From d24ecaa36dc7a22c0a8272170fa1fce6accc03d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Fri, 8 Jan 2021 17:50:25 -0800 Subject: [PATCH 01/13] Implement sync API --- .../administration/_access_control_client.py | 85 ++++++- .../aio/operations_async/__init__.py | 8 +- .../_role_definitions_operations_async.py | 223 ++++++++++++++++- .../v7_2_preview/models/__init__.py | 10 +- .../_generated/v7_2_preview/models/_models.py | 94 ++++++-- .../v7_2_preview/models/_models_py3.py | 102 ++++++-- .../v7_2_preview/operations/__init__.py | 8 +- .../_role_definitions_operations.py | 226 +++++++++++++++++- .../aio/_access_control_client.py | 58 +++++ .../tests/test_access_control.py | 45 +++- 10 files changed, 771 insertions(+), 88 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 8c80c69032e5..3a6751226523 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -7,12 +7,12 @@ from azure.core.tracing.decorator import distributed_trace -from ._models import KeyVaultRoleAssignment, KeyVaultRoleDefinition +from ._models import KeyVaultRoleAssignment, KeyVaultRoleDefinition, KeyVaultPermission from ._internal import KeyVaultClientBase if TYPE_CHECKING: # pylint:disable=ungrouped-imports - from typing import Any, Union + from typing import Any, List, Union from uuid import UUID from azure.core.paging import ItemPaged from ._models import KeyVaultRoleScope @@ -109,6 +109,87 @@ def list_role_assignments(self, role_scope, **kwargs): **kwargs ) + @distributed_trace + def set_role_definition(self, role_scope, **kwargs): + # type: (Union[str, KeyVaultRoleScope], **Any) -> KeyVaultRoleDefinition + """Creates or updates a custom role definition. + + :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value. + :type role_scope: str or KeyVaultRoleScope + :keyword role_definition_name: the role definition's name. Must be a UUID. + :type role_definition_name: str or uuid.UUID + :keyword str description: the role definition's description. + :keyword str role_type: the role type. + :keyword permissions: the role definition's permissions. + :type permissions: List[KeyVaultPermission] + :keyword assignable_scopes: the role definition's assignable scopes. + :type assignable_scopes: List[str] + :returns: The created or updated role definition + :rtype: KeyVaultRoleDefinition + """ + role_definition_name = kwargs.pop("role_definition_name", None) or uuid4() + permissions = kwargs.pop("permissions", None) + if permissions is not None: + permissions = [ + self._client.role_definitions.models.Permission( + actions=p.allowed_actions, + not_actions=p.denied_actions, + data_actions=p.allowed_data_actions, + not_data_actions=p.denied_data_actions, + ) + for p in permissions + ] + + properties = self._client.role_definitions.models.RoleDefinitionProperties( + role_name=role_definition_name, permissions=permissions, **kwargs + ) + parameters = self._client.role_definitions.models.RoleDefinitionCreateParameters(properties=properties) + + definition = self._client.role_definitions.create_or_update( + vault_base_url=self._vault_url, + scope=role_scope, + role_definition_name=role_definition_name, + parameters=parameters, + **kwargs + ) + return KeyVaultRoleDefinition._from_generated(definition) + + @distributed_trace + def get_role_definition(self, role_scope, role_definition_name, **kwargs): + # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> KeyVaultRoleDefinition + """Get the specified role definition. + + :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value. + :type role_scope: str or KeyVaultRoleScope + :param role_definition_name: the role definition's name. Must be a UUID. + :type role_definition_name: str or uuid.UUID + :rtype: KeyVaultRoleDefinition + """ + definition = self._client.role_definitions.get( + vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs + ) + return KeyVaultRoleDefinition._from_generated(definition) + + @distributed_trace + def delete_role_definition(self, role_scope, role_definition_name, **kwargs): + # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> KeyVaultRoleDefinition + """Deletes a custom role definition. + + :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value. + :type role_scope: str or KeyVaultRoleScope + :param role_definition_name: the role definition's name. Must be a UUID. + :type role_definition_name: str or uuid.UUID + :returns: the deleted role definition + :rtype: KeyVaultRoleDefinition + """ + definition = self._client.role_definitions.delete( + vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs + ) + return KeyVaultRoleDefinition._from_generated(definition) + @distributed_trace def list_role_definitions(self, role_scope, **kwargs): # type: (Union[str, KeyVaultRoleScope], **Any) -> ItemPaged[KeyVaultRoleDefinition] diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/aio/operations_async/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/aio/operations_async/__init__.py index 1934ebc06adf..e7870cbaf603 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/aio/operations_async/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/aio/operations_async/__init__.py @@ -1,17 +1,15 @@ # coding=utf-8 # -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. +# Code generated by Microsoft (R) AutoRest Code Generator (autorest: 3.0.6306, generator: {generator}) # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from ._key_vault_client_operations_async import KeyVaultClientOperationsMixin from ._role_definitions_operations_async import RoleDefinitionsOperations from ._role_assignments_operations_async import RoleAssignmentsOperations +from ._key_vault_client_operations_async import KeyVaultClientOperationsMixin __all__ = [ - 'KeyVaultClientOperationsMixin', 'RoleDefinitionsOperations', 'RoleAssignmentsOperations', + 'KeyVaultClientOperationsMixin', ] diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/aio/operations_async/_role_definitions_operations_async.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/aio/operations_async/_role_definitions_operations_async.py index 2fa72d1ca4d5..b804eadacd3c 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/aio/operations_async/_role_definitions_operations_async.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/aio/operations_async/_role_definitions_operations_async.py @@ -1,19 +1,17 @@ # coding=utf-8 # -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. +# Code generated by Microsoft (R) AutoRest Code Generator (autorest: 3.0.6306, generator: {generator}) # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar import warnings from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest -from ... import models +from ... import models as _models T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -25,14 +23,14 @@ class RoleDefinitionsOperations: instantiates it for you and attaches it as an attribute. :ivar models: Alias to model classes used in this operation group. - :type models: ~azure.keyvault.v7_2.models + :type models: ~key_vault_client.models :param client: Client for service requests. :param config: Configuration of service client. :param serializer: An object model serializer. :param deserializer: An object model deserializer. """ - models = models + models = _models def __init__(self, client, config, serializer, deserializer) -> None: self._client = client @@ -40,13 +38,209 @@ def __init__(self, client, config, serializer, deserializer) -> None: self._deserialize = deserializer self._config = config + async def delete( + self, + vault_base_url: str, + scope: str, + role_definition_name: str, + **kwargs + ) -> "_models.RoleDefinition": + """Deletes a custom role definition. + + :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. + :type vault_base_url: str + :param scope: The scope of the role definition to delete. Managed HSM only supports '/'. + :type scope: str + :param role_definition_name: The name (GUID) of the role definition to delete. + :type role_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: RoleDefinition, or the result of cls(response) + :rtype: ~key_vault_client.models.RoleDefinition + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["_models.RoleDefinition"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "7.2-preview" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'scope': self._serialize.url("scope", scope, 