Skip to content

[Keyvault] BREAKING CHANGE: az keyvault secret/certificate: Migrate to track2 SDK, breaking changes to service response#26242

Merged
calvinhzy merged 72 commits intoAzure:devfrom
calvinhzy:keyvault-migrate-track2
May 17, 2023
Merged

[Keyvault] BREAKING CHANGE: az keyvault secret/certificate: Migrate to track2 SDK, breaking changes to service response#26242
calvinhzy merged 72 commits intoAzure:devfrom
calvinhzy:keyvault-migrate-track2

Conversation

@calvinhzy
Copy link
Copy Markdown
Member

@calvinhzy calvinhzy commented Apr 25, 2023
edited
Loading

Related command

Description

Migrate to azure-keyvault-certificates==4.7.0 and azure-keyvault-secrets==4.7.0

Testing Guide

History Notes

[Keyvault] BREAKING CHANGE: az keyvault certificate show/set-attributes/import: No longer return x509CertificateProperties.basicConstraints, pending
[Keyvault] BREAKING CHANGE: az keyvault certificate contact delete: Return an empty list instead of the deleted contact for consistency if the operation would remove the last contact
[Keyvault] BREAKING CHANGE: az keyvault certificate issuer create: organizationDetails.zip is no longer returned by serivce, use 0 as the default

This checklist is used to make sure that common guidelines for a pull request are followed.

@calvinhzy calvinhzy self-assigned this Apr 25, 2023
@azure-client-tools-bot-prd
Copy link
Copy Markdown

azure-client-tools-bot-prd bot commented Apr 25, 2023
edited
Loading

️✔️AzureCLI-FullTest
️✔️acr
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️acs
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️advisor
️✔️latest
️✔️3.10
️✔️3.9
️✔️ams
️✔️latest
️✔️3.10
️✔️3.9
️✔️apim
️✔️latest
️✔️3.10
️✔️3.9
️✔️appconfig
️✔️latest
️✔️3.10
️✔️3.9
️✔️appservice
️✔️latest
️✔️3.10
️✔️3.9
️✔️aro
️✔️latest
️✔️3.10
️✔️3.9
️✔️backup
️✔️latest
️✔️3.10
️✔️3.9
️✔️batch
️✔️latest
️✔️3.10
️✔️3.9
️✔️batchai
️✔️latest
️✔️3.10
️✔️3.9
️✔️billing
️✔️latest
️✔️3.10
️✔️3.9
️✔️botservice
️✔️latest
️✔️3.10
️✔️3.9
️✔️cdn
️✔️latest
️✔️3.10
️✔️3.9
️✔️cloud
️✔️latest
️✔️3.10
️✔️3.9
️✔️cognitiveservices
️✔️latest
️✔️3.10
️✔️3.9
️✔️config
️✔️latest
️✔️3.10
️✔️3.9
️✔️configure
️✔️latest
️✔️3.10
️✔️3.9
️✔️consumption
️✔️latest
️✔️3.10
️✔️3.9
️✔️container
️✔️latest
️✔️3.10
️✔️3.9
️✔️core
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️cosmosdb
️✔️latest
️✔️3.10
️✔️3.9
️✔️databoxedge
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️dla
️✔️latest
️✔️3.10
️✔️3.9
️✔️dls
️✔️latest
️✔️3.10
️✔️3.9
️✔️dms
️✔️latest
️✔️3.10
️✔️3.9
️✔️eventgrid
️✔️latest
️✔️3.10
️✔️3.9
️✔️eventhubs
️✔️latest
️✔️3.10
️✔️3.9
️✔️feedback
️✔️latest
️✔️3.10
️✔️3.9
️✔️find
️✔️latest
️✔️3.10
️✔️3.9
️✔️hdinsight
️✔️latest
️✔️3.10
️✔️3.9
️✔️identity
️✔️latest
️✔️3.10
️✔️3.9
️✔️iot
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️keyvault
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️kusto
️✔️latest
️✔️3.10
️✔️3.9
️✔️lab
️✔️latest
️✔️3.10
️✔️3.9
️✔️managedservices
️✔️latest
️✔️3.10
️✔️3.9
️✔️maps
️✔️latest
️✔️3.10
️✔️3.9
️✔️marketplaceordering
️✔️latest
️✔️3.10
️✔️3.9
️✔️monitor
️✔️latest
️✔️3.10
️✔️3.9
️✔️netappfiles
️✔️latest
️✔️3.10
️✔️3.9
️✔️network
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️policyinsights
️✔️latest
️✔️3.10
️✔️3.9
️✔️privatedns
️✔️latest
️✔️3.10
️✔️3.9
️✔️profile
️✔️latest
️✔️3.10
️✔️3.9
️✔️rdbms
️✔️latest
️✔️3.10
️✔️3.9
️✔️redis
️✔️latest
️✔️3.10
️✔️3.9
️✔️relay
️✔️latest
️✔️3.10
️✔️3.9
️✔️resource
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️role
️✔️latest
️✔️3.10
️✔️3.9
️✔️search
️✔️latest
️✔️3.10
️✔️3.9
️✔️security
️✔️latest
️✔️3.10
️✔️3.9
️✔️servicebus
️✔️latest
️✔️3.10
️✔️3.9
️✔️serviceconnector
️✔️latest
️✔️3.10
️✔️3.9
️✔️servicefabric
️✔️latest
️✔️3.10
️✔️3.9
️✔️signalr
️✔️latest
️✔️3.10
️✔️3.9
️✔️sql
️✔️latest
️✔️3.10
️✔️3.9
️✔️sqlvm
️✔️latest
️✔️3.10
️✔️3.9
️✔️storage
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️synapse
️✔️latest
️✔️3.10
️✔️3.9
️✔️telemetry
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️util
️✔️latest
️✔️3.10
️✔️3.9
️✔️vm
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9

