :paramtype permissions: list[KeyVaultPermission] or None - :keyword assignable_scopes: the scopes for which the role definition can be assigned. - :paramtype assignable_scopes: list[str] or list[KeyVaultRoleScope] or None - - :returns: The created or updated role definition - :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition - """ - role_permissions = [ - Permission( - actions=p.actions, - not_actions=p.not_actions, - data_actions=p.data_actions, - not_data_actions=p.not_data_actions, - ) - for p in permissions or [] - ] - - properties = RoleDefinitionProperties( - role_name=role_name, - description=description, - permissions=role_permissions, - assignable_scopes=assignable_scopes, - ) - parameters = RoleDefinitionCreateParameters(properties=properties) - - definition = self._client.role_definitions.create_or_update( - scope=scope, - role_definition_name=str(name or uuid4()), - parameters=parameters, - **kwargs - ) - return KeyVaultRoleDefinition._from_generated(definition) - - @distributed_trace - def get_role_definition( - self, scope: Union[str, KeyVaultRoleScope], name: Union[str, UUID], **kwargs: Any - ) -> KeyVaultRoleDefinition: - """Get the specified role definition. - - :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. - Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type scope: str or KeyVaultRoleScope - :param name: the role definition's name. - :type name: str or uuid.UUID - - :returns: The fetched role definition. - :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition - """ - definition = self._client.role_definitions.get( - scope=scope, role_definition_name=str(name), **kwargs - ) - return KeyVaultRoleDefinition._from_generated(definition) - - @distributed_trace - def delete_role_definition( - self, scope: Union[str, KeyVaultRoleScope], name: Union[str, UUID], **kwargs: Any - ) -> None: - """Deletes a custom role definition. - - :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. - Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type scope: str or KeyVaultRoleScope - :param name: the role definition's name. - :type name: str or uuid.UUID - - :returns: None - :rtype: None - """ - try: - self._client.role_definitions.delete( - scope=scope, role_definition_name=str(name), **kwargs - ) - except ResourceNotFoundError: - pass - - @distributed_trace - def list_role_definitions( - self, scope: Union[str, KeyVaultRoleScope], **kwargs: Any - ) -> ItemPaged[KeyVaultRoleDefinition]: - """List all role definitions applicable at and above a scope. - - :param scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad scopes. - Specify a narrower scope as a string. - :type scope: str or KeyVaultRoleScope - - :returns: A paged response containing the role definitions for the specified scope. - :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.KeyVaultRoleDefinition] - """ - return self._client.role_definitions.list( - scope=scope, - cls=lambda result: [KeyVaultRoleDefinition._from_generated(d) for d in result], - **kwargs - ) - - def __enter__(self) -> "KeyVaultAccessControlClient": - self._client.__enter__() - return self diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py deleted file mode 100644 index 4b5f15ed9412..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py +++ /dev/null @@ -1,393 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -import base64 -import functools -import pickle -from typing import Any, Callable, Optional, overload -from urllib.parse import urlparse - -from typing_extensions import Literal - -from azure.core.polling import LROPoller -from azure.core.tracing.decorator import distributed_trace - -from ._generated.models import PreBackupOperationParameters, PreRestoreOperationParameters, SASTokenParameter -from ._models import KeyVaultBackupOperation, KeyVaultBackupResult, KeyVaultRestoreOperation -from ._internal import KeyVaultClientBase, parse_folder_url -from ._internal.polling import KeyVaultBackupClientPolling, KeyVaultBackupClientPollingMethod - - -def _parse_status_url(url): - parsed = urlparse(url) - job_id = parsed.path.split("/")[2] - return job_id - - -class KeyVaultBackupClient(KeyVaultClientBase): - """Performs Key Vault backup and restore operations. - - :param str vault_url: URL of the vault on which the client will operate. This is also called the vault's "DNS Name". - You should validate that this URL references a valid Key Vault or Managed HSM resource. - See https://aka.ms/azsdk/blog/vault-uri for details. - :param credential: An object which can provide an access token for the vault, such as a credential from - :mod:`azure.identity` - :type credential: ~azure.core.credentials.TokenCredential - - :keyword api_version: Version of the service API to use. Defaults to the most recent. - :paramtype api_version: ~azure.keyvault.administration.ApiVersion or str - :keyword bool verify_challenge_resource: Whether to verify the authentication challenge resource matches the Key - Vault or Managed HSM domain. Defaults to True. - """ - - def _use_continuation_token(self, continuation_token: str, status_method: Callable) -> str: - status_url = base64.b64decode(continuation_token.encode()).decode("ascii") - try: - job_id = _parse_status_url(status_url) - except Exception as ex: # pylint: disable=broad-except - raise ValueError( - "The provided continuation_token is malformed. A valid token can be obtained from the " - + "operation poller's continuation_token() method" - ) from ex - - pipeline_response = status_method( - job_id=job_id, cls=lambda pipeline_response, _, __: pipeline_response - ) - if "azure-asyncoperation" not in pipeline_response.http_response.headers: - pipeline_response.http_response.headers["azure-asyncoperation"] = status_url - return base64.b64encode(pickle.dumps(pipeline_response)).decode("ascii") - - @overload - def begin_backup( - self, - blob_storage_url: str, - *, - use_managed_identity: Literal[True], - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> LROPoller[KeyVaultBackupResult]: - ... - - @overload - def begin_backup( - self, - blob_storage_url: str, - *, - sas_token: str, - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> LROPoller[KeyVaultBackupResult]: - ... - - # Disabling pylint checks because they don't correctly handle overloads - @distributed_trace - def begin_backup( # pylint: disable=docstring-missing-param,docstring-keyword-should-match-keyword-only - self, blob_storage_url: str, *args: str, **kwargs: Any - ) -> LROPoller[KeyVaultBackupResult]: - """Begin a full backup of the Key Vault. - - :param str blob_storage_url: URL of the blob storage container in which the backup will be stored, for example - https://.blob.core.windows.net/backup. - - :keyword str sas_token: Optional Shared Access Signature (SAS) token to authorize access to the blob. Required - unless `use_managed_identity` is set to True. - :keyword use_managed_identity: Indicates which authentication method should be used. If set to True, Managed HSM - will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS - token has to be specified. - :paramtype use_managed_identity: bool - :keyword str continuation_token: A continuation token to restart polling from a saved state. - - :returns: An :class:`~azure.core.polling.LROPoller` instance. Call `result()` on this object to wait for the - operation to complete and get a :class:`KeyVaultBackupResult`. - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.KeyVaultBackupResult] - - Example: - .. literalinclude:: ../tests/test_examples_administration.py - :start-after: [START begin_backup] - :end-before: [END begin_backup] - :language: python - :caption: Create a vault backup - :dedent: 8 - """ - polling_interval = kwargs.pop("_polling_interval", 5) - continuation_token = kwargs.pop("continuation_token", None) - use_managed_identity = kwargs.pop("use_managed_identity", False) - # `sas_token` was formerly a required positional parameter - try: - sas_token: Optional[str] = args[0] - except IndexError: - sas_token = kwargs.pop("sas_token", None) - sas_parameter = self._models.SASTokenParameter( - storage_resource_uri=blob_storage_url, token=sas_token, use_managed_identity=use_managed_identity - ) - - status_response = None - if continuation_token: - status_response = self._use_continuation_token(continuation_token, self._client.full_backup_status) - - return self._client.begin_full_backup( - azure_storage_blob_container_uri=sas_parameter, - cls=KeyVaultBackupResult._from_generated, # pylint: disable=protected-access - continuation_token=status_response, - polling=KeyVaultBackupClientPollingMethod( - lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs - ), - **kwargs, - ) - - @overload - def begin_restore( - self, - folder_url: str, - *, - use_managed_identity: Literal[True], - key_name: Optional[str] = None, - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> LROPoller[None]: - ... - - @overload - def begin_restore( - self, - folder_url: str, - *, - sas_token: str, - key_name: Optional[str] = None, - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> LROPoller[None]: - ... - - # Disabling pylint checks because they don't correctly handle overloads - @distributed_trace - def begin_restore( # pylint: disable=docstring-missing-param,docstring-keyword-should-match-keyword-only - self, folder_url: str, *args: str, **kwargs: Any - ) -> LROPoller[None]: - """Restore a Key Vault backup. - - This method restores either a complete Key Vault backup or when ``key_name`` has a value, a single key. - - :param str folder_url: URL of the blob holding the backup. This would be the `folder_url` of a - :class:`KeyVaultBackupResult` returned by :func:`begin_backup`, for example - https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 - - :keyword str sas_token: Optional Shared Access Signature (SAS) token to authorize access to the blob. Required - unless `use_managed_identity` is set to True. - :keyword use_managed_identity: Indicates which authentication method should be used. If set to True, Managed HSM - will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS - token has to be specified. - :paramtype use_managed_identity: bool - :keyword str key_name: Name of a single key in the backup. When set, only this key will be restored. - :keyword str continuation_token: A continuation token to restart polling from a saved state. - - :returns: An :class:`~azure.core.polling.LROPoller` instance. Call `wait()` or `result()` on this object to wait - for the operation to complete (the return value is None in either case). - :rtype: ~azure.core.polling.LROPoller - - Examples: - .. literalinclude:: ../tests/test_examples_administration.py - :start-after: [START begin_restore] - :end-before: [END begin_restore] - :language: python - :caption: Restore a vault backup - :dedent: 8 - - .. literalinclude:: ../tests/test_examples_administration.py - :start-after: [START begin_selective_restore] - :end-before: [END begin_selective_restore] - :language: python - :caption: Restore a single key - :dedent: 8 - """ - polling_interval = kwargs.pop("_polling_interval", 5) - continuation_token = kwargs.pop("continuation_token", None) - key_name = kwargs.pop("key_name", None) - use_managed_identity = kwargs.pop("use_managed_identity", False) - # `sas_token` was formerly a required positional parameter - try: - sas_token: Optional[str] = args[0] - except IndexError: - sas_token = kwargs.pop("sas_token", None) - - status_response = None - if continuation_token: - status_response = self._use_continuation_token(continuation_token, self._client.restore_status) - - container_url, folder_name = parse_folder_url(folder_url) - sas_parameter = self._models.SASTokenParameter( - storage_resource_uri=container_url, token=sas_token, use_managed_identity=use_managed_identity - ) - polling = KeyVaultBackupClientPollingMethod( - lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs - ) - - if key_name: - client_method = functools.partial(self._client.begin_selective_key_restore_operation, key_name=key_name) - restore_details = self._models.SelectiveKeyRestoreOperationParameters( - sas_token_parameters=sas_parameter, folder=folder_name - ) - else: - client_method = self._client.begin_full_restore_operation - restore_details = self._models.RestoreOperationParameters( - sas_token_parameters=sas_parameter, folder_to_restore=folder_name - ) - - return client_method( - restore_blob_details=restore_details, - cls=lambda *_: None, # poller.result() returns None - continuation_token=status_response, - polling=polling, - **kwargs, - ) - - @overload - def begin_pre_backup( - self, - blob_storage_url: str, - *, - use_managed_identity: Literal[True], - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> LROPoller[KeyVaultBackupOperation]: - ... - - @overload - def begin_pre_backup( - self, - blob_storage_url: str, - *, - sas_token: str, - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> LROPoller[KeyVaultBackupOperation]: - ... - - @distributed_trace - def begin_pre_backup( # pylint: disable=docstring-keyword-should-match-keyword-only - self, blob_storage_url: str, **kwargs: Any - ) -> LROPoller[KeyVaultBackupOperation]: - """Initiates a pre-backup check of whether a full Key Vault backup can be performed. - - A :class:`KeyVaultBackupOperation` instance will be returned by the poller's `result()` method. If the - pre-backup check is successful, the object will have a string `folder_url` attribute, pointing to the blob - storage container where the backup will be stored. If the check fails, the object will have a string `error` - attribute. - - :param str blob_storage_url: URL of the blob storage container in which the backup will be stored, for example - https://.blob.core.windows.net/backup. - - :keyword str sas_token: Optional Shared Access Signature (SAS) token to authorize access to the blob. Required - unless `use_managed_identity` is set to True. - :keyword use_managed_identity: Indicates which authentication method should be used. If set to True, Managed HSM - will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS - token has to be specified. - :paramtype use_managed_identity: bool - :keyword str continuation_token: A continuation token to restart polling from a saved state. - - :returns: An :class:`~azure.core.polling.LROPoller` instance. Call `result()` on this object to wait for the - operation to complete and get a :class:`KeyVaultBackupOperation`. If the pre-backup check is successful, the - object will have a string `folder_url` attribute, pointing to the blob storage container where the backup - will be stored. If the check fails, the object will have a string `error` attribute. - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.KeyVaultBackupOperation] - """ - polling_interval: int = kwargs.pop("_polling_interval", 5) - continuation_token: Optional[str] = kwargs.pop("continuation_token", None) - use_managed_identity: bool = kwargs.pop("use_managed_identity", False) - sas_token: Optional[str] = kwargs.pop("sas_token", None) - - parameters: PreBackupOperationParameters = PreBackupOperationParameters( - storage_resource_uri=blob_storage_url, token=sas_token, use_managed_identity=use_managed_identity - ) - status_response: Optional[str] = None - if continuation_token: - status_response = self._use_continuation_token(continuation_token, self._client.full_backup_status) - - return self._client.begin_pre_full_backup( - pre_backup_operation_parameters=parameters, - cls=KeyVaultBackupOperation._from_generated, # pylint: disable=protected-access - polling=KeyVaultBackupClientPollingMethod( - lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs - ), - continuation_token=status_response, - **kwargs, - ) - - @overload - def begin_pre_restore( - self, - folder_url: str, - *, - use_managed_identity: Literal[True], - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> LROPoller[KeyVaultRestoreOperation]: - ... - - @overload - def begin_pre_restore( - self, - folder_url: str, - *, - sas_token: str, - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> LROPoller[KeyVaultRestoreOperation]: - ... - - @distributed_trace - def begin_pre_restore( # pylint: disable=docstring-keyword-should-match-keyword-only - self, folder_url: str, **kwargs: Any - ) -> LROPoller[KeyVaultRestoreOperation]: - """Initiates a pre-restore check of whether a full Key Vault restore can be performed. - - A :class:`KeyVaultRestoreOperation` instance will be returned by the poller's `result()` method. If the - pre-restore check fails, the object will have a string `error` attribute. - - :param str folder_url: URL of the blob holding the backup. This would be the `folder_url` of a - :class:`KeyVaultBackupResult` returned by :func:`begin_backup`, for example - https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 - - :keyword str sas_token: Optional Shared Access Signature (SAS) token to authorize access to the blob. Required - unless `use_managed_identity` is set to True. - :keyword use_managed_identity: Indicates which authentication method should be used. If set to True, Managed HSM - will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS - token has to be specified. - :paramtype use_managed_identity: bool - :keyword str continuation_token: A continuation token to restart polling from a saved state. - - :returns: An :class:`~azure.core.polling.LROPoller` instance. Call `result()` on this object to wait for the - operation to complete and get a :class:`KeyVaultRestoreOperation`. If the pre-restore check fails, the - object will have a string `error` attribute. - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.KeyVaultRestoreOperation] - """ - polling_interval: int = kwargs.pop("_polling_interval", 5) - continuation_token: Optional[str] = kwargs.pop("continuation_token", None) - use_managed_identity: bool = kwargs.pop("use_managed_identity", False) - sas_token: Optional[str] = kwargs.pop("sas_token", None) - - container_url, folder_name = parse_folder_url(folder_url) - sas_parameter: SASTokenParameter = SASTokenParameter( - storage_resource_uri=container_url, token=sas_token, use_managed_identity=use_managed_identity - ) - parameters: PreRestoreOperationParameters = PreRestoreOperationParameters( - folder_to_restore=folder_name, sas_token_parameters=sas_parameter - ) - status_response: Optional[str] = None - if continuation_token: - status_response = self._use_continuation_token(continuation_token, self._client.restore_status) - - return self._client.begin_pre_full_restore_operation( - pre_restore_operation_parameters=parameters, - cls=KeyVaultRestoreOperation._from_generated, # pylint: disable=protected-access - polling=KeyVaultBackupClientPollingMethod( - lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs - ), - continuation_token=status_response, - **kwargs, - ) - - def __enter__(self) -> "KeyVaultBackupClient": - self._client.__enter__() - return self diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_client.py similarity index 95% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_client.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_client.py index 4e2c5f8c5ad5..41b4ece69f31 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_client.py @@ -26,10 +26,10 @@ class KeyVaultClient(KeyVaultClientOperationsMixin): """The key vault client performs cryptographic key operations and vault operations against the Key Vault service. - :ivar role_assignments: RoleAssignmentsOperations operations - :vartype role_assignments: azure.keyvault.administration._generated.operations.RoleAssignmentsOperations :ivar role_definitions: RoleDefinitionsOperations operations - :vartype role_definitions: azure.keyvault.administration._generated.operations.RoleDefinitionsOperations + :vartype role_definitions: azure.keyvault.administration.operations.RoleDefinitionsOperations + :ivar role_assignments: RoleAssignmentsOperations operations + :vartype role_assignments: azure.keyvault.administration.operations.RoleAssignmentsOperations :param vault_base_url: Required. :type vault_base_url: str :param credential: Credential used to authenticate requests to the service. Required. @@ -66,10 +66,10 @@ def __init__(self, vault_base_url: str, credential: "TokenCredential", **kwargs: self._serialize = Serializer() self._deserialize = Deserializer() self._serialize.client_side_validation = False - self.role_assignments = RoleAssignmentsOperations( + self.role_definitions = RoleDefinitionsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.role_definitions = RoleDefinitionsOperations( + self.role_assignments = RoleAssignmentsOperations( self._client, self._config, self._serialize, self._deserialize ) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_configuration.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_configuration.py similarity index 100% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_configuration.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_configuration.py diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py deleted file mode 100644 index 63e51e265e23..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py +++ /dev/null @@ -1,93 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from enum import Enum - -from azure.core import CaseInsensitiveEnumMeta - - -class KeyVaultRoleScope(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Collection of well known role scopes. This list is not exhaustive.""" - - GLOBAL = "/" #: use this if you want role assignments to apply to everything on the resource - KEYS = "/keys" #: use this if you want role assignments to apply to all keys - - -class KeyVaultDataAction(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Supported permissions for data actions.""" - - #: Read HSM key metadata. - READ_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/read/action" - #: Update an HSM key. - WRITE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/write/action" - #: Read deleted HSM key. - READ_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action" - #: Recover deleted HSM key. - RECOVER_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action" - #: Backup HSM keys. - BACKUP_HSM_KEYS = "Microsoft.KeyVault/managedHsm/keys/backup/action" - #: Restore HSM keys. - RESTORE_HSM_KEYS = "Microsoft.KeyVault/managedHsm/keys/restore/action" - #: Delete role assignment. - DELETE_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" - #: Get role assignment. - GET_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/read/action" - #: Create or update role assignment. - WRITE_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/write/action" - #: Get role definition. - READ_ROLE_DEFINITION = "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action" - #: Create or update role definition. - WRITE_ROLE_DEFINITION = "Microsoft.KeyVault/managedHsm/roleDefinitions/write/action" - #: Delete role definition. - DELETE_ROLE_DEFINITION = "Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action" - #: Encrypt using an HSM key. - ENCRYPT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/encrypt/action" - #: Decrypt using an HSM key. - DECRYPT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/decrypt/action" - #: Wrap using an HSM key. - WRAP_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/wrap/action" - #: Unwrap using an HSM key. - UNWRAP_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/unwrap/action" - #: Sign using an HSM key. - SIGN_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/sign/action" - #: Verify using an HSM key. - VERIFY_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/verify/action" - #: Create an HSM key. - CREATE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/create" - #: Delete an HSM key. - DELETE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/delete" - #: Export an HSM key. - EXPORT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/export/action" - #: Release an HSM key using Secure Key Release. - RELEASE_KEY = "Microsoft.KeyVault/managedHsm/keys/release/action" - #: Import an HSM key. - IMPORT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/import/action" - #: Purge a deleted HSM key. - PURGE_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete" - #: Download an HSM security domain. - DOWNLOAD_HSM_SECURITY_DOMAIN = "Microsoft.KeyVault/managedHsm/securitydomain/download/action" - #: Check status of HSM security domain download. - DOWNLOAD_HSM_SECURITY_DOMAIN_STATUS = "Microsoft.KeyVault/managedHsm/securitydomain/download/read" - #: Upload an HSM security domain. - UPLOAD_HSM_SECURITY_DOMAIN = "Microsoft.KeyVault/managedHsm/securitydomain/upload/action" - #: Check the status of the HSM security domain exchange file. - READ_HSM_SECURITY_DOMAIN_STATUS = "Microsoft.KeyVault/managedHsm/securitydomain/upload/read" - #: Download an HSM security domain transfer key. - READ_HSM_SECURITY_DOMAIN_TRANSFER_KEY = "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read" - #: Start an HSM backup. - START_HSM_BACKUP = "Microsoft.KeyVault/managedHsm/backup/start/action" - #: Start an HSM restore. - START_HSM_RESTORE = "Microsoft.KeyVault/managedHsm/restore/start/action" - #: Read an HSM backup status. - READ_HSM_BACKUP_STATUS = "Microsoft.KeyVault/managedHsm/backup/status/action" - #: Read an HSM restore status. - READ_HSM_RESTORE_STATUS = "Microsoft.KeyVault/managedHsm/restore/status/action" - #: Generate random numbers. - RANDOM_NUMBERS_GENERATE = "Microsoft.KeyVault/managedHsm/rng/action" - - -class KeyVaultSettingType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The type specifier of the setting value.""" - - BOOLEAN = "boolean" diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/__init__.py deleted file mode 100644 index 4f7962408227..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/__init__.py +++ /dev/null @@ -1,32 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) Python Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -# pylint: disable=wrong-import-position - -from typing import TYPE_CHECKING - -if TYPE_CHECKING: - from ._patch import * # pylint: disable=unused-wildcard-import - -from ._client import KeyVaultClient # type: ignore -from ._version import VERSION - -__version__ = VERSION - -try: - from ._patch import __all__ as _patch_all - from ._patch import * -except ImportError: - _patch_all = [] -from ._patch import patch_sdk as _patch_sdk - -__all__ = [ - "KeyVaultClient", -] -__all__.extend([p for p in _patch_all if p not in __all__]) # pyright: ignore - -_patch_sdk() diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_version.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_version.py deleted file mode 100644 index b4c415482fb9..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_version.py +++ /dev/null @@ -1,9 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) Python Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -VERSION = "4.5.0b1" diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/__init__.py deleted file mode 100644 index 8c996b993b8a..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/__init__.py +++ /dev/null @@ -1,29 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) Python Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -# pylint: disable=wrong-import-position - -from typing import TYPE_CHECKING - -if TYPE_CHECKING: - from ._patch import * # pylint: disable=unused-wildcard-import - -from ._client import KeyVaultClient # type: ignore - -try: - from ._patch import __all__ as _patch_all - from ._patch import * -except ImportError: - _patch_all = [] -from ._patch import patch_sdk as _patch_sdk - -__all__ = [ - "KeyVaultClient", -] -__all__.extend([p for p in _patch_all if p not in __all__]) # pyright: ignore - -_patch_sdk() diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/operations/_patch.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/operations/_patch.py deleted file mode 100644 index f7dd32510333..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/operations/_patch.py +++ /dev/null @@ -1,20 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -"""Customize generated code here. - -Follow our quickstart for examples: https://aka.ms/azsdk/python/dpcodegen/python/customize -""" -from typing import List - -__all__: List[str] = [] # Add all objects you want publicly available to users at this package level - - -def patch_sdk(): - """Do not remove from this file. - - `patch_sdk` is a last resort escape hatch that allows you to do customizations - you can't accomplish using the techniques described in - https://aka.ms/azsdk/python/dpcodegen/python/customize - """ diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/py.typed b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/py.typed deleted file mode 100644 index e5aff4f83af8..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/py.typed +++ /dev/null @@ -1 +0,0 @@ -# Marker file for PEP 561. \ No newline at end of file diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/tsp-location.yaml b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/tsp-location.yaml deleted file mode 100644 index 801d715219ae..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/tsp-location.yaml +++ /dev/null @@ -1,8 +0,0 @@ -directory: specification/keyvault/Security.KeyVault.Administration -commit: b8d26b0e4c1886458fa56c22aac09c3e3e9a5c9e -repo: Azure/azure-rest-api-specs -additionalDirectories: -- specification/keyvault/Security.KeyVault.BackupRestore/ -- specification/keyvault/Security.KeyVault.Common/ -- specification/keyvault/Security.KeyVault.RBAC/ -- specification/keyvault/Security.KeyVault.Settings/ diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/__init__.py deleted file mode 100644 index f8b42fa3f5c4..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/__init__.py +++ /dev/null @@ -1,90 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from collections import namedtuple - -from urllib.parse import urlparse - -from .challenge_auth_policy import ChallengeAuthPolicy -from .client_base import KeyVaultClientBase -from .http_challenge import HttpChallenge -from . import http_challenge_cache - -HttpChallengeCache = http_challenge_cache # to avoid aliasing pylint error (C4745) - -__all__ = [ - "ChallengeAuthPolicy", - "HttpChallenge", - "HttpChallengeCache", - "KeyVaultClientBase", -] - -_VaultId = namedtuple("_VaultId", ["vault_url", "collection", "name", "version"]) - - -def parse_vault_id(url: str) -> "_VaultId": - try: - parsed_uri = urlparse(url) - except Exception as exc: # pylint: disable=broad-except - raise ValueError(f"'{url}' is not a valid url") from exc - if not (parsed_uri.scheme and parsed_uri.hostname): - raise ValueError(f"'{url}' is not a valid url") - - path = list(filter(None, parsed_uri.path.split("/"))) - - if len(path) < 2 or len(path) > 3: - raise ValueError(f"'{url}' is not a valid vault url") - - return _VaultId( - vault_url=f"{parsed_uri.scheme}://{parsed_uri.hostname}", - collection=path[0], - name=path[1], - version=path[2] if len(path) == 3 else None, - ) - - -BackupLocation = namedtuple("BackupLocation", ["container_url", "folder_name"]) - - -def parse_folder_url(folder_url: str) -> "BackupLocation": - """Parse the blob container URL and folder name from a backup's blob storage URL. - - For example, https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 parses to - (container_url="https://.blob.core.windows.net/backup", folder_name="mhsm-account-2020090117323313"). - - :param str folder_url: The URL to a backup's blob storage folder. - - :returns: A named tuple with a `container_url` and `folder_name`, representing the location of the backup. - :rtype: BackupLocation - """ - - try: - parsed = urlparse(folder_url) - - # the first segment of the path is the container name - stripped_path = parsed.path.strip("/") - container = stripped_path.split("/", maxsplit=1)[0] - - # the rest of the path is the folder name - folder_name = stripped_path[len(container) + 1 :] - - # this intentionally discards any SAS token in the URL--methods require the SAS token as a separate parameter - container_url = f"{parsed.scheme}://{parsed.netloc}/{container}" - - return BackupLocation(container_url, folder_name) - except Exception as exc: # pylint:disable=broad-except - raise ValueError( - '"folder_url" should be the URL of a blob holding a Key Vault backup, for example ' - '"https://.blob.core.windows.net/backup/mhsm-account-2020090117323313"' - ) from exc - - -try: - # pylint:disable=unused-import - from .async_challenge_auth_policy import AsyncChallengeAuthPolicy - from .async_client_base import AsyncKeyVaultClientBase - - __all__.extend(["AsyncChallengeAuthPolicy", "AsyncKeyVaultClientBase"]) -except (SyntaxError, ImportError): - pass diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_challenge_auth_policy.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_challenge_auth_policy.py deleted file mode 100644 index dad851f8f58c..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_challenge_auth_policy.py +++ /dev/null @@ -1,262 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -"""Policy implementing Key Vault's challenge authentication protocol. - -Normally the protocol is only used for the client's first service request, upon which: -1. The challenge authentication policy sends a copy of the request, without authorization or content. -2. Key Vault responds 401 with a header (the 'challenge') detailing how the client should authenticate such a request. -3. The policy authenticates according to the challenge and sends the original request with authorization. - -The policy caches the challenge and thus knows how to authenticate future requests. However, authentication -requirements can change. For example, a vault may move to a new tenant. In such a case the policy will attempt the -protocol again. -""" - -from copy import deepcopy -import sys -import time -from typing import Any, Callable, cast, Optional, overload, TypeVar, Union -from urllib.parse import urlparse - -from typing_extensions import ParamSpec - -from azure.core.credentials import AccessToken, AccessTokenInfo, TokenRequestOptions -from azure.core.credentials_async import AsyncSupportsTokenInfo, AsyncTokenCredential, AsyncTokenProvider -from azure.core.pipeline import PipelineRequest, PipelineResponse -from azure.core.pipeline.policies import AsyncBearerTokenCredentialPolicy -from azure.core.rest import AsyncHttpResponse, HttpRequest - -from .http_challenge import HttpChallenge -from . import http_challenge_cache as ChallengeCache -from .challenge_auth_policy import _enforce_tls, _has_claims, _update_challenge - -if sys.version_info < (3, 9): - from typing import Awaitable -else: - from collections.abc import Awaitable - - -P = ParamSpec("P") -T = TypeVar("T") - - -@overload -async def await_result(func: Callable[P, Awaitable[T]], *args: P.args, **kwargs: P.kwargs) -> T: ... - - -@overload -async def await_result(func: Callable[P, T], *args: P.args, **kwargs: P.kwargs) -> T: ... - - -async def await_result(func: Callable[P, Union[T, Awaitable[T]]], *args: P.args, **kwargs: P.kwargs) -> T: - """If func returns an awaitable, await it. - - :param func: The function to run. - :type func: callable - :param args: The positional arguments to pass to the function. - :type args: list - :rtype: any - :return: The result of the function - """ - result = func(*args, **kwargs) - if isinstance(result, Awaitable): - return await result - return result - - -class AsyncChallengeAuthPolicy(AsyncBearerTokenCredentialPolicy): - """Policy for handling HTTP authentication challenges. - - :param credential: An object which can provide an access token for the vault, such as a credential from - :mod:`azure.identity.aio` - :type credential: ~azure.core.credentials_async.AsyncTokenProvider - """ - - def __init__(self, credential: AsyncTokenProvider, *scopes: str, **kwargs: Any) -> None: - # Pass `enable_cae` so `enable_cae=True` is always passed through self.authorize_request - super().