Skip to content

[Keyvault] BREAKING CHANGE: az keyvault secret/certificate: Migrate to track2 SDK, breaking changes to service response #26242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
calvinhzy merged 72 commits into from
May 17, 2023
Merged

[Keyvault] BREAKING CHANGE: az keyvault secret/certificate: Migrate to track2 SDK, breaking changes to service response #26242

calvinhzy merged 72 commits into from
May 17, 2023

Conversation

@calvinhzy
Copy link
Member

@calvinhzy calvinhzy commented Apr 25, 2023
edited
Loading

Related command

Description

Migrate to azure-keyvault-certificates==4.7.0 and azure-keyvault-secrets==4.7.0

Testing Guide

History Notes

[Keyvault] BREAKING CHANGE: az keyvault certificate show/set-attributes/import: No longer return x509CertificateProperties.basicConstraints, pending
[Keyvault] BREAKING CHANGE: az keyvault certificate contact delete: Return an empty list instead of the deleted contact for consistency if the operation would remove the last contact
[Keyvault] BREAKING CHANGE: az keyvault certificate issuer create: organizationDetails.zip is no longer returned by serivce, use 0 as the default

This checklist is used to make sure that common guidelines for a pull request are followed.

@calvinhzy calvinhzy self-assigned this Apr 25, 2023
@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Apr 25, 2023
edited
Loading

️✔️AzureCLI-FullTest
️✔️acr
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️acs
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️advisor
️✔️latest
️✔️3.10
️✔️3.9
️✔️ams
️✔️latest
️✔️3.10
️✔️3.9
️✔️apim
️✔️latest
️✔️3.10
️✔️3.9
️✔️appconfig
️✔️latest
️✔️3.10
️✔️3.9
️✔️appservice
️✔️latest
️✔️3.10
️✔️3.9
️✔️aro
️✔️latest
️✔️3.10
️✔️3.9
️✔️backup
️✔️latest
️✔️3.10
️✔️3.9
️✔️batch
️✔️latest
️✔️3.10
️✔️3.9
️✔️batchai
️✔️latest
️✔️3.10
️✔️3.9
️✔️billing
️✔️latest
️✔️3.10
️✔️3.9
️✔️botservice
️✔️latest
️✔️3.10
️✔️3.9
️✔️cdn
️✔️latest
️✔️3.10
️✔️3.9
️✔️cloud
️✔️latest
️✔️3.10
️✔️3.9
️✔️cognitiveservices
️✔️latest
️✔️3.10
️✔️3.9
️✔️config
️✔️latest
️✔️3.10
️✔️3.9
️✔️configure
️✔️latest
️✔️3.10
️✔️3.9
️✔️consumption
️✔️latest
️✔️3.10
️✔️3.9
️✔️container
️✔️latest
️✔️3.10
️✔️3.9
️✔️core
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️cosmosdb
️✔️latest
️✔️3.10
️✔️3.9
️✔️databoxedge
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️dla
️✔️latest
️✔️3.10
️✔️3.9
️✔️dls
️✔️latest
️✔️3.10
️✔️3.9
️✔️dms
️✔️latest
️✔️3.10
️✔️3.9
️✔️eventgrid
️✔️latest
️✔️3.10
️✔️3.9
️✔️eventhubs
️✔️latest
️✔️3.10
️✔️3.9
️✔️feedback
️✔️latest
️✔️3.10
️✔️3.9
️✔️find
️✔️latest
️✔️3.10
️✔️3.9
️✔️hdinsight
️✔️latest
️✔️3.10
️✔️3.9
️✔️identity
️✔️latest
️✔️3.10
️✔️3.9
️✔️iot
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️keyvault
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️kusto
️✔️latest
️✔️3.10
️✔️3.9
️✔️lab
️✔️latest
️✔️3.10
️✔️3.9
️✔️managedservices
️✔️latest
️✔️3.10
️✔️3.9
️✔️maps
️✔️latest
️✔️3.10
️✔️3.9
️✔️marketplaceordering
️✔️latest
️✔️3.10
️✔️3.9
️✔️monitor
️✔️latest
️✔️3.10
️✔️3.9
️✔️netappfiles
️✔️latest
️✔️3.10
️✔️3.9
️✔️network
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️policyinsights
️✔️latest
️✔️3.10
️✔️3.9
️✔️privatedns
️✔️latest
️✔️3.10
️✔️3.9
️✔️profile
️✔️latest
️✔️3.10
️✔️3.9
️✔️rdbms
️✔️latest
️✔️3.10
️✔️3.9
️✔️redis
️✔️latest
️✔️3.10
️✔️3.9
️✔️relay
️✔️latest
️✔️3.10
️✔️3.9
️✔️resource
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️role
️✔️latest
️✔️3.10
️✔️3.9
️✔️search
️✔️latest
️✔️3.10
️✔️3.9
️✔️security
️✔️latest
️✔️3.10
️✔️3.9
️✔️servicebus
️✔️latest
️✔️3.10
️✔️3.9
️✔️serviceconnector
️✔️latest
️✔️3.10
️✔️3.9
️✔️servicefabric
️✔️latest
️✔️3.10
️✔️3.9
️✔️signalr
️✔️latest
️✔️3.10
️✔️3.9
️✔️sql
️✔️latest
️✔️3.10
️✔️3.9
️✔️sqlvm
️✔️latest
️✔️3.10
️✔️3.9
️✔️storage
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️synapse
️✔️latest
️✔️3.10
️✔️3.9
️✔️telemetry
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️util
️✔️latest
️✔️3.10
️✔️3.9
️✔️vm
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9