@ghost ghost added the Auto-Assign Auto assign by bot label Apr 25, 2023
@yonzhan
Copy link
Copy Markdown
Collaborator

yonzhan commented Apr 25, 2023

Thank you for your contribution! We will review the pull request and get back to you soon.

@ghost ghost requested review from evelyn-ys and yonzhan April 25, 2023 02:49
@ghost ghost assigned evelyn-ys Apr 25, 2023
@ghost ghost added the KeyVault az keyvault label Apr 25, 2023
@calvinhzy calvinhzy changed the title [Keyvault] BREAKING CHANGE: azure keyvault secret/certificate: Migrate to track2 SDK, breaking changes to service response [Keyvault] BREAKING CHANGE: az keyvault secret/certificate: Migrate to track2 SDK, breaking changes to service response May 16, 2023
@calvinhzy calvinhzy marked this pull request as ready for review May 17, 2023 03:47
calvinhzy added 5 commits May 17, 2023 12:21
@calvinhzy
old api version keyvault mgmt plane has no soft delete
3a95046
@calvinhzy
Merge remote-tracking branch 'upstream/dev' into keyvault-migrate-track2
bf96673 
# Conflicts:
#	src/azure-cli-core/azure/cli/core/profiles/_shared.py
#	src/azure-cli/azure/cli/command_modules/keyvault/_client_factory.py
#	src/azure-cli/azure/cli/command_modules/keyvault/custom.py
#	src/azure-cli/requirements.py3.Darwin.txt
#	src/azure-cli/requirements.py3.Linux.txt
#	src/azure-cli/requirements.py3.windows.txt
#	src/azure-cli/setup.py
@calvinhzy
try to fix recording again
695fc73
@calvinhzy
BREAKING CHANGE: pending not return by SDK anymore as it is an additi…
af78552 
…onal property, should not manually add it, user can use `az keyvault certificate pending show` to find it.
@calvinhzy
fix recording
66495b2
zhoxing-ms
zhoxing-ms reviewed May 17, 2023
View reviewed changes
src/azure-cli/azure/cli/command_modules/vm/tests/hybrid_2018_03_01/test_vm_commands.py

@ResourceGroupPreparer(name_prefix='cli_test_vm_secrets')
@KeyVaultPreparer(name_prefix='vmlinuxkv', name_len=20, additional_params='--enabled-for-deployment --enabled-for-template-deployment', key='vault')
@KeyVaultPreparer(name_prefix='vmlinuxkv', name_len=20, additional_params='--enabled-for-deployment --enabled-for-template-deployment', key='vault', skip_purge=True)
Copy link
Copy Markdown
Contributor

@zhoxing-ms zhoxing-ms May 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please help explain why do we need skip_purge=True?

Copy link
Copy Markdown
Member Author

@calvinhzy calvinhzy May 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is because older api versions (2016-10-01) creates the keyvault without soft-delete enabled by default. Purge after delete will raise an error.