__init__(credential, *scopes, enable_cae=True, **kwargs) - self._credential: AsyncTokenProvider = credential - self._token: Optional[Union["AccessToken", "AccessTokenInfo"]] = None - self._verify_challenge_resource = kwargs.pop("verify_challenge_resource", True) - self._request_copy: Optional[HttpRequest] = None - - async def send( - self, request: PipelineRequest[HttpRequest] - ) -> PipelineResponse[HttpRequest, AsyncHttpResponse]: - """Authorize request with a bearer token and send it to the next policy. - - We implement this method to account for the valid scenario where a Key Vault authentication challenge is - immediately followed by a CAE claims challenge. The base class's implementation would return the second 401 to - the caller, but we should handle that second challenge as well (and only return any third 401 response). - - :param request: The pipeline request object - :type request: ~azure.core.pipeline.PipelineRequest - :return: The pipeline response object - :rtype: ~azure.core.pipeline.PipelineResponse - """ - await await_result(self.on_request, request) - response: PipelineResponse[HttpRequest, AsyncHttpResponse] - try: - response = await self.next.send(request) - except Exception: # pylint:disable=broad-except - await await_result(self.on_exception, request) - raise - await await_result(self.on_response, request, response) - - if response.http_response.status_code == 401: - return await self.handle_challenge_flow(request, response) - return response - - async def handle_challenge_flow( - self, - request: PipelineRequest[HttpRequest], - response: PipelineResponse[HttpRequest, AsyncHttpResponse], - consecutive_challenge: bool = False, - ) -> PipelineResponse[HttpRequest, AsyncHttpResponse]: - """Handle the challenge flow of Key Vault and CAE authentication. - - :param request: The pipeline request object - :type request: ~azure.core.pipeline.PipelineRequest - :param response: The pipeline response object - :type response: ~azure.core.pipeline.PipelineResponse - :param bool consecutive_challenge: Whether the challenge is arriving immediately after another challenge. - Consecutive challenges can only be valid if a Key Vault challenge is followed by a CAE claims challenge. - True if the preceding challenge was a Key Vault challenge; False otherwise. - - :return: The pipeline response object - :rtype: ~azure.core.pipeline.PipelineResponse - """ - self._token = None # any cached token is invalid - if "WWW-Authenticate" in response.http_response.headers: - # If the previous challenge was a KV challenge and this one is too, return the 401 - claims_challenge = _has_claims(response.http_response.headers["WWW-Authenticate"]) - if consecutive_challenge and not claims_challenge: - return response - - request_authorized = await self.on_challenge(request, response) - if request_authorized: - # if we receive a challenge response, we retrieve a new token - # which matches the new target. In this case, we don't want to remove - # token from the request so clear the 'insecure_domain_change' tag - request.context.options.pop("insecure_domain_change", False) - try: - response = await self.next.send(request) - except Exception: # pylint:disable=broad-except - await await_result(self.on_exception, request) - raise - - # If consecutive_challenge == True, this could be a third consecutive 401 - if response.http_response.status_code == 401 and not consecutive_challenge: - # If the previous challenge wasn't from CAE, we can try this function one more time - if not claims_challenge: - return await self.handle_challenge_flow(request, response, consecutive_challenge=True) - await await_result(self.on_response, request, response) - return response - - - async def on_request(self, request: PipelineRequest) -> None: - _enforce_tls(request) - challenge = ChallengeCache.get_challenge_for_url(request.http_request.url) - if challenge: - # Note that if the vault has moved to a new tenant since our last request for it, this request will fail. - if self._need_new_token(): - # azure-identity credentials require an AADv2 scope but the challenge may specify an AADv1 resource - scope = challenge.get_scope() or challenge.get_resource() + "/.default" - await self._request_kv_token(scope, challenge) - - bearer_token = cast(Union[AccessToken, AccessTokenInfo], self._token).token - request.http_request.headers["Authorization"] = f"Bearer {bearer_token}" - return - - # else: discover authentication information by eliciting a challenge from Key Vault. Remove any request data, - # saving it for later. Key Vault will reject the request as unauthorized and respond with a challenge. - # on_challenge will parse that challenge, use the original request including the body, authorize the - # request, and tell super to send it again. - if request.http_request.content: - self._request_copy = request.http_request - bodiless_request = HttpRequest( - method=request.http_request.method, - url=request.http_request.url, - headers=deepcopy(request.http_request.headers), - ) - bodiless_request.headers["Content-Length"] = "0" - request.http_request = bodiless_request - - - async def on_challenge(self, request: PipelineRequest, response: PipelineResponse) -> bool: - try: - # CAE challenges may not include a scope or tenant; cache from the previous challenge to use if necessary - old_scope: Optional[str] = None - old_tenant: Optional[str] = None - cached_challenge = ChallengeCache.get_challenge_for_url(request.http_request.url) - if cached_challenge: - old_scope = cached_challenge.get_scope() or cached_challenge.get_resource() + "/.default" - old_tenant = cached_challenge.tenant_id - - challenge = _update_challenge(request, response) - # CAE challenges may not include a scope or tenant; use the previous challenge's values if necessary - if challenge.claims and old_scope: - challenge._parameters["scope"] = old_scope # pylint:disable=protected-access - challenge.tenant_id = old_tenant - # azure-identity credentials require an AADv2 scope but the challenge may specify an AADv1 resource - scope = challenge.get_scope() or challenge.get_resource() + "/.default" - except ValueError: - return False - - if self._verify_challenge_resource: - resource_domain = urlparse(scope).netloc - if not resource_domain: - raise ValueError(f"The challenge contains invalid scope '{scope}'.") - - request_domain = urlparse(request.http_request.url).netloc - if not request_domain.lower().endswith(f".{resource_domain.lower()}"): - raise ValueError( - f"The challenge resource '{resource_domain}' does not match the requested domain. Pass " - "`verify_challenge_resource=False` to your client's constructor to disable this verification. " - "See https://aka.ms/azsdk/blog/vault-uri for more information." - ) - - # If we had created a request copy in on_request, use it now to send along the original body content - if self._request_copy: - request.http_request = self._request_copy - - # The tenant parsed from AD FS challenges is "adfs"; we don't actually need a tenant for AD FS authentication - # For AD FS we skip cross-tenant authentication per https://github.com/Azure/azure-sdk-for-python/issues/28648 - if challenge.tenant_id and challenge.tenant_id.lower().endswith("adfs"): - await self.authorize_request(request, scope, claims=challenge.claims) - else: - await self.authorize_request( - request, scope, claims=challenge.claims, tenant_id=challenge.tenant_id - ) - - return True - - def _need_new_token(self) -> bool: - now = time.time() - refresh_on = getattr(self._token, "refresh_on", None) - return not self._token or (refresh_on and refresh_on <= now) or self._token.expires_on - now < 300 - - async def _request_kv_token(self, scope: str, challenge: HttpChallenge) -> None: - """Implementation of BearerTokenCredentialPolicy's _request_token method, but specific to Key Vault. - - :param str scope: The scope for which to request a token. - :param challenge: The challenge for the request being made. - :type challenge: HttpChallenge - """ - # Exclude tenant for AD FS authentication - exclude_tenant = challenge.tenant_id and challenge.tenant_id.lower().endswith("adfs") - # The AsyncSupportsTokenInfo protocol needs TokenRequestOptions for token requests instead of kwargs - if hasattr(self._credential, "get_token_info"): - options: TokenRequestOptions = {"enable_cae": True} - if challenge.tenant_id and not exclude_tenant: - options["tenant_id"] = challenge.tenant_id - self._token = await cast(AsyncSupportsTokenInfo, self._credential).get_token_info(scope, options=options) - else: - if exclude_tenant: - self._token = await self._credential.get_token(scope, enable_cae=True) - else: - self._token = await cast(AsyncTokenCredential, self._credential).get_token( - scope, tenant_id=challenge.tenant_id, enable_cae=True - ) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_client_base.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_client_base.py deleted file mode 100644 index 742ece80cb90..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_client_base.py +++ /dev/null @@ -1,118 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -import sys -from typing import Any - -from azure.core.credentials_async import AsyncTokenCredential -from azure.core.pipeline.policies import HttpLoggingPolicy -from azure.core.rest import AsyncHttpResponse, HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async - -from . import AsyncChallengeAuthPolicy -from .client_base import ApiVersion, DEFAULT_VERSION, _format_api_version, _SERIALIZER -from .._sdk_moniker import SDK_MONIKER -from .._generated.aio import KeyVaultClient as _KeyVaultClient -from .._generated import models as _models - -if sys.version_info < (3, 9): - from typing import Awaitable -else: - from collections.abc import Awaitable - - -class AsyncKeyVaultClientBase(object): - # pylint:disable=protected-access - def __init__(self, vault_url: str, credential: AsyncTokenCredential, **kwargs: Any) -> None: - if not credential: - raise ValueError( - "credential should be an object supporting the AsyncTokenCredential protocol, " - "such as a credential from azure-identity" - ) - if not vault_url: - raise ValueError("vault_url must be the URL of an Azure Key Vault") - - try: - self.api_version = kwargs.pop("api_version", DEFAULT_VERSION) - # If API version was provided as an enum value, need to make a plain string for 3.11 compatibility - if hasattr(self.api_version, "value"): - self.api_version = self.api_version.value - self._vault_url = vault_url.strip(" /") - client = kwargs.get("generated_client") - if client: - # caller provided a configured client -> only models left to initialize - self._client = client - models = kwargs.get("generated_models") - self._models = models or _models - return - - http_logging_policy = HttpLoggingPolicy(**kwargs) - http_logging_policy.allowed_header_names.update( - { - "x-ms-keyvault-network-info", - "x-ms-keyvault-region", - "x-ms-keyvault-service-version" - } - ) - - verify_challenge = kwargs.pop("verify_challenge_resource", True) - self._client = _KeyVaultClient( - vault_base_url=self._vault_url, - credential=credential, - api_version=self.api_version, - authentication_policy=AsyncChallengeAuthPolicy(credential, verify_challenge_resource=verify_challenge), - sdk_moniker=SDK_MONIKER, - http_logging_policy=http_logging_policy, - **kwargs - ) - self._models = _models - except ValueError as exc: - raise NotImplementedError( - f"This package doesn't support API version '{self.api_version}'. " - + f"Supported versions: {', '.join(v.value for v in ApiVersion)}" - ) from exc - - @property - def vault_url(self) -> str: - return self._vault_url - - async def __aenter__(self) -> "AsyncKeyVaultClientBase": - await self._client.__aenter__() - return self - - async def __aexit__(self, *args: "Any") -> None: - await self._client.__aexit__(*args) - - async def close(self) -> None: - """Close sockets opened by the client. - - Calling this method is unnecessary when using the client as a context manager. - """ - await self._client.close() - - @distributed_trace_async - def send_request( - self, request: HttpRequest, *, stream: bool = False, **kwargs: Any - ) -> Awaitable[AsyncHttpResponse]: - """Runs a network request using the client's existing pipeline. - - The request URL can be relative to the vault URL. The service API version used for the request is the same as - the client's unless otherwise specified. This method does not raise if the response is an error; to raise an - exception, call `raise_for_status()` on the returned response object. For more information about how to send - custom requests with this method, see https://aka.ms/azsdk/dpcodegen/python/send_request. - - :param request: The network request you want to make. - :type request: ~azure.core.rest.HttpRequest - - :keyword bool stream: Whether the response payload will be streamed. Defaults to False. - - :return: The response of your network call. Does not do error handling on your response. - :rtype: ~azure.core.rest.AsyncHttpResponse - """ - request_copy = _format_api_version(request, self.api_version) - path_format_arguments = { - "vaultBaseUrl": _SERIALIZER.url("vault_base_url", self._vault_url, "str", skip_quote=True), - } - request_copy.url = self._client._client.format_url(request_copy.url, **path_format_arguments) - return self._client._client.send_request(request_copy, stream=stream, **kwargs) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_polling.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_polling.py deleted file mode 100644 index bd77ebd79e4e..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/async_polling.py +++ /dev/null @@ -1,12 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -import base64 - -from azure.core.polling.async_base_polling import AsyncLROBasePolling - - -class KeyVaultAsyncBackupClientPollingMethod(AsyncLROBasePolling): - def get_continuation_token(self) -> str: - return base64.b64encode(self._operation.get_polling_url().encode()).decode("ascii") diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/challenge_auth_policy.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/challenge_auth_policy.py deleted file mode 100644 index eb4073d0e699..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/challenge_auth_policy.py +++ /dev/null @@ -1,270 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -"""Policy implementing Key Vault's challenge authentication protocol. - -Normally the protocol is only used for the client's first service request, upon which: -1. The challenge authentication policy sends a copy of the request, without authorization or content. -2. Key Vault responds 401 with a header (the 'challenge') detailing how the client should authenticate such a request. -3. The policy authenticates according to the challenge and sends the original request with authorization. - -The policy caches the challenge and thus knows how to authenticate future requests. However, authentication -requirements can change. For example, a vault may move to a new tenant. In such a case the policy will attempt the -protocol again. -""" - -from copy import deepcopy -import time -from typing import Any, cast, Optional, Union -from urllib.parse import urlparse - -from azure.core.credentials import ( - AccessToken, - AccessTokenInfo, - TokenCredential, - TokenProvider, - TokenRequestOptions, - SupportsTokenInfo, -) -from azure.core.exceptions import ServiceRequestError -from azure.core.pipeline import PipelineRequest, PipelineResponse -from azure.core.pipeline.policies import BearerTokenCredentialPolicy -from azure.core.rest import HttpRequest, HttpResponse - -from .http_challenge import HttpChallenge -from . import http_challenge_cache as ChallengeCache - - -def _enforce_tls(request: PipelineRequest) -> None: - if not request.http_request.url.lower().startswith("https"): - raise ServiceRequestError( - "Bearer token authentication is not permitted for non-TLS protected (non-https) URLs." - ) - - -def _has_claims(challenge: str) -> bool: - """Check if a challenge header contains claims. - - :param challenge: The challenge header to check. - :type challenge: str - - :returns: True if the challenge contains claims; False otherwise. - :rtype: bool - """ - # Split the challenge into its scheme and parameters, then check if any parameter contains claims - split_challenge = challenge.strip().split(" ", 1) - return any("claims=" in item for item in split_challenge[1].split(",")) - - -def _update_challenge(request: PipelineRequest, challenger: PipelineResponse) -> HttpChallenge: - """Parse challenge from a challenge response, cache it, and return it. - - :param request: The pipeline request that prompted the challenge response. - :type request: ~azure.core.pipeline.PipelineRequest - :param challenger: The pipeline response containing the authentication challenge. - :type challenger: ~azure.core.pipeline.PipelineResponse - - :returns: An HttpChallenge object representing the authentication challenge. - :rtype: HttpChallenge - """ - - challenge = HttpChallenge( - request.http_request.url, - challenger.http_response.headers.get("WWW-Authenticate"), - response_headers=challenger.http_response.headers, - ) - ChallengeCache.set_challenge_for_url(request.http_request.url, challenge) - return challenge - - -class ChallengeAuthPolicy(BearerTokenCredentialPolicy): - """Policy for handling HTTP authentication challenges. - - :param credential: An object which can provide an access token for the vault, such as a credential from - :mod:`azure.identity` - :type credential: ~azure.core.credentials.TokenProvider - :param str scopes: Lets you specify the type of access needed. - """ - - def __init__(self, credential: TokenProvider, *scopes: str, **kwargs: Any) -> None: - # Pass `enable_cae` so `enable_cae=True` is always passed through self.authorize_request - super(ChallengeAuthPolicy, self).__init__(credential, *scopes, enable_cae=True, **kwargs) - self._credential: TokenProvider = credential - self._token: Optional[Union["AccessToken", "AccessTokenInfo"]] = None - self._verify_challenge_resource = kwargs.pop("verify_challenge_resource", True) - self._request_copy: Optional[HttpRequest] = None - - def send(self, request: PipelineRequest[HttpRequest]) -> PipelineResponse[HttpRequest, HttpResponse]: - """Authorize request with a bearer token and send it to the next policy. - - We implement this method to account for the valid scenario where a Key Vault authentication challenge is - immediately followed by a CAE claims challenge. The base class's implementation would return the second 401 to - the caller, but we should handle that second challenge as well (and only return any third 401 response). - - :param request: The pipeline request object - :type request: ~azure.core.pipeline.PipelineRequest - - :return: The pipeline response object - :rtype: ~azure.core.pipeline.PipelineResponse - """ - self.on_request(request) - try: - response = self.next.send(request) - except Exception: # pylint:disable=broad-except - self.on_exception(request) - raise - - self.on_response(request, response) - if response.http_response.status_code == 401: - return self.handle_challenge_flow(request, response) - return response - - def handle_challenge_flow( - self, - request: PipelineRequest[HttpRequest], - response: PipelineResponse[HttpRequest, HttpResponse], - consecutive_challenge: bool = False, - ) -> PipelineResponse[HttpRequest, HttpResponse]: - """Handle the challenge flow of Key Vault and CAE authentication. - - :param request: The pipeline request object - :type request: ~azure.core.pipeline.PipelineRequest - :param response: The pipeline response object - :type response: ~azure.core.pipeline.PipelineResponse - :param bool consecutive_challenge: Whether the challenge is arriving immediately after another challenge. - Consecutive challenges can only be valid if a Key Vault challenge is followed by a CAE claims challenge. - True if the preceding challenge was a Key Vault challenge; False otherwise. - - :return: The pipeline response object - :rtype: ~azure.core.pipeline.PipelineResponse - """ - self._token = None # any cached token is invalid - if "WWW-Authenticate" in response.http_response.headers: - # If the previous challenge was a KV challenge and this one is too, return the 401 - claims_challenge = _has_claims(response.http_response.headers["WWW-Authenticate"]) - if consecutive_challenge and not claims_challenge: - return response - - request_authorized = self.on_challenge(request, response) - if request_authorized: - # if we receive a challenge response, we retrieve a new token - # which matches the new target. In this case, we don't want to remove - # token from the request so clear the 'insecure_domain_change' tag - request.context.options.pop("insecure_domain_change", False) - try: - response = self.next.send(request) - except Exception: # pylint:disable=broad-except - self.on_exception(request) - raise - - # If consecutive_challenge == True, this could be a third consecutive 401 - if response.http_response.status_code == 401 and not consecutive_challenge: - # If the previous challenge wasn't from CAE, we can try this function one more time - if not claims_challenge: - return self.handle_challenge_flow(request, response, consecutive_challenge=True) - self.on_response(request, response) - return response - - def on_request(self, request: PipelineRequest) -> None: - _enforce_tls(request) - challenge = ChallengeCache.get_challenge_for_url(request.http_request.url) - if challenge: - # Note that if the vault has moved to a new tenant since our last request for it, this request will fail. - if self._need_new_token: - # azure-identity credentials require an AADv2 scope but the challenge may specify an AADv1 resource - scope = challenge.get_scope() or challenge.get_resource() + "/.default" - self._request_kv_token(scope, challenge) - - bearer_token = cast(Union["AccessToken", "AccessTokenInfo"], self._token).token - request.http_request.headers["Authorization"] = f"Bearer {bearer_token}" - return - - # else: discover authentication information by eliciting a challenge from Key Vault. Remove any request data, - # saving it for later. Key Vault will reject the request as unauthorized and respond with a challenge. - # on_challenge will parse that challenge, use the original request including the body, authorize the - # request, and tell super to send it again. - if request.http_request.content: - self._request_copy = request.http_request - bodiless_request = HttpRequest( - method=request.http_request.method, - url=request.http_request.url, - headers=deepcopy(request.http_request.headers), - ) - bodiless_request.headers["Content-Length"] = "0" - request.http_request = bodiless_request - - def on_challenge(self, request: PipelineRequest, response: PipelineResponse) -> bool: - try: - # CAE challenges may not include a scope or tenant; cache from the previous challenge to use if necessary - old_scope: Optional[str] = None - old_tenant: Optional[str] = None - cached_challenge = ChallengeCache.get_challenge_for_url(request.http_request.url) - if cached_challenge: - old_scope = cached_challenge.get_scope() or cached_challenge.get_resource() + "/.default" - old_tenant = cached_challenge.tenant_id - - challenge = _update_challenge(request, response) - # CAE challenges may not include a scope or tenant; use the previous challenge's values if necessary - if challenge.claims and old_scope: - challenge._parameters["scope"] = old_scope # pylint:disable=protected-access - challenge.tenant_id = old_tenant - # azure-identity credentials require an AADv2 scope but the challenge may specify an AADv1 resource - scope = challenge.get_scope() or challenge.get_resource() + "/.default" - except ValueError: - return False - - if self._verify_challenge_resource: - resource_domain = urlparse(scope).netloc - if not resource_domain: - raise ValueError(f"The challenge contains invalid scope '{scope}'.") - - request_domain = urlparse(request.http_request.url).netloc - if not request_domain.lower().endswith(f".{resource_domain.lower()}"): - raise ValueError( - f"The challenge resource '{resource_domain}' does not match the requested domain. Pass " - "`verify_challenge_resource=False` to your client's constructor to disable this verification. " - "See https://aka.ms/azsdk/blog/vault-uri for more information." - ) - - # If we had created a request copy in on_request, use it now to send along the original body content - if self._request_copy: - request.http_request = self._request_copy - - # The tenant parsed from AD FS challenges is "adfs"; we don't actually need a tenant for AD FS authentication - # For AD FS we skip cross-tenant authentication per https://github.com/Azure/azure-sdk-for-python/issues/28648 - if challenge.tenant_id and challenge.tenant_id.lower().endswith("adfs"): - self.authorize_request(request, scope, claims=challenge.claims) - else: - self.authorize_request(request, scope, claims=challenge.claims, tenant_id=challenge.tenant_id) - - return True - - @property - def _need_new_token(self) -> bool: - now = time.time() - refresh_on = getattr(self._token, "refresh_on", None) - return not self._token or (refresh_on and refresh_on <= now) or self._token.expires_on - now < 300 - - def _request_kv_token(self, scope: str, challenge: HttpChallenge) -> None: - """Implementation of BearerTokenCredentialPolicy's _request_token method, but specific to Key Vault. - - :param str scope: The scope for which to request a token. - :param challenge: The challenge for the request being made. - :type challenge: HttpChallenge - """ - # Exclude tenant for AD FS authentication - exclude_tenant = challenge.tenant_id and challenge.tenant_id.lower().endswith("adfs") - # The SupportsTokenInfo protocol needs TokenRequestOptions for token requests instead of kwargs - if hasattr(self._credential, "get_token_info"): - options: TokenRequestOptions = {"enable_cae": True} - if challenge.tenant_id and not exclude_tenant: - options["tenant_id"] = challenge.tenant_id - self._token = cast(SupportsTokenInfo, self._credential).get_token_info(scope, options=options) - else: - if exclude_tenant: - self._token = self._credential.get_token(scope, enable_cae=True) - else: - self._token = cast(TokenCredential, self._credential).get_token( - scope, tenant_id=challenge.tenant_id, enable_cae=True - ) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/client_base.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/client_base.py deleted file mode 100644 index ff17968f166d..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/client_base.py +++ /dev/null @@ -1,155 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from copy import deepcopy -from enum import Enum -from typing import Any -from urllib.parse import urlparse - -from azure.core import CaseInsensitiveEnumMeta -from azure.core.credentials import TokenCredential -from azure.core.pipeline.policies import HttpLoggingPolicy -from azure.core.rest import HttpRequest, HttpResponse -from azure.core.tracing.decorator import distributed_trace - -from . import ChallengeAuthPolicy -from .._generated import KeyVaultClient as _KeyVaultClient -from .._generated import models as _models -from .._generated._serialization import Serializer -from .._sdk_moniker import SDK_MONIKER - - -class ApiVersion(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Key Vault API versions supported by this package""" - - #: this is the default version - V7_6_PREVIEW_2 = "7.6-preview.2" - V7_5 = "7.5" - V7_4 = "7.4" - V7_3 = "7.3" - V7_2 = "7.2" - - -DEFAULT_VERSION = ApiVersion.V7_6_PREVIEW_2 - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def _format_api_version(request: HttpRequest, api_version: str) -> HttpRequest: - """Returns a request copy that includes an api-version query parameter if one wasn't originally present. - - :param request: The HTTP request being sent. - :type request: ~azure.core.rest.HttpRequest - :param str api_version: The service API version that the request should include. - - :returns: A copy of the request that includes an api-version query parameter. - :rtype: ~azure.core.rest.HttpRequest - """ - request_copy = deepcopy(request) - params = {"api-version": api_version} # By default, we want to use the client's API version - query = urlparse(request_copy.url).query - - if query: - request_copy.url = request_copy.url.partition("?")[0] - existing_params = {p[0]: p[-1] for p in [p.partition("=") for p in query.split("&")]} - params.update(existing_params) # If an api-version was provided, this will overwrite our default - - # Reconstruct the query parameters onto the URL - query_params = [] - for k, v in params.items(): - query_params.append("{}={}".format(k, v)) - query = "?" + "&".join(query_params) - request_copy.url = request_copy.url + query - return request_copy - - -class KeyVaultClientBase(object): - # pylint:disable=protected-access - def __init__(self, vault_url: str, credential: TokenCredential, **kwargs: Any) -> None: - if not credential: - raise ValueError( - "credential should be an object supporting the TokenCredential protocol, " - "such as a credential from azure-identity" - ) - if not vault_url: - raise ValueError("vault_url must be the URL of an Azure Key Vault") - - try: - self.api_version = kwargs.pop("api_version", DEFAULT_VERSION) - # If API version was provided as an enum value, need to make a plain string for 3.11 compatibility - if hasattr(self.api_version, "value"): - self.api_version = self.api_version.value - self._vault_url = vault_url.strip(" /") - client = kwargs.get("generated_client") - if client: - # caller provided a configured client -> only models left to initialize - self._client = client - models = kwargs.get("generated_models") - self._models = models or _models - return - - http_logging_policy = HttpLoggingPolicy(**kwargs) - http_logging_policy.allowed_header_names.update( - {"x-ms-keyvault-network-info", "x-ms-keyvault-region", "x-ms-keyvault-service-version"} - ) - - verify_challenge = kwargs.pop("verify_challenge_resource", True) - self._client = _KeyVaultClient( - vault_base_url=self._vault_url, - credential=credential, - api_version=self.api_version, - authentication_policy=ChallengeAuthPolicy(credential, verify_challenge_resource=verify_challenge), - sdk_moniker=SDK_MONIKER, - http_logging_policy=http_logging_policy, - **kwargs - ) - self._models = _models - except ValueError as exc: - raise NotImplementedError( - f"This package doesn't support API version '{self.api_version}'. " - + f"Supported versions: {', '.join(v.value for v in ApiVersion)}" - ) from exc - - @property - def vault_url(self) -> str: - return self._vault_url - - def __enter__(self) -> "KeyVaultClientBase": - self._client.__enter__() - return self - - def __exit__(self, *args: "Any") -> None: - self._client.__exit__(*args) - - def close(self) -> None: - """Close sockets opened by the client. - - Calling this method is unnecessary when using the client as a context manager. - """ - self._client.close() - - @distributed_trace - def send_request(self, request: HttpRequest, *, stream: bool = False, **kwargs: Any) -> HttpResponse: - """Runs a network request using the client's existing pipeline. - - The request URL can be relative to the vault URL. The service API version used for the request is the same as - the client's unless otherwise specified. This method does not raise if the response is an error; to raise an - exception, call `raise_for_status()` on the returned response object. For more information about how to send - custom requests with this method, see https://aka.ms/azsdk/dpcodegen/python/send_request. - - :param request: The network request you want to make. - :type request: ~azure.core.rest.HttpRequest - - :keyword bool stream: Whether the response payload will be streamed. Defaults to False. - - :return: The response of your network call. Does not do error handling on your response. - :rtype: ~azure.core.rest.HttpResponse - """ - request_copy = _format_api_version(request, self.api_version) - path_format_arguments = { - "vaultBaseUrl": _SERIALIZER.url("vault_base_url", self._vault_url, "str", skip_quote=True), - } - request_copy.url = self._client._client.format_url(request_copy.url, **path_format_arguments) - return self._client._client.send_request(request_copy, stream=stream, **kwargs) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/http_challenge.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/http_challenge.py deleted file mode 100644 index 0320df5a868b..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/http_challenge.py +++ /dev/null @@ -1,182 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -import base64 -from typing import Dict, MutableMapping, Optional -from urllib import parse - - -class HttpChallenge(object): - """An object representing the content of a Key Vault authentication challenge. - - :param str request_uri: The URI of the HTTP request that prompted this challenge. - :param str challenge: The WWW-Authenticate header of the challenge response. - :param response_headers: Optional. The headers attached to the challenge response. - :type response_headers: MutableMapping[str, str] or None - """ - - def __init__( - self, request_uri: str, challenge: str, response_headers: "Optional[MutableMapping[str, str]]" = None - ) -> None: - """Parses an HTTP WWW-Authentication Bearer challenge from a server. - - Example challenge with claims: - Bearer authorization="https://login.windows-ppe.net/", error="invalid_token", - error_description="User session has been revoked", - claims="eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwgInZhbHVlIjoiMTYwMzc0MjgwMCJ9fX0=" - """ - self.source_authority = self._validate_request_uri(request_uri) - self.source_uri = request_uri - self._parameters: "Dict[str, str]" = {} - - # get the scheme of the challenge and remove from the challenge string - trimmed_challenge = self._validate_challenge(challenge) - split_challenge = trimmed_challenge.split(" ", 1) - self.scheme = split_challenge[0] - trimmed_challenge = split_challenge[1] - - self.claims = None - # split trimmed challenge into comma-separated name=value pairs. Values are expected - # to be surrounded by quotes which are stripped here. - for item in trimmed_challenge.split(","): - # Special case for claims, which can contain = symbols as padding. Assume at most one claim per challenge - if "claims=" in item: - encoded_claims = item[item.index("=") + 1 :].strip(" \"'") - padding_needed = -len(encoded_claims) % 4 - try: - decoded_claims = base64.urlsafe_b64decode(encoded_claims + "=" * padding_needed).decode() - self.claims = decoded_claims - except Exception: # pylint:disable=broad-except - continue - # process name=value pairs - else: - comps = item.split("=") - if len(comps) == 2: - key = comps[0].strip(' "') - value = comps[1].strip(' "') - if key: - self._parameters[key] = value - - # minimum set of parameters - if not self._parameters: - raise ValueError("Invalid challenge parameters") - - # must specify authorization or authorization_uri - if "authorization" not in self._parameters and "authorization_uri" not in self._parameters: - raise ValueError("Invalid challenge parameters") - - authorization_uri = self.get_authorization_server() - # the authorization server URI should look something like https://login.windows.net/tenant-id - raw_uri_path = str(parse.urlparse(authorization_uri).path) - uri_path = raw_uri_path.lstrip("/") - self.tenant_id = uri_path.split("/", maxsplit=1)[0] or None - - # if the response headers were supplied - if response_headers: - # get the message signing key and message key encryption key from the headers - self.server_signature_key = response_headers.get("x-ms-message-signing-key", None) - self.server_encryption_key = response_headers.get("x-ms-message-encryption-key", None) - - def is_bearer_challenge(self) -> bool: - """Tests whether the HttpChallenge is a Bearer challenge. - - :returns: True if the challenge is a Bearer challenge; False otherwise. - :rtype: bool - """ - if not self.scheme: - return False - - return self.scheme.lower() == "bearer" - - def is_pop_challenge(self) -> bool: - """Tests whether the HttpChallenge is a proof of possession challenge. - - :returns: True if the challenge is a proof of possession challenge; False otherwise. - :rtype: bool - """ - if not self.scheme: - return False - - return self.scheme.lower() == "pop" - - def get_value(self, key: str) -> "Optional[str]": - return self._parameters.get(key) - - def get_authorization_server(self) -> str: - """Returns the URI for the authorization server if present, otherwise an empty string. - - :returns: The URI for the authorization server if present, otherwise an empty string. - :rtype: str - """ - value = "" - for key in ["authorization_uri", "authorization"]: - value = self.get_value(key) or "" - if value: - break - return value - - def get_resource(self) -> str: - """Returns the resource if present, otherwise an empty string. - - :returns: The challenge resource if present, otherwise an empty string. - :rtype: str - """ - return self.get_value("resource") or "" - - def get_scope(self) -> str: - """Returns the scope if present, otherwise an empty string. - - :returns: The challenge scope if present, otherwise an empty string. - :rtype: str - """ - return self.get_value("scope") or "" - - def supports_pop(self) -> bool: - """Returns True if the challenge supports proof of possession token auth; False otherwise. - - :returns: True if the challenge supports proof of possession token auth; False otherwise. - :rtype: bool - """ - return self._parameters.get("supportspop", "").lower() == "true" - - def supports_message_protection(self) -> bool: - """Returns True if the challenge vault supports message protection; False otherwise. - - :returns: True if the challenge vault supports message protection; False otherwise. - :rtype: bool - """ - return self.supports_pop() and self.server_encryption_key and self.server_signature_key # type: ignore - - def _validate_challenge(self, challenge: str) -> str: # pylint:disable=bad-option-value,useless-option-value,no-self-use - """Verifies that the challenge is a valid auth challenge and returns the key=value pairs. - - :param str challenge: The WWW-Authenticate header of the challenge response. - - :returns: The challenge key/value pairs, with whitespace removed, as a string. - :rtype: str - """ - if not challenge: - raise ValueError("Challenge cannot be empty") - - return challenge.strip() - - def _validate_request_uri(self, uri: str) -> str: # pylint:disable=bad-option-value,useless-option-value,no-self-use - """Extracts the host authority from the given URI. - - :param str uri: The URI of the HTTP request that prompted the challenge. - - :returns: The challenge host authority. - :rtype: str - """ - if not uri: - raise ValueError("request_uri cannot be empty") - - parsed = parse.urlparse(uri) - if not parsed.netloc: - raise ValueError("request_uri must be an absolute URI") - - if parsed.scheme.lower() not in ["http", "https"]: - raise ValueError("request_uri must be HTTP or HTTPS") - - return parsed.netloc diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/http_challenge_cache.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/http_challenge_cache.py deleted file mode 100644 index f1448cc53391..