@ghost ghost added the Auto-Assign Auto assign by bot label Apr 25, 2023
@yonzhan
Copy link
Collaborator

yonzhan commented Apr 25, 2023

Thank you for your contribution! We will review the pull request and get back to you soon.

@ghost ghost requested review from evelyn-ys and yonzhan April 25, 2023 02:49
@ghost ghost assigned evelyn-ys Apr 25, 2023
@ghost ghost added the KeyVault az keyvault label Apr 25, 2023
@calvinhzy calvinhzy changed the title [Keyvault] BREAKING CHANGE: azure keyvault secret/certificate: Migrate to track2 SDK, breaking changes to service response [Keyvault] BREAKING CHANGE: az keyvault secret/certificate: Migrate to track2 SDK, breaking changes to service response May 16, 2023
@calvinhzy calvinhzy marked this pull request as ready for review May 17, 2023 03:47
calvinhzy added 5 commits May 17, 2023 12:21
@calvinhzy
old api version keyvault mgmt plane has no soft delete
3a95046
@calvinhzy
Merge remote-tracking branch 'upstream/dev' into keyvault-migrate-track2
bf96673 
# Conflicts:
#	src/azure-cli-core/azure/cli/core/profiles/_shared.py
#	src/azure-cli/azure/cli/command_modules/keyvault/_client_factory.py
#	src/azure-cli/azure/cli/command_modules/keyvault/custom.py
#	src/azure-cli/requirements.py3.Darwin.txt
#	src/azure-cli/requirements.py3.Linux.txt
#	src/azure-cli/requirements.py3.windows.txt
#	src/azure-cli/setup.py
@calvinhzy
try to fix recording again
695fc73
@calvinhzy
BREAKING CHANGE: pending not return by SDK anymore as it is an additi…
af78552 
…onal property, should not manually add it, user can use `az keyvault certificate pending show` to find it.
@calvinhzy
fix recording
66495b2
zhoxing-ms
zhoxing-ms reviewed May 17, 2023
View reviewed changes
src/azure-cli/azure/cli/command_modules/vm/tests/hybrid_2018_03_01/test_vm_commands.py

@ResourceGroupPreparer(name_prefix='cli_test_vm_secrets')
@KeyVaultPreparer(name_prefix='vmlinuxkv', name_len=20, additional_params='--enabled-for-deployment --enabled-for-template-deployment', key='vault')
@KeyVaultPreparer(name_prefix='vmlinuxkv', name_len=20, additional_params='--enabled-for-deployment --enabled-for-template-deployment', key='vault', skip_purge=True)
Copy link
Contributor

@zhoxing-ms zhoxing-ms May 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please help explain why do we need skip_purge=True?

Copy link
Member Author

@calvinhzy calvinhzy May 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is because older api versions (2016-10-01) creates the keyvault without soft-delete enabled by default. Purge after delete will raise an error.

@calvinhzy calvinhzy merged commit 05b8185 into Azure:dev May 17, 2023
@evelyn-ys evelyn-ys mentioned this pull request Aug 22, 2023
Merged
3 tasks
avgale pushed a commit to avgale/azure-cli that referenced this pull request Aug 24, 2023
@calvinhzy @azclibot
[Keyvault] BREAKING CHANGE: az keyvault secret/certificate: Migrate…
3c39a10 
… to track2 SDK, breaking changes to service response (Azure#26242)

* add track2 sdk for keyvault certificates and secrets

* tested `secret list/list-deleted/list-versions`, `secret set` is partially done

