[KeyVault] BREAKING CHANGE: id changes to be jobId, azureStorageBlobContainerUri changes to be folderUrl in command output of az keyvault backup/restore, az keyvault key restore

src/azure-cli/azure/cli/command_modules/keyvault/commands.py

@@ -128,12 +128,12 @@ def load_command_table(self, _):
         with self.command_group('keyvault backup', data_backup_entity.command_type,
                                 is_preview=True) as g:
             g.keyvault_custom('start', 'full_backup',
-                              doc_string_source=data_backup_entity.operations_docs_tmpl.format('begin_full_backup'))
+                              doc_string_source=data_backup_entity.operations_docs_tmpl.format('begin_backup'))
 
         with self.command_group('keyvault restore', data_backup_entity.command_type,
                                 is_preview=True) as g:
             g.keyvault_custom('start', 'full_restore',
-                              doc_string_source=data_backup_entity.operations_docs_tmpl.format('begin_full_restore'))
+                              doc_string_source=data_backup_entity.operations_docs_tmpl.format('begin_restore'))
 
         with self.command_group('keyvault security-domain', private_data_entity.command_type,
                                 is_preview=True) as g:

src/azure-cli/azure/cli/command_modules/keyvault/custom.py

@@ -1127,9 +1127,8 @@ def restore_key(cmd, client, file_path=None, vault_base_url=None, hsm_name=None,
         ResourceType.DATA_KEYVAULT_ADMINISTRATION_BACKUP)(cmd.cli_ctx, {'hsm_name': hsm_name})
     return sdk_no_wait(
         no_wait, backup_client.begin_selective_restore,
-        blob_storage_uri=storage_resource_uri,
+        folder_url='{}/{}'.format(storage_resource_uri, backup_folder),
         sas_token=token,
-        folder_name=backup_folder,
         key_name=key_name
     )
 
@@ -1819,14 +1818,14 @@ def _resolve_role_id(client, role, scope):
     else:
         all_roles = list_role_definitions(client, scope=scope)
         for _role in all_roles:
-            if getattr(_role, 'role_name', None) == role:
-                role_id = _role.id
+            if _role.get('roleName', None) == role:
+                role_id = _role['id']
                 break
     return role_id
 
 
 def _get_role_dics(role_defs):
-    return {i.id: getattr(i, 'role_name', None) for i in role_defs}
+    return {i['id']: i.get('roleName', None) for i in role_defs}
 
 
 def _get_principal_dics(cli_ctx, role_assignments):
@@ -1849,7 +1848,7 @@ def _get_principal_dics(cli_ctx, role_assignments):
 
 def _reconstruct_role_assignment(role_dics, principal_dics, role_assignment):
     ret = {
-        'id': role_assignment.assignment_id,
+        'id': role_assignment.role_assignment_id,
         'name': role_assignment.name,
         'scope': role_assignment.scope,
         'type': role_assignment.type
@@ -2007,12 +2006,38 @@ def list_role_assignments(cmd, client, scope=None, assignee=None, role=None, ass
     return ret
 
 
+def _reconstruct_role_definition(role_definition):
+    ret_permissions = []
+    permissions = role_definition.permissions
+    for permission in permissions:
+        ret_permissions.append({
+            'actions': permission.allowed_actions,
+            'notActions': permission.denied_actions,
+            'dataActions': permission.allowed_data_actions,
+            'notDataActions': permission.denied_data_actions
+        })
+
+    ret = {
+        'assignableScopes': role_definition.assignable_scopes,
+        'description': role_definition.description,
+        'id': role_definition.id,
+        'name': role_definition.name,
+        'permissions': ret_permissions,
+        'roleName': role_definition.role_name,
+        'roleType': role_definition.role_type,
+        'type': role_definition.type,
+    }
+
+    return ret
+
+
 def list_role_definitions(client, scope=None, hsm_name=None):  # pylint: disable=unused-argument
     """ List role definitions. """
     query_scope = scope
     if query_scope is None:
         query_scope = ''
-    return client.list_role_definitions(role_scope=query_scope)
+    role_definitions = client.list_role_definitions(role_scope=query_scope)
+    return [_reconstruct_role_definition(role) for role in role_definitions]
 # endregion
 
 
@@ -2042,7 +2067,7 @@ def full_backup(cmd, client, token, storage_resource_uri=None, storage_account_n
     if not storage_resource_uri:
         storage_resource_uri = construct_storage_uri(
             cmd.cli_ctx.cloud.suffixes.storage_endpoint, storage_account_name, blob_container_name)
-    return client.begin_full_backup(storage_resource_uri, token)
+    return client.begin_backup(storage_resource_uri, token)
 
 
 def full_restore(cmd, client, token, folder_to_restore, storage_resource_uri=None, storage_account_name=None,
@@ -2051,7 +2076,8 @@ def full_restore(cmd, client, token, folder_to_restore, storage_resource_uri=Non
     if not storage_resource_uri:
         storage_resource_uri = construct_storage_uri(
             cmd.cli_ctx.cloud.suffixes.storage_endpoint, storage_account_name, blob_container_name)
-    return client.begin_full_restore(storage_resource_uri, token, folder_to_restore)
+    folder_url = '{}/{}'.format(storage_resource_uri, folder_to_restore)
+    return client.begin_restore(folder_url, token)
 # endregion
 