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/http_challenge_cache.py +++ /dev/null @@ -1,93 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -import threading -from typing import Dict, Optional -from urllib import parse - -from .http_challenge import HttpChallenge - - -_cache: "Dict[str, HttpChallenge]" = {} -_lock = threading.Lock() - - -def get_challenge_for_url(url: str) -> "Optional[HttpChallenge]": - """Gets the challenge for the cached URL. - - :param str url: the URL the challenge is cached for. - - :returns: The challenge for the cached request URL, or None if the request URL isn't cached. - :rtype: HttpChallenge or None - """ - - if not url: - raise ValueError("URL cannot be None") - - key = _get_cache_key(url) - - with _lock: - return _cache.get(key) - - -def _get_cache_key(url: str) -> str: - """Use the URL's netloc as cache key except when the URL specifies the default port for its scheme. In that case - use the netloc without the port. That is to say, https://foo.bar and https://foo.bar:443 are considered equivalent. - - This equivalency prevents an unnecessary challenge when using Key Vault's paging API. The Key Vault client doesn't - specify ports, but Key Vault's next page links do, so a redundant challenge would otherwise be executed when the - client requests the next page. - - :param str url: The HTTP request URL. - - :returns: The URL's `netloc`, minus any port attached to the URL. - :rtype: str - """ - - parsed = parse.urlparse(url) - if parsed.scheme == "https" and parsed.port == 443: - return parsed.netloc[:-4] - return parsed.netloc - - -def remove_challenge_for_url(url: str) -> None: - """Removes the cached challenge for the specified URL. - - :param str url: the URL for which to remove the cached challenge - """ - if not url: - raise ValueError("URL cannot be empty") - - parsed = parse.urlparse(url) - - with _lock: - del _cache[parsed.netloc] - - -def set_challenge_for_url(url: str, challenge: "HttpChallenge") -> None: - """Caches the challenge for the specified URL. - - :param str url: the URL for which to cache the challenge - :param challenge: the challenge to cache - :type challenge: HttpChallenge - """ - if not url: - raise ValueError("URL cannot be empty") - - if not challenge: - raise ValueError("Challenge cannot be empty") - - src_url = parse.urlparse(url) - if src_url.netloc != challenge.source_authority: - raise ValueError("Source URL and Challenge URL do not match") - - with _lock: - _cache[src_url.netloc] = challenge - - -def clear() -> None: - """Clears the cache.""" - - with _lock: - _cache.clear() diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/polling.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/polling.py deleted file mode 100644 index eba971b80c47..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_internal/polling.py +++ /dev/null @@ -1,37 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -import base64 -from typing import TYPE_CHECKING - -from azure.core.polling.base_polling import LROBasePolling, OperationFailed, OperationResourcePolling - -if TYPE_CHECKING: - from azure.core.pipeline import PipelineResponse - from azure.core.rest import HttpResponse - - -class KeyVaultBackupClientPolling(OperationResourcePolling): - def __init__(self) -> None: - self._polling_url = "" - super(KeyVaultBackupClientPolling, self).__init__(operation_location_header="azure-asyncoperation") - - def get_polling_url(self) -> str: - return self._polling_url - - def get_final_get_url(self, pipeline_response: "PipelineResponse") -> None: - return None - - def set_initial_status(self, pipeline_response: "PipelineResponse") -> str: - response = pipeline_response.http_response # type: HttpResponse - self._polling_url = response.headers["azure-asyncoperation"] - - if response.status_code in {200, 201, 202, 204}: - return self.get_status(pipeline_response) - raise OperationFailed("Operation failed or canceled") - - -class KeyVaultBackupClientPollingMethod(LROBasePolling): - def get_continuation_token(self) -> str: - return base64.b64encode(self._operation.get_polling_url().encode()).decode("ascii") diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_model_base.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_model_base.py similarity index 99% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_model_base.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_model_base.py index 3072ee252ed9..065b17f67c46 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_model_base.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_model_base.py @@ -2,8 +2,9 @@ # coding=utf-8 # -------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) Python Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- # pylint: disable=protected-access, broad-except diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py deleted file mode 100644 index 9eced3d26673..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py +++ /dev/null @@ -1,319 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from datetime import datetime -from typing import Any, Dict, Optional, Union - -from azure.core.rest import HttpResponse - -from ._enums import KeyVaultSettingType -from ._generated.models import ( - FullBackupOperation, - Permission, - RestoreOperation, - RoleAssignment, - RoleAssignmentProperties, - RoleAssignmentPropertiesWithScope, - RoleDefinition, - Setting, -) - - -class KeyVaultPermission(object): - """Role definition permissions. - - :ivar list[str] actions: Action permissions that are granted. - :ivar list[str] not_actions: Action permissions that are excluded but not denied. They may be granted by other role - definitions assigned to a principal. - :ivar list[str] data_actions: Data action permissions that are granted. - :ivar list[str] not_data_actions: Data action permissions that are excluded but not denied. They may be granted by - other role definitions assigned to a principal. - """ - - def __init__(self, **kwargs: Any) -> None: - self.actions = kwargs.get("actions") - self.not_actions = kwargs.get("not_actions") - self.data_actions = kwargs.get("data_actions") - self.not_data_actions = kwargs.get("not_data_actions") - - @classmethod - def _from_generated(cls, permissions: Permission) -> "KeyVaultPermission": - return cls( - actions=permissions.actions, - not_actions=permissions.not_actions, - data_actions=permissions.data_actions, - not_data_actions=permissions.not_data_actions, - ) - - -class KeyVaultRoleAssignment(object): - """Represents the assignment to a principal of a role over a scope - - :ivar str name: the assignment's name - :ivar KeyVaultRoleAssignmentProperties properties: the assignment's properties - :ivar str role_assignment_id: unique identifier for the assignment - :ivar str type: type of the assignment - """ - - def __init__(self, **kwargs: Any) -> None: - self.name = kwargs.get("name") - self.properties = kwargs.get("properties") - self.role_assignment_id = kwargs.get("role_assignment_id") - self.type = kwargs.get("assignment_type") - - def __repr__(self) -> str: - return f"KeyVaultRoleAssignment<{self.role_assignment_id}>" - - @classmethod - def _from_generated(cls, role_assignment: RoleAssignment) -> "KeyVaultRoleAssignment": - # pylint:disable=protected-access - return cls( - role_assignment_id=role_assignment.id, - name=role_assignment.name, - assignment_type=role_assignment.type, - properties=KeyVaultRoleAssignmentProperties._from_generated(role_assignment.properties) - if role_assignment.properties - else KeyVaultRoleAssignmentProperties(), - ) - - -class KeyVaultRoleAssignmentProperties(object): - """Properties of a role assignment - - :ivar str principal_id: ID of the principal the assignment applies to. This maps to an Active Directory user, - service principal, or security group. - :ivar str role_definition_id: ID of the scope's role definition - :ivar str scope: the scope of the assignment - """ - - def __init__(self, **kwargs: Any) -> None: - self.principal_id = kwargs.get("principal_id") - self.role_definition_id = kwargs.get("role_definition_id") - self.scope = kwargs.get("scope") - - def __repr__(self) -> str: - string = ( - f"KeyVaultRoleAssignmentProperties(principal_id={self.principal_id}, " - + f"role_definition_id={self.role_definition_id}, scope={self.scope})" - ) - return string[:1024] - - @classmethod - def _from_generated( - cls, role_assignment_properties: Union[RoleAssignmentProperties, RoleAssignmentPropertiesWithScope] - ) -> "KeyVaultRoleAssignmentProperties": - # the generated RoleAssignmentProperties and RoleAssignmentPropertiesWithScope - # models differ only in that the latter has a "scope" attribute - return cls( - principal_id=role_assignment_properties.principal_id, - role_definition_id=role_assignment_properties.role_definition_id, - scope=getattr(role_assignment_properties, "scope", None), - ) - - -class KeyVaultRoleDefinition(object): - """The definition of a role over one or more scopes - - :ivar list[str] assignable_scopes: scopes the role can be assigned over - :ivar str description: description of the role definition - :ivar str id: unique identifier for this role definition - :ivar str name: the role definition's name - :ivar list[KeyVaultPermission] permissions: permissions defined for the role - :ivar str role_name: the role's name - :ivar str role_type: type of the role - :ivar str type: type of the role definition - """ - - def __init__(self, **kwargs: Any) -> None: - self.assignable_scopes = kwargs.get("assignable_scopes") - self.description = kwargs.get("description") - self.id = kwargs.get("id") - self.name = kwargs.get("name") - self.permissions = kwargs.get("permissions") - self.role_name = kwargs.get("role_name") - self.role_type = kwargs.get("role_type") - self.type = kwargs.get("type") - - def __repr__(self) -> str: - return f"KeyVaultRoleDefinition<{self.id}>" - - @classmethod - def _from_generated(cls, definition: RoleDefinition) -> "KeyVaultRoleDefinition": - # pylint:disable=protected-access - return cls( - assignable_scopes=definition.properties.assignable_scopes if definition.properties else None, - description=definition.properties.description if definition.properties else None, - id=definition.id, - name=definition.name, - permissions=[KeyVaultPermission._from_generated(p) for p in definition.properties.permissions or []] - if definition.properties - else None, - role_name=definition.properties.role_name if definition.properties else None, - role_type=definition.properties.role_type if definition.properties else None, - type=definition.type, - ) - - -class KeyVaultBackupOperation: - """The details of a Key Vault backup operation. - - :ivar str status: The status of the backup operation. - :ivar str status_details: The status details of the backup operation. - :ivar str error: The error details of the backup operation. - :ivar start_time: The start time of the backup operation in UTC. - :vartype start_time: ~datetime.datetime or None - :ivar end_time: The end time of the backup operation in UTC. - :vartype end_time: ~datetime.datetime or None - :ivar str job_id: The job identifier of the backup operation. - :ivar str folder_url: The URL of the Azure Blob Storage container where the backup is stored. - """ - - # pylint:disable=unused-argument - - def __init__(self, **kwargs: Any) -> None: - self.status: Optional[str] = kwargs.get("status") - self.status_details: Optional[str] = kwargs.get("status_details") - self.error: Optional[str] = kwargs.get("error") - self.start_time: Optional[datetime] = kwargs.get("start_time") - self.end_time: Optional[datetime] = kwargs.get("end_time") - self.job_id: Optional[str] = kwargs.get("job_id") - self.folder_url: Optional[str] = kwargs.get("folder_url") - - @classmethod - def _from_generated( - cls, response: HttpResponse, deserialized_operation: FullBackupOperation, response_headers: Dict - ) -> "KeyVaultBackupOperation": - error = deserialized_operation.error - error_message: Optional[str] = None - if error and error.message: - error_message = f"{error.code}: {error.message}" - return cls( - status=deserialized_operation.status, - status_details=deserialized_operation.status_details, - error=error_message, - start_time=deserialized_operation.start_time, - end_time=deserialized_operation.end_time, - job_id=deserialized_operation.job_id, - folder_url=deserialized_operation.azure_storage_blob_container_uri, - ) - - -class KeyVaultBackupResult(object): - """A Key Vault full backup operation result - - :ivar str folder_url: URL of the Azure Blob Storage container containing the backup - """ - - # pylint:disable=unused-argument - - def __init__(self, **kwargs: Any) -> None: - self.folder_url: Optional[str] = kwargs.get("folder_url") - - @classmethod - def _from_generated( - cls, response: HttpResponse, deserialized_operation: FullBackupOperation, response_headers: Dict - ) -> "KeyVaultBackupResult": - return cls(folder_url=deserialized_operation.azure_storage_blob_container_uri) - - -class KeyVaultRestoreOperation: - """The details of a Key Vault restore operation. - - :ivar str status: The status of the restore operation. - :ivar str status_details: The status details of the restore operation. - :ivar str error: The error details of the restore operation. - :ivar start_time: The start time of the restore operation in UTC. - :vartype start_time: ~datetime.datetime or None - :ivar end_time: The end time of the restore operation in UTC. - :vartype end_time: ~datetime.datetime or None - :ivar str job_id: The job identifier of the restore operation. - """ - - # pylint:disable=unused-argument - - def __init__(self, **kwargs: Any) -> None: - self.status: Optional[str] = kwargs.get("status") - self.status_details: Optional[str] = kwargs.get("status_details") - self.error: Optional[str] = kwargs.get("error") - self.start_time: Optional[datetime] = kwargs.get("start_time") - self.end_time: Optional[datetime] = kwargs.get("end_time") - self.job_id: Optional[str] = kwargs.get("job_id") - - @classmethod - def _from_generated( - cls, response: HttpResponse, deserialized_operation: RestoreOperation, response_headers: Dict - ) -> "KeyVaultRestoreOperation": - error = deserialized_operation.error - error_message: Optional[str] = None - if error and error.message: - error_message = f"{error.code}: {error.message}" - return cls( - status=deserialized_operation.status, - status_details=deserialized_operation.status_details, - error=error_message, - start_time=deserialized_operation.start_time, - end_time=deserialized_operation.end_time, - job_id=deserialized_operation.job_id, - ) - - -class KeyVaultSetting(object): - """A Key Vault setting. - - :ivar str name: The name of the account setting. - :ivar str value: The value of the account setting. - :ivar setting_type: The type specifier of the value. - :vartype setting_type: str or KeyVaultSettingType or None - - :param str name: The name of the account setting. - :param str value: The value of the account setting. - :param setting_type: The type specifier of the value. - :type setting_type: str or KeyVaultSettingType or None - """ - - def __init__( - self, - name: str, - value: Union[str, bool], - setting_type: Optional[Union[str, KeyVaultSettingType]] = None, - **kwargs, # pylint:disable=unused-argument - ) -> None: - self.name = name - self.value = value if isinstance(value, str) else str(value) # `value` is stored as a string - if setting_type == KeyVaultSettingType.BOOLEAN: - self.setting_type: Optional[Union[str, KeyVaultSettingType]] = KeyVaultSettingType.BOOLEAN - else: - self.setting_type = setting_type.lower() if isinstance(setting_type, str) else setting_type - - # If a setting type isn't provided, set it based on `value`'s type (without inferring from the value itself) - if self.setting_type is None: - if isinstance(value, bool): - self.setting_type = KeyVaultSettingType.BOOLEAN - - # If the setting is a boolean, lower-case the string for serialization - if self.setting_type == KeyVaultSettingType.BOOLEAN: - self.value = self.value.lower() - - def getboolean(self) -> bool: - """Gets the account setting value as a boolean if the ``setting_type`` is ``KeyVaultSettingType.BOOLEAN``. - - :returns: The account setting value as a boolean. - :rtype: bool - - :raises ValueError: if the ``setting_type`` is not boolean or the value cannot be represented as a boolean. - """ - if self.setting_type == KeyVaultSettingType.BOOLEAN: - if self.value == "true": - return True - if self.value == "false": - return False - raise ValueError( - 'The `setting_type` of the setting must be `KeyVaultSettingType.BOOLEAN` and the `value` must be "true" ' - 'or "false" in order to use `getboolean`.' - ) - - @classmethod - def _from_generated(cls, setting: Setting) -> "KeyVaultSetting": - setting_type = KeyVaultSettingType.BOOLEAN if setting.type == "boolean" else setting.type - return cls(name=setting.name, value=setting.value, setting_type=setting_type) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_patch.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_patch.py similarity index 61% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_patch.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_patch.py index f7dd32510333..8bcb627aa475 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_patch.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_patch.py @@ -1,7 +1,8 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------- """Customize generated code here. Follow our quickstart for examples: https://aka.ms/azsdk/python/dpcodegen/python/customize diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_sdk_moniker.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_sdk_moniker.py deleted file mode 100644 index c66afba3db94..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_sdk_moniker.py +++ /dev/null @@ -1,7 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from ._version import VERSION - -SDK_MONIKER = f"keyvault-administration/{VERSION}" diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_serialization.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_serialization.py similarity index 98% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_serialization.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_serialization.py index a066e16a64dd..eb86ea23c965 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_serialization.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_serialization.py @@ -1,28 +1,10 @@ -# pylint: disable=too-many-lines +# pylint: disable=line-too-long,useless-suppression,too-many-lines +# coding=utf-8 # -------------------------------------------------------------------------- -# # Copyright (c) Microsoft Corporation. All rights reserved. -# -# The MIT License (MIT) -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the ""Software""), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. -# +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) Python Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- # pyright: reportUnnecessaryTypeIgnoreComment=false @@ -411,7 +393,7 @@ def from_dict( :param function key_extractors: A key extractor function. :param str content_type: JSON by default, set application/xml if XML. :returns: An instance of this model - :raises: DeserializationError if something went wrong + :raises DeserializationError: if something went wrong :rtype: Self """ deserializer = Deserializer(cls._infer_class_models()) @@ -1361,7 +1343,7 @@ def xml_key_extractor(attr, attr_desc, data): # pylint: disable=unused-argument # Iter and wrapped, should have found one node only (the wrap one) if len(children) != 1: raise DeserializationError( - "Tried to deserialize an array not wrapped, and found several nodes '{}'. Maybe you should declare this array as wrapped?".format( # pylint: disable=line-too-long + "Tried to deserialize an array not wrapped, and found several nodes '{}'. Maybe you should declare this array as wrapped?".format( xml_name ) ) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_settings_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_settings_client.py deleted file mode 100644 index ab4b5ffdbbff..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_settings_client.py +++ /dev/null @@ -1,87 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from typing import Any - -from azure.core.paging import ItemPaged -from azure.core.tracing.decorator import distributed_trace - -from ._generated.models import UpdateSettingRequest -from ._internal import KeyVaultClientBase -from ._models import KeyVaultSetting - - -class KeyVaultSettingsClient(KeyVaultClientBase): - """Provides methods to update, get, and list Managed HSM account settings. - - :param str vault_url: URL of the vault on which the client will operate. This is also called the vault's "DNS Name". - You should validate that this URL references a valid Key Vault or Managed HSM resource. - See https://aka.ms/azsdk/blog/vault-uri for details. - :param credential: An object which can provide an access token for the vault, such as a credential from - :mod:`azure.identity` - :type credential: ~azure.core.credentials.TokenCredential - - :keyword api_version: Version of the service API to use. Defaults to the most recent. - :paramtype api_version: ~azure.keyvault.administration.ApiVersion or str - :keyword bool verify_challenge_resource: Whether to verify the authentication challenge resource matches the Key - Vault or Managed HSM domain. Defaults to True. - """ - # pylint:disable=protected-access - - @distributed_trace - def get_setting(self, name: str, **kwargs: Any) -> KeyVaultSetting: - """Gets the setting with the specified name. - - :param str name: The name of the account setting. - - :returns: The account setting, as a :class:`~azure.keyvault.administration.KeyVaultSetting`. - :rtype: ~azure.keyvault.administration.KeyVaultSetting - :raises ~azure.core.exceptions.HttpResponseError: - """ - result = self._client.get_setting(setting_name=name, **kwargs) - return KeyVaultSetting._from_generated(result) - - @distributed_trace - def list_settings(self, **kwargs: Any) -> ItemPaged[KeyVaultSetting]: - """Lists all account settings. - - :returns: A paged object containing the account's settings. - :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.KeyVaultSetting] - :raises ~azure.core.exceptions.HttpResponseError: - """ - result = self._client.get_settings(*kwargs) - converted_result = [KeyVaultSetting._from_generated(setting) for setting in result.settings] - - # We don't actually get a paged response from the generated method, so we mock the typical iteration methods - def get_next(_=None): - return converted_result - - def extract_data(_): - return None, converted_result - - return ItemPaged(get_next, extract_data) - - @distributed_trace - def update_setting(self, setting: KeyVaultSetting, **kwargs: Any) -> KeyVaultSetting: - """Updates the named account setting with the provided value. - - :param setting: A azure.keyvault.administration.KeyVaultSetting to update. The account setting with - the provided name will be updated to have the provided value. - :type setting: ~azure.keyvault.administration.KeyVaultSetting - - :returns: The updated account setting, as a :class:`~azure.keyvault.administration.KeyVaultSetting`. - :rtype: ~azure.keyvault.administration.KeyVaultSetting - :raises ~azure.core.exceptions.HttpResponseError: - """ - parameters = UpdateSettingRequest(value=setting.value) - result = self._client.update_setting( - setting_name=setting.name, - parameters=parameters, - **kwargs - ) - return KeyVaultSetting._from_generated(result) - - def __enter__(self) -> "KeyVaultSettingsClient": - self._client.__enter__() - return self diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_validation.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_validation.py similarity index 100% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_validation.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_validation.py diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_vendor.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_vendor.py similarity index 100% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/_vendor.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_vendor.py diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_version.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_version.py index 50cacc78cf55..b4c415482fb9 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_version.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_version.py @@ -1,6 +1,9 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) Python Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- -VERSION = "4.6.0b2" +VERSION = "4.5.0b1" diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/__init__.py index d1f1bd6d374a..8c996b993b8a 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/__init__.py @@ -1,9 +1,29 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from ._access_control_client import KeyVaultAccessControlClient -from ._backup_client import KeyVaultBackupClient -from ._settings_client import KeyVaultSettingsClient - -__all__ = ["KeyVaultAccessControlClient", "KeyVaultBackupClient", "KeyVaultSettingsClient"] +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) Python Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=wrong-import-position + +from typing import TYPE_CHECKING + +if TYPE_CHECKING: + from ._patch import * # pylint: disable=unused-wildcard-import + +from ._client import KeyVaultClient # type: ignore + +try: + from ._patch import __all__ as _patch_all + from ._patch import * +except ImportError: + _patch_all = [] +from ._patch import patch_sdk as _patch_sdk + +__all__ = [ + "KeyVaultClient", +] +__all__.extend([p for p in _patch_all if p not in __all__]) # pyright: ignore + +_patch_sdk() diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py deleted file mode 100644 index b6ce9fe5cae8..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ /dev/null @@ -1,272 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from typing import Any, List, Optional, Union -from uuid import UUID, uuid4 - -from azure.core.async_paging import AsyncItemPaged -from azure.core.exceptions import ResourceNotFoundError -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async - -from .._enums import KeyVaultRoleScope -from .._generated.models import ( - Permission, - RoleAssignmentCreateParameters, - RoleAssignmentProperties, - RoleDefinitionCreateParameters, - RoleDefinitionProperties, -) -from .._models import KeyVaultPermission, KeyVaultRoleAssignment, KeyVaultRoleDefinition -from .._internal import AsyncKeyVaultClientBase - - -class KeyVaultAccessControlClient(AsyncKeyVaultClientBase): - """Manages role-based access to Azure Key Vault. - - :param str vault_url: URL of the vault the client will manage. This is also called the vault's "DNS Name". - You should validate that this URL references a valid Key Vault or Managed HSM resource. - See https://aka.ms/azsdk/blog/vault-uri for details. - :param credential: An object which can provide an access token for the vault, such as a credential from - :mod:`azure.identity.aio` - :type credential: ~azure.core.credentials_async.AsyncTokenCredential - - :keyword api_version: Version of the service API to use. Defaults to the most recent. - :paramtype api_version: ~azure.keyvault.administration.ApiVersion or str - :keyword bool verify_challenge_resource: Whether to verify the authentication challenge resource matches the Key - Vault or Managed HSM domain. Defaults to True. - """ - - # pylint:disable=protected-access - - @distributed_trace_async - async def create_role_assignment( - self, - scope: Union[str, KeyVaultRoleScope], - definition_id: str, - principal_id: str, - *, - name: Optional[Union[str, UUID]] = None, - **kwargs: Any, - ) -> KeyVaultRoleAssignment: - """Create a role assignment. - - :param scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common broad - scopes. Specify a narrower scope as a string. - :type scope: str or KeyVaultRoleScope - :param str definition_id: ID of the role's definition - :param str principal_id: Azure Active Directory object ID of the principal which will be assigned the role. The - principal can be a user, service principal, or security group. - - :keyword name: a name for the role assignment. Must be a UUID. - :paramtype name: str or uuid.UUID or None - - :returns: The created role assignment. - :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment - """ - assignment_name = name or uuid4() - - create_parameters = RoleAssignmentCreateParameters( - properties=RoleAssignmentProperties( - principal_id=principal_id, role_definition_id=str(definition_id) - ) - ) - assignment = await self._client.role_assignments.create( - scope=scope, - role_assignment_name=str(assignment_name), - parameters=create_parameters, - **kwargs - ) - return KeyVaultRoleAssignment._from_generated(assignment) - - @distributed_trace_async - async def delete_role_assignment( - self, scope: Union[str, KeyVaultRoleScope], name: Union[str, UUID], **kwargs: Any - ) -> None: - """Delete a role assignment. - - :param scope: the assignment's scope, for example "/", "/keys", or "/keys/". - :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type scope: str or KeyVaultRoleScope - :param name: the role assignment's name. - :type name: str or uuid.UUID - - :returns: None - :rtype: None - """ - try: - await self._client.role_assignments.delete( - scope=scope, role_assignment_name=str(name), **kwargs - ) - except ResourceNotFoundError: - pass - - @distributed_trace_async - async def get_role_assignment( - self, scope: Union[str, KeyVaultRoleScope], name: Union[str, UUID], **kwargs: Any - ) -> KeyVaultRoleAssignment: - """Get a role assignment. - - :param scope: the assignment's scope, for example "/", "/keys", or "/keys/". - :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. - :type scope: str or KeyVaultRoleScope - :param name: the role assignment's name. - :type name: str or uuid.UUID - - :returns: The fetched role assignment. - :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment - """ - assignment = await self._client.role_assignments.get( - scope=scope, role_assignment_name=str(name), **kwargs - ) - return KeyVaultRoleAssignment._from_generated(assignment) - - @distributed_trace - def list_role_assignments( - self, scope: Union[str, KeyVaultRoleScope], **kwargs: Any - ) -> AsyncItemPaged[KeyVaultRoleAssignment]: - """List all role assignments for a scope. - - :param scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad - scopes. Specify a narrower scope as a string. - :type scope: str or KeyVaultRoleScope - - :returns: A paged response containing the role assignments for the specified scope. - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration.KeyVaultRoleAssignment] - """ - return self._client.role_assignments.list_for_scope( - scope=scope, - cls=lambda result: [KeyVaultRoleAssignment._from_generated(a) for a in result], - **kwargs - ) - - @distributed_trace_async - async def set_role_definition( - self, - scope: Union[str, KeyVaultRoleScope], - *, - name: Optional[Union[str, UUID]] = None, - role_name: Optional[str] = None, - description: Optional[str] = None, - permissions: Optional[List[KeyVaultPermission]] = None, - assignable_scopes: Optional[List[Union[str, KeyVaultRoleScope]]] = None, - **kwargs: Any, - ) -> KeyVaultRoleDefinition: - """Creates or updates a custom role definition. - - To update a role definition, specify the definition's ``name``. - - :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. - Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type scope: str or KeyVaultRoleScope - - :keyword name: the role definition's name, a UUID. When this argument has a value, the client will create a new - role definition with this name or update an existing role definition, if one exists with the given name. - When this argument has no value, a new role definition will be created with a generated name. - :paramtype name: str or uuid.UUID or None - :keyword role_name: the role's display name. If unspecified when creating or updating a role definition, the - role name will be set to an empty string. - :paramtype role_name: str or None - :keyword description: a description of the role definition. If unspecified when creating or updating a role - definition, the description will be set to an empty string. - :paramtype description: str or None - :keyword permissions: the role definition's permissions. If unspecified when creating or updating a role - definition, the role definition will have no action permissions. - :paramtype permissions: list[KeyVaultPermission] or None - :keyword assignable_scopes: the scopes for which the role definition can be assigned. - :paramtype assignable_scopes: list[str] or list[KeyVaultRoleScope] or None - - :returns: The created or updated role definition - :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition - """ - role_permissions = [ - Permission( - actions=p.actions, - not_actions=p.not_actions, - data_actions=p.data_actions, - not_data_actions=p.not_data_actions, - ) - for p in permissions or [] - ] - - properties = RoleDefinitionProperties( - role_name=role_name, - description=description, - permissions=role_permissions, - assignable_scopes=assignable_scopes, - ) - parameters = RoleDefinitionCreateParameters(properties=properties) - - definition = await self._client.role_definitions.create_or_update( - scope=scope, - role_definition_name=str(name or uuid4()), - parameters=parameters, - **kwargs - ) - return KeyVaultRoleDefinition._from_generated(definition) - - @distributed_trace_async - async def get_role_definition( - self, scope: Union[str, KeyVaultRoleScope], name: Union[str, UUID], **kwargs: Any - ) -> KeyVaultRoleDefinition: - """Get the specified role definition. - - :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. - Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type scope: str or KeyVaultRoleScope - :param name: the role definition's name. - :type name: str or uuid.UUID - - :returns: The fetched role definition. - :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition - """ - definition = await self._client.role_definitions.get( - scope=scope, role_definition_name=str(name), **kwargs - ) - return KeyVaultRoleDefinition._from_generated(definition) - - @distributed_trace_async - async def delete_role_definition( - self, scope: Union[str, KeyVaultRoleScope], name: Union[str, UUID], **kwargs: Any - ) -> None: - """Deletes a custom role definition. - - :param scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. - Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.GLOBAL. - :type scope: str or KeyVaultRoleScope - :param name: the role definition's name. - :type name: str or uuid.UUID - - :returns: None - :rtype: None - """ - try: - await self._client.role_definitions.delete( - scope=scope, role_definition_name=str(name), **kwargs - ) - except ResourceNotFoundError: - pass - - @distributed_trace - def list_role_definitions( - self, scope: Union[str, KeyVaultRoleScope], **kwargs: Any - ) -> AsyncItemPaged[KeyVaultRoleDefinition]: - """List all role definitions applicable at and above a scope. - - :param scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad - scopes. Specify a narrower scope as a string. - :type scope: str or KeyVaultRoleScope - - :returns: A paged response containing the role definitions for the specified scope. - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration.KeyVaultRoleDefinition] - """ - return self._client.role_definitions.list( - scope=scope, - cls=lambda result: [KeyVaultRoleDefinition._from_generated(d) for d in result], - **kwargs - ) - - async def __aenter__(self) -> "KeyVaultAccessControlClient": - await self._client.__aenter__() - return self diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py deleted file mode 100644 index b427e34a4583..