'str', skip_quote=True), + 'roleDefinitionName': self._serialize.url("role_definition_name", role_definition_name, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize(_models.KeyVaultError, response) + raise HttpResponseError(response=response, model=error) + + deserialized = self._deserialize('RoleDefinition', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + delete.metadata = {'url': '/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}'} # type: ignore + + async def create_or_update( + self, + vault_base_url: str, + scope: str, + role_definition_name: str, + parameters: "_models.RoleDefinitionCreateParameters", + **kwargs + ) -> "_models.RoleDefinition": + """Creates or updates a custom role definition. + + :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. + :type vault_base_url: str + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. + :type scope: str + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. + :type role_definition_name: str + :param parameters: Parameters for the role definition. + :type parameters: ~key_vault_client.models.RoleDefinitionCreateParameters + :keyword callable cls: A custom type or function that will be passed the direct response + :return: RoleDefinition, or the result of cls(response) + :rtype: ~key_vault_client.models.RoleDefinition + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["_models.RoleDefinition"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "7.2-preview" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'scope': self._serialize.url("scope", scope, 'str', skip_quote=True), + 'roleDefinitionName': self._serialize.url("role_definition_name", role_definition_name, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(parameters, 'RoleDefinitionCreateParameters') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize(_models.KeyVaultError, response) + raise HttpResponseError(response=response, model=error) + + deserialized = self._deserialize('RoleDefinition', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}'} # type: ignore + + async def get( + self, + vault_base_url: str, + scope: str, + role_definition_name: str, + **kwargs + ) -> "_models.RoleDefinition": + """Get the specified role definition. + + :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. + :type vault_base_url: str + :param scope: The scope of the role definition to get. Managed HSM only supports '/'. + :type scope: str + :param role_definition_name: The name of the role definition to get. + :type role_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: RoleDefinition, or the result of cls(response) + :rtype: ~key_vault_client.models.RoleDefinition + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["_models.RoleDefinition"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "7.2-preview" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'scope': self._serialize.url("scope", scope, 'str', skip_quote=True), + 'roleDefinitionName': self._serialize.url("role_definition_name", role_definition_name, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize(_models.KeyVaultError, response) + raise HttpResponseError(response=response, model=error) + + deserialized = self._deserialize('RoleDefinition', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}'} # type: ignore + def list( self, vault_base_url: str, scope: str, filter: Optional[str] = None, **kwargs - ) -> AsyncIterable["models.RoleDefinitionListResult"]: + ) -> AsyncIterable["_models.RoleDefinitionListResult"]: """Get all role definitions that are applicable at scope and above. :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. @@ -58,18 +252,21 @@ def list( :type filter: str :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either RoleDefinitionListResult or the result of cls(response) - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_2.models.RoleDefinitionListResult] + :rtype: ~azure.core.async_paging.AsyncItemPaged[~key_vault_client.models.RoleDefinitionListResult] :raises: ~azure.core.exceptions.HttpResponseError """ - cls = kwargs.pop('cls', None) # type: ClsType["models.RoleDefinitionListResult"] - error_map = {404: ResourceNotFoundError, 409: ResourceExistsError} + cls = kwargs.pop('cls', None) # type: ClsType["_models.RoleDefinitionListResult"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } error_map.update(kwargs.pop('error_map', {})) api_version = "7.2-preview" + accept = "application/json" def prepare_request(next_link=None): # Construct headers header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = 'application/json' + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') if not next_link: # Construct URL @@ -111,7 +308,7 @@ async def get_next(next_link=None): response = pipeline_response.http_response if response.status_code not in [200]: - error = self._deserialize(models.KeyVaultError, response) + error = self._deserialize(_models.KeyVaultError, response) map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, model=error) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py index cbd7e3697d36..90bc914d7f52 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py @@ -1,8 +1,6 @@ # coding=utf-8 # -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. +# Code generated by Microsoft (R) AutoRest Code Generator (autorest: 3.0.6306, generator: {generator}) # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- @@ -21,8 +19,10 @@ from ._models_py3 import RoleAssignmentProperties from ._models_py3 import RoleAssignmentPropertiesWithScope from ._models_py3 import RoleDefinition + from ._models_py3 import RoleDefinitionCreateParameters from ._models_py3 import RoleDefinitionFilter from ._models_py3 import RoleDefinitionListResult + from ._models_py3 import RoleDefinitionProperties from ._models_py3 import SASTokenParameter from ._models_py3 import SelectiveKeyRestoreOperation from ._models_py3 import SelectiveKeyRestoreOperationParameters @@ -41,8 +41,10 @@ from ._models import RoleAssignmentProperties # type: ignore from ._models import RoleAssignmentPropertiesWithScope # type: ignore from ._models import RoleDefinition # type: ignore + from ._models import RoleDefinitionCreateParameters # type: ignore from ._models import RoleDefinitionFilter # type: ignore from ._models import RoleDefinitionListResult # type: ignore + from ._models import RoleDefinitionProperties # type: ignore from ._models import SASTokenParameter # type: ignore from ._models import SelectiveKeyRestoreOperation # type: ignore from ._models import SelectiveKeyRestoreOperationParameters # type: ignore @@ -62,8 +64,10 @@ 'RoleAssignmentProperties', 'RoleAssignmentPropertiesWithScope', 'RoleDefinition', + 'RoleDefinitionCreateParameters', 'RoleDefinitionFilter', 'RoleDefinitionListResult', + 'RoleDefinitionProperties', 'SASTokenParameter', 'SelectiveKeyRestoreOperation', 'SelectiveKeyRestoreOperationParameters', diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py index 99da7b8a82c3..e986809af8ce 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py @@ -1,8 +1,6 @@ # coding=utf-8 # -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. +# Code generated by Microsoft (R) AutoRest Code Generator (autorest: 3.0.6306, generator: {generator}) # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- @@ -62,7 +60,7 @@ class Error(msrest.serialization.Model): :ivar message: The error message. :vartype message: str :ivar inner_error: The key vault server error. - :vartype inner_error: ~azure.keyvault.v7_2.models.Error + :vartype inner_error: ~key_vault_client.models.Error """ _validation = { @@ -95,7 +93,7 @@ class FullBackupOperation(msrest.serialization.Model): :param status_details: The status details of backup operation. :type status_details: str :param error: Error encountered, if any, during the full backup operation. - :type error: ~azure.keyvault.v7_2.models.Error + :type error: ~key_vault_client.models.Error :param start_time: The start time of the backup operation in UTC. :type start_time: ~datetime.datetime :param end_time: The end time of the backup operation in UTC. @@ -137,7 +135,7 @@ class KeyVaultError(msrest.serialization.Model): Variables