diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/backuprestore.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/backuprestore.json index d3539a6a3040..9a6587443dd8 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/backuprestore.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/backuprestore.json @@ -5,6 +5,21 @@ "description": "The key vault client performs cryptographic key operations and vault operations against the Key Vault service.", "version": "7.2-preview" }, + "x-ms-parameterized-host": { + "hostTemplate": "{vaultBaseUrl}", + "useSchemePrefix": false, + "positionInOperation": "first", + "parameters": [ + { + "name": "vaultBaseUrl", + "description": "The vault name, for example https://myvault.vault.azure.net.", + "required": true, + "type": "string", + "in": "path", + "x-ms-skip-url-encoding": true + } + ] + }, "consumes": [ "application/json" ], @@ -193,6 +208,64 @@ } } } + }, + "/keys/{keyName}/restore": { + "put": { + "tags": [ + "Keys" + ], + "operationId": "SelectiveKeyRestoreOperation", + "description": "Restores all key versions of a given key using user supplied SAS token pointing to a previously stored Azure Blob storage backup folder", + "parameters": [ + { + "name": "keyName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the key to be restored from the user supplied backup" + }, + { + "name": "restoreBlobDetails", + "in": "body", + "schema": { + "$ref": "#/definitions/SelectiveKeyRestoreOperationParameters" + }, + "description": "The Azure blob SAS token pointing to a folder where the previous successful full backup was stored" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "202": { + "description": "Started selective key restore operation from the previously stored backup", + "headers": { + "Retry-After": { + "description": "The recommended number of seconds to wait before calling the URI specified in Azure-AsyncOperation.", + "type": "integer" + }, + "Azure-AsyncOperation": { + "description": "The URI to poll for completion status.", + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/SelectiveKeyRestoreOperation" + } + }, + "default": { + "description": "Key Vault error response describing why the operation failed.", + "schema": { + "$ref": "common.json#/definitions/KeyVaultError" + } + } + }, + "x-ms-examples": { + "Selectively restore key from a backup": { + "$ref": "./examples/SelectiveRestore-example.json" + } + } + } } }, "definitions": { @@ -211,6 +284,52 @@ "sasTokenParameters" ] }, + "SelectiveKeyRestoreOperationParameters": { + "properties": { + "sasTokenParameters": { + "$ref": "#/definitions/SASTokenParameter" + }, + "folder": { + "type": "string", + "description": "The Folder name of the blob where the previous successful full backup was stored" + } + }, + "required": [ + "folder", + "sasTokenParameters" + ] + }, + "SelectiveKeyRestoreOperation": { + "properties": { + "status": { + "type": "string", + "description": "Status of the restore operation." + }, + "statusDetails": { + "type": "string", + "description": "The status details of restore operation." + }, + "error": { + "$ref": "common.json#/definitions/Error", + "description": "Error encountered, if any, during the selective key restore operation." + }, + "jobId": { + "type": "string", + "description": "Identifier for the selective key restore operation." + }, + "startTime": { + "type": "integer", + "format": "unixtime", + "description": "The start time of the restore operation" + }, + "endTime": { + "type": "integer", + "format": "unixtime", + "description": "The end time of the restore operation" + } + }, + "description": "Selective Key Restore operation" + }, "SASTokenParameter": { "properties": { "storageResourceUri": { diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-example.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-example.json index 94db87470eab..ce343dfcfba5 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-example.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-example.json @@ -1,5 +1,6 @@ { "parameters": { + "vaultBaseUrl": "https://myvault.vault.azure.net/", "azureStorageBlobContainerUri": { "storageResourceUri": "https://myaccount.blob.core.windows.net/sascontainer/sasContainer", "token": "se=2018-02-01T00%3A00Z&spr=https&sv=2017-04-17&sr=b&sig=XXFNfuMCHYrBx0bhemJ7PWn0xGfImMXT6LfbXWvtRUk%3D" diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-pending-example.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-pending-example.json index 9396af3e5d5d..e634afa229d0 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-pending-example.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-pending-example.json @@ -1,5 +1,6 @@ { "parameters": { + "vaultBaseUrl": "https://myvault.vault.azure.net/", "jobId": "45aacd568ab049a2803861e8dd3ae21f", "api-version": "7.2-preview" }, diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-example.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-example.json index cd9c7278ab29..08b8c336100b 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-example.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-example.json @@ -1,11 +1,12 @@ { "parameters": { + "vaultBaseUrl": "https://myhsm.managedhsm.azure.net", "restoreBlobDetails": { "sasTokenParameters": { "storageResourceUri": "https://myaccount.blob.core.windows.net/sascontainer/sasContainer", "token": "se=2018-02-01T00%3A00Z&spr=https&sv=2017-04-17&sr=b&sig=XXFNfuMCHYrBx0bhemJ7PWn0xGfImMXT6LfbXWvtRUk%3D" }, - "folderToRestore": "1490790332" + "folderToRestore": "mhsm-mypool-20200303062926785" }, "api-version": "7.2-preview" }, diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-pending-example.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-pending-example.json index 70786dedfba1..5cc1666fc91f 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-pending-example.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-pending-example.json @@ -1,5 +1,6 @@ { "parameters": { + "vaultBaseUrl": "https://myvault.vault.azure.net/", "jobId": "45aacd568ab049a2803861e8dd3ae21f", "api-version": "7.2-preview" }, diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/SelectiveRestore-example.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/SelectiveRestore-example.json new file mode 100644 index 000000000000..91815d730b80 --- /dev/null +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/SelectiveRestore-example.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "vaultBaseUrl": "https://myvault.vault.azure.net", + "keyName": "hsm-mail-key", + "restoreBlobDetails": { + "sasTokenParameters": { + "storageResourceUri": "https://myaccount.blob.core.windows.net/sascontainer/sasContainer", + "token": "se=2018-02-01T00%3A00Z&spr=https&sv=2017-04-17&sr=b&sig=XXFNfuMCH112BxhemJ7PWn0xGfImMXT6LfbXWvtRUk%3D" + }, + "folder": "mhsm-mypool-20200303062926785" + }, + "api-version": "7.2-preview" + }, + "responses": { + "202": { + "headers": { + "Retry-After": 5, + "Azure-AsyncOperation": "https://myvault.vault.azure.net/restore/45aacd568a23b0s49a2803861e8dd3ase21f/pending" + }, + "body": { + "status": "InProgress", + "statusDetails": "Selective Key restore is in progress", + "jobId": "45aacd568a23b0s49a2803861e8dd3ase21f", + "startTime": 1490790000, + "endTime": 0 + } + } + } +}