Skip to content

[KeyVault] KeyVault Round 4 Commands #1275

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tjprescott merged 4 commits into from
Nov 12, 2016
Merged

[KeyVault] KeyVault Round 4 Commands #1275

tjprescott merged 4 commits into from
Nov 12, 2016

Conversation

@tjprescott
Copy link
Member

@tjprescott tjprescott commented Nov 9, 2016

Closes #885.

This PR updates the secret set command and adds the secret download and certificate download commands. With this, the entire KeyVault data plane functionality should be exposed.

Plan to defer merging this until #1059 is merged.

@tjprescott
Copy link
Member Author

tjprescott commented Nov 9, 2016

secret set

Arguments
    --name -n    [Required]: Name of the secret.
    --vault-name [Required]: Name of the key vault.
    --description          : Description of the secret contents (i.e. password, connection string,
                             etc).
    --disabled             : Create secret in disabled state.
    --expires              : Expiration UTC datetime  (Y-m-d'T'H:M'Z').
    --not-before           : Key not usable before the provided UTC datetime  (Y-m-d'T'H:M'Z').
    --tags                 : Space separated tags in 'key[=value]' format. Use "" to clear existing
                             tags.

Content Source Arguments
    --encoding -e          : Source file encoding. The value is saved as a tag (file-encoding=<val>)
                             and used during download to automtically encode the resulting file.
                             Allowed values: ascii, base64, hex, utf-16be, utf-16le, utf-8.
                             Default: utf-8.
    --file -f              : Source file for secret. Use in conjunction with '--encoding'.
    --value                : Plain text secret value. Cannot be used with '--file' or '--encoding'.

secret download

Command
    az keyvault secret download: Download a secret from a KeyVault.

Arguments
    --file -f    [Required]: File to receive the secret contents.
    --name -n    [Required]: Name of the secret.
    --vault-name [Required]: Name of the key vault.
    --encoding -e          : Encoding of the destination file. By default, will look for the 'file-
                             encoding' tag on the secret. Otherwise will assume 'utf-8'.  Allowed
                             values: ascii, base64, hex, utf-16be, utf-16le, utf-8.
    --version -v           : The secret version. If omitted, uses the latest version.

certificate download

Command
    az keyvault certificate download: Download a certificate from a KeyVault.

Arguments
    --file -f    [Required]: File to receive the binary certificate contents.
    --name -n    [Required]: Name of the certificate.
    --vault-name [Required]: Name of the key vault.
    --encoding -e          : How to store base64 certificate contents in file.  Allowed values:
                             binary, string.  Default: binary.
    --version -v           : The certificate version. If omitted, uses the latest version.

derekbekoe
derekbekoe reviewed Nov 11, 2016
View reviewed changes
Copy link
Member

@derekbekoe derekbekoe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall. Added a few comments..

src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/_params.py Outdated
Copy link
Member

@derekbekoe derekbekoe Nov 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like this is unused?

src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/custom.py Outdated
Copy link
Member

@derekbekoe derekbekoe Nov 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider checking for a directory as well as you can't write to a file_path if it's actually a directory.

if os.path.isfile(file_path) or os.path.isdir(file_path):
...

https://docs.python.org/2/library/os.path.html#os.path.isdir

Then, the error message would have "File or directory already exists".

Just showing you can't have a file and directory with the same name.

Dereks-MacBook-Pro-2:atest debekoe$ ls -la
total 0
drwxr-xr-x   2 debekoe  staff    68 Nov 11 13:42 .
drwxr-xr-x+ 63 debekoe  staff  2142 Nov 11 13:42 ..
Dereks-MacBook-Pro-2:atest debekoe$ mkdir a_directory
Dereks-MacBook-Pro-2:atest debekoe$ ls -la
total 0
drwxr-xr-x   3 debekoe  staff   102 Nov 11 13:42 .
drwxr-xr-x+ 63 debekoe  staff  2142 Nov 11 13:42 ..
drwxr-xr-x   2 debekoe  staff    68 Nov 11 13:42 a_directory
Dereks-MacBook-Pro-2:atest debekoe$ echo 'helloworld' > a_directory
-bash: a_directory: Is a directory
Dereks-MacBook-Pro-2:atest debekoe$ echo $?
1
Dereks-MacBook-Pro-2:atest debekoe$

src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/custom.py Outdated
Copy link
Member

@derekbekoe derekbekoe Nov 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here

src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/custom.py Outdated
Copy link
Member

@derekbekoe derekbekoe Nov 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You catch the exception which is fine but should you then raise CLIError after you remove the file?
Otherwise I think the command would return an exit code of 0 and it'd look like it downloaded fine.

src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/custom.py Outdated
Copy link
Member

@derekbekoe derekbekoe Nov 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here.

derekbekoe
derekbekoe reviewed Nov 11, 2016
View reviewed changes
src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/_params.py Outdated
Copy link
Member

@derekbekoe derekbekoe Nov 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: i.e. or e.g.?

Copy link
Member

@derekbekoe derekbekoe Nov 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking e.g. as you're listing examples.

@tjprescott
Copy link
Member Author

tjprescott commented Nov 11, 2016

@derekbekoe fixed up your issues.

@tjprescott tjprescott merged commit 11199ec into Azure:master Nov 12, 2016
@tjprescott tjprescott deleted the KeyVaultRound4 branch November 12, 2016 00:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@derekbekoe derekbekoe derekbekoe approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla-not-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tjprescott @derekbekoe @azurecla @haroldrandom