are only populated by the server, and will be ignored when sending a request. :ivar error: The key vault server error. - :vartype error: ~azure.keyvault.v7_2.models.Error + :vartype error: ~key_vault_client.models.Error """ _validation = { @@ -195,7 +193,7 @@ class RestoreOperation(msrest.serialization.Model): :param status_details: The status details of restore operation. :type status_details: str :param error: Error encountered, if any, during the restore operation. - :type error: ~azure.keyvault.v7_2.models.Error + :type error: ~key_vault_client.models.Error :param job_id: Identifier for the restore operation. :type job_id: str :param start_time: The start time of the restore operation. @@ -231,8 +229,9 @@ class RestoreOperationParameters(msrest.serialization.Model): All required parameters must be populated in order to send to Azure. - :param sas_token_parameters: Required. - :type sas_token_parameters: ~azure.keyvault.v7_2.models.SASTokenParameter + :param sas_token_parameters: Required. SAS token parameter object containing Azure storage + resourceUri and token. + :type sas_token_parameters: ~key_vault_client.models.SASTokenParameter :param folder_to_restore: Required. The Folder name of the blob where the previous successful full backup was stored. :type folder_to_restore: str @@ -269,7 +268,7 @@ class RoleAssignment(msrest.serialization.Model): :ivar type: The role assignment type. :vartype type: str :param properties: Role assignment properties. - :type properties: ~azure.keyvault.v7_2.models.RoleAssignmentPropertiesWithScope + :type properties: ~key_vault_client.models.RoleAssignmentPropertiesWithScope """ _validation = { @@ -302,7 +301,7 @@ class RoleAssignmentCreateParameters(msrest.serialization.Model): All required parameters must be populated in order to send to Azure. :param properties: Required. Role assignment properties. - :type properties: ~azure.keyvault.v7_2.models.RoleAssignmentProperties + :type properties: ~key_vault_client.models.RoleAssignmentProperties """ _validation = { @@ -344,7 +343,7 @@ class RoleAssignmentListResult(msrest.serialization.Model): """Role assignment list operation result. :param value: Role assignment list. - :type value: list[~azure.keyvault.v7_2.models.RoleAssignment] + :type value: list[~key_vault_client.models.RoleAssignment] :param next_link: The URL to use for getting the next set of results. :type next_link: str """ @@ -439,7 +438,7 @@ class RoleDefinition(msrest.serialization.Model): :param role_type: The role type. :type role_type: str :param permissions: Role definition permissions. - :type permissions: list[~azure.keyvault.v7_2.models.Permission] + :type permissions: list[~key_vault_client.models.Permission] :param assignable_scopes: Role definition assignable scopes. :type assignable_scopes: list[str] """ @@ -476,6 +475,31 @@ def __init__( self.assignable_scopes = kwargs.get('assignable_scopes', None) +class RoleDefinitionCreateParameters(msrest.serialization.Model): + """Role definition create parameters. + + All required parameters must be populated in order to send to Azure. + + :param properties: Required. Role definition properties. + :type properties: ~key_vault_client.models.RoleDefinitionProperties + """ + + _validation = { + 'properties': {'required': True}, + } + + _attribute_map = { + 'properties': {'key': 'properties', 'type': 'RoleDefinitionProperties'}, + } + + def __init__( + self, + **kwargs + ): + super(RoleDefinitionCreateParameters, self).__init__(**kwargs) + self.properties = kwargs['properties'] + + class RoleDefinitionFilter(msrest.serialization.Model): """Role Definitions filter. @@ -499,7 +523,7 @@ class RoleDefinitionListResult(msrest.serialization.Model): """Role definition list operation result. :param value: Role definition list. - :type value: list[~azure.keyvault.v7_2.models.RoleDefinition] + :type value: list[~key_vault_client.models.RoleDefinition] :param next_link: The URL to use for getting the next set of results. :type next_link: str """ @@ -518,6 +542,41 @@ def __init__( self.next_link = kwargs.get('next_link', None) +class RoleDefinitionProperties(msrest.serialization.Model): + """Role definition properties. + + :param role_name: The role name. + :type role_name: str + :param description: The role definition description. + :type description: str + :param role_type: The role type. + :type role_type: str + :param permissions: Role definition permissions. + :type permissions: list[~key_vault_client.models.Permission] + :param assignable_scopes: Role definition assignable scopes. + :type assignable_scopes: list[str] + """ + + _attribute_map = { + 'role_name': {'key': 'roleName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'role_type': {'key': 'type', 'type': 'str'}, + 'permissions': {'key': 'permissions', 'type': '[Permission]'}, + 'assignable_scopes': {'key': 'assignableScopes', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(RoleDefinitionProperties, self).__init__(**kwargs) + self.role_name = kwargs.get('role_name', None) + self.description = kwargs.get('description', None) + self.role_type = kwargs.get('role_type', None) + self.permissions = kwargs.get('permissions', None) + self.assignable_scopes = kwargs.get('assignable_scopes', None) + + class SASTokenParameter(msrest.serialization.Model): """SASTokenParameter. @@ -556,7 +615,7 @@ class SelectiveKeyRestoreOperation(msrest.serialization.Model): :param status_details: The status details of restore operation. :type status_details: str :param error: Error encountered, if any, during the selective key restore operation. - :type error: ~azure.keyvault.v7_2.models.Error + :type error: ~key_vault_client.models.Error :param job_id: Identifier for the selective key restore operation. :type job_id: str :param start_time: The start time of the restore operation. @@ -592,8 +651,9 @@ class SelectiveKeyRestoreOperationParameters(msrest.serialization.Model): All required parameters must be populated in order to send to Azure. - :param sas_token_parameters: Required. - :type sas_token_parameters: ~azure.keyvault.v7_2.models.SASTokenParameter + :param sas_token_parameters: Required. SAS token parameter object containing Azure storage + resourceUri and token. + :type sas_token_parameters: ~key_vault_client.models.SASTokenParameter :param folder: Required. The Folder name of the blob where the previous successful full backup was stored. :type folder: str diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py index dab1cd313c38..f473fd567c5d 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py @@ -1,8 +1,6 @@ # coding=utf-8 # -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. +# Code generated by Microsoft (R) AutoRest Code Generator (autorest: 3.0.6306, generator: {generator}) # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- @@ -69,7 +67,7 @@ class Error(msrest.serialization.Model): :ivar message: The error message. :vartype message: str :ivar inner_error: The key vault server error. - :vartype inner_error: ~azure.keyvault.v7_2.models.Error + :vartype inner_error: ~key_vault_client.models.Error """ _validation = { @@ -102,7 +100,7 @@ class FullBackupOperation(msrest.serialization.Model): :param status_details: The status details of backup operation. :type status_details: str :param error: Error encountered, if any, during the full backup operation. - :type error: ~azure.keyvault.v7_2.models.Error + :type error: ~key_vault_client.models.Error :param start_time: The start time of the backup operation in UTC. :type start_time: ~datetime.datetime :param end_time: The end time of the backup operation in UTC. @@ -152,7 +150,7 @@ class KeyVaultError(msrest.serialization.Model): Variables are only populated by the server, and will be ignored when sending a request. :ivar error: The key vault server error. - :vartype error: ~azure.keyvault.v7_2.models.Error + :vartype error: ~key_vault_client.models.Error """ _validation = { @@ -215,7 +213,7 @@ class RestoreOperation(msrest.serialization.Model): :param status_details: The status details of restore operation. :type status_details: str :param error: Error encountered, if any, during the restore operation. - :type error: ~azure.keyvault.v7_2.models.Error + :type