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_backup_client.py +++ /dev/null @@ -1,388 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -import base64 -import functools -import pickle -from typing import Any, Callable, Optional, overload - -from typing_extensions import Literal - -from azure.core.polling import AsyncLROPoller -from azure.core.tracing.decorator_async import distributed_trace_async - -from .._generated.models import PreBackupOperationParameters, PreRestoreOperationParameters, SASTokenParameter -from .._backup_client import _parse_status_url -from .._internal import AsyncKeyVaultClientBase, parse_folder_url -from .._internal.async_polling import KeyVaultAsyncBackupClientPollingMethod -from .._internal.polling import KeyVaultBackupClientPolling -from .._models import KeyVaultBackupOperation, KeyVaultBackupResult, KeyVaultRestoreOperation - - -class KeyVaultBackupClient(AsyncKeyVaultClientBase): - """Performs Key Vault backup and restore operations. - - :param str vault_url: URL of the vault on which the client will operate. This is also called the vault's "DNS Name". - You should validate that this URL references a valid Key Vault or Managed HSM resource. - See https://aka.ms/azsdk/blog/vault-uri for details. - :param credential: An object which can provide an access token for the vault, such as a credential from - :mod:`azure.identity.aio` - :type credential: ~azure.core.credentials_async.AsyncTokenCredential - - :keyword api_version: Version of the service API to use. Defaults to the most recent. - :paramtype api_version: ~azure.keyvault.administration.ApiVersion or str - :keyword bool verify_challenge_resource: Whether to verify the authentication challenge resource matches the Key - Vault or Managed HSM domain. Defaults to True. - """ - - async def _use_continuation_token(self, continuation_token: str, status_method: Callable) -> str: - status_url = base64.b64decode(continuation_token.encode()).decode("ascii") - try: - job_id = _parse_status_url(status_url) - except Exception as ex: # pylint: disable=broad-except - raise ValueError( - "The provided continuation_token is malformed. A valid token can be obtained from the operation " - + "poller's continuation_token() method" - ) from ex - - pipeline_response = await status_method( - job_id=job_id, cls=lambda pipeline_response, _, __: pipeline_response - ) - if "azure-asyncoperation" not in pipeline_response.http_response.headers: - pipeline_response.http_response.headers["azure-asyncoperation"] = status_url - return base64.b64encode(pickle.dumps(pipeline_response)).decode("ascii") - - @overload - async def begin_backup( - self, - blob_storage_url: str, - *, - use_managed_identity: Literal[True], - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> AsyncLROPoller[KeyVaultBackupResult]: - ... - - @overload - async def begin_backup( - self, - blob_storage_url: str, - *, - sas_token: str, - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> AsyncLROPoller[KeyVaultBackupResult]: - ... - - # Disabling pylint checks because they don't correctly handle overloads - @distributed_trace_async - async def begin_backup( # pylint: disable=docstring-missing-param,docstring-keyword-should-match-keyword-only - self, blob_storage_url: str, *args: str, **kwargs: Any - ) -> AsyncLROPoller[KeyVaultBackupResult]: - """Begin a full backup of the Key Vault. - - :param str blob_storage_url: URL of the blob storage container in which the backup will be stored, for example - https://.blob.core.windows.net/backup. - - :keyword str sas_token: Optional Shared Access Signature (SAS) token to authorize access to the blob. Required - unless `use_managed_identity` is set to True. - :keyword use_managed_identity: Indicates which authentication method should be used. If set to True, Managed HSM - will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS - token has to be specified. - :paramtype use_managed_identity: bool - :keyword str continuation_token: A continuation token to restart polling from a saved state. - - :returns: An AsyncLROPoller. Call `result()` on this object to get a :class:`KeyVaultBackupResult`. - :rtype: ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.KeyVaultBackupResult] - - Example: - .. literalinclude:: ../tests/test_examples_administration_async.py - :start-after: [START begin_backup] - :end-before: [END begin_backup] - :language: python - :caption: Create a vault backup - :dedent: 8 - """ - polling_interval = kwargs.pop("_polling_interval", 5) - continuation_token = kwargs.pop("continuation_token", None) - use_managed_identity = kwargs.pop("use_managed_identity", False) - # `sas_token` was formerly a required positional parameter - try: - sas_token: Optional[str] = args[0] - except IndexError: - sas_token = kwargs.pop("sas_token", None) - sas_parameter = self._models.SASTokenParameter( - storage_resource_uri=blob_storage_url, token=sas_token, use_managed_identity=use_managed_identity - ) - - status_response = None - if continuation_token: - status_response = await self._use_continuation_token(continuation_token, self._client.full_backup_status) - - return await self._client.begin_full_backup( - azure_storage_blob_container_uri=sas_parameter, - cls=KeyVaultBackupResult._from_generated, # pylint: disable=protected-access - continuation_token=status_response, - polling=KeyVaultAsyncBackupClientPollingMethod( - lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs - ), - **kwargs, - ) - - @overload - async def begin_restore( - self, - folder_url: str, - *, - use_managed_identity: Literal[True], - key_name: Optional[str] = None, - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> AsyncLROPoller[None]: - ... - - @overload - async def begin_restore( - self, - folder_url: str, - *, - sas_token: str, - key_name: Optional[str] = None, - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> AsyncLROPoller[None]: - ... - - # Disabling pylint checks because they don't correctly handle overloads - @distributed_trace_async - async def begin_restore( # pylint: disable=docstring-missing-param,docstring-keyword-should-match-keyword-only - self, folder_url: str, *args: str, **kwargs: Any - ) -> AsyncLROPoller[None]: - """Restore a Key Vault backup. - - This method restores either a complete Key Vault backup or when ``key_name`` has a value, a single key. - - :param str folder_url: URL for the blob storage resource, including the path to the blob holding the - backup. This would be the `folder_url` of a :class:`KeyVaultBackupResult` returned by - :func:`begin_backup`, for example - https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 - - :keyword str sas_token: Optional Shared Access Signature (SAS) token to authorize access to the blob. Required - unless `use_managed_identity` is set to True. - :keyword use_managed_identity: Indicates which authentication method should be used. If set to True, Managed HSM - will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS - token has to be specified. - :paramtype use_managed_identity: bool - :keyword str key_name: Name of a single key in the backup. When set, only this key will be restored. - :keyword str continuation_token: A continuation token to restart polling from a saved state. - - :returns: An AsyncLROPoller. Call `wait()` or `result()` on this object to wait for the operation to complete - (the return value is None in either case). - :rtype: ~azure.core.polling.AsyncLROPoller - - Examples: - .. literalinclude:: ../tests/test_examples_administration_async.py - :start-after: [START begin_restore] - :end-before: [END begin_restore] - :language: python - :caption: Restore a vault backup - :dedent: 8 - - .. literalinclude:: ../tests/test_examples_administration_async.py - :start-after: [START begin_selective_restore] - :end-before: [END begin_selective_restore] - :language: python - :caption: Restore a single key - :dedent: 8 - """ - polling_interval = kwargs.pop("_polling_interval", 5) - continuation_token = kwargs.pop("continuation_token", None) - key_name = kwargs.pop("key_name", None) - use_managed_identity = kwargs.pop("use_managed_identity", False) - # `sas_token` was formerly a required positional parameter - try: - sas_token: Optional[str] = args[0] - except IndexError: - sas_token = kwargs.pop("sas_token", None) - - status_response = None - if continuation_token: - status_response = await self._use_continuation_token(continuation_token, self._client.restore_status) - - container_url, folder_name = parse_folder_url(folder_url) - sas_parameter = self._models.SASTokenParameter( - storage_resource_uri=container_url, token=sas_token, use_managed_identity=use_managed_identity - ) - polling = KeyVaultAsyncBackupClientPollingMethod( - lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs - ) - - if key_name: - client_method = functools.partial(self._client.begin_selective_key_restore_operation, key_name=key_name) - restore_details = self._models.SelectiveKeyRestoreOperationParameters( - sas_token_parameters=sas_parameter, folder=folder_name - ) - else: - client_method = self._client.begin_full_restore_operation - restore_details = self._models.RestoreOperationParameters( - sas_token_parameters=sas_parameter, folder_to_restore=folder_name - ) - - return await client_method( - restore_blob_details=restore_details, - cls=lambda *_: None, # poller.result() returns None - continuation_token=status_response, - polling=polling, - **kwargs, - ) - - @overload - async def begin_pre_backup( - self, - blob_storage_url: str, - *, - use_managed_identity: Literal[True], - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> AsyncLROPoller[KeyVaultBackupOperation]: - ... - - @overload - async def begin_pre_backup( - self, - blob_storage_url: str, - *, - sas_token: str, - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> AsyncLROPoller[KeyVaultBackupOperation]: - ... - - @distributed_trace_async - async def begin_pre_backup( # pylint: disable=docstring-keyword-should-match-keyword-only - self, blob_storage_url: str, **kwargs: Any - ) -> AsyncLROPoller[KeyVaultBackupOperation]: - """Initiates a pre-backup check of whether a full Key Vault backup can be performed. - - A :class:`KeyVaultBackupOperation` instance will be returned by the poller's `result()` method. If the - pre-backup check is successful, the object will have a string `folder_url` attribute, pointing to the blob - storage container where the backup will be stored. If the check fails, the object will have a string `error` - attribute. - - :param str blob_storage_url: URL of the blob storage container in which the backup will be stored, for example - https://.blob.core.windows.net/backup. - - :keyword str sas_token: Optional Shared Access Signature (SAS) token to authorize access to the blob. Required - unless `use_managed_identity` is set to True. - :keyword use_managed_identity: Indicates which authentication method should be used. If set to True, Managed HSM - will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS - token has to be specified. - :paramtype use_managed_identity: bool - :keyword str continuation_token: A continuation token to restart polling from a saved state. - - :returns: An AsyncLROPoller. Call `result()` on this object to wait for the operation to complete and get a - :class:`KeyVaultBackupOperation`. If the pre-backup check is successful, the object will have a string - `folder_url` attribute, pointing to the blob storage container where the backup will be stored. If the check - fails, the object will have a string `error` attribute. - :rtype: ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.KeyVaultBackupOperation] - """ - polling_interval: int = kwargs.pop("_polling_interval", 5) - continuation_token: Optional[str] = kwargs.pop("continuation_token", None) - use_managed_identity: bool = kwargs.pop("use_managed_identity", False) - sas_token: Optional[str] = kwargs.pop("sas_token", None) - - parameters: PreBackupOperationParameters = PreBackupOperationParameters( - storage_resource_uri=blob_storage_url, token=sas_token, use_managed_identity=use_managed_identity - ) - status_response: Optional[str] = None - if continuation_token: - status_response = await self._use_continuation_token(continuation_token, self._client.full_backup_status) - - return await self._client.begin_pre_full_backup( - pre_backup_operation_parameters=parameters, - cls=KeyVaultBackupOperation._from_generated, # pylint: disable=protected-access - polling=KeyVaultAsyncBackupClientPollingMethod( - lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs - ), - continuation_token=status_response, - **kwargs, - ) - - @overload - async def begin_pre_restore( - self, - folder_url: str, - *, - use_managed_identity: Literal[True], - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> AsyncLROPoller[KeyVaultRestoreOperation]: - ... - - @overload - async def begin_pre_restore( - self, - folder_url: str, - *, - sas_token: str, - continuation_token: Optional[str] = None, - **kwargs: Any, - ) -> AsyncLROPoller[KeyVaultRestoreOperation]: - ... - - @distributed_trace_async - async def begin_pre_restore( # pylint: disable=docstring-keyword-should-match-keyword-only - self, folder_url: str, **kwargs: Any - ) -> AsyncLROPoller[KeyVaultRestoreOperation]: - """Initiates a pre-restore check of whether a full Key Vault restore can be performed. - - A :class:`KeyVaultRestoreOperation` instance will be returned by the poller's `result()` method. If the - pre-restore check fails, the object will have a string `error` attribute. - - :param str folder_url: URL of the blob holding the backup. This would be the `folder_url` of a - :class:`KeyVaultBackupResult` returned by :func:`begin_backup`, for example - https://.blob.core.windows.net/backup/mhsm-account-2020090117323313 - - :keyword str sas_token: Optional Shared Access Signature (SAS) token to authorize access to the blob. Required - unless `use_managed_identity` is set to True. - :keyword use_managed_identity: Indicates which authentication method should be used. If set to True, Managed HSM - will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS - token has to be specified. - :paramtype use_managed_identity: bool - :keyword str continuation_token: A continuation token to restart polling from a saved state. - - :returns: An AsyncLROPoller. Call `result()` on this object to wait for the operation to complete and get a - :class:`KeyVaultRestoreOperation`. If the pre-restore check fails, the object will have a string `error` - attribute. - :rtype: ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.KeyVaultRestoreOperation] - """ - polling_interval: int = kwargs.pop("_polling_interval", 5) - continuation_token: Optional[str] = kwargs.pop("continuation_token", None) - use_managed_identity: bool = kwargs.pop("use_managed_identity", False) - sas_token: Optional[str] = kwargs.pop("sas_token", None) - - container_url, folder_name = parse_folder_url(folder_url) - sas_parameter: SASTokenParameter = SASTokenParameter( - storage_resource_uri=container_url, token=sas_token, use_managed_identity=use_managed_identity - ) - parameters: PreRestoreOperationParameters = PreRestoreOperationParameters( - folder_to_restore=folder_name, sas_token_parameters=sas_parameter - ) - status_response: Optional[str] = None - if continuation_token: - status_response = await self._use_continuation_token(continuation_token, self._client.restore_status) - - return await self._client.begin_pre_full_restore_operation( - pre_restore_operation_parameters=parameters, - cls=KeyVaultRestoreOperation._from_generated, # pylint: disable=protected-access - polling=KeyVaultAsyncBackupClientPollingMethod( - lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs - ), - continuation_token=status_response, - **kwargs, - ) - - async def __aenter__(self) -> "KeyVaultBackupClient": - await self._client.__aenter__() - return self diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_client.py similarity index 96% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/_client.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_client.py index ffa4b7267b39..5ec6bfd51c58 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_client.py @@ -26,12 +26,12 @@ class KeyVaultClient(KeyVaultClientOperationsMixin): """The key vault client performs cryptographic key operations and vault operations against the Key Vault service. - :ivar role_assignments: RoleAssignmentsOperations operations - :vartype role_assignments: - azure.keyvault.administration._generated.aio.operations.RoleAssignmentsOperations :ivar role_definitions: RoleDefinitionsOperations operations :vartype role_definitions: - azure.keyvault.administration._generated.aio.operations.RoleDefinitionsOperations + azure.keyvault.administration.aio.operations.RoleDefinitionsOperations + :ivar role_assignments: RoleAssignmentsOperations operations + :vartype role_assignments: + azure.keyvault.administration.aio.operations.RoleAssignmentsOperations :param vault_base_url: Required. :type vault_base_url: str :param credential: Credential used to authenticate requests to the service. Required. @@ -68,10 +68,10 @@ def __init__(self, vault_base_url: str, credential: "AsyncTokenCredential", **kw self._serialize = Serializer() self._deserialize = Deserializer() self._serialize.client_side_validation = False - self.role_assignments = RoleAssignmentsOperations( + self.role_definitions = RoleDefinitionsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.role_definitions = RoleDefinitionsOperations( + self.role_assignments = RoleAssignmentsOperations( self._client, self._config, self._serialize, self._deserialize ) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/_configuration.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_configuration.py similarity index 100% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/_configuration.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_configuration.py diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/models/_patch.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_patch.py similarity index 61% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/models/_patch.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_patch.py index f7dd32510333..8bcb627aa475 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/models/_patch.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_patch.py @@ -1,7 +1,8 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------- """Customize generated code here. Follow our quickstart for examples: https://aka.ms/azsdk/python/dpcodegen/python/customize diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_settings_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_settings_client.py deleted file mode 100644 index d1a96bb0bc66..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_settings_client.py +++ /dev/null @@ -1,90 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -from typing import Any - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async - -from .._generated.models import UpdateSettingRequest -from .._internal import AsyncKeyVaultClientBase -from .._models import KeyVaultSetting - - -class KeyVaultSettingsClient(AsyncKeyVaultClientBase): - """Provides methods to update, get, and list Managed HSM account settings. - - :param str vault_url: URL of the vault on which the client will operate. This is also called the vault's "DNS Name". - You should validate that this URL references a valid Key Vault or Managed HSM resource. - See https://aka.ms/azsdk/blog/vault-uri for details. - :param credential: An object which can provide an access token for the vault, such as a credential from - :mod:`azure.identity.aio` - :type credential: ~azure.core.credentials_async.AsyncTokenCredential - - :keyword api_version: Version of the service API to use. Defaults to the most recent. - :paramtype api_version: ~azure.keyvault.administration.ApiVersion or str - :keyword bool verify_challenge_resource: Whether to verify the authentication challenge resource matches the Key - Vault or Managed HSM domain. Defaults to True. - """ - # pylint:disable=protected-access - - @distributed_trace_async - async def get_setting(self, name: str, **kwargs: Any) -> KeyVaultSetting: - """Gets the setting with the specified name. - - :param str name: The name of the account setting. - - :returns: The account setting, as a :class:`~azure.keyvault.administration.KeyVaultSetting`. - :rtype: ~azure.keyvault.administration.KeyVaultSetting - :raises ~azure.core.exceptions.HttpResponseError: - """ - result = await self._client.get_setting(setting_name=name, **kwargs) - return KeyVaultSetting._from_generated(result) - - @distributed_trace - def list_settings(self, **kwargs: Any) -> AsyncItemPaged[KeyVaultSetting]: - """Lists all account settings. - - :returns: A paged object containing the account's settings. - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration.KeyVaultSetting] - :raises ~azure.core.exceptions.HttpResponseError: - """ - result = self._client.get_settings(*kwargs) - - # We don't actually get a paged response from the generated method, so we mock the typical iteration methods - async def get_next(_=None): - # There's only one page of results (the `get_settings` result), so we return the awaited result directly - return await result - - async def extract_data(pipeline_response): - # `pipeline_response` is the awaited `get_settings` result that we returned in `get_next` - converted_result = [KeyVaultSetting._from_generated(setting) for setting in pipeline_response.settings] - return None, AsyncList(converted_result) - - return AsyncItemPaged(get_next, extract_data) - - @distributed_trace_async - async def update_setting(self, setting: KeyVaultSetting, **kwargs: Any) -> KeyVaultSetting: - """Updates the named account setting with the provided value. - - :param setting: A azure.keyvault.administration.KeyVaultSetting to update. The account setting with - the provided name will be updated to have the provided value. - :type setting: ~azure.keyvault.administration.KeyVaultSetting - - :returns: The updated account setting, as a :class:`~azure.keyvault.administration.KeyVaultSetting`. - :rtype: ~azure.keyvault.administration.KeyVaultSetting - :raises ~azure.core.exceptions.HttpResponseError: - """ - parameters = UpdateSettingRequest(value=setting.value) - result = await self._client.update_setting( - setting_name=setting.name, - parameters=parameters, - **kwargs - ) - return KeyVaultSetting._from_generated(result) - - async def __aenter__(self) -> "KeyVaultSettingsClient": - await self._client.__aenter__() - return self diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/_vendor.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_vendor.py similarity index 100% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/_vendor.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_vendor.py diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/operations/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/operations/__init__.py similarity index 100% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/operations/__init__.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/operations/__init__.py index ce1e6279e287..2318933b2c83 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/operations/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/operations/__init__.py @@ -12,8 +12,8 @@ if TYPE_CHECKING: from ._patch import * # pylint: disable=unused-wildcard-import -from ._operations import RoleAssignmentsOperations # type: ignore from ._operations import RoleDefinitionsOperations # type: ignore +from ._operations import RoleAssignmentsOperations # type: ignore from ._operations import KeyVaultClientOperationsMixin # type: ignore from ._patch import __all__ as _patch_all @@ -21,8 +21,8 @@ from ._patch import patch_sdk as _patch_sdk __all__ = [ - "RoleAssignmentsOperations", "RoleDefinitionsOperations", + "RoleAssignmentsOperations", "KeyVaultClientOperationsMixin", ] __all__.extend([p for p in _patch_all if p not in __all__]) # pyright: ignore diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/operations/_operations.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/operations/_operations.py similarity index 95% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/operations/_operations.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/operations/_operations.py index 677a279e17aa..9e3ea9630524 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/operations/_operations.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/operations/_operations.py @@ -1,4 +1,4 @@ -# pylint: disable=too-many-lines +# pylint: disable=line-too-long,useless-suppression,too-many-lines # coding=utf-8 # -------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. @@ -69,14 +69,14 @@ ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class RoleAssignmentsOperations: +class RoleDefinitionsOperations: """ .. warning:: **DO NOT** instantiate this class directly. Instead, you should access the following operations through - :class:`~azure.keyvault.administration._generated.aio.KeyVaultClient`'s - :attr:`role_assignments` attribute. + :class:`~azure.keyvault.administration.aio.KeyVaultClient`'s + :attr:`role_definitions` attribute. """ def __init__(self, *args, **kwargs) -> None: @@ -87,15 +87,16 @@ def __init__(self, *args, **kwargs) -> None: self._deserialize: Deserializer = input_args.pop(0) if input_args else kwargs.pop("deserializer") @distributed_trace_async - async def delete(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.RoleAssignment: - """Deletes a role assignment. + async def delete(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.RoleDefinition: + """Deletes a custom role definition. - :param scope: The scope of the role assignment to delete. Required. + :param scope: The scope of the role definition to delete. Managed HSM only supports '/'. + Required. :type scope: str - :param role_assignment_name: The name of the role assignment to delete. Required. - :type role_assignment_name: str - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :param role_definition_name: The name (GUID) of the role definition to delete. Required. + :type role_definition_name: str + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -109,11 +110,11 @@ async def delete(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) - _request = build_role_assignments_delete_request( + _request = build_role_definitions_delete_request( scope=scope, - role_assignment_name=role_assignment_name, + role_definition_name=role_definition_name, api_version=self._config.api_version, headers=_headers, params=_params, @@ -145,7 +146,7 @@ async def delete(self, scope: str, role_assignment_name: str, **kwargs: Any) -> if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleAssignment, response.json()) + deserialized = _deserialize(_models.RoleDefinition, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -153,107 +154,111 @@ async def delete(self, scope: str, role_assignment_name: str, **kwargs: Any) -> return deserialized # type: ignore @overload - async def create( + async def create_or_update( self, scope: str, - role_assignment_name: str, - parameters: _models.RoleAssignmentCreateParameters, + role_definition_name: str, + parameters: _models.RoleDefinitionCreateParameters, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleAssignment: - """Creates a role assignment. + ) -> _models.RoleDefinition: + """Creates or updates a custom role definition. - :param scope: The scope of the role assignment to create. Required. + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. Required. :type scope: str - :param role_assignment_name: The name of the role assignment to create. It can be any valid - GUID. Required. - :type role_assignment_name: str - :param parameters: Parameters for the role assignment. Required. - :type parameters: ~azure.keyvault.administration._generated.models.RoleAssignmentCreateParameters + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. Required. + :type role_definition_name: str + :param parameters: Parameters for the role definition. Required. + :type parameters: ~azure.keyvault.administration.models.RoleDefinitionCreateParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ @overload - async def create( + async def create_or_update( self, scope: str, - role_assignment_name: str, + role_definition_name: str, parameters: JSON, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleAssignment: - """Creates a role assignment. + ) -> _models.RoleDefinition: + """Creates or updates a custom role definition. - :param scope: The scope of the role assignment to create. Required. + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. Required. :type scope: str - :param role_assignment_name: The name of the role assignment to create. It can be any valid - GUID. Required. - :type role_assignment_name: str - :param parameters: Parameters for the role assignment. Required. + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. Required. + :type role_definition_name: str + :param parameters: Parameters for the role definition. Required. :type parameters: JSON :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ @overload - async def create( + async def create_or_update( self, scope: str, - role_assignment_name: str, + role_definition_name: str, parameters: IO[bytes], *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleAssignment: - """Creates a role assignment. + ) -> _models.RoleDefinition: + """Creates or updates a custom role definition. - :param scope: The scope of the role assignment to create. Required. + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. Required. :type scope: str - :param role_assignment_name: The name of the role assignment to create. It can be any valid - GUID. Required. - :type role_assignment_name: str - :param parameters: Parameters for the role assignment. Required. + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. Required. + :type role_definition_name: str + :param parameters: Parameters for the role definition. Required. :type parameters: IO[bytes] :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace_async - async def create( + async def create_or_update( self, scope: str, - role_assignment_name: str, - parameters: Union[_models.RoleAssignmentCreateParameters, JSON, IO[bytes]], + role_definition_name: str, + parameters: Union[_models.RoleDefinitionCreateParameters, JSON, IO[bytes]], **kwargs: Any - ) -> _models.RoleAssignment: - """Creates a role assignment. + ) -> _models.RoleDefinition: + """Creates or updates a custom role definition. - :param scope: The scope of the role assignment to create. Required. + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. Required. :type scope: str - :param role_assignment_name: The name of the role assignment to create. It can be any valid - GUID. Required. - :type role_assignment_name: str - :param parameters: Parameters for the role assignment. Is one of the following types: - RoleAssignmentCreateParameters, JSON, IO[bytes] Required. - :type parameters: ~azure.keyvault.administration._generated.models.RoleAssignmentCreateParameters or JSON + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. Required. + :type role_definition_name: str + :param parameters: Parameters for the role definition. Is one of the following types: + RoleDefinitionCreateParameters, JSON, IO[bytes] Required. + :type parameters: ~azure.keyvault.administration.models.RoleDefinitionCreateParameters or JSON or IO[bytes] - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -268,7 +273,7 @@ async def create( _params = kwargs.pop("params", {}) or {} content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) content_type = content_type or "application/json" _content = None @@ -277,9 +282,9 @@ async def create( else: _content = json.dumps(parameters, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore - _request = build_role_assignments_create_request( + _request = build_role_definitions_create_or_update_request( scope=scope, - role_assignment_name=role_assignment_name, + role_definition_name=role_definition_name, content_type=content_type, api_version=self._config.api_version, content=_content, @@ -313,7 +318,7 @@ async def create( if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleAssignment, response.json()) + deserialized = _deserialize(_models.RoleDefinition, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -321,15 +326,15 @@ async def create( return deserialized # type: ignore @distributed_trace_async - async def get(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.RoleAssignment: - """Get the specified role assignment. + async def get(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.RoleDefinition: + """Get the specified role definition. - :param scope: The scope of the role assignment. Required. + :param scope: The scope of the role definition to get. Managed HSM only supports '/'. Required. :type scope: str - :param role_assignment_name: The name of the role assignment to get. Required. - :type role_assignment_name: str - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :param role_definition_name: The name of the role definition to get. Required. + :type role_definition_name: str + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -343,11 +348,11 @@ async def get(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _mo _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) - _request = build_role_assignments_get_request( + _request = build_role_definitions_get_request( scope=scope, - role_assignment_name=role_assignment_name, + role_definition_name=role_definition_name, api_version=self._config.api_version, headers=_headers, params=_params, @@ -379,7 +384,7 @@ async def get(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _mo if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleAssignment, response.json()) + deserialized = _deserialize(_models.RoleDefinition, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -387,26 +392,25 @@ async def get(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _mo return deserialized # type: ignore @distributed_trace - def list_for_scope( + def list( self, scope: str, *, filter: Optional[str] = None, **kwargs: Any - ) -> AsyncIterable["_models.RoleAssignment"]: - """Gets role assignments for a scope. + ) -> AsyncIterable["_models.RoleDefinition"]: + """Get all role definitions that are applicable at scope and above. - :param scope: The scope of the role assignments. Required. + :param scope: The scope of the role definition. Required. :type scope: str - :keyword filter: The filter to apply on the operation. Use $filter=atScope() to return all role - assignments at or above the scope. Use $filter=principalId eq {id} to return all role - assignments at, above or below the scope for the specified principal. Default value is None. + :keyword filter: The filter to apply on the operation. Use atScopeAndBelow filter to search + below the given scope as well. Default value is None. :paramtype filter: str - :return: An iterator like instance of RoleAssignment + :return: An iterator like instance of RoleDefinition :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration._generated.models.RoleAssignment] + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration.models.RoleDefinition] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[List[_models.RoleAssignment]] = kwargs.pop("cls", None) + cls: ClsType[List[_models.RoleDefinition]] = kwargs.pop("cls", None) error_map: MutableMapping = { 401: ClientAuthenticationError, @@ -419,7 +423,7 @@ def list_for_scope( def prepare_request(next_link=None): if not next_link: - _request = build_role_assignments_list_for_scope_request( + _request = build_role_definitions_list_request( scope=scope, filter=filter, api_version=self._config.api_version, @@ -457,7 +461,7 @@ def prepare_request(next_link=None): async def extract_data(pipeline_response): deserialized = pipeline_response.http_response.json() - list_of_elem = _deserialize(List[_models.RoleAssignment], deserialized["value"]) + list_of_elem = _deserialize(List[_models.RoleDefinition], deserialized.get("value", [])) if cls: list_of_elem = cls(list_of_elem) # type: ignore return deserialized.get("nextLink") or None, AsyncList(list_of_elem) @@ -481,14 +485,14 @@ async def get_next(next_link=None): return AsyncItemPaged(get_next, extract_data) -class RoleDefinitionsOperations: +class RoleAssignmentsOperations: """ .. warning:: **DO NOT** instantiate this class directly. Instead, you should access the following operations through - :class:`~azure.keyvault.administration._generated.aio.KeyVaultClient`'s - :attr:`role_definitions` attribute. + :class:`~azure.keyvault.administration.aio.KeyVaultClient`'s + :attr:`role_assignments` attribute. """ def __init__(self, *args, **kwargs) -> None: @@ -499,16 +503,15 @@ def __init__(self, *args, **kwargs) -> None: self._deserialize: Deserializer = input_args.pop(0) if input_args else kwargs.pop("deserializer") @distributed_trace_async - async def delete(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.RoleDefinition: - """Deletes a custom role definition. + async def delete(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.RoleAssignment: + """Deletes a role assignment. - :param scope: The scope of the role definition to delete. Managed HSM only supports '/'. - Required. + :param scope: The scope of the role assignment to delete. Required. :type scope: str - :param role_definition_name: The name (GUID) of the role definition to delete. Required. - :type role_definition_name: str - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :param role_assignment_name: The name of the role assignment to delete. Required. + :type role_assignment_name: str + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -522,11 +525,11 @@ async def delete(self, scope: str, role_definition_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) - _request = build_role_definitions_delete_request( + _request = build_role_assignments_delete_request( scope=scope, - role_definition_name=role_definition_name, + role_assignment_name=role_assignment_name, api_version=self._config.api_version, headers=_headers, params=_params, @@ -558,7 +561,7 @@ async def delete(self, scope: str, role_definition_name: str, **kwargs: Any) -> if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleDefinition, response.json()) + deserialized = _deserialize(_models.RoleAssignment, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -566,111 +569,107 @@ async def delete(self, scope: str, role_definition_name: str, **kwargs: Any) -> return deserialized # type: ignore @overload - async def create_or_update( + async def create( self, scope: str, - role_definition_name: str, - parameters: _models.RoleDefinitionCreateParameters, + role_assignment_name: str, + parameters: _models.RoleAssignmentCreateParameters, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleDefinition: - """Creates or updates a custom role definition. + ) -> _models.RoleAssignment: + """Creates a role assignment. - :param scope: The scope of the role definition to create or update. Managed HSM only supports - '/'. Required. + :param scope: The scope of the role assignment to create. Required. :type scope: str - :param role_definition_name: The name of the role definition to create or update. It can be any - valid GUID. Required. - :type role_definition_name: str - :param parameters: Parameters for the role definition. Required. - :type parameters: ~azure.keyvault.administration._generated.models.RoleDefinitionCreateParameters + :param role_assignment_name: The name of the role assignment to create. It can be any valid + GUID. Required. + :type role_assignment_name: str + :param parameters: Parameters for the role assignment. Required. + :type parameters: ~azure.keyvault.administration.models.RoleAssignmentCreateParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ @overload - async def create_or_update( + async def create( self, scope: str, - role_definition_name: str, + role_assignment_name: str, parameters: JSON, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleDefinition: - """Creates or updates a custom role definition. + ) -> _models.RoleAssignment: + """Creates a role assignment. - :param scope: The scope of the role definition to create or update. Managed HSM only supports - '/'. Required. + :param scope: The scope of the role assignment to create. Required. :type scope: str - :param role_definition_name: The name of the role definition to create or update. It can be any - valid GUID. Required. - :type role_definition_name: str - :param parameters: Parameters for the role definition. Required. + :param role_assignment_name: The name of the role assignment to create. It can be any valid + GUID. Required. + :type role_assignment_name: str + :param parameters: Parameters for the role assignment. Required. :type parameters: JSON :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ @overload - async def create_or_update( + async def create( self, scope: str, - role_definition_name: str, + role_assignment_name: str, parameters: IO[bytes], *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleDefinition: - """Creates or updates a custom role definition. + ) -> _models.RoleAssignment: + """Creates a role assignment. - :param scope: The scope of the role definition to create or update. Managed HSM only supports - '/'. Required. + :param scope: The scope of the role assignment to create. Required. :type scope: str - :param role_definition_name: The name of the role definition to create or update. It can be any - valid GUID. Required. - :type role_definition_name: str - :param parameters: Parameters for the role definition. Required. + :param role_assignment_name: The name of the role assignment to create. It can be any valid + GUID. Required. + :type role_assignment_name: str + :param parameters: Parameters for the role assignment. Required. :type parameters: IO[bytes] :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace_async - async def create_or_update( + async def create( self, scope: str, - role_definition_name: str, - parameters: Union[_models.RoleDefinitionCreateParameters, JSON, IO[bytes]], + role_assignment_name: str, + parameters: Union[_models.RoleAssignmentCreateParameters, JSON, IO[bytes]], **kwargs: Any - ) -> _models.RoleDefinition: - """Creates or updates a custom role definition. + ) -> _models.RoleAssignment: + """Creates a role assignment. - :param scope: The scope of the role definition to create or update. Managed HSM only supports - '/'. Required. + :param scope: The scope of the role assignment to create. Required. :type scope: str - :param role_definition_name: The name of the role definition to create or update. It can be any - valid GUID. Required. - :type role_definition_name: str - :param parameters: Parameters for the role definition. Is one of the following types: - RoleDefinitionCreateParameters, JSON, IO[bytes] Required. - :type parameters: ~azure.keyvault.administration._generated.models.RoleDefinitionCreateParameters or JSON + :param role_assignment_name: The name of the role assignment to create. It can be any valid + GUID. Required. + :type role_assignment_name: str + :param parameters: Parameters for the role assignment. Is one of the following types: + RoleAssignmentCreateParameters, JSON, IO[bytes] Required. + :type parameters: ~azure.keyvault.administration.models.RoleAssignmentCreateParameters or JSON or IO[bytes] - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -685,7 +684,7 @@ async def create_or_update( _params = kwargs.pop("params", {}) or {} content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) content_type = content_type or "application/json" _content = None @@ -694,9 +693,9 @@ async def create_or_update( else: _content = json.dumps(parameters, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore - _request = build_role_definitions_create_or_update_request( + _request = build_role_assignments_create_request( scope=scope, - role_definition_name=role_definition_name, + role_assignment_name=role_assignment_name, content_type=content_type, api_version=self._config.api_version, content=_content, @@ -730,7 +729,7 @@ async def create_or_update( if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleDefinition, response.json()) + deserialized = _deserialize(_models.RoleAssignment, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -738,15 +737,15 @@ async def create_or_update( return deserialized # type: ignore @distributed_trace_async - async def get(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.RoleDefinition: - """Get the specified role definition. + async def get(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.RoleAssignment: + """Get the specified role assignment. - :param scope: The scope of the role definition to get. Managed HSM only supports '/'. Required. + :param scope: The scope of the role assignment. Required. :type scope: str - :param role_definition_name: The name of the role definition to get. Required. - :type role_definition_name: str - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :param role_assignment_name: The name of the role assignment to get. Required. + :type role_assignment_name: str + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -760,11 +759,11 @@ async def get(self, scope: str, role_definition_name: str, **kwargs: Any) -> _mo _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) - _request = build_role_definitions_get_request( + _request = build_role_assignments_get_request( scope=scope, - role_definition_name=role_definition_name, + role_assignment_name=role_assignment_name, api_version=self._config.api_version, headers=_headers, params=_params, @@ -796,7 +795,7 @@ async def get(self, scope: str, role_definition_name: str, **kwargs: Any) -> _mo if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleDefinition, response.json()) + deserialized = _deserialize(_models.RoleAssignment, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -804,25 +803,26 @@ async def get(self, scope: str, role_definition_name: str, **kwargs: Any) -> _mo return deserialized # type: ignore @distributed_trace - def list( + def list_for_scope( self, scope: str, *, filter: Optional[str] = None, **kwargs: Any - ) -> AsyncIterable["_models.RoleDefinition"]: - """Get all role definitions that are applicable at scope and above. + ) -> AsyncIterable["_models.RoleAssignment"]: + """Gets role assignments for a scope. - :param scope: The scope of the role definition. Required. + :param scope: The scope of the role assignments. Required. :type scope: str - :keyword filter: The filter to apply on the operation. Use atScopeAndBelow filter to search - below the given scope as well. Default value is None. + :keyword filter: The filter to apply on the operation. Use $filter=atScope() to return all role + assignments at or above the scope. Use $filter=principalId eq {id} to return all role + assignments at, above or below the scope for the specified principal. Default value is None. :paramtype filter: str - :return: An iterator like instance of RoleDefinition + :return: An iterator like instance of RoleAssignment :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration._generated.models.RoleDefinition] + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.administration.models.RoleAssignment] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[List[_models.RoleDefinition]] = kwargs.pop("cls", None) + cls: ClsType[List[_models.RoleAssignment]] = kwargs.pop("cls", None) error_map: MutableMapping = { 401: ClientAuthenticationError, @@ -835,7 +835,7 @@ def list( def prepare_request(next_link=None): if not next_link: - _request = build_role_definitions_list_request( + _request = build_role_assignments_list_for_scope_request( scope=scope, filter=filter, api_version=self._config.api_version, @@ -873,7 +873,7 @@ def prepare_request(next_link=None): async def extract_data(pipeline_response): deserialized = pipeline_response.http_response.json() - list_of_elem = _deserialize(List[_models.RoleDefinition], deserialized["value"]) + list_of_elem = _deserialize(List[_models.RoleAssignment], deserialized.get("value", [])) if cls: list_of_elem = cls(list_of_elem) # type: ignore return deserialized.get("nextLink") or None, AsyncList(list_of_elem) @@ -906,7 +906,7 @@ async def full_backup_status(self, job_id: str, **kwargs: Any) -> _models.FullBa :param job_id: The id returned as part of the backup request. Required. :type job_id: str :return: FullBackupOperation. The FullBackupOperation is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.FullBackupOperation + :rtype: ~azure.keyvault.administration.models.FullBackupOperation :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -1042,14 +1042,14 @@ async def begin_full_backup( :param azure_storage_blob_container_uri: Azure blob shared access signature token pointing to a valid Azure blob container where full backup needs to be stored. This token needs to be valid for at least next 24 hours from the time of making this call. Required. - :type azure_storage_blob_container_uri: ~azure.keyvault.administration._generated.models.SASTokenParameter + :type azure_storage_blob_container_uri: ~azure.keyvault.administration.models.SASTokenParameter :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of AsyncLROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1069,7 +1069,7 @@ async def begin_full_backup( :return: An instance of AsyncLROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1089,7 +1089,7 @@ async def begin_full_backup( :return: An instance of AsyncLROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1103,12 +1103,12 @@ async def begin_full_backup( valid Azure blob container where full backup needs to be stored. This token needs to be valid for at least next 24 hours from the time of making this call. Is one of the following types: SASTokenParameter, JSON, IO[bytes] Required. - :type azure_storage_blob_container_uri: ~azure.keyvault.administration._generated.models.SASTokenParameter + :type azure_storage_blob_container_uri: ~azure.keyvault.administration.models.SASTokenParameter or JSON or IO[bytes] :return: An instance of AsyncLROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) @@ -1256,14 +1256,14 @@ async def begin_pre_full_backup( :param pre_backup_operation_parameters: Optional parameters to validate prior to performing a full backup operation. Required. :type pre_backup_operation_parameters: - ~azure.keyvault.administration._generated.models.PreBackupOperationParameters + ~azure.keyvault.administration.models.PreBackupOperationParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of AsyncLROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1282,7 +1282,7 @@ async def begin_pre_full_backup( :return: An instance of AsyncLROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1301,7 +1301,7 @@ async def begin_pre_full_backup( :return: An instance of AsyncLROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1321,11 +1321,11 @@ async def begin_pre_full_backup( full backup operation. Is one of the following types: PreBackupOperationParameters, JSON, IO[bytes] Required. :type pre_backup_operation_parameters: - ~azure.keyvault.administration._generated.models.PreBackupOperationParameters or JSON or IO[bytes] + ~azure.keyvault.administration.models.PreBackupOperationParameters or JSON or IO[bytes] :return: An instance of AsyncLROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) @@ -1394,7 +1394,7 @@ async def restore_status(self, job_id: str, **kwargs: Any) -> _models.RestoreOpe :param job_id: The Job Id returned part of the restore operation. Required. :type job_id: str :return: RestoreOperation. The RestoreOperation is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RestoreOperation + :rtype: ~azure.keyvault.administration.models.RestoreOperation :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -1450,14 +1450,8 @@ async def restore_status(self, job_id: str, **kwargs: Any) -> _models.RestoreOpe return deserialized # type: ignore - @api_version_validation( - method_added_on="7.6-preview.2", - params_added_on={"7.6-preview.2": ["api_version", "content_type", "accept"]}, - ) - async def _pre_full_restore_operation_initial( - self, - pre_restore_operation_parameters: Union[_models.PreRestoreOperationParameters, JSON, IO[bytes]], - **kwargs: Any + async def _full_restore_operation_initial( + self, restore_blob_details: Union[_models.RestoreOperationParameters, JSON, IO[bytes]], **kwargs: Any ) -> AsyncIterator[bytes]: error_map: MutableMapping = { 401: ClientAuthenticationError, @@ -1475,12 +1469,12 @@ async def _pre_full_restore_operation_initial( content_type = content_type or "application/json" _content = None - if isinstance(pre_restore_operation_parameters, (IOBase, bytes)): - _content = pre_restore_operation_parameters + if isinstance(restore_blob_details, (IOBase, bytes)): + _content = restore_blob_details else: - _content = json.dumps(pre_restore_operation_parameters, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore + _content = json.dumps(restore_blob_details, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore - _request = build_key_vault_pre_full_restore_operation_request( + _request = build_key_vault_full_restore_operation_request( content_type=content_type, api_version=self._config.api_version, content=_content, @@ -1524,88 +1518,85 @@ async def _pre_full_restore_operation_initial( return deserialized # type: ignore @overload - async def begin_pre_full_restore_operation( + async def begin_full_restore_operation( self, - pre_restore_operation_parameters: _models.PreRestoreOperationParameters, + restore_blob_details: _models.RestoreOperationParameters, *, content_type: str = "application/json", **kwargs: Any ) -> AsyncLROPoller[_models.RestoreOperation]: - """Pre-restore operation for checking whether the customer can perform a full restore operation. + """Restores all key materials using the SAS token pointing to a previously stored Azure Blob + storage backup folder. - :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to - performing a full restore operation. Required. - :type pre_restore_operation_parameters: - ~azure.keyvault.administration._generated.models.PreRestoreOperationParameters + :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous + successful full backup was stored. Required. + :type restore_blob_details: ~azure.keyvault.administration.models.RestoreOperationParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of AsyncLROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @overload - async def begin_pre_full_restore_operation( - self, pre_restore_operation_parameters: JSON, *, content_type: str = "application/json", **kwargs: Any + async def begin_full_restore_operation( + self, restore_blob_details: JSON, *, content_type: str = "application/json", **kwargs: Any ) -> AsyncLROPoller[_models.RestoreOperation]: - """Pre-restore operation for checking whether the customer can perform a full restore operation. + """Restores all key materials using the SAS token pointing to a previously stored Azure Blob + storage backup folder. - :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to - performing a full restore operation. Required. - :type pre_restore_operation_parameters: JSON + :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous + successful full backup was stored. Required. + :type restore_blob_details: JSON :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of AsyncLROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @overload - async def begin_pre_full_restore_operation( - self, pre_restore_operation_parameters: IO[bytes], *, content_type: str = "application/json", **kwargs: Any + async def begin_full_restore_operation( + self, restore_blob_details: IO[bytes], *, content_type: str = "application/json", **kwargs: Any ) -> AsyncLROPoller[_models.RestoreOperation]: - """Pre-restore operation for checking whether the customer can perform a full restore operation. + """Restores all key materials using the SAS token pointing to a previously stored Azure Blob + storage backup folder. - :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to - performing a full restore operation. Required. - :type pre_restore_operation_parameters: IO[bytes] + :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous + successful full backup was stored. Required. + :type restore_blob_details: IO[bytes] :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str :return: An instance of AsyncLROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace_async - @api_version_validation( - method_added_on="7.6-preview.2", - params_added_on={"7.6-preview.2": ["api_version", "content_type", "accept"]}, - ) - async def begin_pre_full_restore_operation( - self, - pre_restore_operation_parameters: Union[_models.PreRestoreOperationParameters, JSON, IO[bytes]], - **kwargs: Any + async def begin_full_restore_operation( + self, restore_blob_details: Union[_models.RestoreOperationParameters, JSON, IO[bytes]], **kwargs: Any ) -> AsyncLROPoller[_models.RestoreOperation]: - """Pre-restore operation for checking whether the customer can perform a full restore operation. + """Restores all key materials using the SAS token pointing to a previously stored Azure Blob + storage backup folder. - :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to - performing a full restore operation. Is one of the following types: - PreRestoreOperationParameters, JSON, IO[bytes] Required. - :type pre_restore_operation_parameters: - ~azure.keyvault.administration._generated.models.PreRestoreOperationParameters or JSON or IO[bytes] + :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous + successful full backup was stored. Is one of the following types: RestoreOperationParameters, + JSON, IO[bytes] Required. + :type restore_blob_details: ~azure.keyvault.administration.models.RestoreOperationParameters or + JSON or IO[bytes] :return: An instance of AsyncLROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) @@ -1617,8 +1608,8 @@ async def begin_pre_full_restore_operation( lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) cont_token: Optional[str] = kwargs.pop("continuation_token", None) if cont_token is None: - raw_result = await self._pre_full_restore_operation_initial( - pre_restore_operation_parameters=pre_restore_operation_parameters, + raw_result = await self._full_restore_operation_initial( + restore_blob_details=restore_blob_details, content_type=content_type, cls=lambda x, y, z: x, headers=_headers, @@ -1667,8 +1658,14 @@ def get_long_running_output(pipeline_response): self._client, raw_result, get_long_running_output, polling_method # type: ignore ) - async def _full_restore_operation_initial( - self, restore_blob_details: Union[_models.RestoreOperationParameters, JSON, IO[bytes]], **kwargs: Any + @api_version_validation( + method_added_on="7.6-preview.2", + params_added_on={"7.6-preview.2": ["api_version", "content_type", "accept"]}, + ) + async def _pre_full_restore_operation_initial( + self, + pre_restore_operation_parameters: Union[_models.PreRestoreOperationParameters, JSON, IO[bytes]], + **kwargs: Any ) -> AsyncIterator[bytes]: error_map: MutableMapping = { 401: ClientAuthenticationError, @@ -1686,12 +1683,12 @@ async def _full_restore_operation_initial( content_type = content_type or "application/json" _content = None - if isinstance(restore_blob_details, (IOBase, bytes)): - _content = restore_blob_details + if isinstance(pre_restore_operation_parameters, (IOBase, bytes)): + _content = pre_restore_operation_parameters else: - _content = json.dumps(restore_blob_details, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore + _content = json.dumps(pre_restore_operation_parameters, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore - _request = build_key_vault_full_restore_operation_request( + _request = build_key_vault_pre_full_restore_operation_request( content_type=content_type, api_version=self._config.api_version, content=_content, @@ -1735,85 +1732,88 @@ async def _full_restore_operation_initial( return deserialized # type: ignore @overload - async def begin_full_restore_operation( + async def begin_pre_full_restore_operation( self, - restore_blob_details: _models.RestoreOperationParameters, + pre_restore_operation_parameters: _models.PreRestoreOperationParameters, *, content_type: str = "application/json", **kwargs: Any ) -> AsyncLROPoller[_models.RestoreOperation]: - """Restores all key materials using the SAS token pointing to a previously stored Azure Blob - storage backup folder. + """Pre-restore operation for checking whether the customer can perform a full restore operation. - :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous - successful full backup was stored. Required. - :type restore_blob_details: ~azure.keyvault.administration._generated.models.RestoreOperationParameters + :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to + performing a full restore operation. Required. + :type pre_restore_operation_parameters: + ~azure.keyvault.administration.models.PreRestoreOperationParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of AsyncLROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @overload - async def begin_full_restore_operation( - self, restore_blob_details: JSON, *, content_type: str = "application/json", **kwargs: Any + async def begin_pre_full_restore_operation( + self, pre_restore_operation_parameters: JSON, *, content_type: str = "application/json", **kwargs: Any ) -> AsyncLROPoller[_models.RestoreOperation]: - """Restores all key materials using the SAS token pointing to a previously stored Azure Blob - storage backup folder. + """Pre-restore operation for checking whether the customer can perform a full restore operation. - :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous - successful full backup was stored. Required. - :type restore_blob_details: JSON + :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to + performing a full restore operation. Required. + :type pre_restore_operation_parameters: JSON :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of AsyncLROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @overload - async def begin_full_restore_operation( - self, restore_blob_details: IO[bytes], *, content_type: str = "application/json", **kwargs: Any + async def begin_pre_full_restore_operation( + self, pre_restore_operation_parameters: IO[bytes], *, content_type: str = "application/json", **kwargs: Any ) -> AsyncLROPoller[_models.RestoreOperation]: - """Restores all key materials using the SAS token pointing to a previously stored Azure Blob - storage backup folder. + """Pre-restore operation for checking whether the customer can perform a full restore operation. - :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous - successful full backup was stored. Required. - :type restore_blob_details: IO[bytes] + :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to + performing a full restore operation. Required. + :type pre_restore_operation_parameters: IO[bytes] :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str :return: An instance of AsyncLROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace_async - async def begin_full_restore_operation( - self, restore_blob_details: Union[_models.RestoreOperationParameters, JSON, IO[bytes]], **kwargs: Any + @api_version_validation( + method_added_on="7.6-preview.2", + params_added_on={"7.6-preview.2": ["api_version", "content_type", "accept"]}, + ) + async def begin_pre_full_restore_operation( + self, + pre_restore_operation_parameters: Union[_models.PreRestoreOperationParameters, JSON, IO[bytes]], + **kwargs: Any ) -> AsyncLROPoller[_models.RestoreOperation]: - """Restores all key materials using the SAS token pointing to a previously stored Azure Blob - storage backup folder. + """Pre-restore operation for checking whether the customer can perform a full restore operation. - :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous - successful full backup was stored. Is one of the following types: RestoreOperationParameters, - JSON, IO[bytes] Required. - :type restore_blob_details: ~azure.keyvault.administration._generated.models.RestoreOperationParameters or - JSON or IO[bytes] + :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to + performing a full restore operation. Is one of the following types: + PreRestoreOperationParameters, JSON, IO[bytes] Required. + :type pre_restore_operation_parameters: + ~azure.keyvault.administration.models.PreRestoreOperationParameters or JSON or IO[bytes] :return: An instance of AsyncLROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) @@ -1825,8 +1825,8 @@ async def begin_full_restore_operation( lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) cont_token: Optional[str] = kwargs.pop("continuation_token", None) if cont_token is None: - raw_result = await self._full_restore_operation_initial( - restore_blob_details=restore_blob_details, + raw_result = await self._pre_full_restore_operation_initial( + pre_restore_operation_parameters=pre_restore_operation_parameters, content_type=content_type, cls=lambda x, y, z: x, headers=_headers, @@ -1883,7 +1883,7 @@ async def selective_key_restore_status(self, job_id: str, **kwargs: Any) -> _mod :type job_id: str :return: SelectiveKeyRestoreOperation. The SelectiveKeyRestoreOperation is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperation + :rtype: ~azure.keyvault.administration.models.SelectiveKeyRestoreOperation :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -2027,14 +2027,14 @@ async def begin_selective_key_restore_operation( :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous successful full backup was stored. Required. :type restore_blob_details: - ~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperationParameters + ~azure.keyvault.administration.models.SelectiveKeyRestoreOperationParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of AsyncLROPoller that returns SelectiveKeyRestoreOperation. The SelectiveKeyRestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.SelectiveKeyRestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2056,7 +2056,7 @@ async def begin_selective_key_restore_operation( :return: An instance of AsyncLROPoller that returns SelectiveKeyRestoreOperation. The SelectiveKeyRestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.SelectiveKeyRestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2078,7 +2078,7 @@ async def begin_selective_key_restore_operation( :return: An instance of AsyncLROPoller that returns SelectiveKeyRestoreOperation. The SelectiveKeyRestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.SelectiveKeyRestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2098,12 +2098,12 @@ async def begin_selective_key_restore_operation( successful full backup was stored. Is one of the following types: SelectiveKeyRestoreOperationParameters, JSON, IO[bytes] Required. :type restore_blob_details: - ~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperationParameters or JSON or + ~azure.keyvault.administration.models.SelectiveKeyRestoreOperationParameters or JSON or IO[bytes] :return: An instance of AsyncLROPoller that returns SelectiveKeyRestoreOperation. The SelectiveKeyRestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperation] + ~azure.core.polling.AsyncLROPoller[~azure.keyvault.administration.models.SelectiveKeyRestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) @@ -2184,12 +2184,12 @@ async def update_setting( Required. :type setting_name: str :param parameters: The parameters to update an account setting. Required. - :type parameters: ~azure.keyvault.administration._generated.models.UpdateSettingRequest + :type parameters: ~azure.keyvault.administration.models.UpdateSettingRequest :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: Setting. The Setting is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.Setting + :rtype: ~azure.keyvault.administration.models.Setting :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2211,7 +2211,7 @@ async def update_setting( Default value is "application/json". :paramtype content_type: str :return: Setting. The Setting is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.Setting + :rtype: ~azure.keyvault.administration.models.Setting :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2233,7 +2233,7 @@ async def update_setting( Default value is "application/json". :paramtype content_type: str :return: Setting. The Setting is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.Setting + :rtype: ~azure.keyvault.administration.models.Setting :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2251,10 +2251,10 @@ async def update_setting( :type setting_name: str :param parameters: The parameters to update an account setting. Is one of the following types: UpdateSettingRequest, JSON, IO[bytes] Required. - :type parameters: ~azure.keyvault.administration._generated.models.UpdateSettingRequest or JSON or + :type parameters: ~azure.keyvault.administration.models.UpdateSettingRequest or JSON or IO[bytes] :return: Setting. The Setting is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.Setting + :rtype: ~azure.keyvault.administration.models.Setting :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -2330,7 +2330,7 @@ async def get_setting(self, setting_name: str, **kwargs: Any) -> _models.Setting Required. :type setting_name: str :return: Setting. The Setting is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.Setting + :rtype: ~azure.keyvault.administration.models.Setting :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -2393,7 +2393,7 @@ async def get_settings(self, **kwargs: Any) -> _models.SettingsListResult: Retrieves a list of all the available account settings that can be configured. :return: SettingsListResult. The SettingsListResult is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.SettingsListResult + :rtype: ~azure.keyvault.administration.models.SettingsListResult :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/operations/_patch.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/operations/_patch.py similarity index 61% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/operations/_patch.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/operations/_patch.py index f7dd32510333..8bcb627aa475 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/operations/_patch.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/operations/_patch.py @@ -1,7 +1,8 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------- """Customize generated code here. Follow our quickstart for examples: https://aka.ms/azsdk/python/dpcodegen/python/customize diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/models/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/models/__init__.py similarity index 100% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/models/__init__.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/models/__init__.py diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/models/_enums.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/models/_enums.py similarity index 100% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/models/_enums.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/models/_enums.py diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/models/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/models/_models.py similarity index 77% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/models/_models.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/models/_models.py index 33541ee05f75..a94ff61d182f 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/models/_models.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/models/_models.py @@ -22,11 +22,11 @@ class FullBackupOperation(_model_base.Model): :ivar status: Status of the backup operation. Known values are: "InProgress", "Succeeded", "Canceled", and "Failed". - :vartype status: str or ~azure.keyvault.administration._generated.models.OperationStatus + :vartype status: str or ~azure.keyvault.administration.models.OperationStatus :ivar status_details: The status details of backup operation. :vartype status_details: str :ivar error: Error encountered, if any, during the full backup operation. - :vartype error: ~azure.keyvault.administration._generated.models.FullBackupOperationError + :vartype error: ~azure.keyvault.administration.models.FullBackupOperationError :ivar start_time: The start time of the backup operation in UTC. :vartype start_time: ~datetime.datetime :ivar end_time: The end time of the backup operation in UTC. @@ -38,20 +38,32 @@ class FullBackupOperation(_model_base.Model): :vartype azure_storage_blob_container_uri: str """ - status: Optional[Union[str, "_models.OperationStatus"]] = rest_field() + status: Optional[Union[str, "_models.OperationStatus"]] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Status of the backup operation. Known values are: \"InProgress\", \"Succeeded\", \"Canceled\", and \"Failed\".""" - status_details: Optional[str] = rest_field(name="statusDetails") + status_details: Optional[str] = rest_field( + name="statusDetails", visibility=["read", "create", "update", "delete", "query"] + ) """The status details of backup operation.""" - error: Optional["_models.FullBackupOperationError"] = rest_field() + error: Optional["_models.FullBackupOperationError"] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Error encountered, if any, during the full backup operation.""" - start_time: Optional[datetime.datetime] = rest_field(name="startTime", format="unix-timestamp") + start_time: Optional[datetime.datetime] = rest_field( + name="startTime", visibility=["read", "create", "update", "delete", "query"], format="unix-timestamp" + ) """The start time of the backup operation in UTC.""" - end_time: Optional[datetime.datetime] = rest_field(name="endTime", format="unix-timestamp") + end_time: Optional[datetime.datetime] = rest_field( + name="endTime", visibility=["read", "create", "update", "delete", "query"], format="unix-timestamp" + ) """The end time of the backup operation in UTC.""" - job_id: Optional[str] = rest_field(name="jobId") + job_id: Optional[str] = rest_field(name="jobId", visibility=["read", "create", "update", "delete", "query"]) """Identifier for the full backup operation.""" - azure_storage_blob_container_uri: Optional[str] = rest_field(name="azureStorageBlobContainerUri") + azure_storage_blob_container_uri: Optional[str] = rest_field( + name="azureStorageBlobContainerUri", visibility=["read", "create", "update", "delete", "query"] + ) """The Azure blob storage container Uri which contains the full backup.""" @overload @@ -81,14 +93,12 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: class FullBackupOperationError(_model_base.Model): """FullBackupOperationError. - Readonly variables are only populated by the server, and will be ignored when sending a request. - :ivar code: The error code. :vartype code: str :ivar message: The error message. :vartype message: str :ivar inner_error: The key vault server error. - :vartype inner_error: ~azure.keyvault.administration._generated.models.FullBackupOperationError + :vartype inner_error: ~azure.keyvault.administration.models.FullBackupOperationError """ code: Optional[str] = rest_field(visibility=["read"]) @@ -102,10 +112,8 @@ class FullBackupOperationError(_model_base.Model): class KeyVaultError(_model_base.Model): """The key vault error exception. - Readonly variables are only populated by the server, and will be ignored when sending a request. - :ivar error: The key vault server error. - :vartype error: ~azure.keyvault.administration._generated.models.FullBackupOperationError + :vartype error: ~azure.keyvault.administration.models.FullBackupOperationError """ error: Optional["_models.FullBackupOperationError"] = rest_field(visibility=["read"]) @@ -121,20 +129,26 @@ class Permission(_model_base.Model): other role definitions assigned to a principal. :vartype not_actions: list[str] :ivar data_actions: Data action permissions that are granted. - :vartype data_actions: list[str or ~azure.keyvault.administration._generated.models.DataAction] + :vartype data_actions: list[str or ~azure.keyvault.administration.models.DataAction] :ivar not_data_actions: Data action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal. - :vartype not_data_actions: list[str or ~azure.keyvault.administration._generated.models.DataAction] + :vartype not_data_actions: list[str or ~azure.keyvault.administration.models.DataAction] """ - actions: Optional[List[str]] = rest_field() + actions: Optional[List[str]] = rest_field(visibility=["read", "create", "update", "delete", "query"]) """Action permissions that are granted.""" - not_actions: Optional[List[str]] = rest_field(name="notActions") + not_actions: Optional[List[str]] = rest_field( + name="notActions", visibility=["read", "create", "update", "delete", "query"] + ) """Action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal.""" - data_actions: Optional[List[Union[str, "_models.DataAction"]]] = rest_field(name="dataActions") + data_actions: Optional[List[Union[str, "_models.DataAction"]]] = rest_field( + name="dataActions", visibility=["read", "create", "update", "delete", "query"] + ) """Data action permissions that are granted.""" - not_data_actions: Optional[List[Union[str, "_models.DataAction"]]] = rest_field(name="notDataActions") + not_data_actions: Optional[List[Union[str, "_models.DataAction"]]] = rest_field( + name="notDataActions", visibility=["read", "create", "update", "delete", "query"] + ) """Data