Remove implementation details of key release policy; instead use opaque blob

[daviddesberg]

Per discussions with @heaths and @herveyw , we are moving SKR policy's implementation out of the Swagger and instead representing it as an opaque blob.

MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.

Contribution checklist:

• I commit to follow the Breaking Change Policy of “no breaking changes
• I have reviewed the documentation for the workflow.
• Validation tools were run on swagger spec(s) and errors have all been fixed in this PR. How to fix?

If any further question about AME onboarding or validation tools, please view the FAQ.

ARM API Review Checklist

• Ensure to check this box if one of the following scenarios meet updates in the PR, so that label “WaitForARMFeedback” will be added automatically to involve ARM API Review. Failure to comply may result in delays for manifest application. Note this does not apply to data plane APIs, all “removals” and “adding a new property” no more require ARM API review.

  • Adding new API(s)
  • Adding a new API version
  • Adding a new service

• If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.

Breaking Change Review Checklist

If there are following updates in the PR, ensure to request an approval from API Review Board as defined in the Breaking Change Policy.

• Removing API(s) in stable version
• Removing properties in stable version
• Removing API version(s) in stable version
• Updating API in stable version with Breaking Change Validation errors
• Updating API(s) in preview over 1 year

Please follow the link to find more details on PR review process.

[openapi-pipeline-app]

[Staging] Swagger Validation Report

️❌BreakingChange: 12 Errors, 0 Warnings [Detail] [Expand]

Only 10 items are listed, please refer to log for more details.

Rule	Message
❌ 1033 - RemovedProperty	The new version is missing a property found in the old version. Was 'anyOf' renamed or removed? New: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1314:7 Old: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1086:7
❌ 1033 - RemovedProperty	The new version is missing a property found in the old version. Was 'anyOf' renamed or removed? New: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1314:7 Old: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1086:7
❌ 1033 - RemovedProperty	The new version is missing a property found in the old version. Was 'version' renamed or removed? New: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1314:7 Old: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1086:7
❌ 1033 - RemovedProperty	The new version is missing a property found in the old version. Was 'anyOf' renamed or removed? New: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1314:7 Old: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1086:7
❌ 1033 - RemovedProperty	The new version is missing a property found in the old version. Was 'version' renamed or removed? New: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1314:7 Old: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1086:7
❌ 1033 - RemovedProperty	The new version is missing a property found in the old version. Was 'version' renamed or removed? New: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1314:7 Old: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1086:7
❌ 1033 - RemovedProperty	The new version is missing a property found in the old version. Was 'anyOf' renamed or removed? New: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1314:7 Old: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1086:7
❌ 1033 - RemovedProperty	The new version is missing a property found in the old version. Was 'version' renamed or removed? New: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1314:7 Old: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1086:7
❌ 1033 - RemovedProperty	The new version is missing a property found in the old version. Was 'anyOf' renamed or removed? New: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1314:7 Old: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1086:7
❌ 1033 - RemovedProperty	The new version is missing a property found in the old version. Was 'version' renamed or removed? New: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1314:7 Old: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1086:7

️️✔️LintDiff [Detail]

 Validation passes for LintDiff. 

️️✔️Avocado [Detail]

 Validation passes for Avocado. 

️❌ModelValidation: 2 Errors, 0 Warnings [Detail] [Expand]

Rule	Message
❌ OBJECT_ADDITIONAL_PROPERTIES	Additional properties not allowed: version Url: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1313 JsonUrl: preview/7.2-preview/examples/ExportKey-example.json#L31
❌ OBJECT_ADDITIONAL_PROPERTIES	Additional properties not allowed: anyOf Url: Microsoft.KeyVault/preview/7.2-preview/keys.json#L1313 JsonUrl: preview/7.2-preview/examples/ExportKey-example.json#L31

️️✔️SemanticValidation [Detail]

 Validation passes for SemanticValidation. 

_{Posted by Swagger Pipeline | How to fix these errors?}

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[openapi-sdkautomation]

Azure CLI Extension Generation - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

[openapi-sdkautomation]

azure-sdk-for-go - Release

🔄 inProgress [Logs] [Expand Details]

• 🔄 Generate from 600fd24 with merge commit d3a50a5. SDK Automation 13.0.17.20200918.2

[openapi-sdkautomation]

azure-sdk-for-java - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

[openapi-sdkautomation]

azure-sdk-for-js - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

[openapi-sdkautomation]

azure-sdk-for-python - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

[openapi-sdkautomation]

azure-sdk-for-net - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

[openapi-sdkautomation]

azure-sdk-for-python-track2 - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

[openapi-sdkautomation]

azure-resource-manager-schemas - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

[openapi-sdkautomation]

Trenton Generation - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

[heaths]

Should be more specific about supported encodings since I don't see a contentType property like we had discussed over Teams. I.e. either say something like, "Base64-encoded UTF-8 string encoding the policy rules under which the key can be exported." Maybe not the best, but hopefully conveys my concern.

Still, given conversations about versioning, I expected to see a contentType that describes what is in this. Values could look like:

• application/json
• application/json; charset=utf-8

Either now or in the future, you may also need a version property. While HTTP Content-Type headers don't allow it, you're in control of this property so you could just append something like ; version=2 to the contentType, or just introduce a new property sibling to contentType. Seems better to define that all now so we have the proper support and defaults known and documented now.

[heaths]

Given my comment above and that this same definition is repeated many times, I would actually define a data type that should be supported in swagger, but let the validation system check:

"definitions": {
  "KeyReleasePolicy": {
    "type": "string",
    "description": "...",
    "format": "base64url"
}

Thing is, if you define contentType and/or version, you may want this to still be a model with those three properties and this just becomes an object data type.

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[heaths]

Since you already treat it as UTF8 anyway, it would help inform people if you made this, perhaps:

Suggested change

	"default": "application/json; version=1.0"
	"default": "application/json; charset=utf-8; version=1.0"

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[daviddesberg]

@lmazuel Just fixed the remaining validation error under my control. The other ones come up on every AKV Swagger PR. Are any other changes necessary before merging?

[lmazuel]

/azurepipelines run

[azure-pipelines]

Azure Pipelines successfully started running 3 pipeline(s).

[lmazuel]

CI are false positive, and @heaths approved, merging