error: ~key_vault_client.models.Error :param job_id: Identifier for the restore operation. :type job_id: str :param start_time: The start time of the restore operation. @@ -258,8 +256,9 @@ class RestoreOperationParameters(msrest.serialization.Model): All required parameters must be populated in order to send to Azure. - :param sas_token_parameters: Required. - :type sas_token_parameters: ~azure.keyvault.v7_2.models.SASTokenParameter + :param sas_token_parameters: Required. SAS token parameter object containing Azure storage + resourceUri and token. + :type sas_token_parameters: ~key_vault_client.models.SASTokenParameter :param folder_to_restore: Required. The Folder name of the blob where the previous successful full backup was stored. :type folder_to_restore: str @@ -299,7 +298,7 @@ class RoleAssignment(msrest.serialization.Model): :ivar type: The role assignment type. :vartype type: str :param properties: Role assignment properties. - :type properties: ~azure.keyvault.v7_2.models.RoleAssignmentPropertiesWithScope + :type properties: ~key_vault_client.models.RoleAssignmentPropertiesWithScope """ _validation = { @@ -334,7 +333,7 @@ class RoleAssignmentCreateParameters(msrest.serialization.Model): All required parameters must be populated in order to send to Azure. :param properties: Required. Role assignment properties. - :type properties: ~azure.keyvault.v7_2.models.RoleAssignmentProperties + :type properties: ~key_vault_client.models.RoleAssignmentProperties """ _validation = { @@ -380,7 +379,7 @@ class RoleAssignmentListResult(msrest.serialization.Model): """Role assignment list operation result. :param value: Role assignment list. - :type value: list[~azure.keyvault.v7_2.models.RoleAssignment] + :type value: list[~key_vault_client.models.RoleAssignment] :param next_link: The URL to use for getting the next set of results. :type next_link: str """ @@ -485,7 +484,7 @@ class RoleDefinition(msrest.serialization.Model): :param role_type: The role type. :type role_type: str :param permissions: Role definition permissions. - :type permissions: list[~azure.keyvault.v7_2.models.Permission] + :type permissions: list[~key_vault_client.models.Permission] :param assignable_scopes: Role definition assignable scopes. :type assignable_scopes: list[str] """ @@ -528,6 +527,33 @@ def __init__( self.assignable_scopes = assignable_scopes +class RoleDefinitionCreateParameters(msrest.serialization.Model): + """Role definition create parameters. + + All required parameters must be populated in order to send to Azure. + + :param properties: Required. Role definition properties. + :type properties: ~key_vault_client.models.RoleDefinitionProperties + """ + + _validation = { + 'properties': {'required': True}, + } + + _attribute_map = { + 'properties': {'key': 'properties', 'type': 'RoleDefinitionProperties'}, + } + + def __init__( + self, + *, + properties: "RoleDefinitionProperties", + **kwargs + ): + super(RoleDefinitionCreateParameters, self).__init__(**kwargs) + self.properties = properties + + class RoleDefinitionFilter(msrest.serialization.Model): """Role Definitions filter. @@ -553,7 +579,7 @@ class RoleDefinitionListResult(msrest.serialization.Model): """Role definition list operation result. :param value: Role definition list. - :type value: list[~azure.keyvault.v7_2.models.RoleDefinition] + :type value: list[~key_vault_client.models.RoleDefinition] :param next_link: The URL to use for getting the next set of results. :type next_link: str """ @@ -575,6 +601,47 @@ def __init__( self.next_link = next_link +class RoleDefinitionProperties(msrest.serialization.Model): + """Role definition properties. + + :param role_name: The role name. + :type role_name: str + :param description: The role definition description. + :type description: str + :param role_type: The role type. + :type role_type: str + :param permissions: Role definition permissions. + :type permissions: list[~key_vault_client.models.Permission] + :param assignable_scopes: Role definition assignable scopes. + :type assignable_scopes: list[str] + """ + + _attribute_map = { + 'role_name': {'key': 'roleName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'role_type': {'key': 'type', 'type': 'str'}, + 'permissions': {'key': 'permissions', 'type': '[Permission]'}, + 'assignable_scopes': {'key': 'assignableScopes', 'type': '[str]'}, + } + + def __init__( + self, + *, + role_name: Optional[str] = None, + description: Optional[str] = None, + role_type: Optional[str] = None, + permissions: Optional[List["Permission"]] = None, + assignable_scopes: Optional[List[str]] = None, + **kwargs + ): + super(RoleDefinitionProperties, self).__init__(**kwargs) + self.role_name = role_name + self.description = description + self.role_type = role_type + self.permissions = permissions + self.assignable_scopes = assignable_scopes + + class SASTokenParameter(msrest.serialization.Model): """SASTokenParameter. @@ -616,7 +683,7 @@ class SelectiveKeyRestoreOperation(msrest.serialization.Model): :param status_details: The status details of restore operation. :type status_details: str :param error: Error encountered, if any, during the selective key restore operation. - :type error: ~azure.keyvault.v7_2.models.Error + :type error: ~key_vault_client.models.Error :param job_id: Identifier for the selective key restore operation. :type job_id: str :param start_time: The start time of the restore operation. @@ -659,8 +726,9 @@ class SelectiveKeyRestoreOperationParameters(msrest.serialization.Model): All required parameters must be populated in order to send to Azure. - :param sas_token_parameters: Required. - :type sas_token_parameters: ~azure.keyvault.v7_2.models.SASTokenParameter + :param sas_token_parameters: Required. SAS token parameter object containing Azure storage + resourceUri and token. + :type sas_token_parameters: ~key_vault_client.models.SASTokenParameter :param folder: Required. The Folder name of the blob where the previous successful full backup was stored. :type folder: str diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/operations/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/operations/__init__.py index fbdd39654293..45bbefb596c1 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/operations/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/operations/__init__.py @@ -1,17 +1,15 @@ # coding=utf-8 # -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. +# Code generated by Microsoft (R) AutoRest Code Generator (autorest: 3.0.6306, generator: {generator}) # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from ._key_vault_client_operations import KeyVaultClientOperationsMixin from ._role_definitions_operations import RoleDefinitionsOperations from ._role_assignments_operations import RoleAssignmentsOperations +from ._key_vault_client_operations import KeyVaultClientOperationsMixin __all__ = [ - 'KeyVaultClientOperationsMixin', 'RoleDefinitionsOperations', 'RoleAssignmentsOperations', + 'KeyVaultClientOperationsMixin', ] diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/operations/_role_definitions_operations.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/operations/_role_definitions_operations.py index ba3d7a757dc5..3cfe5c94c9ff 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/operations/_role_definitions_operations.