 

src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/test_keyvault_commands.py

@@ -431,11 +431,11 @@ def test_keyvault_hsm_selective_key_restore(self):
                                checks=[
                                    self.check('status', 'Succeeded'),
                                    self.exists('startTime'),
-                                   self.exists('id'),
-                                   self.exists('azureStorageBlobContainerUri')
+                                   self.exists('jobId'),
+                                   self.exists('folderUrl')
                                ]).get_output_in_json()
 
-        self.kwargs['backup_folder'] = backup_data['azureStorageBlobContainerUri'].split('/')[-1]
+        self.kwargs['backup_folder'] = backup_data['folderUrl'].split('/')[-1]
 
         self.cmd('az keyvault key list --hsm-name {hsm_name}', checks=self.check('length(@)', 1))
         self.cmd('az keyvault key delete -n {key_name} --hsm-name {hsm_name}')
@@ -481,8 +481,8 @@ def test_keyvault_hsm_full_backup_restore(self):
                  checks=[
                      self.check('status', 'Succeeded'),
                      self.exists('startTime'),
-                     self.exists('id'),
-                     self.exists('azureStorageBlobContainerUri')
+                     self.exists('jobId'),
+                     self.exists('folderUrl')
                  ])
 
         backup_data = self.cmd('az keyvault backup start --hsm-name {hsm_name} --blob-container-name {blob} '
@@ -491,19 +491,19 @@ def test_keyvault_hsm_full_backup_restore(self):
                                checks=[
                                    self.check('status', 'Succeeded'),
                                    self.exists('startTime'),
-                                   self.exists('id'),
-                                   self.exists('azureStorageBlobContainerUri')
+                                   self.exists('jobId'),
+                                   self.exists('folderUrl')
                                ]).get_output_in_json()
 
-        self.kwargs['backup_folder'] = backup_data['azureStorageBlobContainerUri'].split('/')[-1]
+        self.kwargs['backup_folder'] = backup_data['folderUrl'].split('/')[-1]
         self.cmd('az keyvault restore start --hsm-name {hsm_name} --blob-container-name {blob} '
                  '--storage-account-name {storage_account} '
                  '--storage-container-SAS-token "{sas}" '
                  '--backup-folder "{backup_folder}"',
                  checks=[
                      self.check('status', 'Succeeded'),
                      self.exists('startTime'),
-                     self.exists('id')
+                     self.exists('jobId')
                  ])
 
 

src/azure-cli/requirements.py3.Darwin.txt

@@ -14,7 +14,7 @@ azure-datalake-store==0.0.49
 azure-functions-devops-build==0.0.22
 azure-graphrbac==0.60.0
 azure-keyvault==1.1.0
-azure-keyvault-administration==4.0.0b1
+azure-keyvault-administration==4.0.0b3
 azure-mgmt-advisor==2.0.1
 azure-mgmt-apimanagement==0.2.0
 azure-mgmt-appconfiguration==1.0.1

src/azure-cli/requirements.py3.Linux.txt

@@ -14,7 +14,7 @@ azure-datalake-store==0.0.49
 azure-functions-devops-build==0.0.22
 azure-graphrbac==0.60.0
 azure-keyvault==1.1.0
-azure-keyvault-administration==4.0.0b1
+azure-keyvault-administration==4.0.0b3
 azure-mgmt-advisor==2.0.1
 azure-mgmt-apimanagement==0.2.0
 azure-mgmt-appconfiguration==1.0.1

src/azure-cli/requirements.py3.windows.txt

@@ -14,7 +14,7 @@ azure-datalake-store==0.0.49
 azure-functions-devops-build==0.0.22
 azure-graphrbac==0.60.0
 azure-keyvault==1.1.0
-azure-keyvault-administration==4.0.0b1
+azure-keyvault-administration==4.0.0b3
 azure-mgmt-advisor==2.0.1
 azure-mgmt-apimanagement==0.2.0
 azure-mgmt-appconfiguration==1.0.1

src/azure-cli/setup.py

@@ -59,7 +59,7 @@
     'azure-functions-devops-build~=0.0.22',
     'azure-graphrbac~=0.60.0',
     'azure-keyvault~=1.1.0',
-    'azure-keyvault-administration==4.0.0b1',
+    'azure-keyvault-administration==4.0.0b3',
     'azure-mgmt-advisor>=2.0.1,<3.0.0',
     'azure-mgmt-apimanagement~=0.2.0',
     'azure-mgmt-applicationinsights~=0.1.1',