action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal.""" @@ -172,11 +186,15 @@ class PreBackupOperationParameters(_model_base.Model): :vartype use_managed_identity: bool """ - storage_resource_uri: Optional[str] = rest_field(name="storageResourceUri") + storage_resource_uri: Optional[str] = rest_field( + name="storageResourceUri", visibility=["read", "create", "update", "delete", "query"] + ) """Azure Blob storage container Uri.""" - token: Optional[str] = rest_field() + token: Optional[str] = rest_field(visibility=["read", "create", "update", "delete", "query"]) """The SAS token pointing to an Azure Blob storage container.""" - use_managed_identity: Optional[bool] = rest_field(name="useManagedIdentity") + use_managed_identity: Optional[bool] = rest_field( + name="useManagedIdentity", visibility=["read", "create", "update", "delete", "query"] + ) """Indicates which authentication method should be used. If set to true, Managed HSM will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS token has to be specified.""" @@ -205,15 +223,19 @@ class PreRestoreOperationParameters(_model_base.Model): """The authentication method and location for the restore operation. :ivar sas_token_parameters: A user-provided SAS token to an Azure blob storage container. - :vartype sas_token_parameters: ~azure.keyvault.administration._generated.models.SASTokenParameter + :vartype sas_token_parameters: ~azure.keyvault.administration.models.SASTokenParameter :ivar folder_to_restore: The Folder name of the blob where the previous successful full backup was stored. :vartype folder_to_restore: str """ - sas_token_parameters: Optional["_models.SASTokenParameter"] = rest_field(name="sasTokenParameters") + sas_token_parameters: Optional["_models.SASTokenParameter"] = rest_field( + name="sasTokenParameters", visibility=["read", "create", "update", "delete", "query"] + ) """A user-provided SAS token to an Azure blob storage container.""" - folder_to_restore: Optional[str] = rest_field(name="folderToRestore") + folder_to_restore: Optional[str] = rest_field( + name="folderToRestore", visibility=["read", "create", "update", "delete", "query"] + ) """The Folder name of the blob where the previous successful full backup was stored.""" @overload @@ -240,11 +262,11 @@ class RestoreOperation(_model_base.Model): :ivar status: Status of the restore operation. Known values are: "InProgress", "Succeeded", "Canceled", and "Failed". - :vartype status: str or ~azure.keyvault.administration._generated.models.OperationStatus + :vartype status: str or ~azure.keyvault.administration.models.OperationStatus :ivar status_details: The status details of restore operation. :vartype status_details: str :ivar error: Error encountered, if any, during the restore operation. - :vartype error: ~azure.keyvault.administration._generated.models.FullBackupOperationError + :vartype error: ~azure.keyvault.administration.models.FullBackupOperationError :ivar job_id: Identifier for the restore operation. :vartype job_id: str :ivar start_time: The start time of the restore operation. @@ -253,18 +275,28 @@ class RestoreOperation(_model_base.Model): :vartype end_time: ~datetime.datetime """ - status: Optional[Union[str, "_models.OperationStatus"]] = rest_field() + status: Optional[Union[str, "_models.OperationStatus"]] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Status of the restore operation. Known values are: \"InProgress\", \"Succeeded\", \"Canceled\", and \"Failed\".""" - status_details: Optional[str] = rest_field(name="statusDetails") + status_details: Optional[str] = rest_field( + name="statusDetails", visibility=["read", "create", "update", "delete", "query"] + ) """The status details of restore operation.""" - error: Optional["_models.FullBackupOperationError"] = rest_field() + error: Optional["_models.FullBackupOperationError"] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Error encountered, if any, during the restore operation.""" - job_id: Optional[str] = rest_field(name="jobId") + job_id: Optional[str] = rest_field(name="jobId", visibility=["read", "create", "update", "delete", "query"]) """Identifier for the restore operation.""" - start_time: Optional[datetime.datetime] = rest_field(name="startTime", format="unix-timestamp") + start_time: Optional[datetime.datetime] = rest_field( + name="startTime", visibility=["read", "create", "update", "delete", "query"], format="unix-timestamp" + ) """The start time of the restore operation.""" - end_time: Optional[datetime.datetime] = rest_field(name="endTime", format="unix-timestamp") + end_time: Optional[datetime.datetime] = rest_field( + name="endTime", visibility=["read", "create", "update", "delete", "query"], format="unix-timestamp" + ) """The end time of the restore operation.""" @overload @@ -293,19 +325,21 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: class RestoreOperationParameters(_model_base.Model): """The authentication method and location for the restore operation. - All required parameters must be populated in order to send to server. - :ivar sas_token_parameters: A user-provided SAS token to an Azure blob storage container. Required. - :vartype sas_token_parameters: ~azure.keyvault.administration._generated.models.SASTokenParameter + :vartype sas_token_parameters: ~azure.keyvault.administration.models.SASTokenParameter :ivar folder_to_restore: The Folder name of the blob where the previous successful full backup was stored. Required. :vartype folder_to_restore: str """ - sas_token_parameters: "_models.SASTokenParameter" = rest_field(name="sasTokenParameters") + sas_token_parameters: "_models.SASTokenParameter" = rest_field( + name="sasTokenParameters", visibility=["read", "create", "update", "delete", "query"] + ) """A user-provided SAS token to an Azure blob storage container. Required.""" - folder_to_restore: str = rest_field(name="folderToRestore") + folder_to_restore: str = rest_field( + name="folderToRestore", visibility=["read", "create", "update", "delete", "query"] + ) """The Folder name of the blob where the previous successful full backup was stored. Required.""" @overload @@ -330,8 +364,6 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: class RoleAssignment(_model_base.Model): """Role Assignments. - Readonly variables are only populated by the server, and will be ignored when sending a request. - :ivar id: The role assignment ID. :vartype id: str :ivar name: The role assignment name. @@ -339,7 +371,7 @@ class RoleAssignment(_model_base.Model): :ivar type: The role assignment type. :vartype type: str :ivar properties: Role assignment properties. - :vartype properties: ~azure.keyvault.administration._generated.models.RoleAssignmentPropertiesWithScope + :vartype properties: ~azure.keyvault.administration.models.RoleAssignmentPropertiesWithScope """ id: Optional[str] = rest_field(visibility=["read"]) @@ -348,7 +380,9 @@ class RoleAssignment(_model_base.Model): """The role assignment name.""" type: Optional[str] = rest_field(visibility=["read"]) """The role assignment type.""" - properties: Optional["_models.RoleAssignmentPropertiesWithScope"] = rest_field() + properties: Optional["_models.RoleAssignmentPropertiesWithScope"] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Role assignment properties.""" @overload @@ -372,13 +406,13 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: class RoleAssignmentCreateParameters(_model_base.Model): """Role assignment create parameters. - All required parameters must be populated in order to send to server. - :ivar properties: Role assignment properties. Required. - :vartype properties: ~azure.keyvault.administration._generated.models.RoleAssignmentProperties + :vartype properties: ~azure.keyvault.administration.models.RoleAssignmentProperties """ - properties: "_models.RoleAssignmentProperties" = rest_field() + properties: "_models.RoleAssignmentProperties" = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Role assignment properties. Required.""" @overload @@ -402,8 +436,6 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: class RoleAssignmentProperties(_model_base.Model): """Role assignment properties. - All required parameters must be populated in order to send to server. - :ivar role_definition_id: The role definition ID used in the role assignment. Required. :vartype role_definition_id: str :ivar principal_id: The principal ID assigned to the role. This maps to the ID inside the @@ -411,9 +443,11 @@ class RoleAssignmentProperties(_model_base.Model): :vartype principal_id: str """ - role_definition_id: str = rest_field(name="roleDefinitionId") + role_definition_id: str = rest_field( + name="roleDefinitionId", visibility=["read", "create", "update", "delete", "query"] + ) """The role definition ID used in the role assignment. Required.""" - principal_id: str = rest_field(name="principalId") + principal_id: str = rest_field(name="principalId", visibility=["read", "create", "update", "delete", "query"]) """The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group. Required.""" @@ -440,18 +474,24 @@ class RoleAssignmentPropertiesWithScope(_model_base.Model): """Role assignment properties with scope. :ivar scope: The role scope. Known values are: "/" and "/keys". - :vartype scope: str or ~azure.keyvault.administration._generated.models.RoleScope + :vartype scope: str or ~azure.keyvault.administration.models.RoleScope :ivar role_definition_id: The role definition ID. :vartype role_definition_id: str :ivar principal_id: The principal ID. :vartype principal_id: str """ - scope: Optional[Union[str, "_models.RoleScope"]] = rest_field() + scope: Optional[Union[str, "_models.RoleScope"]] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """The role scope. Known values are: \"/\" and \"/keys\".""" - role_definition_id: Optional[str] = rest_field(name="roleDefinitionId") + role_definition_id: Optional[str] = rest_field( + name="roleDefinitionId", visibility=["read", "create", "update", "delete", "query"] + ) """The role definition ID.""" - principal_id: Optional[str] = rest_field(name="principalId") + principal_id: Optional[str] = rest_field( + name="principalId", visibility=["read", "create", "update", "delete", "query"] + ) """The principal ID.""" @overload @@ -477,16 +517,14 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: class RoleDefinition(_model_base.Model): """Role definition. - Readonly variables are only populated by the server, and will be ignored when sending a request. - :ivar id: The role definition ID. :vartype id: str :ivar name: The role definition name. :vartype name: str :ivar type: The role definition type. "Microsoft.Authorization/roleDefinitions" - :vartype type: str or ~azure.keyvault.administration._generated.models.RoleDefinitionType + :vartype type: str or ~azure.keyvault.administration.models.RoleDefinitionType :ivar properties: Role definition properties. - :vartype properties: ~azure.keyvault.administration._generated.models.RoleDefinitionProperties + :vartype properties: ~azure.keyvault.administration.models.RoleDefinitionProperties """ id: Optional[str] = rest_field(visibility=["read"]) @@ -495,7 +533,9 @@ class RoleDefinition(_model_base.Model): """The role definition name.""" type: Optional[Union[str, "_models.RoleDefinitionType"]] = rest_field(visibility=["read"]) """The role definition type. \"Microsoft.Authorization/roleDefinitions\"""" - properties: Optional["_models.RoleDefinitionProperties"] = rest_field() + properties: Optional["_models.RoleDefinitionProperties"] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Role definition properties.""" __flattened_items = ["role_name", "description", "role_type", "permissions", "assignable_scopes"] @@ -539,13 +579,13 @@ def __setattr__(self, key: str, value: Any) -> None: class RoleDefinitionCreateParameters(_model_base.Model): """Role definition create parameters. - All required parameters must be populated in order to send to server. - :ivar properties: Role definition properties. Required. - :vartype properties: ~azure.keyvault.administration._generated.models.RoleDefinitionProperties + :vartype properties: ~azure.keyvault.administration.models.RoleDefinitionProperties """ - properties: "_models.RoleDefinitionProperties" = rest_field() + properties: "_models.RoleDefinitionProperties" = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Role definition properties. Required.""" @overload @@ -574,22 +614,28 @@ class RoleDefinitionProperties(_model_base.Model): :ivar description: The role definition description. :vartype description: str :ivar role_type: The role type. Known values are: "AKVBuiltInRole" and "CustomRole". - :vartype role_type: str or ~azure.keyvault.administration._generated.models.RoleType + :vartype role_type: str or ~azure.keyvault.administration.models.RoleType :ivar permissions: Role definition permissions. - :vartype permissions: list[~azure.keyvault.administration._generated.models.Permission] + :vartype permissions: list[~azure.keyvault.administration.models.Permission] :ivar assignable_scopes: Role definition assignable scopes. - :vartype assignable_scopes: list[str or ~azure.keyvault.administration._generated.models.RoleScope] + :vartype assignable_scopes: list[str or ~azure.keyvault.administration.models.RoleScope] """ - role_name: Optional[str] = rest_field(name="roleName") + role_name: Optional[str] = rest_field(name="roleName", visibility=["read", "create", "update", "delete", "query"]) """The role name.""" - description: Optional[str] = rest_field() + description: Optional[str] = rest_field(visibility=["read", "create", "update", "delete", "query"]) """The role definition description.""" - role_type: Optional[Union[str, "_models.RoleType"]] = rest_field(name="type") + role_type: Optional[Union[str, "_models.RoleType"]] = rest_field( + name="type", visibility=["read", "create", "update", "delete", "query"] + ) """The role type. Known values are: \"AKVBuiltInRole\" and \"CustomRole\".""" - permissions: Optional[List["_models.Permission"]] = rest_field() + permissions: Optional[List["_models.Permission"]] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Role definition permissions.""" - assignable_scopes: Optional[List[Union[str, "_models.RoleScope"]]] = rest_field(name="assignableScopes") + assignable_scopes: Optional[List[Union[str, "_models.RoleScope"]]] = rest_field( + name="assignableScopes", visibility=["read", "create", "update", "delete", "query"] + ) """Role definition assignable scopes.""" @overload @@ -617,8 +663,6 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: class SASTokenParameter(_model_base.Model): """An authentication method and location for the operation. - All required parameters must be populated in order to send to server. - :ivar storage_resource_uri: Azure Blob storage container Uri. Required. :vartype storage_resource_uri: str :ivar token: The SAS token pointing to an Azure Blob storage container. @@ -629,11 +673,15 @@ class SASTokenParameter(_model_base.Model): :vartype use_managed_identity: bool """ - storage_resource_uri: str = rest_field(name="storageResourceUri") + storage_resource_uri: str = rest_field( + name="storageResourceUri", visibility=["read", "create", "update", "delete", "query"] + ) """Azure Blob storage container Uri. Required.""" - token: Optional[str] = rest_field() + token: Optional[str] = rest_field(visibility=["read", "create", "update", "delete", "query"]) """The SAS token pointing to an Azure Blob storage container.""" - use_managed_identity: Optional[bool] = rest_field(name="useManagedIdentity") + use_managed_identity: Optional[bool] = rest_field( + name="useManagedIdentity", visibility=["read", "create", "update", "delete", "query"] + ) """Indicates which authentication method should be used. If set to true, Managed HSM will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS token has to be specified.""" @@ -663,11 +711,11 @@ class SelectiveKeyRestoreOperation(_model_base.Model): :ivar status: Status of the restore operation. Known values are: "InProgress", "Succeeded", "Canceled", and "Failed". - :vartype status: str or ~azure.keyvault.administration._generated.models.OperationStatus + :vartype status: str or ~azure.keyvault.administration.models.OperationStatus :ivar status_details: The status details of restore operation. :vartype status_details: str :ivar error: Error encountered, if any, during the selective key restore operation. - :vartype error: ~azure.keyvault.administration._generated.models.FullBackupOperationError + :vartype error: ~azure.keyvault.administration.models.FullBackupOperationError :ivar job_id: Identifier for the selective key restore operation. :vartype job_id: str :ivar start_time: The start time of the restore operation. @@ -676,18 +724,28 @@ class SelectiveKeyRestoreOperation(_model_base.Model): :vartype end_time: ~datetime.datetime """ - status: Optional[Union[str, "_models.OperationStatus"]] = rest_field() + status: Optional[Union[str, "_models.OperationStatus"]] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Status of the restore operation. Known values are: \"InProgress\", \"Succeeded\", \"Canceled\", and \"Failed\".""" - status_details: Optional[str] = rest_field(name="statusDetails") + status_details: Optional[str] = rest_field( + name="statusDetails", visibility=["read", "create", "update", "delete", "query"] + ) """The status details of restore operation.""" - error: Optional["_models.FullBackupOperationError"] = rest_field() + error: Optional["_models.FullBackupOperationError"] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """Error encountered, if any, during the selective key restore operation.""" - job_id: Optional[str] = rest_field(name="jobId") + job_id: Optional[str] = rest_field(name="jobId", visibility=["read", "create", "update", "delete", "query"]) """Identifier for the selective key restore operation.""" - start_time: Optional[datetime.datetime] = rest_field(name="startTime", format="unix-timestamp") + start_time: Optional[datetime.datetime] = rest_field( + name="startTime", visibility=["read", "create", "update", "delete", "query"], format="unix-timestamp" + ) """The start time of the restore operation.""" - end_time: Optional[datetime.datetime] = rest_field(name="endTime", format="unix-timestamp") + end_time: Optional[datetime.datetime] = rest_field( + name="endTime", visibility=["read", "create", "update", "delete", "query"], format="unix-timestamp" + ) """The end time of the restore operation.""" @overload @@ -716,19 +774,19 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: class SelectiveKeyRestoreOperationParameters(_model_base.Model): """The authentication method and location for the selective key restore operation. - All required parameters must be populated in order to send to server. - :ivar sas_token_parameters: A user-provided SAS token to an Azure blob storage container. Required. - :vartype sas_token_parameters: ~azure.keyvault.administration._generated.models.SASTokenParameter + :vartype sas_token_parameters: ~azure.keyvault.administration.models.SASTokenParameter :ivar folder: The Folder name of the blob where the previous successful full backup was stored. Required. :vartype folder: str """ - sas_token_parameters: "_models.SASTokenParameter" = rest_field(name="sasTokenParameters") + sas_token_parameters: "_models.SASTokenParameter" = rest_field( + name="sasTokenParameters", visibility=["read", "create", "update", "delete", "query"] + ) """A user-provided SAS token to an Azure blob storage container. Required.""" - folder: str = rest_field() + folder: str = rest_field(visibility=["read", "create", "update", "delete", "query"]) """The Folder name of the blob where the previous successful full backup was stored. Required.""" @overload @@ -753,20 +811,21 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: class Setting(_model_base.Model): """A Key Vault account setting. - :ivar name: The account setting to be updated. Required. :vartype name: str :ivar value: The value of the pool setting. Required. :vartype value: str :ivar type: The type specifier of the value. "boolean" - :vartype type: str or ~azure.keyvault.administration._generated.models.SettingTypeEnum + :vartype type: str or ~azure.keyvault.administration.models.SettingTypeEnum """ - name: str = rest_field() + name: str = rest_field(visibility=["read", "create", "update", "delete", "query"]) """The account setting to be updated. Required.""" - value: str = rest_field() + value: str = rest_field(visibility=["read", "create", "update", "delete", "query"]) """The value of the pool setting. Required.""" - type: Optional[Union[str, "_models.SettingTypeEnum"]] = rest_field() + type: Optional[Union[str, "_models.SettingTypeEnum"]] = rest_field( + visibility=["read", "create", "update", "delete", "query"] + ) """The type specifier of the value. \"boolean\"""" @overload @@ -792,11 +851,9 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: class SettingsListResult(_model_base.Model): """The settings list result. - Readonly variables are only populated by the server, and will be ignored when sending a request. - :ivar settings: A response message containing a list of account settings with their associated value. - :vartype settings: list[~azure.keyvault.administration._generated.models.Setting] + :vartype settings: list[~azure.keyvault.administration.models.Setting] """ settings: Optional[List["_models.Setting"]] = rest_field(visibility=["read"]) @@ -806,13 +863,11 @@ class SettingsListResult(_model_base.Model): class UpdateSettingRequest(_model_base.Model): """The update settings request object. - All required parameters must be populated in order to send to server. - :ivar value: The value of the pool setting. Required. :vartype value: str """ - value: str = rest_field() + value: str = rest_field(visibility=["read", "create", "update", "delete", "query"]) """The value of the pool setting. Required.""" @overload diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/_patch.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/models/_patch.py similarity index 61% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/_patch.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/models/_patch.py index f7dd32510333..8bcb627aa475 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/aio/_patch.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/models/_patch.py @@ -1,7 +1,8 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------- """Customize generated code here. Follow our quickstart for examples: https://aka.ms/azsdk/python/dpcodegen/python/customize diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/operations/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/operations/__init__.py similarity index 100% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/operations/__init__.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/operations/__init__.py index ce1e6279e287..2318933b2c83 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/operations/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/operations/__init__.py @@ -12,8 +12,8 @@ if TYPE_CHECKING: from ._patch import * # pylint: disable=unused-wildcard-import -from ._operations import RoleAssignmentsOperations # type: ignore from ._operations import RoleDefinitionsOperations # type: ignore +from ._operations import RoleAssignmentsOperations # type: ignore from ._operations import KeyVaultClientOperationsMixin # type: ignore from ._patch import __all__ as _patch_all @@ -21,8 +21,8 @@ from ._patch import patch_sdk as _patch_sdk __all__ = [ - "RoleAssignmentsOperations", "RoleDefinitionsOperations", + "RoleAssignmentsOperations", "KeyVaultClientOperationsMixin", ] __all__.extend([p for p in _patch_all if p not in __all__]) # pyright: ignore diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/operations/_operations.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/operations/_operations.py similarity index 96% rename from sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/operations/_operations.py rename to sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/operations/_operations.py index d9b72944b79b..6ee9238fc4b4 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/operations/_operations.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/operations/_operations.py @@ -1,4 +1,4 @@ -# pylint: disable=too-many-lines +# pylint: disable=line-too-long,useless-suppression,too-many-lines # coding=utf-8 # -------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. @@ -50,7 +50,7 @@ _SERIALIZER.client_side_validation = False -def build_role_assignments_delete_request(scope: str, role_assignment_name: str, **kwargs: Any) -> HttpRequest: +def build_role_definitions_delete_request(scope: str, role_definition_name: str, **kwargs: Any) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) @@ -58,10 +58,10 @@ def build_role_assignments_delete_request(scope: str, role_assignment_name: str, accept = _headers.pop("Accept", "application/json") # Construct URL - _url = "/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}" + _url = "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}" path_format_arguments = { "scope": _SERIALIZER.url("scope", scope, "str", skip_quote=True), - "roleAssignmentName": _SERIALIZER.url("role_assignment_name", role_assignment_name, "str"), + "roleDefinitionName": _SERIALIZER.url("role_definition_name", role_definition_name, "str"), } _url: str = _url.format(**path_format_arguments) # type: ignore @@ -75,7 +75,9 @@ def build_role_assignments_delete_request(scope: str, role_assignment_name: str, return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) -def build_role_assignments_create_request(scope: str, role_assignment_name: str, **kwargs: Any) -> HttpRequest: +def build_role_definitions_create_or_update_request( # pylint: disable=name-too-long + scope: str, role_definition_name: str, **kwargs: Any +) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) @@ -84,10 +86,10 @@ def build_role_assignments_create_request(scope: str, role_assignment_name: str, accept = _headers.pop("Accept", "application/json") # Construct URL - _url = "/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}" + _url = "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}" path_format_arguments = { "scope": _SERIALIZER.url("scope", scope, "str", skip_quote=True), - "roleAssignmentName": _SERIALIZER.url("role_assignment_name", role_assignment_name, "str"), + "roleDefinitionName": _SERIALIZER.url("role_definition_name", role_definition_name, "str"), } _url: str = _url.format(**path_format_arguments) # type: ignore @@ -103,7 +105,7 @@ def build_role_assignments_create_request(scope: str, role_assignment_name: str, return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) -def build_role_assignments_get_request(scope: str, role_assignment_name: str, **kwargs: Any) -> HttpRequest: +def build_role_definitions_get_request(scope: str, role_definition_name: str, **kwargs: Any) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) @@ -111,10 +113,10 @@ def build_role_assignments_get_request(scope: str, role_assignment_name: str, ** accept = _headers.pop("Accept", "application/json") # Construct URL - _url = "/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}" + _url = "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}" path_format_arguments = { "scope": _SERIALIZER.url("scope", scope, "str", skip_quote=True), - "roleAssignmentName": _SERIALIZER.url("role_assignment_name", role_assignment_name, "str"), + "roleDefinitionName": _SERIALIZER.url("role_definition_name", role_definition_name, "str"), } _url: str = _url.format(**path_format_arguments) # type: ignore @@ -128,9 +130,7 @@ def build_role_assignments_get_request(scope: str, role_assignment_name: str, ** return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) -def build_role_assignments_list_for_scope_request( # pylint: disable=name-too-long - scope: str, *, filter: Optional[str] = None, **kwargs: Any -) -> HttpRequest: +def build_role_definitions_list_request(scope: str, *, filter: Optional[str] = None, **kwargs: Any) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) @@ -138,7 +138,7 @@ def build_role_assignments_list_for_scope_request( # pylint: disable=name-too-l accept = _headers.pop("Accept", "application/json") # Construct URL - _url = "/{scope}/providers/Microsoft.Authorization/roleAssignments" + _url = "/{scope}/providers/Microsoft.Authorization/roleDefinitions" path_format_arguments = { "scope": _SERIALIZER.url("scope", scope, "str", skip_quote=True), } @@ -156,7 +156,7 @@ def build_role_assignments_list_for_scope_request( # pylint: disable=name-too-l return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) -def build_role_definitions_delete_request(scope: str, role_definition_name: str, **kwargs: Any) -> HttpRequest: +def build_role_assignments_delete_request(scope: str, role_assignment_name: str, **kwargs: Any) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) @@ -164,10 +164,10 @@ def build_role_definitions_delete_request(scope: str, role_definition_name: str, accept = _headers.pop("Accept", "application/json") # Construct URL - _url = "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}" + _url = "/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}" path_format_arguments = { "scope": _SERIALIZER.url("scope", scope, "str", skip_quote=True), - "roleDefinitionName": _SERIALIZER.url("role_definition_name", role_definition_name, "str"), + "roleAssignmentName": _SERIALIZER.url("role_assignment_name", role_assignment_name, "str"), } _url: str = _url.format(**path_format_arguments) # type: ignore @@ -181,9 +181,7 @@ def build_role_definitions_delete_request(scope: str, role_definition_name: str, return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) -def build_role_definitions_create_or_update_request( # pylint: disable=name-too-long - scope: str, role_definition_name: str, **kwargs: Any -) -> HttpRequest: +def build_role_assignments_create_request(scope: str, role_assignment_name: str, **kwargs: Any) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) @@ -192,10 +190,10 @@ def build_role_definitions_create_or_update_request( # pylint: disable=name-too accept = _headers.pop("Accept", "application/json") # Construct URL - _url = "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}" + _url = "/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}" path_format_arguments = { "scope": _SERIALIZER.url("scope", scope, "str", skip_quote=True), - "roleDefinitionName": _SERIALIZER.url("role_definition_name", role_definition_name, "str"), + "roleAssignmentName": _SERIALIZER.url("role_assignment_name", role_assignment_name, "str"), } _url: str = _url.format(**path_format_arguments) # type: ignore @@ -211,7 +209,7 @@ def build_role_definitions_create_or_update_request( # pylint: disable=name-too return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) -def build_role_definitions_get_request(scope: str, role_definition_name: str, **kwargs: Any) -> HttpRequest: +def build_role_assignments_get_request(scope: str, role_assignment_name: str, **kwargs: Any) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) @@ -219,10 +217,10 @@ def build_role_definitions_get_request(scope: str, role_definition_name: str, ** accept = _headers.pop("Accept", "application/json") # Construct URL - _url = "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}" + _url = "/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}" path_format_arguments = { "scope": _SERIALIZER.url("scope", scope, "str", skip_quote=True), - "roleDefinitionName": _SERIALIZER.url("role_definition_name", role_definition_name, "str"), + "roleAssignmentName": _SERIALIZER.url("role_assignment_name", role_assignment_name, "str"), } _url: str = _url.format(**path_format_arguments) # type: ignore @@ -236,7 +234,9 @@ def build_role_definitions_get_request(scope: str, role_definition_name: str, ** return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) -def build_role_definitions_list_request(scope: str, *, filter: Optional[str] = None, **kwargs: Any) -> HttpRequest: +def build_role_assignments_list_for_scope_request( # pylint: disable=name-too-long + scope: str, *, filter: Optional[str] = None, **kwargs: Any +) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) @@ -244,7 +244,7 @@ def build_role_definitions_list_request(scope: str, *, filter: Optional[str] = N accept = _headers.pop("Accept", "application/json") # Construct URL - _url = "/{scope}/providers/Microsoft.Authorization/roleDefinitions" + _url = "/{scope}/providers/Microsoft.Authorization/roleAssignments" path_format_arguments = { "scope": _SERIALIZER.url("scope", scope, "str", skip_quote=True), } @@ -356,7 +356,7 @@ def build_key_vault_restore_status_request(job_id: str, **kwargs: Any) -> HttpRe return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) -def build_key_vault_pre_full_restore_operation_request(**kwargs: Any) -> HttpRequest: # pylint: disable=name-too-long +def build_key_vault_full_restore_operation_request(**kwargs: Any) -> HttpRequest: # pylint: disable=name-too-long _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) @@ -365,7 +365,7 @@ def build_key_vault_pre_full_restore_operation_request(**kwargs: Any) -> HttpReq accept = _headers.pop("Accept", "application/json") # Construct URL - _url = "/prerestore" + _url = "/restore" # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -378,7 +378,7 @@ def build_key_vault_pre_full_restore_operation_request(**kwargs: Any) -> HttpReq return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) -def build_key_vault_full_restore_operation_request(**kwargs: Any) -> HttpRequest: # pylint: disable=name-too-long +def build_key_vault_pre_full_restore_operation_request(**kwargs: Any) -> HttpRequest: # pylint: disable=name-too-long _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) @@ -387,7 +387,7 @@ def build_key_vault_full_restore_operation_request(**kwargs: Any) -> HttpRequest accept = _headers.pop("Accept", "application/json") # Construct URL - _url = "/restore" + _url = "/prerestore" # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -525,14 +525,14 @@ def build_key_vault_get_settings_request(**kwargs: Any) -> HttpRequest: return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) -class RoleAssignmentsOperations: +class RoleDefinitionsOperations: """ .. warning:: **DO NOT** instantiate this class directly. Instead, you should access the following operations through - :class:`~azure.keyvault.administration._generated.KeyVaultClient`'s - :attr:`role_assignments` attribute. + :class:`~azure.keyvault.administration.KeyVaultClient`'s + :attr:`role_definitions` attribute. """ def __init__(self, *args, **kwargs): @@ -543,15 +543,16 @@ def __init__(self, *args, **kwargs): self._deserialize: Deserializer = input_args.pop(0) if input_args else kwargs.pop("deserializer") @distributed_trace - def delete(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.RoleAssignment: - """Deletes a role assignment. + def delete(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.RoleDefinition: + """Deletes a custom role definition. - :param scope: The scope of the role assignment to delete. Required. + :param scope: The scope of the role definition to delete. Managed HSM only supports '/'. + Required. :type scope: str - :param role_assignment_name: The name of the role assignment to delete. Required. - :type role_assignment_name: str - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :param role_definition_name: The name (GUID) of the role definition to delete. Required. + :type role_definition_name: str + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -565,11 +566,11 @@ def delete(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _model _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) - _request = build_role_assignments_delete_request( + _request = build_role_definitions_delete_request( scope=scope, - role_assignment_name=role_assignment_name, + role_definition_name=role_definition_name, api_version=self._config.api_version, headers=_headers, params=_params, @@ -601,7 +602,7 @@ def delete(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _model if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleAssignment, response.json()) + deserialized = _deserialize(_models.RoleDefinition, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -609,107 +610,111 @@ def delete(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _model return deserialized # type: ignore @overload - def create( + def create_or_update( self, scope: str, - role_assignment_name: str, - parameters: _models.RoleAssignmentCreateParameters, + role_definition_name: str, + parameters: _models.RoleDefinitionCreateParameters, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleAssignment: - """Creates a role assignment. + ) -> _models.RoleDefinition: + """Creates or updates a custom role definition. - :param scope: The scope of the role assignment to create. Required. + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. Required. :type scope: str - :param role_assignment_name: The name of the role assignment to create. It can be any valid - GUID. Required. - :type role_assignment_name: str - :param parameters: Parameters for the role assignment. Required. - :type parameters: ~azure.keyvault.administration._generated.models.RoleAssignmentCreateParameters + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. Required. + :type role_definition_name: str + :param parameters: Parameters for the role definition. Required. + :type parameters: ~azure.keyvault.administration.models.RoleDefinitionCreateParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ @overload - def