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/operations/_role_definitions_operations.py @@ -1,19 +1,17 @@ # coding=utf-8 # -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. +# Code generated by Microsoft (R) AutoRest Code Generator (autorest: 3.0.6306, generator: {generator}) # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- from typing import TYPE_CHECKING import warnings -from azure.core.exceptions import HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpRequest, HttpResponse -from .. import models +from .. import models as _models if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports @@ -29,14 +27,14 @@ class RoleDefinitionsOperations(object): instantiates it for you and attaches it as an attribute. :ivar models: Alias to model classes used in this operation group. - :type models: ~azure.keyvault.v7_2.models + :type models: ~key_vault_client.models :param client: Client for service requests. :param config: Configuration of service client. :param serializer: An object model serializer. :param deserializer: An object model deserializer. """ - models = models + models = _models def __init__(self, client, config, serializer, deserializer): self._client = client @@ -44,6 +42,205 @@ def __init__(self, client, config, serializer, deserializer): self._deserialize = deserializer self._config = config + def delete( + self, + vault_base_url, # type: str + scope, # type: str + role_definition_name, # type: str + **kwargs # type: Any + ): + # type: (...) -> "_models.RoleDefinition" + """Deletes a custom role definition. + + :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. + :type vault_base_url: str + :param scope: The scope of the role definition to delete. Managed HSM only supports '/'. + :type scope: str + :param role_definition_name: The name (GUID) of the role definition to delete. + :type role_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: RoleDefinition, or the result of cls(response) + :rtype: ~key_vault_client.models.RoleDefinition + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["_models.RoleDefinition"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "7.2-preview" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'scope': self._serialize.url("scope", scope, 'str', skip_quote=True), + 'roleDefinitionName': self._serialize.url("role_definition_name", role_definition_name, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize(_models.KeyVaultError, response) + raise HttpResponseError(response=response, model=error) + + deserialized = self._deserialize('RoleDefinition', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + delete.metadata = {'url': '/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}'} # type: ignore + + def create_or_update( + self, + vault_base_url, # type: str + scope, # type: str + role_definition_name, # type: str + parameters, # type: "_models.RoleDefinitionCreateParameters" + **kwargs # type: Any + ): + # type: (...) -> "_models.RoleDefinition" + """Creates or updates a custom role definition. + + :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. + :type vault_base_url: str + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. + :type scope: str + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. + :type role_definition_name: str + :param parameters: Parameters for the role definition. + :type parameters: ~key_vault_client.models.RoleDefinitionCreateParameters + :keyword callable cls: A custom type or function that will be passed the direct response + :return: RoleDefinition, or the result of cls(response) + :rtype: ~key_vault_client.models.RoleDefinition + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["_models.RoleDefinition"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "7.2-preview" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'scope': self._serialize.url("scope", scope, 'str', skip_quote=True), + 'roleDefinitionName': self._serialize.url("role_definition_name", role_definition_name, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(parameters, 'RoleDefinitionCreateParameters') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize(_models.KeyVaultError, response) + raise HttpResponseError(response=response, model=error) + + deserialized = self._deserialize('RoleDefinition', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}'} # type: ignore + + def get( + self, + vault_base_url, # type: str + scope, # type: str + role_definition_name, # type: str + **kwargs # type: Any + ): + # type: (...) -> "_models.RoleDefinition" + """Get the specified role definition. + + :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. + :type vault_base_url: str + :param scope: The scope of the role definition to get. Managed HSM only supports '/'. + :type scope: str + :param role_definition_name: The name of the role definition to get. + :type role_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: RoleDefinition, or the result of cls(response) + :rtype: ~key_vault_client.models.RoleDefinition + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["_models.RoleDefinition"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "7.2-preview" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'scope': self._serialize.url("scope", scope, 'str', skip_quote=True), + 'roleDefinitionName': self._serialize.url("role_definition_name", role_definition_name, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize(_models.KeyVaultError, response) + raise HttpResponseError(response=response, model=error) + + deserialized = self._deserialize('RoleDefinition', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}'} # type: ignore + def list( self, vault_base_url, # type: str @@ -51,7 +248,7 @@ def list( filter=None, # type: Optional[str] **kwargs # type: Any ): - # type: (...) -> Iterable["models.RoleDefinitionListResult"] + # type: (...) -> Iterable["_models.RoleDefinitionListResult"] """Get all role definitions that are applicable at scope and above. :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. @@ -63,18 +260,21 @@ def list( :type filter: str :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either RoleDefinitionListResult or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.v7_2.models.RoleDefinitionListResult] + :rtype: ~azure.core.paging.ItemPaged[~key_vault_client.models.RoleDefinitionListResult] :raises: ~azure.core.exceptions.HttpResponseError """ - cls = kwargs.pop('cls', None) # type: ClsType["models.RoleDefinitionListResult"] - error_map = {404: ResourceNotFoundError, 409: ResourceExistsError} + cls = kwargs.pop('cls', None) # type: ClsType["_models.RoleDefinitionListResult"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } error_map.update(kwargs.pop('error_map', {})) api_version = "7.2-preview" + accept = "application/json" def prepare_request(next_link=None): # Construct headers header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = 'application/json' + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') if not next_link: # Construct URL @@ -116,7 +316,7 @@ def get_next(next_link=None): response = pipeline_response.http_response if response.status_code not in [200]: - error = self._deserialize(models.KeyVaultError, response) + error = self._deserialize(_models.KeyVaultError, response) map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, model=error) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index 0104e25c2365..ca6b2f5ec031 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -114,6 +114,64 @@ def list_role_assignments( **kwargs ) + @distributed_trace_async + async def set_role_definition(self, **kwargs): + # type: (...) -> "_models.RoleDefinition" + """Creates or updates a custom role definition. + + :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. + :type vault_base_url: str + :param scope: The scope of the role definition to create or update. Managed HSM only supports + '/'. + :type scope: str + :param role_definition_name: The name of the role definition to create or update. It can be any + valid GUID. + :type role_definition_name: str + :param parameters: Parameters for the role definition. + :type parameters: ~key_vault_client.models.RoleDefinitionCreateParameters + :keyword callable cls: A custom type or function that will be passed the direct response + :return: RoleDefinition, or the result of cls(response) + :rtype: ~key_vault_client.models.RoleDefinition + :raises: ~azure.core.exceptions.HttpResponseError + """ + role_definition_operations = self._client.role_definitions + + @distributed_trace_async + async def get_role_definition(self, **kwargs): + # type: (...) -> "_models.RoleDefinition" + """Get the specified role definition. + + :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. + :type vault_base_url: str + :param scope: The scope of the role definition to get. Managed HSM only supports '/'. + :type scope: str + :param role_definition_name: The name of the role definition to get. + :type role_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: RoleDefinition, or the result of cls(response) + :rtype: ~key_vault_client.models.RoleDefinition + :raises: ~azure.core.exceptions.HttpResponseError + """ + role_definition_operations = self._client.role_definitions + + @distributed_trace_async + async def delete_role_definition(self, role_scope, role_definition_name, **kwargs): + # type: (...) -> "_models.RoleDefinition" + """Deletes a custom role definition. + + :param role_scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad scopes. + Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value. + :type role_scope: str or KeyVaultRoleScope + :param role_definition_name: the definition's name. Must be a UUID. + :type role_definition_name: str or uuid.UUID + :returns: the deleted definition + :rtype: KeyVaultRoleDefinition + """ + definition = self._client.role_definitions.delete( + vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs + ) + return definition + @distributed_trace def list_role_definitions( self, role_scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index 44b6c1d1059b..67f4c3503c22 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -5,22 +5,36 @@ import functools import os import uuid +import time +from azure.core.credentials import AccessToken +from azure.identity import DefaultAzureCredential from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope -from devtools_testutils import KeyVaultPreparer, ResourceGroupPreparer +from devtools_testutils import CachedResourceGroupPreparer import pytest +from six.moves.urllib_parse import urlparse +from _shared.helpers import mock from _shared.test_case import KeyVaultTestCase -from _shared.preparer import KeyVaultClientPreparer as _KeyVaultClientPreparer - -AccessControlClientPreparer = functools.partial(_KeyVaultClientPreparer, KeyVaultAccessControlClient) +@pytest.mark.usefixtures("managed_hsm") class AccessControlTests(KeyVaultTestCase): def __init__(self, *args, **kwargs): super(AccessControlTests, self).__init__(*args, **kwargs) + + def setUp(self, *args, **kwargs): + if self.is_live: + real = urlparse(self.managed_hsm["url"]) + playback = urlparse(self.managed_hsm["playback_url"]) + self.scrubber.register_name_pair(real.netloc, playback.netloc) + super(AccessControlTests, self).setUp(*args, **kwargs) + + @property + def credential(self): if self.is_live: - pytest.skip("test infrastructure can't yet create a Key Vault supporting the RBAC API") + return DefaultAzureCredential() + return mock.Mock(get_token=lambda *_, **__: AccessToken("secret", time.time() + 3600)) def get_replayable_uuid(self, replay_value): if self.is_live: @@ -37,10 +51,16 @@ def get_service_principal_id(self): return value return replay_value - @ResourceGroupPreparer(random_name_enabled=True) - @KeyVaultPreparer() - @AccessControlClientPreparer() - def test_list_role_definitions(self, client): + def test_a_rest_api(self): + client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) + + properties = None + definition = client.set_role_definition(role_scope="/", role_definition_properties=properties) + print(definition) + + def test_list_role_definitions(self): + client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) + definitions = [d for d in client.list_role_definitions(KeyVaultRoleScope.global_value)] assert len(definitions) @@ -54,10 +74,9 @@ def test_list_role_definitions(self, client): assert definition.role_type is not None assert definition.type is not None - @ResourceGroupPreparer(random_name_enabled=True) - @KeyVaultPreparer() - @AccessControlClientPreparer() - def test_role_assignment(self, client): + def test_role_assignment(self): + client = KeyVaultAccessControlClient("https://mcpatinotesthsm.azure.net", self.credential) + scope = KeyVaultRoleScope.global_value definitions = [d for d in client.list_role_definitions(scope)] From 8b3acbd18e4f6f872088b4076356d01f53a77a1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Tue, 12 Jan 2021 18:50:28 -0800 Subject: [PATCH 02/13] Implement async API --- .../administration/_access_control_client.py | 4 +- .../aio/_access_control_client.py | 102 +++++++++++------- .../tests/test_access_control.py | 1 - 3 files changed, 66 insertions(+), 41 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 3a6751226523..329ba785f7ab 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -7,7 +7,7 @@ from azure.core.tracing.decorator import distributed_trace -from ._models import KeyVaultRoleAssignment, KeyVaultRoleDefinition, KeyVaultPermission +from ._models import KeyVaultRoleAssignment, KeyVaultRoleDefinition from ._internal import KeyVaultClientBase if TYPE_CHECKING: @@ -15,7 +15,7 @@ from typing import Any, List, Union from uuid import UUID from azure.core.paging import ItemPaged - from ._models import KeyVaultRoleScope + from ._models import KeyVaultRoleScope, KeyVaultPermission class KeyVaultAccessControlClient(KeyVaultClientBase): diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index ca6b2f5ec031..3c86ff6d40d4 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -16,7 +16,7 @@ from typing import Any, Union from uuid import UUID from azure.core.async_paging import AsyncItemPaged - from .._models import KeyVaultRoleScope + from .._models import KeyVaultRoleScope, KeyVaultPermission class KeyVaultAccessControlClient(AsyncKeyVaultClientBase): @@ -115,62 +115,88 @@ def list_role_assignments( ) @distributed_trace_async - async def set_role_definition(self, **kwargs): - # type: (...) -> "_models.RoleDefinition" + async def set_role_definition( + self, role_scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" + ) -> "KeyVaultRoleDefinition": """Creates or updates a custom role definition. - :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. - :type vault_base_url: str - :param scope: The scope of the role definition to create or update. Managed HSM only supports - '/'. - :type scope: str - :param role_definition_name: The name of the role definition to create or update. It can be any - valid GUID. - :type role_definition_name: str - :param parameters: Parameters for the role definition. - :type parameters: ~key_vault_client.models.RoleDefinitionCreateParameters - :keyword callable cls: A custom type or function that will be passed the direct response - :return: RoleDefinition, or the result of cls(response) - :rtype: ~key_vault_client.models.RoleDefinition - :raises: ~azure.core.exceptions.HttpResponseError + :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value. + :type role_scope: str or KeyVaultRoleScope + :keyword role_definition_name: the role definition's name. Must be a UUID. + :type role_definition_name: str or uuid.UUID + :keyword str description: the role definition's description. + :keyword str role_type: the role type. + :keyword permissions: the role definition's permissions. + :type permissions: List[KeyVaultPermission] + :keyword assignable_scopes: the role definition's assignable scopes. + :type assignable_scopes: List[str] + :returns: The created or updated role definition + :rtype: KeyVaultRoleDefinition """ - role_definition_operations = self._client.role_definitions + role_definition_name = kwargs.pop("role_definition_name", None) or uuid4() + permissions = kwargs.pop("permissions", None) + if permissions is not None: + permissions = [ + self._client.role_definitions.models.Permission( + actions=p.allowed_actions, + not_actions=p.denied_actions, + data_actions=p.allowed_data_actions, + not_data_actions=p.denied_data_actions, + ) + for p in permissions + ] + + properties = self._client.role_definitions.models.RoleDefinitionProperties( + role_name=role_definition_name, permissions=permissions, **kwargs + ) + parameters = self._client.role_definitions.models.RoleDefinitionCreateParameters(properties=properties) + + definition = await self._client.role_definitions.create_or_update( + vault_base_url=self._vault_url, + scope=role_scope, + role_definition_name=role_definition_name, + parameters=parameters, + **kwargs + ) + return KeyVaultRoleDefinition._from_generated(definition) @distributed_trace_async - async def get_role_definition(self, **kwargs): - # type: (...) -> "_models.RoleDefinition" + async def get_role_definition( + self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_name: Union[str, UUID], **kwargs: "Any" + ) -> "KeyVaultRoleDefinition": """Get the specified role definition. - :param