Add a createOctKey convenience method and relevant options. #13522
Conversation
maorleger
requested review from
bterlson,
chradek,
sophiajt,
sadasant and
xirzec
as code owners
ghost
added
the
| /** | ||
| * Whether to create a hardware-protected key in a hardware security module (HSM). | ||
| */ | ||
| hsm?: boolean; |
There was a problem hiding this comment.
I went with hsm because we already use hsm on createEcKeyOptions and createRsaKeyOptions - but feel free to let me know if we should break tradition here to use hardwareProtected
maorleger
force-pushed
the
create-oct-key-options
branch
from
d489191 to
3c11811
Compare
|
This pull request is protected by Check Enforcer. What is Check Enforcer?Check Enforcer helps ensure all pull requests are covered by at least one check-run (typically an Azure Pipeline). When all check-runs associated with this pull request pass then Check Enforcer itself will pass. Why am I getting this message?You are getting this message because Check Enforcer did not detect any check-runs being associated with this pull request within five minutes. This may indicate that your pull request is not covered by any pipelines and so Check Enforcer is correctly blocking the pull request being merged. What should I do now?If the check-enforcer check-run is not passing and all other check-runs associated with this PR are passing (excluding license-cla) then you could try telling Check Enforcer to evaluate your pull request again. You can do this by adding a comment to this pull request as follows: What if I am onboarding a new service?Often, new services do not have validation pipelines associated with them, in order to bootstrap pipelines for a new service, you can issue the following command as a pull request comment: |
|
/check-enforcer override build passes, but there's a known issue with check enforcer |
| @@ -42,6 +42,11 @@ export interface CreateKeyOptions extends coreHttp.OperationOptions { | |||
| }; | |||
| } | |||
|
|
|||
| // @public | |||
| export interface CreateOctKeyOptions extends CreateKeyOptions { | |||
| hsm?: boolean; | |||
There was a problem hiding this comment.
- This should've been
hardwareProtected, but I see you shipped previously withhsmso that's fine. I guess this was missed in unification. - What about
keySizehere? That's valid as well. See https://github.com/Azure/azure-sdk-for-net/blob/f8aabfa3cc1b0a7ae2b6a1c111ea96416b3a4f4d/sdk/keyvault/Azure.Security.KeyVault.Keys/src/CreateOctKeyOptions.cs#L27. In .NET we have optional "parameters" as read-write properties instead of constructor params (reserved for required "parameters" and their properties are typically read-only).
There was a problem hiding this comment.
Opened #13545 for the second issue.
There was a problem hiding this comment.
- Agree on using
hardwareProtectedbut yea I kept ithsmto be consistent across our APIs (see this comment: Add a createOctKey convenience method and relevant options. #13522 (comment)) - I was wondering as well, but noticed we already offer
keySizeinCreateKeyOptionswhich this extends. See here:
That change was before my time, but when I used this new options bag (CreateOctKeyOptions) in sample code keySize was available to me. Do you think I should move it to a few specific Create<KeyType>Options classes instead?
There was a problem hiding this comment.
Interesting. In the PR, I noticed that createRsaKeyOptions also defines it at
keySize probably shouldn't have been defined on the base; practically, though, I doubt it would never not be a parameter.
There was a problem hiding this comment.
Yea, not sure why it's overridden - might be a miss. But, since we can't remove createKeyOptions.keySize now maybe the thing to do is to remove the overrides since it's just debt at this point? I can reuse and update #13545 to reflect that.
We define `keySize` in `createRsaKeyOptions` but we don't have to since it's already defined in `createKeyOptions` which this inherits from. Having it defined in two places adds confusion (see #13522 (comment) as an example). This commit just removes the redefined parameter and updates the base parameter's doc comment to be clearer. Fixes #13589
Remove readonly for keyOps and keySize (Azure#13522)
What
createOctKeymethod to support creating keys of typeoctandoct-HSMcreateOctKeyOptionssupportinghsm(keySize is already supported at thecreateKeyOptionsinterface)Why
Callouts
hsmto be compatible with the APIs we already shipped. Feel free to let me know if you want this to be hardwareProtected at the cost of being inconsistent with our other createKeyOptions.resolves #12457