create( + def create_or_update( self, scope: str, - role_assignment_name: str, + role_definition_name: str, parameters: JSON, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleAssignment: - """Creates a role assignment. + ) -> _models.RoleDefinition: + """Creates or updates a custom role definition. - :param scope: The scope of the role assignment to create. Required. + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. Required. :type scope: str - :param role_assignment_name: The name of the role assignment to create. It can be any valid - GUID. Required. - :type role_assignment_name: str - :param parameters: Parameters for the role assignment. Required. + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. Required. + :type role_definition_name: str + :param parameters: Parameters for the role definition. Required. :type parameters: JSON :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ @overload - def create( + def create_or_update( self, scope: str, - role_assignment_name: str, + role_definition_name: str, parameters: IO[bytes], *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleAssignment: - """Creates a role assignment. + ) -> _models.RoleDefinition: + """Creates or updates a custom role definition. - :param scope: The scope of the role assignment to create. Required. + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. Required. :type scope: str - :param role_assignment_name: The name of the role assignment to create. It can be any valid - GUID. Required. - :type role_assignment_name: str - :param parameters: Parameters for the role assignment. Required. + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. Required. + :type role_definition_name: str + :param parameters: Parameters for the role definition. Required. :type parameters: IO[bytes] :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace - def create( + def create_or_update( self, scope: str, - role_assignment_name: str, - parameters: Union[_models.RoleAssignmentCreateParameters, JSON, IO[bytes]], + role_definition_name: str, + parameters: Union[_models.RoleDefinitionCreateParameters, JSON, IO[bytes]], **kwargs: Any - ) -> _models.RoleAssignment: - """Creates a role assignment. + ) -> _models.RoleDefinition: + """Creates or updates a custom role definition. - :param scope: The scope of the role assignment to create. Required. + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. Required. :type scope: str - :param role_assignment_name: The name of the role assignment to create. It can be any valid - GUID. Required. - :type role_assignment_name: str - :param parameters: Parameters for the role assignment. Is one of the following types: - RoleAssignmentCreateParameters, JSON, IO[bytes] Required. - :type parameters: ~azure.keyvault.administration._generated.models.RoleAssignmentCreateParameters or JSON + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. Required. + :type role_definition_name: str + :param parameters: Parameters for the role definition. Is one of the following types: + RoleDefinitionCreateParameters, JSON, IO[bytes] Required. + :type parameters: ~azure.keyvault.administration.models.RoleDefinitionCreateParameters or JSON or IO[bytes] - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -724,7 +729,7 @@ def create( _params = kwargs.pop("params", {}) or {} content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) content_type = content_type or "application/json" _content = None @@ -733,9 +738,9 @@ def create( else: _content = json.dumps(parameters, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore - _request = build_role_assignments_create_request( + _request = build_role_definitions_create_or_update_request( scope=scope, - role_assignment_name=role_assignment_name, + role_definition_name=role_definition_name, content_type=content_type, api_version=self._config.api_version, content=_content, @@ -769,7 +774,7 @@ def create( if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleAssignment, response.json()) + deserialized = _deserialize(_models.RoleDefinition, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -777,15 +782,15 @@ def create( return deserialized # type: ignore @distributed_trace - def get(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.RoleAssignment: - """Get the specified role assignment. + def get(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.RoleDefinition: + """Get the specified role definition. - :param scope: The scope of the role assignment. Required. + :param scope: The scope of the role definition to get. Managed HSM only supports '/'. Required. :type scope: str - :param role_assignment_name: The name of the role assignment to get. Required. - :type role_assignment_name: str - :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleAssignment + :param role_definition_name: The name of the role definition to get. Required. + :type role_definition_name: str + :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleDefinition :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -799,11 +804,11 @@ def get(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.R _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) - _request = build_role_assignments_get_request( + _request = build_role_definitions_get_request( scope=scope, - role_assignment_name=role_assignment_name, + role_definition_name=role_definition_name, api_version=self._config.api_version, headers=_headers, params=_params, @@ -835,7 +840,7 @@ def get(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.R if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleAssignment, response.json()) + deserialized = _deserialize(_models.RoleDefinition, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -843,25 +848,22 @@ def get(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.R return deserialized # type: ignore @distributed_trace - def list_for_scope( - self, scope: str, *, filter: Optional[str] = None, **kwargs: Any - ) -> Iterable["_models.RoleAssignment"]: - """Gets role assignments for a scope. + def list(self, scope: str, *, filter: Optional[str] = None, **kwargs: Any) -> Iterable["_models.RoleDefinition"]: + """Get all role definitions that are applicable at scope and above. - :param scope: The scope of the role assignments. Required. + :param scope: The scope of the role definition. Required. :type scope: str - :keyword filter: The filter to apply on the operation. Use $filter=atScope() to return all role - assignments at or above the scope. Use $filter=principalId eq {id} to return all role - assignments at, above or below the scope for the specified principal. Default value is None. + :keyword filter: The filter to apply on the operation. Use atScopeAndBelow filter to search + below the given scope as well. Default value is None. :paramtype filter: str - :return: An iterator like instance of RoleAssignment - :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration._generated.models.RoleAssignment] + :return: An iterator like instance of RoleDefinition + :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.models.RoleDefinition] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[List[_models.RoleAssignment]] = kwargs.pop("cls", None) + cls: ClsType[List[_models.RoleDefinition]] = kwargs.pop("cls", None) error_map: MutableMapping = { 401: ClientAuthenticationError, @@ -874,7 +876,7 @@ def list_for_scope( def prepare_request(next_link=None): if not next_link: - _request = build_role_assignments_list_for_scope_request( + _request = build_role_definitions_list_request( scope=scope, filter=filter, api_version=self._config.api_version, @@ -912,7 +914,7 @@ def prepare_request(next_link=None): def extract_data(pipeline_response): deserialized = pipeline_response.http_response.json() - list_of_elem = _deserialize(List[_models.RoleAssignment], deserialized["value"]) + list_of_elem = _deserialize(List[_models.RoleDefinition], deserialized.get("value", [])) if cls: list_of_elem = cls(list_of_elem) # type: ignore return deserialized.get("nextLink") or None, iter(list_of_elem) @@ -936,14 +938,14 @@ def get_next(next_link=None): return ItemPaged(get_next, extract_data) -class RoleDefinitionsOperations: +class RoleAssignmentsOperations: """ .. warning:: **DO NOT** instantiate this class directly. Instead, you should access the following operations through - :class:`~azure.keyvault.administration._generated.KeyVaultClient`'s - :attr:`role_definitions` attribute. + :class:`~azure.keyvault.administration.KeyVaultClient`'s + :attr:`role_assignments` attribute. """ def __init__(self, *args, **kwargs): @@ -954,16 +956,15 @@ def __init__(self, *args, **kwargs): self._deserialize: Deserializer = input_args.pop(0) if input_args else kwargs.pop("deserializer") @distributed_trace - def delete(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.RoleDefinition: - """Deletes a custom role definition. + def delete(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.RoleAssignment: + """Deletes a role assignment. - :param scope: The scope of the role definition to delete. Managed HSM only supports '/'. - Required. + :param scope: The scope of the role assignment to delete. Required. :type scope: str - :param role_definition_name: The name (GUID) of the role definition to delete. Required. - :type role_definition_name: str - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :param role_assignment_name: The name of the role assignment to delete. Required. + :type role_assignment_name: str + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -977,11 +978,11 @@ def delete(self, scope: str, role_definition_name: str, **kwargs: Any) -> _model _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) - _request = build_role_definitions_delete_request( + _request = build_role_assignments_delete_request( scope=scope, - role_definition_name=role_definition_name, + role_assignment_name=role_assignment_name, api_version=self._config.api_version, headers=_headers, params=_params, @@ -1013,7 +1014,7 @@ def delete(self, scope: str, role_definition_name: str, **kwargs: Any) -> _model if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleDefinition, response.json()) + deserialized = _deserialize(_models.RoleAssignment, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -1021,111 +1022,107 @@ def delete(self, scope: str, role_definition_name: str, **kwargs: Any) -> _model return deserialized # type: ignore @overload - def create_or_update( + def create( self, scope: str, - role_definition_name: str, - parameters: _models.RoleDefinitionCreateParameters, + role_assignment_name: str, + parameters: _models.RoleAssignmentCreateParameters, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleDefinition: - """Creates or updates a custom role definition. + ) -> _models.RoleAssignment: + """Creates a role assignment. - :param scope: The scope of the role definition to create or update. Managed HSM only supports - '/'. Required. + :param scope: The scope of the role assignment to create. Required. :type scope: str - :param role_definition_name: The name of the role definition to create or update. It can be any - valid GUID. Required. - :type role_definition_name: str - :param parameters: Parameters for the role definition. Required. - :type parameters: ~azure.keyvault.administration._generated.models.RoleDefinitionCreateParameters + :param role_assignment_name: The name of the role assignment to create. It can be any valid + GUID. Required. + :type role_assignment_name: str + :param parameters: Parameters for the role assignment. Required. + :type parameters: ~azure.keyvault.administration.models.RoleAssignmentCreateParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ @overload - def create_or_update( + def create( self, scope: str, - role_definition_name: str, + role_assignment_name: str, parameters: JSON, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleDefinition: - """Creates or updates a custom role definition. + ) -> _models.RoleAssignment: + """Creates a role assignment. - :param scope: The scope of the role definition to create or update. Managed HSM only supports - '/'. Required. + :param scope: The scope of the role assignment to create. Required. :type scope: str - :param role_definition_name: The name of the role definition to create or update. It can be any - valid GUID. Required. - :type role_definition_name: str - :param parameters: Parameters for the role definition. Required. + :param role_assignment_name: The name of the role assignment to create. It can be any valid + GUID. Required. + :type role_assignment_name: str + :param parameters: Parameters for the role assignment. Required. :type parameters: JSON :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ @overload - def create_or_update( + def create( self, scope: str, - role_definition_name: str, + role_assignment_name: str, parameters: IO[bytes], *, content_type: str = "application/json", **kwargs: Any - ) -> _models.RoleDefinition: - """Creates or updates a custom role definition. + ) -> _models.RoleAssignment: + """Creates a role assignment. - :param scope: The scope of the role definition to create or update. Managed HSM only supports - '/'. Required. + :param scope: The scope of the role assignment to create. Required. :type scope: str - :param role_definition_name: The name of the role definition to create or update. It can be any - valid GUID. Required. - :type role_definition_name: str - :param parameters: Parameters for the role definition. Required. + :param role_assignment_name: The name of the role assignment to create. It can be any valid + GUID. Required. + :type role_assignment_name: str + :param parameters: Parameters for the role assignment. Required. :type parameters: IO[bytes] :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace - def create_or_update( + def create( self, scope: str, - role_definition_name: str, - parameters: Union[_models.RoleDefinitionCreateParameters, JSON, IO[bytes]], + role_assignment_name: str, + parameters: Union[_models.RoleAssignmentCreateParameters, JSON, IO[bytes]], **kwargs: Any - ) -> _models.RoleDefinition: - """Creates or updates a custom role definition. + ) -> _models.RoleAssignment: + """Creates a role assignment. - :param scope: The scope of the role definition to create or update. Managed HSM only supports - '/'. Required. + :param scope: The scope of the role assignment to create. Required. :type scope: str - :param role_definition_name: The name of the role definition to create or update. It can be any - valid GUID. Required. - :type role_definition_name: str - :param parameters: Parameters for the role definition. Is one of the following types: - RoleDefinitionCreateParameters, JSON, IO[bytes] Required. - :type parameters: ~azure.keyvault.administration._generated.models.RoleDefinitionCreateParameters or JSON + :param role_assignment_name: The name of the role assignment to create. It can be any valid + GUID. Required. + :type role_assignment_name: str + :param parameters: Parameters for the role assignment. Is one of the following types: + RoleAssignmentCreateParameters, JSON, IO[bytes] Required. + :type parameters: ~azure.keyvault.administration.models.RoleAssignmentCreateParameters or JSON or IO[bytes] - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -1140,7 +1137,7 @@ def create_or_update( _params = kwargs.pop("params", {}) or {} content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) content_type = content_type or "application/json" _content = None @@ -1149,9 +1146,9 @@ def create_or_update( else: _content = json.dumps(parameters, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore - _request = build_role_definitions_create_or_update_request( + _request = build_role_assignments_create_request( scope=scope, - role_definition_name=role_definition_name, + role_assignment_name=role_assignment_name, content_type=content_type, api_version=self._config.api_version, content=_content, @@ -1185,7 +1182,7 @@ def create_or_update( if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleDefinition, response.json()) + deserialized = _deserialize(_models.RoleAssignment, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -1193,15 +1190,15 @@ def create_or_update( return deserialized # type: ignore @distributed_trace - def get(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.RoleDefinition: - """Get the specified role definition. + def get(self, scope: str, role_assignment_name: str, **kwargs: Any) -> _models.RoleAssignment: + """Get the specified role assignment. - :param scope: The scope of the role definition to get. Managed HSM only supports '/'. Required. + :param scope: The scope of the role assignment. Required. :type scope: str - :param role_definition_name: The name of the role definition to get. Required. - :type role_definition_name: str - :return: RoleDefinition. The RoleDefinition is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RoleDefinition + :param role_assignment_name: The name of the role assignment to get. Required. + :type role_assignment_name: str + :return: RoleAssignment. The RoleAssignment is compatible with MutableMapping + :rtype: ~azure.keyvault.administration.models.RoleAssignment :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -1215,11 +1212,11 @@ def get(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.R _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[_models.RoleDefinition] = kwargs.pop("cls", None) + cls: ClsType[_models.RoleAssignment] = kwargs.pop("cls", None) - _request = build_role_definitions_get_request( + _request = build_role_assignments_get_request( scope=scope, - role_definition_name=role_definition_name, + role_assignment_name=role_assignment_name, api_version=self._config.api_version, headers=_headers, params=_params, @@ -1251,7 +1248,7 @@ def get(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.R if _stream: deserialized = response.iter_bytes() else: - deserialized = _deserialize(_models.RoleDefinition, response.json()) + deserialized = _deserialize(_models.RoleAssignment, response.json()) if cls: return cls(pipeline_response, deserialized, {}) # type: ignore @@ -1259,22 +1256,25 @@ def get(self, scope: str, role_definition_name: str, **kwargs: Any) -> _models.R return deserialized # type: ignore @distributed_trace - def list(self, scope: str, *, filter: Optional[str] = None, **kwargs: Any) -> Iterable["_models.RoleDefinition"]: - """Get all role definitions that are applicable at scope and above. + def list_for_scope( + self, scope: str, *, filter: Optional[str] = None, **kwargs: Any + ) -> Iterable["_models.RoleAssignment"]: + """Gets role assignments for a scope. - :param scope: The scope of the role definition. Required. + :param scope: The scope of the role assignments. Required. :type scope: str - :keyword filter: The filter to apply on the operation. Use atScopeAndBelow filter to search - below the given scope as well. Default value is None. + :keyword filter: The filter to apply on the operation. Use $filter=atScope() to return all role + assignments at or above the scope. Use $filter=principalId eq {id} to return all role + assignments at, above or below the scope for the specified principal. Default value is None. :paramtype filter: str - :return: An iterator like instance of RoleDefinition - :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration._generated.models.RoleDefinition] + :return: An iterator like instance of RoleAssignment + :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.models.RoleAssignment] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = kwargs.pop("params", {}) or {} - cls: ClsType[List[_models.RoleDefinition]] = kwargs.pop("cls", None) + cls: ClsType[List[_models.RoleAssignment]] = kwargs.pop("cls", None) error_map: MutableMapping = { 401: ClientAuthenticationError, @@ -1287,7 +1287,7 @@ def list(self, scope: str, *, filter: Optional[str] = None, **kwargs: Any) -> It def prepare_request(next_link=None): if not next_link: - _request = build_role_definitions_list_request( + _request = build_role_assignments_list_for_scope_request( scope=scope, filter=filter, api_version=self._config.api_version, @@ -1325,7 +1325,7 @@ def prepare_request(next_link=None): def extract_data(pipeline_response): deserialized = pipeline_response.http_response.json() - list_of_elem = _deserialize(List[_models.RoleDefinition], deserialized["value"]) + list_of_elem = _deserialize(List[_models.RoleAssignment], deserialized.get("value", [])) if cls: list_of_elem = cls(list_of_elem) # type: ignore return deserialized.get("nextLink") or None, iter(list_of_elem) @@ -1358,7 +1358,7 @@ def full_backup_status(self, job_id: str, **kwargs: Any) -> _models.FullBackupOp :param job_id: The id returned as part of the backup request. Required. :type job_id: str :return: FullBackupOperation. The FullBackupOperation is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.FullBackupOperation + :rtype: ~azure.keyvault.administration.models.FullBackupOperation :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -1494,14 +1494,14 @@ def begin_full_backup( :param azure_storage_blob_container_uri: Azure blob shared access signature token pointing to a valid Azure blob container where full backup needs to be stored. This token needs to be valid for at least next 24 hours from the time of making this call. Required. - :type azure_storage_blob_container_uri: ~azure.keyvault.administration._generated.models.SASTokenParameter + :type azure_storage_blob_container_uri: ~azure.keyvault.administration.models.SASTokenParameter :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of LROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1521,7 +1521,7 @@ def begin_full_backup( :return: An instance of LROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1541,7 +1541,7 @@ def begin_full_backup( :return: An instance of LROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1555,12 +1555,12 @@ def begin_full_backup( valid Azure blob container where full backup needs to be stored. This token needs to be valid for at least next 24 hours from the time of making this call. Is one of the following types: SASTokenParameter, JSON, IO[bytes] Required. - :type azure_storage_blob_container_uri: ~azure.keyvault.administration._generated.models.SASTokenParameter + :type azure_storage_blob_container_uri: ~azure.keyvault.administration.models.SASTokenParameter or JSON or IO[bytes] :return: An instance of LROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) @@ -1707,14 +1707,14 @@ def begin_pre_full_backup( :param pre_backup_operation_parameters: Optional parameters to validate prior to performing a full backup operation. Required. :type pre_backup_operation_parameters: - ~azure.keyvault.administration._generated.models.PreBackupOperationParameters + ~azure.keyvault.administration.models.PreBackupOperationParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of LROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1733,7 +1733,7 @@ def begin_pre_full_backup( :return: An instance of LROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1752,7 +1752,7 @@ def begin_pre_full_backup( :return: An instance of LROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -1772,11 +1772,11 @@ def begin_pre_full_backup( full backup operation. Is one of the following types: PreBackupOperationParameters, JSON, IO[bytes] Required. :type pre_backup_operation_parameters: - ~azure.keyvault.administration._generated.models.PreBackupOperationParameters or JSON or IO[bytes] + ~azure.keyvault.administration.models.PreBackupOperationParameters or JSON or IO[bytes] :return: An instance of LROPoller that returns FullBackupOperation. The FullBackupOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.FullBackupOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.FullBackupOperation] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) @@ -1844,7 +1844,7 @@ def restore_status(self, job_id: str, **kwargs: Any) -> _models.RestoreOperation :param job_id: The Job Id returned part of the restore operation. Required. :type job_id: str :return: RestoreOperation. The RestoreOperation is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.RestoreOperation + :rtype: ~azure.keyvault.administration.models.RestoreOperation :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -1900,14 +1900,8 @@ def restore_status(self, job_id: str, **kwargs: Any) -> _models.RestoreOperation return deserialized # type: ignore - @api_version_validation( - method_added_on="7.6-preview.2", - params_added_on={"7.6-preview.2": ["api_version", "content_type", "accept"]}, - ) - def _pre_full_restore_operation_initial( - self, - pre_restore_operation_parameters: Union[_models.PreRestoreOperationParameters, JSON, IO[bytes]], - **kwargs: Any + def _full_restore_operation_initial( + self, restore_blob_details: Union[_models.RestoreOperationParameters, JSON, IO[bytes]], **kwargs: Any ) -> Iterator[bytes]: error_map: MutableMapping = { 401: ClientAuthenticationError, @@ -1925,12 +1919,12 @@ def _pre_full_restore_operation_initial( content_type = content_type or "application/json" _content = None - if isinstance(pre_restore_operation_parameters, (IOBase, bytes)): - _content = pre_restore_operation_parameters + if isinstance(restore_blob_details, (IOBase, bytes)): + _content = restore_blob_details else: - _content = json.dumps(pre_restore_operation_parameters, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore + _content = json.dumps(restore_blob_details, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore - _request = build_key_vault_pre_full_restore_operation_request( + _request = build_key_vault_full_restore_operation_request( content_type=content_type, api_version=self._config.api_version, content=_content, @@ -1974,84 +1968,81 @@ def _pre_full_restore_operation_initial( return deserialized # type: ignore @overload - def begin_pre_full_restore_operation( + def begin_full_restore_operation( self, - pre_restore_operation_parameters: _models.PreRestoreOperationParameters, + restore_blob_details: _models.RestoreOperationParameters, *, content_type: str = "application/json", **kwargs: Any ) -> LROPoller[_models.RestoreOperation]: - """Pre-restore operation for checking whether the customer can perform a full restore operation. + """Restores all key materials using the SAS token pointing to a previously stored Azure Blob + storage backup folder. - :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to - performing a full restore operation. Required. - :type pre_restore_operation_parameters: - ~azure.keyvault.administration._generated.models.PreRestoreOperationParameters + :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous + successful full backup was stored. Required. + :type restore_blob_details: ~azure.keyvault.administration.models.RestoreOperationParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of LROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @overload - def begin_pre_full_restore_operation( - self, pre_restore_operation_parameters: JSON, *, content_type: str = "application/json", **kwargs: Any + def begin_full_restore_operation( + self, restore_blob_details: JSON, *, content_type: str = "application/json", **kwargs: Any ) -> LROPoller[_models.RestoreOperation]: - """Pre-restore operation for checking whether the customer can perform a full restore operation. + """Restores all key materials using the SAS token pointing to a previously stored Azure Blob + storage backup folder. - :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to - performing a full restore operation. Required. - :type pre_restore_operation_parameters: JSON + :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous + successful full backup was stored. Required. + :type restore_blob_details: JSON :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of LROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @overload - def begin_pre_full_restore_operation( - self, pre_restore_operation_parameters: IO[bytes], *, content_type: str = "application/json", **kwargs: Any + def begin_full_restore_operation( + self, restore_blob_details: IO[bytes], *, content_type: str = "application/json", **kwargs: Any ) -> LROPoller[_models.RestoreOperation]: - """Pre-restore operation for checking whether the customer can perform a full restore operation. + """Restores all key materials using the SAS token pointing to a previously stored Azure Blob + storage backup folder. - :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to - performing a full restore operation. Required. - :type pre_restore_operation_parameters: IO[bytes] + :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous + successful full backup was stored. Required. + :type restore_blob_details: IO[bytes] :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str :return: An instance of LROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace - @api_version_validation( - method_added_on="7.6-preview.2", - params_added_on={"7.6-preview.2": ["api_version", "content_type", "accept"]}, - ) - def begin_pre_full_restore_operation( - self, - pre_restore_operation_parameters: Union[_models.PreRestoreOperationParameters, JSON, IO[bytes]], - **kwargs: Any + def begin_full_restore_operation( + self, restore_blob_details: Union[_models.RestoreOperationParameters, JSON, IO[bytes]], **kwargs: Any ) -> LROPoller[_models.RestoreOperation]: - """Pre-restore operation for checking whether the customer can perform a full restore operation. + """Restores all key materials using the SAS token pointing to a previously stored Azure Blob + storage backup folder. - :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to - performing a full restore operation. Is one of the following types: - PreRestoreOperationParameters, JSON, IO[bytes] Required. - :type pre_restore_operation_parameters: - ~azure.keyvault.administration._generated.models.PreRestoreOperationParameters or JSON or IO[bytes] + :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous + successful full backup was stored. Is one of the following types: RestoreOperationParameters, + JSON, IO[bytes] Required. + :type restore_blob_details: ~azure.keyvault.administration.models.RestoreOperationParameters or + JSON or IO[bytes] :return: An instance of LROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) @@ -2063,8 +2054,8 @@ def begin_pre_full_restore_operation( lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) cont_token: Optional[str] = kwargs.pop("continuation_token", None) if cont_token is None: - raw_result = self._pre_full_restore_operation_initial( - pre_restore_operation_parameters=pre_restore_operation_parameters, + raw_result = self._full_restore_operation_initial( + restore_blob_details=restore_blob_details, content_type=content_type, cls=lambda x, y, z: x, headers=_headers, @@ -2112,8 +2103,14 @@ def get_long_running_output(pipeline_response): self._client, raw_result, get_long_running_output, polling_method # type: ignore ) - def _full_restore_operation_initial( - self, restore_blob_details: Union[_models.RestoreOperationParameters, JSON, IO[bytes]], **kwargs: Any + @api_version_validation( + method_added_on="7.6-preview.2", + params_added_on={"7.6-preview.2": ["api_version", "content_type", "accept"]}, + ) + def _pre_full_restore_operation_initial( + self, + pre_restore_operation_parameters: Union[_models.PreRestoreOperationParameters, JSON, IO[bytes]], + **kwargs: Any ) -> Iterator[bytes]: error_map: MutableMapping = { 401: ClientAuthenticationError, @@ -2131,12 +2128,12 @@ def _full_restore_operation_initial( content_type = content_type or "application/json" _content = None - if isinstance(restore_blob_details, (IOBase, bytes)): - _content = restore_blob_details + if isinstance(pre_restore_operation_parameters, (IOBase, bytes)): + _content = pre_restore_operation_parameters else: - _content = json.dumps(restore_blob_details, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore + _content = json.dumps(pre_restore_operation_parameters, cls=SdkJSONEncoder, exclude_readonly=True) # type: ignore - _request = build_key_vault_full_restore_operation_request( + _request = build_key_vault_pre_full_restore_operation_request( content_type=content_type, api_version=self._config.api_version, content=_content, @@ -2180,81 +2177,84 @@ def _full_restore_operation_initial( return deserialized # type: ignore @overload - def begin_full_restore_operation( + def begin_pre_full_restore_operation( self, - restore_blob_details: _models.RestoreOperationParameters, + pre_restore_operation_parameters: _models.PreRestoreOperationParameters, *, content_type: str = "application/json", **kwargs: Any ) -> LROPoller[_models.RestoreOperation]: - """Restores all key materials using the SAS token pointing to a previously stored Azure Blob - storage backup folder. + """Pre-restore operation for checking whether the customer can perform a full restore operation. - :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous - successful full backup was stored. Required. - :type restore_blob_details: ~azure.keyvault.administration._generated.models.RestoreOperationParameters + :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to + performing a full restore operation. Required. + :type pre_restore_operation_parameters: + ~azure.keyvault.administration.models.PreRestoreOperationParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of LROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @overload - def begin_full_restore_operation( - self, restore_blob_details: JSON, *, content_type: str = "application/json", **kwargs: Any + def begin_pre_full_restore_operation( + self, pre_restore_operation_parameters: JSON, *, content_type: str = "application/json", **kwargs: Any ) -> LROPoller[_models.RestoreOperation]: - """Restores all key materials using the SAS token pointing to a previously stored Azure Blob - storage backup folder. + """Pre-restore operation for checking whether the customer can perform a full restore operation. - :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous - successful full backup was stored. Required. - :type restore_blob_details: JSON + :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to + performing a full restore operation. Required. + :type pre_restore_operation_parameters: JSON :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of LROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @overload - def begin_full_restore_operation( - self, restore_blob_details: IO[bytes], *, content_type: str = "application/json", **kwargs: Any + def begin_pre_full_restore_operation( + self, pre_restore_operation_parameters: IO[bytes], *, content_type: str = "application/json", **kwargs: Any ) -> LROPoller[_models.RestoreOperation]: - """Restores all key materials using the SAS token pointing to a previously stored Azure Blob - storage backup folder. + """Pre-restore operation for checking whether the customer can perform a full restore operation. - :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous - successful full backup was stored. Required. - :type restore_blob_details: IO[bytes] + :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to + performing a full restore operation. Required. + :type pre_restore_operation_parameters: IO[bytes] :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str :return: An instance of LROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace - def begin_full_restore_operation( - self, restore_blob_details: Union[_models.RestoreOperationParameters, JSON, IO[bytes]], **kwargs: Any + @api_version_validation( + method_added_on="7.6-preview.2", + params_added_on={"7.6-preview.2": ["api_version", "content_type", "accept"]}, + ) + def begin_pre_full_restore_operation( + self, + pre_restore_operation_parameters: Union[_models.PreRestoreOperationParameters, JSON, IO[bytes]], + **kwargs: Any ) -> LROPoller[_models.RestoreOperation]: - """Restores all key materials using the SAS token pointing to a previously stored Azure Blob - storage backup folder. + """Pre-restore operation for checking whether the customer can perform a full restore operation. - :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous - successful full backup was stored. Is one of the following types: RestoreOperationParameters, - JSON, IO[bytes] Required. - :type restore_blob_details: ~azure.keyvault.administration._generated.models.RestoreOperationParameters or - JSON or IO[bytes] + :param pre_restore_operation_parameters: Optional pre restore parameters to validate prior to + performing a full restore operation. Is one of the following types: + PreRestoreOperationParameters, JSON, IO[bytes] Required. + :type pre_restore_operation_parameters: + ~azure.keyvault.administration.models.PreRestoreOperationParameters or JSON or IO[bytes] :return: An instance of LROPoller that returns RestoreOperation. The RestoreOperation is compatible with MutableMapping - :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.RestoreOperation] + :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.RestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) @@ -2266,8 +2266,8 @@ def begin_full_restore_operation( lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) cont_token: Optional[str] = kwargs.pop("continuation_token", None) if cont_token is None: - raw_result = self._full_restore_operation_initial( - restore_blob_details=restore_blob_details, + raw_result = self._pre_full_restore_operation_initial( + pre_restore_operation_parameters=pre_restore_operation_parameters, content_type=content_type, cls=lambda x, y, z: x, headers=_headers, @@ -2323,7 +2323,7 @@ def selective_key_restore_status(self, job_id: str, **kwargs: Any) -> _models.Se :type job_id: str :return: SelectiveKeyRestoreOperation. The SelectiveKeyRestoreOperation is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperation + :rtype: ~azure.keyvault.administration.models.SelectiveKeyRestoreOperation :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -2467,14 +2467,14 @@ def begin_selective_key_restore_operation( :param restore_blob_details: The Azure blob SAS token pointing to a folder where the previous successful full backup was stored. Required. :type restore_blob_details: - ~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperationParameters + ~azure.keyvault.administration.models.SelectiveKeyRestoreOperationParameters :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: An instance of LROPoller that returns SelectiveKeyRestoreOperation. The SelectiveKeyRestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.SelectiveKeyRestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2496,7 +2496,7 @@ def begin_selective_key_restore_operation( :return: An instance of LROPoller that returns SelectiveKeyRestoreOperation. The SelectiveKeyRestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.SelectiveKeyRestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2518,7 +2518,7 @@ def begin_selective_key_restore_operation( :return: An instance of LROPoller that returns SelectiveKeyRestoreOperation. The SelectiveKeyRestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.SelectiveKeyRestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2538,12 +2538,12 @@ def begin_selective_key_restore_operation( successful full backup was stored. Is one of the following types: SelectiveKeyRestoreOperationParameters, JSON, IO[bytes] Required. :type restore_blob_details: - ~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperationParameters or JSON or + ~azure.keyvault.administration.models.SelectiveKeyRestoreOperationParameters or JSON or IO[bytes] :return: An instance of LROPoller that returns SelectiveKeyRestoreOperation. The SelectiveKeyRestoreOperation is compatible with MutableMapping :rtype: - ~azure.core.polling.LROPoller[~azure.keyvault.administration._generated.models.SelectiveKeyRestoreOperation] + ~azure.core.polling.LROPoller[~azure.keyvault.administration.models.SelectiveKeyRestoreOperation] :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) @@ -2623,12 +2623,12 @@ def update_setting( Required. :type setting_name: str :param parameters: The parameters to update an account setting. Required. - :type parameters: ~azure.keyvault.administration._generated.models.UpdateSettingRequest + :type parameters: ~azure.keyvault.administration.models.UpdateSettingRequest :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :return: Setting. The Setting is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.Setting + :rtype: ~azure.keyvault.administration.models.Setting :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2650,7 +2650,7 @@ def update_setting( Default value is "application/json". :paramtype content_type: str :return: Setting. The Setting is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.Setting + :rtype: ~azure.keyvault.administration.models.Setting :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2672,7 +2672,7 @@ def update_setting( Default value is "application/json". :paramtype content_type: str :return: Setting. The Setting is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.Setting + :rtype: ~azure.keyvault.administration.models.Setting :raises ~azure.core.exceptions.HttpResponseError: """ @@ -2690,10 +2690,10 @@ def update_setting( :type setting_name: str :param parameters: The parameters to update an account setting. Is one of the following types: UpdateSettingRequest, JSON, IO[bytes] Required. - :type parameters: ~azure.keyvault.administration._generated.models.UpdateSettingRequest or JSON or + :type parameters: ~azure.keyvault.administration.models.UpdateSettingRequest or JSON or IO[bytes] :return: Setting. The Setting is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.Setting + :rtype: ~azure.keyvault.administration.models.Setting :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -2769,7 +2769,7 @@ def get_setting(self, setting_name: str, **kwargs: Any) -> _models.Setting: Required. :type setting_name: str :return: Setting. The Setting is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.Setting + :rtype: ~azure.keyvault.administration.models.Setting :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { @@ -2832,7 +2832,7 @@ def get_settings(self, **kwargs: Any) -> _models.SettingsListResult: Retrieves a list of all the available account settings that can be configured. :return: SettingsListResult. The SettingsListResult is compatible with MutableMapping - :rtype: ~azure.keyvault.administration._generated.models.SettingsListResult + :rtype: ~azure.keyvault.administration.models.SettingsListResult :raises ~azure.core.exceptions.HttpResponseError: """ error_map: MutableMapping = { diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/operations/_patch.