@calvinhzy calvinhzy merged commit 05b8185 into Azure:dev May 17, 2023
@evelyn-ys evelyn-ys mentioned this pull request Aug 22, 2023
Merged
3 tasks
avgale pushed a commit to avgale/azure-cli that referenced this pull request Aug 24, 2023
@calvinhzy @azclibot
[Keyvault] BREAKING CHANGE: az keyvault secret/certificate: Migrate…
3c39a10 
… to track2 SDK, breaking changes to service response (Azure#26242)

* add track2 sdk for keyvault certificates and secrets

* tested `secret list/list-deleted/list-versions`, `secret set` is partially done

* `az keyvault secret set` done

* `az keyvault secret set-attributes` done

* `az keyvault secret show` done, reformat _params.py

* `az keyvault secret show-deleted` done

* `az keyvault secret delete` done

* `az keyvault secret purge` done

* `az keyvault secret purge` done

* `az keyvault secret recover` done

* `az keyvault secret download` done

* `az keyvault secret backup` done

* `az keyvault secret restore` done , `az keyvault secret` done, still need tests

* `az keyvault secret` tests passed

* `az keyvault certificate create` done

* `az keyvault certificate list` done

* `az keyvault certificate list-versions` done

* `az keyvault certificate list-deleted` done

* `az keyvault certificate show` done

* `az keyvault certificate show` done

* `az keyvault certificate show-deleted` done

* `az keyvault certificate delete` done

* `az keyvault certificate purge` done

* `az keyvault certificate recover` done

* `az keyvault certificate set-attributes` done

* `az keyvault certificate set-attributes` done

* `az keyvault certificate import` done, need to fix x509properties,basic_constraints

* `az keyvault certificate import` no need for custom func

* `az keyvault certificate download` done

* remove basic_constraints as no longer return by track2 sdk

* `az keyvault certificate get-default-policy` done

* `az keyvault certificate backup` done

* `az keyvault certificate restore` done

* `az keyvault certificate pending merge` done, testing not finished because (Conflict) A pending object is already complete. BREAKING CHANGE: --not-before and --expires no longer supported by track2

* `az keyvault certificate pending show` done

* `az keyvault certificate pending delete` done

* `az keyvault certificate contact list` done

* `az keyvault certificate contact add` done

* `az keyvault certificate contact delete` done, BREAKING CHANGE, if delete would remove the last contact, return an empty list instead of the deleted contact. This is to be consistent where delete would return the remaining list.

* `az keyvault certificate issuer create` done, BREAKING CHANGE, "zip" under "organizationDetails" is no longer returned, use 0 as default

* `az keyvault certificate issuer update` done

* `az keyvault certificate issuer list` done

* `az keyvault certificate issuer show` done

* `az keyvault certificate issuer delete` done

* `az keyvault certificate issuer admin add` done, BREAKING CHANGE: returns the list after the addition instead of only the admin just added, follows `az keyvault certificate contact add`

* `az keyvault certificate issuer admin list` done

* `az keyvault certificate issuer admin delete` done, fix case when the admin deleted is the last

* fix some tests, test_keyvault_certificate_issuers still not fully working because of sdk breaking change

* lint

* use sdk functions directly to bypass error where cannot set str back to "", remove breaking change for `az keyvault certificate admin add`

* pylint fix

* Rerun tests from instance 7. See test_results_None_latest_7.parallel.xml for details

* Rerun tests from instance 1. See test_results_None_latest_1.serial.xml for details

* Rerun tests from instance 2. See test_results_None_latest_2.parallel.xml for details

* Rerun tests from instance 3. See test_results_None_latest_3.parallel.xml for details

* pylint fix

* fix validator for cert policy

* fix recordings

* fix recordings

* Rerun tests from instance 3. See test_results_None_latest_3.parallel.xml for details

* fix recordings

* fix recordings

* fix recordings

* fix recordings

* fix recordings

* old api version keyvault has no soft delete

* old api version keyvault mgmt plane has no soft delete

* try to fix recording again

* BREAKING CHANGE: pending not return by SDK anymore as it is an additional property, should not manually add it, user can use `az keyvault certificate pending show` to find it.

* fix recording

---------

Co-authored-by: Azure CLI Team <AzPyCLI@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evelyn-ys evelyn-ys evelyn-ys approved these changes

@necusjz necusjz necusjz approved these changes

@zhoxing-ms zhoxing-ms zhoxing-ms approved these changes

@wangzelin007 wangzelin007 wangzelin007 approved these changes

@kairu-ms kairu-ms kairu-ms approved these changes

@yanzhudd yanzhudd yanzhudd approved these changes

@yonzhan yonzhan Awaiting requested review from yonzhan yonzhan is a code owner

@jsntcy jsntcy Awaiting requested review from jsntcy jsntcy is a code owner

@jiasli jiasli Awaiting requested review from jiasli jiasli is a code owner

@t-bzhan t-bzhan Awaiting requested review from t-bzhan

Assignees

@evelyn-ys evelyn-ys

@calvinhzy calvinhzy

Labels

Auto-Assign Auto assign by bot KeyVault az keyvault

Projects

None yet

Milestone

May 2023 (2023-05-23) - For Build (Br...

Development

Successfully merging this pull request may close these issues.

9 participants

@calvinhzy @yonzhan @evelyn-ys @necusjz @zhoxing-ms @wangzelin007 @kairu-ms @yanzhudd @azclibot