Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Key rotation swagger change #11965

Merged
merged 23 commits into from
Jun 4, 2021
Merged

Key rotation swagger change #11965

Show file tree
Hide file tree
Changes from 20 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
f59c01b
Key rotation swagger change
qinl-li Dec 5, 2020
de30be9
Run PrettierCheck
qinl-li Dec 5, 2020
66f75ea
fixed spellcheck error
qinl-li Dec 5, 2020
4ffab69
Update specification/keyvault/data-plane/Microsoft.KeyVault/preview/7…
jlichwa Dec 5, 2020
b7083d2
Update based on comments
qinl-li Jan 7, 2021
ea0a273
fix prettier failure
qinl-li Jan 7, 2021
6c46952
Merge branch 'master' of https://github.com/Azure/azure-rest-api-spec…
qinl-li Jan 15, 2021
c51a6d7
Update Api names
qinl-li Jan 19, 2021
ac7f8a2
Add custom words
qinl-li Jan 19, 2021
ee46e48
Update to key rotation policy
qinl-li Jan 19, 2021
b357713
Remove key rotation policy from response
qinl-li Jan 19, 2021
f489356
Remove required
qinl-li Jan 19, 2021
b8863c1
fix validation error
qinl-li Jan 20, 2021
34e3bff
remove parameter force
qinl-li Jan 25, 2021
f35688b
Rotate api should be post
qinl-li Jan 25, 2021
cad62dc
Remove rotationEnabled and update rotationTime to expirationTime
qinl-li Jan 30, 2021
ff97f36
udpate description
qinl-li Jan 30, 2021
fed0916
Update UpdateKeyRotationPolicy-example
qinl-li Feb 2, 2021
e71ecbc
Merge branch 'master' of https://github.com/Azure/azure-rest-api-spec…
qinl-li Mar 5, 2021
539c966
Update names
qinl-li Mar 6, 2021
2b03001
Microsoft.KeyVault-DP-7.3-preview-KeyAutoRotation
qinl-li May 28, 2021
7df2a9d
resolved conflicts
qinl-li May 28, 2021
ac4d106
Update
qinl-li Jun 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions custom-words.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1514,6 +1514,7 @@ rolloverdetails
rootfs
rosettanetprocessconfigurations
rotatediskencryptionkey
rotationpolicy
routable
routingendpointhealth
rpki
Expand Down
37 changes: 37 additions & 0 deletions ...a-plane/Microsoft.KeyVault/preview/7.3-preview/examples/GetKeyRotationPolicy-example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
{
"parameters": {
"vaultBaseUrl": "https://myvault.vault.azure.net/",
"key-name": "key01",
"api-version": "7.3-preview"
},
"responses": {
"200": {
"body": {
"id": "https://myvault.vault.azure.net/keys/key01/rotationpolicy",
"lifetimeActions": [
{
"trigger": {
"timeAfterCreate": "P90D"
},
"action": {
"type": "Rotate"
}
},
{
"trigger": {
"timeBeforeExpiry": "P30D"
},
"action": {
"type": "Notify"
}
}
],
"attributes": {
"expiryTime": "P2Y",
"created": 1482188947,
"updated": 1482188948
}
}
}
}
}
37 changes: 37 additions & 0 deletions ...eyvault/data-plane/Microsoft.KeyVault/preview/7.3-preview/examples/RotateKey-example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
{
"parameters": {
"vaultBaseUrl": "https://myvault.vault.azure.net/",
"key-name": "Key01",
"api-version": "7.3-preview"
},
"responses": {
"200": {
"body": {
"key": {
"kid": "https://myvault.vault.azure.net/keys/CreateSoftKeyTest/78deebed173b48e48f55abf87ed4cf71",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign",
"verify",
"wrapKey",
"unwrapKey"
],
"n": "2HJAE5fU3Cw2Rt9hEuq-F6XjINKGa-zskfISVqopqUy60GOs2eyhxbWbJBeUXNor_gf-tXtNeuqeBgitLeVa640UDvnEjYTKWjCniTxZRaU7ewY8BfTSk-7KxoDdLsPSpX_MX4rwlAx-_1UGk5t4sQgTbm9T6Fm2oqFd37dsz5-Gj27UP2GTAShfJPFD7MqU_zIgOI0pfqsbNL5xTQVM29K6rX4jSPtylZV3uWJtkoQIQnrIHhk1d0SC0KwlBV3V7R_LVYjiXLyIXsFzSNYgQ68ZjAwt8iL7I8Osa-ehQLM13DVvLASaf7Jnu3sC3CWl3Gyirgded6cfMmswJzY87w",