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/operations/_patch.py new file mode 100644 index 000000000000..8bcb627aa475 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/operations/_patch.py @@ -0,0 +1,21 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------- +"""Customize generated code here. + +Follow our quickstart for examples: https://aka.ms/azsdk/python/dpcodegen/python/customize +""" +from typing import List + +__all__: List[str] = [] # Add all objects you want publicly available to users at this package level + + +def patch_sdk(): + """Do not remove from this file. + + `patch_sdk` is a last resort escape hatch that allows you to do customizations + you can't accomplish using the techniques described in + https://aka.ms/azsdk/python/dpcodegen/python/customize + """ diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/py.typed b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/py.typed index e69de29bb2d1..e5aff4f83af8 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/py.typed +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/py.typed @@ -0,0 +1 @@ +# Marker file for PEP 561. \ No newline at end of file diff --git a/sdk/keyvault/azure-keyvault-administration/samples/access_control_operations.py b/sdk/keyvault/azure-keyvault-administration/samples/access_control_operations.py index 4a88c14046d9..dec69877910c 100644 --- a/sdk/keyvault/azure-keyvault-administration/samples/access_control_operations.py +++ b/sdk/keyvault/azure-keyvault-administration/samples/access_control_operations.py @@ -1,3 +1,4 @@ +# pylint: disable=line-too-long,useless-suppression # ------------------------------------ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. @@ -12,7 +13,7 @@ # # 3. Set environment variable MANAGED_HSM_URL with the URL of your managed HSM and AZURE_CLIENT_ID with the ID of a # service principal -# +# # 4. Set up your environment to use azure-identity's DefaultAzureCredential. For more information about how to configure # the DefaultAzureCredential, refer to https://aka.ms/azsdk/python/identity/docs#azure.identity.DefaultAzureCredential # @@ -79,8 +80,7 @@ # [START update_a_role_definition] new_permissions = [ KeyVaultPermission( - data_actions=[KeyVaultDataAction.READ_HSM_KEY], - not_data_actions=[KeyVaultDataAction.CREATE_HSM_KEY] + data_actions=[KeyVaultDataAction.READ_HSM_KEY], not_data_actions=[KeyVaultDataAction.CREATE_HSM_KEY] ) ] unique_definition_name = role_definition.name diff --git a/sdk/keyvault/azure-keyvault-administration/samples/access_control_operations_async.py b/sdk/keyvault/azure-keyvault-administration/samples/access_control_operations_async.py index 4238ea22245d..f11d469b8ebf 100644 --- a/sdk/keyvault/azure-keyvault-administration/samples/access_control_operations_async.py +++ b/sdk/keyvault/azure-keyvault-administration/samples/access_control_operations_async.py @@ -1,3 +1,4 @@ +# pylint: disable=line-too-long,useless-suppression # ------------------------------------ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. @@ -16,7 +17,7 @@ # 2. azure-keyvault-administration and azure-identity libraries (pip install these) # # 3. Set environment variable MANAGED_HSM_URL with the URL of your managed HSM -# +# # 4. Set up your environment to use azure-identity's DefaultAzureCredential. For more information about how to configure # the DefaultAzureCredential, refer to https://aka.ms/azsdk/python/identity/docs#azure.identity.DefaultAzureCredential # @@ -34,6 +35,7 @@ # 5. Delete a role definition (delete_role_definition) # ---------------------------------------------------------------------------------------------------------- + async def run_sample(): MANAGED_HSM_URL = os.environ["MANAGED_HSM_URL"] @@ -41,7 +43,7 @@ async def run_sample(): # Here we use the DefaultAzureCredential, but any azure-identity credential can be used. credential = DefaultAzureCredential() client = KeyVaultAccessControlClient(vault_url=MANAGED_HSM_URL, credential=credential) - + # Let's first create a custom role definition. This role permits creating keys in a Managed HSM. # We'll provide a friendly role name, and let a unique role definition name (a GUID) be generated for us. print("\n.. Create a role definition") @@ -57,8 +59,7 @@ async def run_sample(): print("\n.. Update a role definition") new_permissions = [ KeyVaultPermission( - data_actions=[KeyVaultDataAction.READ_HSM_KEY], - not_data_actions=[KeyVaultDataAction.CREATE_HSM_KEY] + data_actions=[KeyVaultDataAction.READ_HSM_KEY], not_data_actions=[KeyVaultDataAction.CREATE_HSM_KEY] ) ] unique_definition_name = role_definition.name diff --git a/sdk/keyvault/azure-keyvault-administration/samples/backup_restore_operations.py b/sdk/keyvault/azure-keyvault-administration/samples/backup_restore_operations.py index a36305134280..582b250e5f5f 100644 --- a/sdk/keyvault/azure-keyvault-administration/samples/backup_restore_operations.py +++ b/sdk/keyvault/azure-keyvault-administration/samples/backup_restore_operations.py @@ -17,7 +17,7 @@ # 4. A user-assigned managed identity that has access to your managed HSM. For more information about how to create a # user-assigned managed identity, refer to # https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview -# +# # 5. A storage account, that your managed identity has access to, containing a blob storage container # (See https://learn.microsoft.com/azure/storage/blobs/storage-blobs-introduction) # diff --git a/sdk/keyvault/azure-keyvault-administration/samples/backup_restore_operations_async.py b/sdk/keyvault/azure-keyvault-administration/samples/backup_restore_operations_async.py index 1cba4d1b11ae..5d5318769300 100644 --- a/sdk/keyvault/azure-keyvault-administration/samples/backup_restore_operations_async.py +++ b/sdk/keyvault/azure-keyvault-administration/samples/backup_restore_operations_async.py @@ -19,7 +19,7 @@ # 4. A user-assigned managed identity that has access to your managed HSM. For more information about how to create a # user-assigned managed identity, refer to # https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview -# +# # 5. A storage account, that your managed identity has access to, containing a blob storage container # (See https://learn.microsoft.com/azure/storage/blobs/storage-blobs-introduction) # @@ -36,6 +36,7 @@ # 2. Perform a full restore (begin_restore) # ---------------------------------------------------------------------------------------------------------- + async def run_sample(): MANAGED_HSM_URL = os.environ["MANAGED_HSM_URL"] CONTAINER_URL = os.environ["CONTAINER_URL"] @@ -45,7 +46,7 @@ async def run_sample(): # Here we use the DefaultAzureCredential, but any azure-identity credential can be used. credential = ManagedIdentityCredential(client_id=MANAGED_IDENTITY_CLIENT_ID) client = KeyVaultBackupClient(vault_url=MANAGED_HSM_URL, credential=credential) - + # Let's back up the vault with begin_backup, which returns a poller. Calling result() on the poller will return # a KeyVaultBackupResult that contains the URL of the backup after the operation completes. Calling wait() on # the poller will wait until the operation is complete. diff --git a/sdk/keyvault/azure-keyvault-administration/samples/settings_operations.py b/sdk/keyvault/azure-keyvault-administration/samples/settings_operations.py index 390e0d7b4e00..68461b4a3e3d 100644 --- a/sdk/keyvault/azure-keyvault-administration/samples/settings_operations.py +++ b/sdk/keyvault/azure-keyvault-administration/samples/settings_operations.py @@ -1,3 +1,4 @@ +# pylint: disable=line-too-long,useless-suppression # ------------------------------------ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. @@ -13,7 +14,7 @@ # 2. azure-keyvault-administration and azure-identity libraries (pip install these) # # 3. Set environment variable MANAGED_HSM_URL with the URL of your managed HSM -# +# # 4. Set up your environment to use azure-identity's DefaultAzureCredential. For more information about how to configure # the DefaultAzureCredential, refer to https://aka.ms/azsdk/python/identity/docs#azure.identity.DefaultAzureCredential # diff --git a/sdk/keyvault/azure-keyvault-administration/samples/settings_operations_async.py b/sdk/keyvault/azure-keyvault-administration/samples/settings_operations_async.py index 77a7070a7f44..a400f4889d12 100644 --- a/sdk/keyvault/azure-keyvault-administration/samples/settings_operations_async.py +++ b/sdk/keyvault/azure-keyvault-administration/samples/settings_operations_async.py @@ -1,3 +1,4 @@ +# pylint: disable=line-too-long,useless-suppression # ------------------------------------ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. @@ -16,7 +17,7 @@ # 2. azure-keyvault-administration and azure-identity libraries (pip install these) # # 3. Set environment variable MANAGED_HSM_URL with the URL of your managed HSM -# +# # 4. Set up your environment to use azure-identity's DefaultAzureCredential. For more information about how to configure # the DefaultAzureCredential, refer to https://aka.ms/azsdk/python/identity/docs#azure.identity.DefaultAzureCredential # @@ -28,6 +29,7 @@ # 2. Update a setting (update_setting) # ---------------------------------------------------------------------------------------------------------- + async def run_sample(): MANAGED_HSM_URL = os.environ["MANAGED_HSM_URL"] diff --git a/sdk/keyvault/azure-keyvault-administration/setup.py b/sdk/keyvault/azure-keyvault-administration/setup.py index 1b5f8c96f8e9..0ed9b67c2fff 100644 --- a/sdk/keyvault/azure-keyvault-administration/setup.py +++ b/sdk/keyvault/azure-keyvault-administration/setup.py @@ -1,48 +1,41 @@ -#!/usr/bin/env python +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) Python Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ -# pylint:disable=missing-docstring +import os import re -import os.path -from io import open -from setuptools import find_packages, setup +from setuptools import setup, find_packages + -# Change the PACKAGE_NAME only to change folder and different name PACKAGE_NAME = "azure-keyvault-administration" -PACKAGE_PPRINT_NAME = "Key Vault Administration" +PACKAGE_PPRINT_NAME = "Azure Keyvault Administration" # a-b-c => a/b/c -PACKAGE_FOLDER_PATH = PACKAGE_NAME.replace("-", "/") -# a-b-c => a.b.c -NAMESPACE_NAME = PACKAGE_NAME.replace("-", ".") +package_folder_path = PACKAGE_NAME.replace("-", "/") # Version extraction inspired from 'requests' -with open(os.path.join(PACKAGE_FOLDER_PATH, "_version.py"), "r") as fd: - VERSION = re.search(r'^VERSION\s*=\s*[\'"]([^\'"]*)[\'"]', fd.read(), re.MULTILINE).group(1) # type: ignore +with open(os.path.join(package_folder_path, "_version.py"), "r") as fd: + version = re.search(r'^VERSION\s*=\s*[\'"]([^\'"]*)[\'"]', fd.read(), re.MULTILINE).group(1) -if not VERSION: +if not version: raise RuntimeError("Cannot find version information") -with open("README.md", encoding="utf-8") as f: - README = f.read() -with open("CHANGELOG.md", encoding="utf-8") as f: - CHANGELOG = f.read() setup( name=PACKAGE_NAME, - version=VERSION, - include_package_data=True, - description=f"Microsoft Azure {PACKAGE_PPRINT_NAME} Client Library for Python", - long_description=README + "\n\n" + CHANGELOG, + version=version, + description="Microsoft Corporation {} Client Library for Python".format(PACKAGE_PPRINT_NAME), + long_description=open("README.md", "r").read(), long_description_content_type="text/markdown", license="MIT License", author="Microsoft Corporation", - author_email="azurekeyvault@microsoft.com", - url="https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-administration", + author_email="azpysdkhelp@microsoft.com", + url="https://github.com/Azure/azure-sdk-for-python/tree/main/sdk", keywords="azure, azure sdk", classifiers=[ "Development Status :: 4 - Beta", @@ -59,17 +52,20 @@ zip_safe=False, packages=find_packages( exclude=[ - "samples", "tests", # Exclude packages that will be covered by PEP420 or nspkg "azure", "azure.keyvault", ] ), - python_requires=">=3.8", + include_package_data=True, + package_data={ + "azure.keyvault.administration": ["py.typed"], + }, install_requires=[ - "azure-core>=1.31.0", "isodate>=0.6.1", + "azure-core>=1.30.0", "typing-extensions>=4.6.0", ], + python_requires=">=3.8", ) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/_async_test_case.py b/sdk/keyvault/azure-keyvault-administration/tests/_async_test_case.py index 6ad8ed0388b1..be65a9593f91 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/_async_test_case.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/_async_test_case.py @@ -25,7 +25,7 @@ def __init__(self, **kwargs) -> None: self.container_uri = f"{storage_url}/{container_name}" self.sas_token = os.environ.get("BLOB_STORAGE_SAS_TOKEN") - + else: self.managed_hsm_url = hsm_playback_url self.container_uri = container_playback_uri @@ -39,7 +39,7 @@ def __init__(self, **kwargs) -> None: # Only set service principal credentials if user-based auth is not requested if use_pwsh == use_cli == use_vscode == use_azd == "false": self._set_mgmt_settings_real_values() - + def _skip_if_not_configured(self, api_version, **kwargs): if self.is_live and api_version != DEFAULT_VERSION: pytest.skip("This test only uses the default API version for live tests") @@ -63,6 +63,7 @@ async def _preparer(test_class, api_version, **kwargs): async with client: await fn(test_class, client, **kwargs) + return _preparer def create_backup_client(self, managed_identity_client_id, **kwargs): @@ -88,6 +89,7 @@ async def _preparer(test_class, api_version, **kwargs): async with client: await fn(test_class, client, **kwargs) + return _preparer def create_backup_client(self, **kwargs): @@ -107,11 +109,11 @@ async def _preparer(test_class, api_version, **kwargs): async with client: await fn(test_class, client, **kwargs) + return _preparer def create_access_control_client(self, **kwargs): - from azure.keyvault.administration.aio import \ - KeyVaultAccessControlClient + from azure.keyvault.administration.aio import KeyVaultAccessControlClient credential = self.get_credential(KeyVaultAccessControlClient, is_async=True) return self.create_client_from_credential( @@ -127,11 +129,11 @@ async def _preparer(test_class, api_version, **kwargs): async with client: await fn(test_class, client, **kwargs) + return _preparer def create_access_control_client(self, **kwargs): - from azure.keyvault.administration.aio import \ - KeyVaultSettingsClient + from azure.keyvault.administration.aio import KeyVaultSettingsClient credential = self.get_credential(KeyVaultSettingsClient, is_async=True) return self.create_client_from_credential( diff --git a/sdk/keyvault/azure-keyvault-administration/tests/_test_case.py b/sdk/keyvault/azure-keyvault-administration/tests/_test_case.py index fe082b88063d..e4b23e6cebed 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/_test_case.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/_test_case.py @@ -26,7 +26,7 @@ def __init__(self, **kwargs) -> None: self.container_uri = f"{storage_url}/{container_name}" self.sas_token = os.environ.get("BLOB_STORAGE_SAS_TOKEN") - + else: self.managed_hsm_url = hsm_playback_url self.container_uri = container_playback_uri @@ -40,7 +40,7 @@ def __init__(self, **kwargs) -> None: # Only set service principal credentials if user-based auth is not requested if use_pwsh == use_cli == use_vscode == use_azd == "false": self._set_mgmt_settings_real_values() - + def _skip_if_not_configured(self, api_version, **kwargs): if self.is_live and api_version != DEFAULT_VERSION: pytest.skip("This test only uses the default API version for live tests") @@ -56,7 +56,7 @@ def _set_mgmt_settings_real_values(self): class KeyVaultBackupClientPreparer(BaseClientPreparer): def __init__(self, **kwargs) -> None: - super().__init__(**kwargs) + super().__init__(**kwargs) def __call__(self, fn): def _preparer(test_class, api_version, **kwargs): @@ -67,6 +67,7 @@ def _preparer(test_class, api_version, **kwargs): with client: fn(test_class, client, **kwargs) + return _preparer def create_backup_client(self, managed_identity_client_id, **kwargs): @@ -83,7 +84,7 @@ def create_backup_client(self, managed_identity_client_id, **kwargs): class KeyVaultBackupClientSasPreparer(BaseClientPreparer): def __init__(self, **kwargs) -> None: - super().__init__(**kwargs) + super().__init__(**kwargs) def __call__(self, fn): def _preparer(test_class, api_version, **kwargs): @@ -95,6 +96,7 @@ def _preparer(test_class, api_version, **kwargs): with client: fn(test_class, client, **kwargs) + return _preparer def create_backup_client(self, **kwargs): @@ -117,6 +119,7 @@ def _preparer(test_class, api_version, **kwargs): with client: fn(test_class, client, **kwargs) + return _preparer def create_access_control_client(self, **kwargs): @@ -139,6 +142,7 @@ def _preparer(test_class, api_version, **kwargs): with client: fn(test_class, client, **kwargs) + return _preparer def create_settings_client(self, **kwargs): diff --git a/sdk/keyvault/azure-keyvault-administration/tests/conftest.py b/sdk/keyvault/azure-keyvault-administration/tests/conftest.py index 66f14f669a46..872fdb9d38f7 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/conftest.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/conftest.py @@ -16,7 +16,8 @@ remove_batch_sanitizers, ) -os.environ['PYTHONHASHSEED'] = '0' +os.environ["PYTHONHASHSEED"] = "0" + @pytest.fixture(scope="session", autouse=True) def add_sanitizers(test_proxy): @@ -24,22 +25,22 @@ def add_sanitizers(test_proxy): azure_keyvault_url = azure_keyvault_url.rstrip("/") keyvault_tenant_id = os.getenv("KEYVAULT_TENANT_ID", "keyvault_tenant_id") keyvault_subscription_id = os.getenv("KEYVAULT_SUBSCRIPTION_ID", "keyvault_subscription_id") - azure_managedhsm_url = os.environ.get("AZURE_MANAGEDHSM_URL","https://Sanitized.managedhsm.azure.net") + azure_managedhsm_url = os.environ.get("AZURE_MANAGEDHSM_URL", "https://Sanitized.managedhsm.azure.net") azure_managedhsm_url = azure_managedhsm_url.rstrip("/") - azure_attestation_uri = os.environ.get("AZURE_KEYVAULT_ATTESTATION_URL","https://Sanitized.azurewebsites.net") - azure_attestation_uri = azure_attestation_uri.rstrip('/') + azure_attestation_uri = os.environ.get("AZURE_KEYVAULT_ATTESTATION_URL", "https://Sanitized.azurewebsites.net") + azure_attestation_uri = azure_attestation_uri.rstrip("/") storage_url = os.environ.get("BLOB_STORAGE_URL", "https://Sanitized.blob.core.windows.net") client_id = os.environ.get("KEYVAULT_CLIENT_ID", "service-principal-id") - sas_token = os.environ.get("BLOB_STORAGE_SAS_TOKEN","fake-sas") + sas_token = os.environ.get("BLOB_STORAGE_SAS_TOKEN", "fake-sas") add_general_string_sanitizer(target=azure_keyvault_url, value="https://Sanitized.vault.azure.net") add_general_string_sanitizer(target=keyvault_tenant_id, value="00000000-0000-0000-0000-000000000000") add_general_string_sanitizer(target=keyvault_subscription_id, value="00000000-0000-0000-0000-000000000000") - add_general_string_sanitizer(target=azure_managedhsm_url,value="https://Sanitized.managedhsm.azure.net") - add_general_string_sanitizer(target=azure_attestation_uri,value="https://Sanitized.azurewebsites.net") + add_general_string_sanitizer(target=azure_managedhsm_url, value="https://Sanitized.managedhsm.azure.net") + add_general_string_sanitizer(target=azure_attestation_uri, value="https://Sanitized.azurewebsites.net") add_general_string_sanitizer(target=storage_url, value="https://Sanitized.blob.core.windows.net") add_general_string_sanitizer(target=sas_token, value="fake-sas") - add_general_string_sanitizer(target=client_id, value = "service-principal-id") + add_general_string_sanitizer(target=client_id, value="service-principal-id") # Sanitize API versions of `azure-keyvault-keys` requests add_uri_regex_sanitizer( regex="keys/([^/]*)/create\\?api-version=(\\S*)", value="keys/$1/create?api-version=sanitized" diff --git a/sdk/keyvault/azure-keyvault-administration/tests/perfstress_tests/get_role_definition.py b/sdk/keyvault/azure-keyvault-administration/tests/perfstress_tests/get_role_definition.py index 80730f6ae7d8..dd5dfb5a2add 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/perfstress_tests/get_role_definition.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/perfstress_tests/get_role_definition.py @@ -8,10 +8,10 @@ from azure.identity import DefaultAzureCredential from azure.identity.aio import DefaultAzureCredential as AsyncDefaultAzureCredential from azure.keyvault.administration import ( - KeyVaultAccessControlClient, + KeyVaultAccessControlClient, KeyVaultDataAction, KeyVaultPermission, - KeyVaultRoleScope, + KeyVaultRoleScope, ) from azure.keyvault.administration.aio import KeyVaultAccessControlClient as AsyncKeyVaultAccessControlClient @@ -32,7 +32,7 @@ def __init__(self, arguments): self.role_name = uuid.uuid4() self.scope = KeyVaultRoleScope.GLOBAL self.permissions = [KeyVaultPermission(data_actions=[KeyVaultDataAction.CREATE_HSM_KEY])] - + async def global_setup(self): """The global setup is run only once.""" await super().global_setup() @@ -42,7 +42,7 @@ async def global_cleanup(self): """The global cleanup is run only once.""" await self.async_client.delete_role_definition(scope=self.scope, name=self.role_name) await super().global_cleanup() - + async def close(self): """This is run after cleanup.""" await self.async_client.close() diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index c14251a13080..89c440d776b0 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -43,14 +43,10 @@ def test_role_definitions(self, client, **kwargs): # create custom role definition role_name = self.get_resource_name("role-name") definition_name = self.get_replayable_uuid("definition-name") - add_general_regex_sanitizer(regex=definition_name, value = "definition-name") + add_general_regex_sanitizer(regex=definition_name, value="definition-name") permissions = [KeyVaultPermission(data_actions=[KeyVaultDataAction.READ_HSM_KEY])] created_definition = client.set_role_definition( - scope=scope, - name=definition_name, - role_name=role_name, - description="test", - permissions=permissions + scope=scope, name=definition_name, role_name=role_name, description="test", permissions=permissions ) assert "/" in created_definition.assignable_scopes assert created_definition.role_name == role_name @@ -61,12 +57,8 @@ def test_role_definitions(self, client, **kwargs): assert created_definition.assignable_scopes == [KeyVaultRoleScope.GLOBAL] # update custom role definition - permissions = [ - KeyVaultPermission(data_actions=[], not_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) - ] - updated_definition = client.set_role_definition( - scope=scope, name=definition_name, permissions=permissions - ) + permissions = [KeyVaultPermission(data_actions=[], not_data_actions=[KeyVaultDataAction.READ_HSM_KEY])] + updated_definition = client.set_role_definition(scope=scope, name=definition_name, permissions=permissions) assert updated_definition.role_name == "" assert updated_definition.description == "" assert len(updated_definition.permissions) == 1 @@ -101,18 +93,18 @@ def test_role_assignment(self, client, **kwargs): definition = definitions[0] principal_id = self.get_service_principal_id() name = self.get_replayable_uuid("some-uuid") - add_general_regex_sanitizer(regex=name, value = "some-uuid") + add_general_regex_sanitizer(regex=name, value="some-uuid") created = client.create_role_assignment(scope, definition.id, principal_id, name=name) assert created.name == name - #assert created.properties.principal_id == principal_id + # assert created.properties.principal_id == principal_id assert created.properties.role_definition_id == definition.id assert created.properties.scope == scope # should be able to get the new assignment got = client.get_role_assignment(scope, name) assert got.name == name - #assert got.properties.principal_id == principal_id + # assert got.properties.principal_id == principal_id assert got.properties.role_definition_id == definition.id assert got.properties.scope == scope diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py index db16f213da21..74d961b5b865 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py @@ -7,7 +7,7 @@ import uuid import pytest -from azure.keyvault.administration import KeyVaultDataAction, KeyVaultPermission,KeyVaultRoleScope +from azure.keyvault.administration import KeyVaultDataAction, KeyVaultPermission, KeyVaultRoleScope from devtools_testutils import add_general_regex_sanitizer, set_bodiless_matcher from devtools_testutils.aio import recorded_by_proxy_async @@ -31,7 +31,7 @@ def get_service_principal_id(self): value = os.environ["AZURE_CLIENT_ID"] return value return replay_value - + @pytest.mark.asyncio @pytest.mark.parametrize("api_version", all_api_versions) @KeyVaultAccessControlClientPreparer() @@ -48,14 +48,10 @@ async def test_role_definitions(self, client, **kwargs): # create custom role definition role_name = self.get_resource_name("role-name") definition_name = self.get_replayable_uuid("definition-name") - add_general_regex_sanitizer(regex=definition_name, value = "definition-name") + add_general_regex_sanitizer(regex=definition_name, value="definition-name") permissions = [KeyVaultPermission(data_actions=[KeyVaultDataAction.READ_HSM_KEY])] created_definition = await client.set_role_definition( - scope=scope, - name=definition_name, - role_name=role_name, - description="test", - permissions=permissions + scope=scope, name=definition_name, role_name=role_name, description="test", permissions=permissions ) assert "/" in created_definition.assignable_scopes assert created_definition.role_name == role_name @@ -66,9 +62,7 @@ async def test_role_definitions(self, client, **kwargs): assert created_definition.assignable_scopes == [KeyVaultRoleScope.GLOBAL] # update custom role definition - permissions = [ - KeyVaultPermission(data_actions=[], not_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) - ] + permissions = [KeyVaultPermission(data_actions=[], not_data_actions=[KeyVaultDataAction.READ_HSM_KEY])] updated_definition = await client.set_role_definition( scope=scope, name=definition_name, permissions=permissions ) @@ -94,11 +88,10 @@ async def test_role_definitions(self, client, **kwargs): await client.delete_role_definition(scope, definition_name) async for d in client.list_role_definitions(scope): - assert (d.id != definition.id), "the role definition should have been deleted" + assert d.id != definition.id, "the role definition should have been deleted" if self.is_live: await asyncio.sleep(60) # additional waiting to avoid conflicts with resources in other tests - @pytest.mark.asyncio @pytest.mark.parametrize("api_version", all_api_versions) @KeyVaultAccessControlClientPreparer() @@ -114,20 +107,18 @@ async def test_role_assignment(self, client, **kwargs): definition = definitions[0] principal_id = self.get_service_principal_id() name = self.get_replayable_uuid("some-uuid") - add_general_regex_sanitizer(regex=name, value = "some-uuid") - - + add_general_regex_sanitizer(regex=name, value="some-uuid") created = await client.create_role_assignment(scope, definition.id, principal_id, name=name) assert created.name == name - #assert created.properties.principal_id == principal_id + # assert created.properties.principal_id == principal_id assert created.properties.role_definition_id == definition.id assert created.properties.scope == scope # should be able to get the new assignment got = await client.get_role_assignment(scope, name) assert got.name == name - #assert got.properties.principal_id == principal_id + # assert got.properties.principal_id == principal_id assert got.properties.role_definition_id == definition.id assert got.properties.scope == scope diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py index 6c41fc80e2ab..00e9a49a07c1 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py @@ -23,8 +23,9 @@ class TestBackupClientTests(KeyVaultTestCase): def create_key_client(self, vault_uri, **kwargs): from azure.keyvault.keys import KeyClient + credential = self.get_credential(KeyClient) - return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs ) + return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs) @pytest.mark.parametrize("api_version", only_default) @KeyVaultBackupClientPreparer() @@ -91,7 +92,6 @@ def test_selective_key_restore(self, client, **kwargs): key_name = self.get_resource_name("selective-restore-test-key") key_client.create_rsa_key(key_name) - # backup the vault container_uri = kwargs.pop("container_uri") backup_poller = client.begin_backup(container_uri, use_managed_identity=True) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py index 58ab6d1dffdf..63ab4a1e7947 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py @@ -19,9 +19,10 @@ class TestBackupClientTests(KeyVaultTestCase): def create_key_client(self, vault_uri, **kwargs): - from azure.keyvault.keys.aio import KeyClient - credential = self.get_credential(KeyClient, is_async=True) - return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs ) + from azure.keyvault.keys.aio import KeyClient + + credential = self.get_credential(KeyClient, is_async=True) + return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs) @pytest.mark.asyncio @pytest.mark.parametrize("api_version", only_default) @@ -120,7 +121,7 @@ async def test_backup_client_polling(self, client, **kwargs): # backup the vault container_uri = kwargs.pop("container_uri") backup_poller = await client.begin_backup(container_uri, use_managed_identity=True) - + # create a new poller from a continuation token token = backup_poller.continuation_token() rehydrated = await client.begin_backup(container_uri, use_managed_identity=True, continuation_token=token) @@ -129,7 +130,7 @@ async def test_backup_client_polling(self, client, **kwargs): if self.is_live: assert backup_poller.status() == "InProgress" assert not backup_poller.done() or backup_poller.polling_method().finished() - #assert rehydrated.status() == "InProgress" + # assert rehydrated.status() == "InProgress" assert not rehydrated.done() or rehydrated.polling_method().finished() backup_operation = await backup_poller.result() @@ -156,7 +157,7 @@ async def test_backup_client_polling(self, client, **kwargs): if self.is_live: assert restore_poller.status() == "InProgress" assert not restore_poller.done() or restore_poller.polling_method().finished() - #assert rehydrated.status() == "InProgress" + # assert rehydrated.status() == "InProgress" assert not rehydrated.done() or rehydrated.polling_method().finished() await rehydrated.wait() diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration.py b/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration.py index e51d0aa1da6b..8e27b1d71275 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration.py @@ -18,8 +18,9 @@ class TestExamplesTests(KeyVaultTestCase): def create_key_client(self, vault_uri, **kwargs): from azure.keyvault.keys import KeyClient + credential = self.get_credential(KeyClient) - return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs ) + return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs) @pytest.mark.parametrize("api_version", only_default) @KeyVaultBackupClientPreparer() @@ -60,7 +61,7 @@ def test_example_backup_and_restore(self, client, **kwargs): @pytest.mark.parametrize("api_version", only_default) @KeyVaultBackupClientPreparer() @recorded_by_proxy - def test_example_selective_key_restore(self, client,**kwargs): + def test_example_selective_key_restore(self, client, **kwargs): set_bodiless_matcher() # create a key to selectively restore managed_hsm_url = kwargs.pop("managed_hsm_url") diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration_async.py index fb5046f8b2a4..d8ee3fde9b9d 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_examples_administration_async.py @@ -19,8 +19,9 @@ class TestExamplesTests(KeyVaultTestCase): def create_key_client(self, vault_uri, **kwargs): from azure.keyvault.keys.aio import KeyClient + credential = self.get_credential(KeyClient, is_async=True) - return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs ) + return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs) @pytest.mark.asyncio @pytest.mark.parametrize("api_version", only_default) diff --git a/sdk/keyvault/azure-keyvault-administration/tsp-location.yaml b/sdk/keyvault/azure-keyvault-administration/tsp-location.yaml new file mode 100644 index 000000000000..39d8d7dff629 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tsp-location.yaml @@ -0,0 +1,8 @@ +directory: specification/keyvault/Security.KeyVault.Administration +commit: 3e32fe20d37f48f3d0acd301e71b43586ed85348 +repo: Azure/azure-rest-api-specs +additionalDirectories: +- specification/keyvault/Security.KeyVault.BackupRestore +- specification/keyvault/Security.KeyVault.Common +- specification/keyvault/Security.KeyVault.RBAC +- specification/keyvault/Security.KeyVault.Settings