Skip to content

[Key Vault Secrets] keyId should be populated, as a string #9639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
sadasant wants to merge 2 commits into from
Closed

[Key Vault Secrets] keyId should be populated, as a string #9639

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a84403a
[Key Vault Secrets] keyId should be populated, as a string
sadasant Jun 22, 2020
898f77f
should remove the lib property from the tsconfig.json anyway
sadasant Jun 22, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions sdk/keyvault/keyvault-secrets/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@

- Fixed [bug 8378](https://github.com/Azure/azure-sdk-for-js/issues/8378), which caused the challenge based authentication to re-authenticate on every new request.
- Fixed [bug 9005](https://github.com/Azure/azure-sdk-for-js/issues/9005), which caused parallel requests to throw if one of them needed to authenticate.
- Fixed a bug in which the `keyId` was missing on the secret properties.
- Removed the dependency of the TypeScript types for the `dom`.
Copy link
Copy Markdown
Contributor

@ramya-rao-a ramya-rao-a Jun 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is this change related to populating keyId?

Copy link
Copy Markdown
Contributor Author

@sadasant sadasant Jun 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before this specific change: https://github.com/Azure/azure-sdk-for-js/pull/9639/files#diff-f3c93f553a685134bd5ce75e2fbad25eR961 keyId wouldn't be populated, because none of the previous objects had this property.


## 4.0.3 (2020-05-13)

Expand Down
2 changes: 1 addition & 1 deletion sdk/keyvault/keyvault-secrets/review/keyvault-secrets.api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ export interface SecretProperties {
enabled?: boolean;
readonly expiresOn?: Date;
id?: string;
readonly keyId?: URL;
readonly keyId?: string;
Copy link
Copy Markdown
Contributor

@ramya-rao-a ramya-rao-a Jun 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be a breaking change for someone who has the below code

if (mySecret.keyId) {
     console.log(mySecret.keyId.toJSON());
}

One approach could be that we deprecate this property and use a new name, perhaps something to denote that this is related to the KV certificate?

cc @bterlson, @xirzec

Copy link
Copy Markdown
Contributor Author

@sadasant sadasant Jun 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

KeyVault Certificates uses string already. That if that you mention couldn't have been used because this property was never received as keyId.

Copy link
Copy Markdown
Contributor

@willmtemple willmtemple Jun 23, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If someone has written the code Ramya wrote above with a KeyVaultSecret, then it will break their compilation if we change the type signature to string, even though the current implementation can't set it to anything at runtime.

Copy link
Copy Markdown
Contributor Author

@sadasant sadasant Jun 23, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming that we could get away with it since we're in preview. What is the recommended path forward? If it's a version change, I can do that.

Copy link
Copy Markdown
Contributor

@willmtemple willmtemple Jun 23, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This property was introduced in 4.0 GA, so even though 4.1 is in preview, it create a breaking change between 4.0 and 4.1 to remove something from the API.

I think we have to put a deprecation on the docs for keyId that mentions that the property will never be defined and create a new property name (I agree with Ramya that something that lets a customer know that this is about correlation to a certificate would be good). When we eventually do 5.0 we can remove the property entirely.

Copy link
Copy Markdown
Contributor Author

@sadasant sadasant Jun 24, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should deprecate keyId since it will be a misalignment with the other languages.

Copy link
Copy Markdown
Contributor Author

@sadasant sadasant Jun 24, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could deprecate keyId in the GA versions and re-introduce it in 4.1.0? in the GA versions we would introduce kid, which is the one that gets populated? (then deprecate kid again in 4.1.0)

readonly managed?: boolean;
name: string;
readonly notBefore?: Date;
Expand Down
1 change: 1 addition & 0 deletions sdk/keyvault/keyvault-secrets/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -958,6 +958,7 @@ export class SecretClient {
expiresOn: (attributes as any).expires,
createdOn: (attributes as any).created,
updatedOn: (attributes as any).updated,
keyId: secretBundle.kid,
...secretBundle,
...parsedId,
...attributes
Expand Down
2 changes: 1 addition & 1 deletion sdk/keyvault/keyvault-secrets/src/secretsModels.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ export interface SecretProperties {
* **NOTE: This property will not be serialized. It can only be populated by
* the server.**
*/
readonly keyId?: URL;
readonly keyId?: string;
/**
* True if the secret's lifetime is managed by
* key vault. If this is a secret backing a certificate, then managed will be
Expand Down
1 change: 0 additions & 1 deletion sdk/keyvault/keyvault-secrets/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
"compilerOptions": {
"declarationDir": "./types",
"outDir": "./dist-esm",
"lib": ["dom"],
"resolveJsonModule": true
},
"exclude": ["node_modules", "../keyvault-common/node_modules", "./samples/**/*.ts"],
Expand Down