"e": "AQAB"
},
"attributes": {
"enabled": true,
"created": 1493942451,
"updated": 1493942451,
"recoveryLevel": "Recoverable+Purgeable"
},
"tags": {
"purpose": "unit test",
"test name ": "CreateGetDeleteKeyTest"
}
}
}
}
}
60 changes: 60 additions & 0 deletions ...lane/Microsoft.KeyVault/preview/7.3-preview/examples/UpdateKeyRotationPolicy-example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"parameters": {
"vaultBaseUrl": "https://myvault.vault.azure.net/",
"key-name": "updateKey01",
"api-version": "7.3-preview",
"keyRotationPolicy": {
"lifetimeActions": [
{
"trigger": {
"timeAfterCreate": "P90D"
},
"action": {
"type": "Rotate"
}
},
{
"trigger": {
"timeBeforeExpiry": "P30D"
},
"action": {
"type": "Notify"
}
}
],
"attributes": {
"expirationTime": "P2Y"
}
qinl-li marked this conversation as resolved.
Show resolved Hide resolved
}
},
"responses": {
"200": {
"body": {
"id": "https://myvault.vault.azure.net/keys/updateKey01/rotationpolicy",
"lifetimeActions": [
{
"trigger": {
"timeAfterCreate": "P90D"
},
"action": {
"type": "Rotate"
}
},
{
"trigger": {
"timeBeforeExpiry": "P30D"
},
"action": {
"type": "Notify"
}
}
],
"attributes": {
"expiryTime": "P2Y",
"created": 1482188947,
"updated": 1482188948
}
}
qinl-li marked this conversation as resolved.
Show resolved Hide resolved
}
}
}
226 changes: 226 additions & 0 deletions specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.3-preview/keys.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,48 @@
}
}
},
"/keys/{key-name}/rotate": {
"post": {
"tags": [
"Keys"
],
"operationId": "RotateKey",
"summary": "Creates a new key version, stores it, then returns key parameters, attributes and policy to the client.",
"description": "The operation will rotate the key based on the key policy. It requires the keys/rotate permission.",
"parameters": [
{
"name": "key-name",
"in": "path",
"required": true,
"type": "string",
"pattern": "^[0-9a-zA-Z-]+$",
"description": "The name of key to be rotated. The system will generate a new version in the specified key."
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "A key bundle containing the result of the rotate key request.",
"schema": {
"$ref": "#/definitions/KeyBundle"
}
},
"default": {
"description": "Key Vault error response describing why the operation failed.",
"schema": {
"$ref": "common.json#/definitions/KeyVaultError"
}
}
},
"x-ms-examples": {
"Rotate key": {
"$ref": "./examples/RotateKey-example.json"
}
}
}
},
"/keys/{key-name}": {
"put": {
"tags": [
Expand Down Expand Up @@ -1088,6 +1130,95 @@
}
}
}
},
"/keys/{key-name}/rotationpolicy": {
"get": {
"tags": [
"Keys"
],
"operationId": "GetKeyRotationPolicy",
"summary": "Lists the policy for a key.",
"description": "The GetKeyRotationPolicy operation returns the specified key policy resources in the specified key vault. This operation requires the keys/get permission.",
"parameters": [
{
"name": "key-name",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the key in a given key vault."
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "The key rotation policy.",
"schema": {
"$ref": "#/definitions/KeyRotationPolicy"
}
},
"default": {
"description": "Key Vault error response describing why the operation failed.",
"schema": {
"$ref": "common.json#/definitions/KeyVaultError"
}
}
},
"x-ms-examples": {
"GetKeyRotationPolicy": {
"$ref": "./examples/GetKeyRotationPolicy-example.json"
}
}
},
"put": {
"tags": [
"keys"
qinl-li marked this conversation as resolved.