* `az keyvault secret set` done

* `az keyvault secret set-attributes` done

* `az keyvault secret show` done, reformat _params.py

* `az keyvault secret show-deleted` done

* `az keyvault secret delete` done

* `az keyvault secret purge` done

* `az keyvault secret purge` done

* `az keyvault secret recover` done

* `az keyvault secret download` done

* `az keyvault secret backup` done

* `az keyvault secret restore` done , `az keyvault secret` done, still need tests

* `az keyvault secret` tests passed

* `az keyvault certificate create` done

* `az keyvault certificate list` done

* `az keyvault certificate list-versions` done

* `az keyvault certificate list-deleted` done

* `az keyvault certificate show` done

* `az keyvault certificate show` done

* `az keyvault certificate show-deleted` done

* `az keyvault certificate delete` done

* `az keyvault certificate purge` done

* `az keyvault certificate recover` done

* `az keyvault certificate set-attributes` done

* `az keyvault certificate set-attributes` done

* `az keyvault certificate import` done, need to fix x509properties,basic_constraints

* `az keyvault certificate import` no need for custom func

* `az keyvault certificate download` done

* remove basic_constraints as no longer return by track2 sdk

* `az keyvault certificate get-default-policy` done

* `az keyvault certificate backup` done

* `az keyvault certificate restore` done

* `az keyvault certificate pending merge` done, testing not finished because (Conflict) A pending object is already complete. BREAKING CHANGE: --not-before and --expires no longer supported by track2

* `az keyvault certificate pending show` done

* `az keyvault certificate pending delete` done

* `az keyvault certificate contact list` done

* `az keyvault certificate contact add` done

* `az keyvault certificate contact delete` done, BREAKING CHANGE, if delete would remove the last contact, return an empty list instead of the deleted contact. This is to be consistent where delete would return the remaining list.

* `az keyvault certificate issuer create` done, BREAKING CHANGE, "zip" under "organizationDetails" is no longer returned, use 0 as default

* `az keyvault certificate issuer update` done

* `az keyvault certificate issuer list` done

* `az keyvault certificate issuer show` done

* `az keyvault certificate issuer delete` done

* `az keyvault certificate issuer admin add` done, BREAKING CHANGE: returns the list after the addition instead of only the admin just added, follows `az keyvault certificate contact add`

* `az keyvault certificate issuer admin list` done

* `az keyvault certificate issuer admin delete` done, fix case when the admin deleted is the last

* fix some tests, test_keyvault_certificate_issuers still not fully working because of sdk breaking change

* lint

* use sdk functions directly to bypass error where cannot set str back to "", remove breaking change for `az keyvault certificate admin add`

* pylint fix

* Rerun tests from instance 7. See test_results_None_latest_7.parallel.xml for details

* Rerun tests from instance 1. See test_results_None_latest_1.serial.xml for details

* Rerun tests from instance 2. See test_results_None_latest_2.parallel.xml for details

* Rerun tests from instance 3. See test_results_None_latest_3.parallel.xml for details

* pylint fix

* fix validator for cert policy

* fix recordings

* fix recordings

* Rerun tests from instance 3. See test_results_None_latest_3.parallel.xml for details

* fix recordings

* fix recordings

* fix recordings

* fix recordings

* fix recordings

* old api version keyvault has no soft delete

* old api version keyvault mgmt plane has no soft delete

* try to fix recording again

* BREAKING CHANGE: pending not return by SDK anymore as it is an additional property, should not manually add it, user can use `az keyvault certificate pending show` to find it.

* fix recording

---------

Co-authored-by: Azure CLI Team <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evelyn-ys evelyn-ys evelyn-ys approved these changes

@necusjz necusjz necusjz approved these changes

@zhoxing-ms zhoxing-ms zhoxing-ms approved these changes

@wangzelin007 wangzelin007 wangzelin007 approved these changes

@kairu-ms kairu-ms kairu-ms approved these changes

@yanzhudd yanzhudd yanzhudd approved these changes

@yonzhan yonzhan Awaiting requested review from yonzhan

@jsntcy jsntcy Awaiting requested review from jsntcy jsntcy is a code owner

@jiasli jiasli Awaiting requested review from jiasli jiasli is a code owner

@t-bzhan t-bzhan Awaiting requested review from t-bzhan

Assignees

@evelyn-ys evelyn-ys

@calvinhzy calvinhzy

Labels

Auto-Assign Auto assign by bot KeyVault az keyvault

Projects

None yet

Milestone

May 2023 (2023-05-23) - For Build (Br...

Development

Successfully merging this pull request may close these issues.

9 participants

@calvinhzy @yonzhan @evelyn-ys @necusjz @zhoxing-ms @wangzelin007 @kairu-ms @yanzhudd @azclibot