Show resolved Hide resolved
],
"operationId": "UpdateKeyRotationPolicy",
"summary": "Updates the rotation policy for a key.",
"description": "Set specified members in the key policy. Leave others as undefined. This operation requires the keys/update permission.",
"parameters": [
{
"name": "key-name",
"in": "path",
"required": true,
"type": "string",
"description": "The name of the key in the given vault."
},
{
"name": "keyRotationPolicy",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/KeyRotationPolicy"
},
"description": "The policy for the key."
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "The policy for the key.",
"schema": {
"$ref": "#/definitions/KeyRotationPolicy"
}
},
"default": {
"description": "Key Vault error response describing why the operation failed.",
"schema": {
"$ref": "common.json#/definitions/KeyVaultError"
}
}
},
"x-ms-examples": {
"UpdateKeyRotationPolicy": {
"$ref": "./examples/UpdateKeyRotationPolicy-example.json"
}
}
}
}
},
"definitions": {
Expand Down Expand Up @@ -1955,6 +2086,101 @@
},
"description": "The backup key result, containing the backup blob."
},
"KeyRotationPolicy": {
"properties": {
"id": {
"type": "string",
"description": "The key policy id.",
"readOnly": true
},
"lifetimeActions": {
"type": "array",
"items": {
"$ref": "#/definitions/LifetimeActions"
},
"description": "Actions that will be performed by Key Vault over the lifetime of a key. For preview, lifetimeActions could only have two items at maximum: one for rotate, one for notify. Notification time would be default to 30 days before expiry and it is not configurable."
qinl-li marked this conversation as resolved.
Show resolved Hide resolved
},
"attributes": {
"$ref": "#/definitions/KeyRotationPolicyAttributes",
"description": "The key rotation policy attributes."
}
},
"description": "Management policy for a key."
},
"LifetimeActions": {
jlichwa marked this conversation as resolved.
Show resolved Hide resolved
"properties": {
"trigger": {
"$ref": "#/definitions/LifetimeActionsTrigger",
"description": "The condition that will execute the action."
},
"action": {
"$ref": "#/definitions/LifetimeActionsType",
"description": "The action that will be executed."
}
},
"description": "Action and its trigger that will be performed by Key Vault over the lifetime of a key."
},
"LifetimeActionsTrigger": {
"properties": {
"timeAfterCreate": {
heaths marked this conversation as resolved.
Show resolved Hide resolved
"type": "string",
"description": "Time after creation to attempt rotate. It will be in ISO 8601 format. Example: 90 days : \"P90D\" "
},
"timeBeforeExpiry": {
qinl-li marked this conversation as resolved.
Show resolved Hide resolved
"type": "string",
"description": "Time before expiry to attempt rotate. It will be in ISO 8601 format. Example: 90 days : \"P90D\""
}
},
"description": "A condition to be satisfied for an action to be executed."
},
"LifetimeActionsType": {
"properties": {
"type": {
"type": "string",
"description": "The type of the action.",
"enum": [
"Rotate",
qinl-li marked this conversation as resolved.
Show resolved Hide resolved
"Notify"
],
"x-ms-enum": {
"name": "ActionType",
"modelAsString": false,
"values": [
{
"value": "Rotate",
heaths marked this conversation as resolved.
Show resolved Hide resolved
"description": "Rotate the key based on the key policy."
},
{
"value": "Notify",
"description": "Trigger event grid events. For preview, the notification time is not configurable and it is default to 30 days before expiry."
}
]
}
}
},
"description": "The action that will be executed."
},
"KeyRotationPolicyAttributes": {
"properties": {
"expiryTime": {
"type": "string",
"description": "The expiration time duration to be applied on the new key version. It will be in ISO 8601 Format. Examples: 90 days: P90D, 3 months: P3M, 48 hours: PT48H, 1 year and 10 days: P1Y10D"
},
"created": {
"type": "integer",
"format": "unixtime",
"readOnly": true,
"description": "The key rotation policy created time in UTC."
},
"updated": {
"type": "integer",
"format": "unixtime",
"readOnly": true,
"description": "The key rotation policy's last updated time in UTC."
}
},
"description": "The key rotation policy attributes."
},
"KeyReleaseResult": {
"properties": {
"value": {
Expand Down