vault_base_url: The vault name, for example https://myvault.vault.azure.net. - :type vault_base_url: str - :param scope: The scope of the role definition to get. Managed HSM only supports '/'. - :type scope: str - :param role_definition_name: The name of the role definition to get. - :type role_definition_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: RoleDefinition, or the result of cls(response) - :rtype: ~key_vault_client.models.RoleDefinition - :raises: ~azure.core.exceptions.HttpResponseError + :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. + Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value. + :type role_scope: str or KeyVaultRoleScope + :param role_definition_name: the role definition's name. Must be a UUID. + :type role_definition_name: str or uuid.UUID + :rtype: KeyVaultRoleDefinition """ - role_definition_operations = self._client.role_definitions + definition = await self._client.role_definitions.get( + vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs + ) + return KeyVaultRoleDefinition._from_generated(definition) @distributed_trace_async - async def delete_role_definition(self, role_scope, role_definition_name, **kwargs): - # type: (...) -> "_models.RoleDefinition" + async def delete_role_definition( + self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_name: Union[str, UUID], **kwargs: "Any" + ) -> "KeyVaultRoleDefinition": """Deletes a custom role definition. - :param role_scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad scopes. + :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value. :type role_scope: str or KeyVaultRoleScope - :param role_definition_name: the definition's name. Must be a UUID. + :param role_definition_name: the role definition's name. Must be a UUID. :type role_definition_name: str or uuid.UUID - :returns: the deleted definition + :returns: the deleted role definition :rtype: KeyVaultRoleDefinition """ - definition = self._client.role_definitions.delete( + definition = await self._client.role_definitions.delete( vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs ) - return definition + return KeyVaultRoleDefinition._from_generated(definition) @distributed_trace def list_role_definitions( diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index 67f4c3503c22..906f6929170d 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -10,7 +10,6 @@ from azure.core.credentials import AccessToken from azure.identity import DefaultAzureCredential from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope -from devtools_testutils import CachedResourceGroupPreparer import pytest from six.moves.urllib_parse import urlparse From cc4717f1411eaf3116e40d1c0b756e8e2eff9e30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Wed, 13 Jan 2021 18:06:47 -0800 Subject: [PATCH 03/13] Add sync tests, update public model --- .../administration/_access_control_client.py | 8 +- .../azure/keyvault/administration/_models.py | 8 +- .../tests/test_access_control.py | 75 ++++++++++++++----- 3 files changed, 63 insertions(+), 28 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 329ba785f7ab..ce3492d2859c 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -12,7 +12,7 @@ if TYPE_CHECKING: # pylint:disable=ungrouped-imports - from typing import Any, List, Union + from typing import Any, Union from uuid import UUID from azure.core.paging import ItemPaged from ._models import KeyVaultRoleScope, KeyVaultPermission @@ -119,12 +119,10 @@ def set_role_definition(self, role_scope, **kwargs): :type role_scope: str or KeyVaultRoleScope :keyword role_definition_name: the role definition's name. Must be a UUID. :type role_definition_name: str or uuid.UUID - :keyword str description: the role definition's description. - :keyword str role_type: the role type. :keyword permissions: the role definition's permissions. - :type permissions: List[KeyVaultPermission] + :type permissions: list[KeyVaultPermission] :keyword assignable_scopes: the role definition's assignable scopes. - :type assignable_scopes: List[str] + :type assignable_scopes: list[str] :returns: The created or updated role definition :rtype: KeyVaultRoleDefinition """ diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py index e47e93e81958..3f156408cf48 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py @@ -31,10 +31,10 @@ class KeyVaultPermission(object): def __init__(self, **kwargs): # type: (**Any) -> None - self.allowed_actions = kwargs.get("allowed_actions") - self.denied_actions = kwargs.get("denied_actions") - self.allowed_data_actions = kwargs.get("allowed_data_actions") - self.denied_data_actions = kwargs.get("denied_data_actions") + self.allowed_actions = kwargs.get("allowed_actions", []) + self.denied_actions = kwargs.get("denied_actions", []) + self.allowed_data_actions = kwargs.get("allowed_data_actions", []) + self.denied_data_actions = kwargs.get("denied_data_actions", []) @classmethod def _from_generated(cls, permissions): diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index 906f6929170d..163eba116c74 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -9,7 +9,7 @@ from azure.core.credentials import AccessToken from azure.identity import DefaultAzureCredential -from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope +from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope, KeyVaultPermission import pytest from six.moves.urllib_parse import urlparse @@ -50,31 +50,68 @@ def get_service_principal_id(self): return value return replay_value - def test_a_rest_api(self): + def _assert_role_definitions_equal(self, d1, d2): + assert d1.id == d2.id + assert d1.name == d2.name + assert d1.role_name == d2.role_name + assert d1.description == d2.description + assert d1.role_type == d2.role_type + assert d1.type == d2.type + assert len(d1.permissions) == len(d2.permissions) + for i in range(len(d1.permissions)): + assert d1.permissions[i].allowed_actions == d2.permissions[i].allowed_actions + assert d1.permissions[i].denied_actions == d2.permissions[i].denied_actions + assert d1.permissions[i].allowed_data_actions == d2.permissions[i].allowed_data_actions + assert d1.permissions[i].denied_data_actions == d2.permissions[i].denied_data_actions + assert d1.assignable_scopes == d2.assignable_scopes + + def test_role_definitions(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) - properties = None - definition = client.set_role_definition(role_scope="/", role_definition_properties=properties) - print(definition) + # list initial role definitions + scope = KeyVaultRoleScope.global_value + original_definitions = [d for d in client.list_role_definitions(scope)] + assert len(original_definitions) + + # create custom role definition + definition_name = self.get_replayable_uuid("definition-name") + permissions = [KeyVaultPermission( + allowed_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"] + )] + created_definition = client.set_role_definition( + role_scope=scope, role_definition_name=definition_name, permissions=permissions + ) + assert "/" in created_definition.assignable_scopes + assert created_definition.name == definition_name + assert len(created_definition.permissions) == 1 + assert len(created_definition.permissions[0].allowed_data_actions) == 1 + + # update custom role definition + permissions = [KeyVaultPermission( + allowed_data_actions=[], + denied_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"] + )] + updated_definition = client.set_role_definition( + role_scope=scope, role_definition_name=definition_name, permissions=permissions + ) + assert len(updated_definition.permissions) == 1 + assert len(updated_definition.permissions[0].allowed_data_actions) == 0 + assert len(updated_definition.permissions[0].denied_data_actions) == 1 - def test_list_role_definitions(self): - client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) + # assert that the created role definition isn't duplicated + matching_definitions = [d for d in client.list_role_definitions(scope) if d.id == updated_definition.id] + assert len(matching_definitions) == 1 - definitions = [d for d in client.list_role_definitions(KeyVaultRoleScope.global_value)] - assert len(definitions) + # get custom role definition + definition = client.get_role_definition(role_scope=scope, role_definition_name=definition_name) + self._assert_role_definitions_equal(definition, updated_definition) - for definition in definitions: - assert "/" in definition.assignable_scopes - assert definition.description is not None - assert definition.id is not None - assert definition.name is not None - assert len(definition.permissions) - assert definition.role_name is not None - assert definition.role_type is not None - assert definition.type is not None + # delete custom role definition + deleted_definition = client.delete_role_definition(scope, definition_name) + self._assert_role_definitions_equal(deleted_definition, definition) def test_role_assignment(self): - client = KeyVaultAccessControlClient("https://mcpatinotesthsm.azure.net", self.credential) + client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) scope = KeyVaultRoleScope.global_value definitions = [d for d in client.list_role_definitions(scope)] From baf412e2d282ec8d51910809c64c55564411902d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Thu, 14 Jan 2021 14:58:43 -0800 Subject: [PATCH 04/13] Add async tests, update Definitions model --- .../azure/keyvault/administration/_models.py | 81 +++++++++---- .../aio/_access_control_client.py | 10 +- ...ss_control.test_list_role_definitions.yaml | 69 ----------- ...trol_async.test_list_role_definitions.yaml | 54 --------- .../tests/test_access_control.py | 62 +++++----- .../tests/test_access_control_async.py | 110 ++++++++++++------ 6 files changed, 173 insertions(+), 213 deletions(-) delete mode 100644 sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_list_role_definitions.yaml delete mode 100644 sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_list_role_definitions.yaml diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py index 3f156408cf48..71994c463afb 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py @@ -134,42 +134,79 @@ def _from_generated(cls, role_assignment_properties): class KeyVaultRoleDefinition(object): - """Role definition. - - :ivar str id: The role definition ID. - :ivar str name: The role definition name. - :ivar str type: The role definition type. - :ivar str role_name: The role name. - :ivar str description: The role definition description. - :ivar str role_type: The role type. - :ivar permissions: Role definition permissions. - :vartype permissions: list[KeyVaultPermission] - :ivar list[str] assignable_scopes: Role definition assignable scopes. - """ + """Represents the definition of a role over a scope.""" def __init__(self, **kwargs): # type: (**Any) -> None - self.id = kwargs.get("id") - self.name = kwargs.get("name") - self.role_name = kwargs.get("role_name") - self.description = kwargs.get("description") - self.role_type = kwargs.get("role_type") - self.type = kwargs.get("type") - self.permissions = kwargs.get("permissions") - self.assignable_scopes = kwargs.get("assignable_scopes") + self._role_definition_id = kwargs.get("role_definition_id") + self._name = kwargs.get("name") + self._role_name = kwargs.get("role_name") + self._description = kwargs.get("description") + self._role_type = kwargs.get("role_type") + self._type = kwargs.get("type") + self._permissions = kwargs.get("permissions") + self._assignable_scopes = kwargs.get("assignable_scopes") def __repr__(self): # type: () -> str - return "".format(self.role_name)[:1024] + return "KeyVaultRoleDefinition<{}>".format(self._role_definition_id) + + @property + def role_definition_id(self): + # type: () -> str + """unique identifier for this role definition""" + return self._role_definition_id + + @property + def name(self): + # type: () -> str + """name of the role definition""" + return self._name + + @property + def role_name(self): + # type: () -> str + """name of the role""" + return self._role_name + + @property + def description(self): + # type: () -> str + """description of the role definition""" + return self._description + + @property + def role_type(self): + # type: () -> str + """type of the role""" + return self._role_type + + @property + def type(self): + # type: () -> str + """type of the role definition""" + return self._type + + @property + def permissions(self): + # type: () -> list[KeyVaultPermission] + """permissions defined for the role""" + return self._permissions + + @property + def assignable_scopes(self): + # type: () -> list[str] + """scopes that can be assigned to the role""" + return self._assignable_scopes @classmethod def _from_generated(cls, definition): return cls( assignable_scopes=definition.assignable_scopes, description=definition.description, - id=definition.id, name=definition.name, permissions=[KeyVaultPermission._from_generated(p) for p in definition.permissions], + role_definition_id=definition.id, role_name=definition.role_name, role_type=definition.role_type, type=definition.type, diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index 3c86ff6d40d4..1e539f402260 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -125,12 +125,10 @@ async def set_role_definition( :type role_scope: str or KeyVaultRoleScope :keyword role_definition_name: the role definition's name. Must be a UUID. :type role_definition_name: str or uuid.UUID - :keyword str description: the role definition's description. - :keyword str role_type: the role type. :keyword permissions: the role definition's permissions. - :type permissions: List[KeyVaultPermission] + :type permissions: list[KeyVaultPermission] :keyword assignable_scopes: the role definition's assignable scopes. - :type assignable_scopes: List[str] + :type assignable_scopes: list[str] :returns: The created or updated role definition :rtype: KeyVaultRoleDefinition """ @@ -163,7 +161,7 @@ async def set_role_definition( @distributed_trace_async async def get_role_definition( - self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_name: Union[str, UUID], **kwargs: "Any" + self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_name: "Union[str, UUID]", **kwargs: "Any" ) -> "KeyVaultRoleDefinition": """Get the specified role definition. @@ -181,7 +179,7 @@ async def get_role_definition( @distributed_trace_async async def delete_role_definition( - self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_name: Union[str, UUID], **kwargs: "Any" + self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_name: "Union[str, UUID]", **kwargs: "Any" ) -> "KeyVaultRoleDefinition": """Deletes a custom role definition. diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_list_role_definitions.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_list_role_definitions.yaml deleted file mode 100644 index 619557270b11..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_list_role_definitions.yaml +++ /dev/null @@ -1,69 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - Content-Length: - - '0' - User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/2.7.15 (Windows-10-10.0.19041) - method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - response: - body: - string: !!python/unicode OK - headers: - content-length: - - '2' - content-type: - - application/json - www-authenticate: - - Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", - resource="https://managedhsm.azure.net" - x-content-type-options: - - nosniff - status: - code: 401 - message: Unauthorized -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/2.7.15 (Windows-10-10.0.19041) - method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - response: - body: - string: !!python/unicode '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Administrator","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Officer","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto User","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Policy Administrator","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Auditor","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Service Encryption","type":""},"type":"Microsoft.Authorization/roleDefinitions"}]}' - headers: - content-length: - - '5517' - content-type: - - application/json - x-content-type-options: - - nosniff - x-ms-keyvault-network-info: - - addr=24.17.201.78 - x-ms-keyvault-region: - - EASTUS - status: - code: 200 - message: OK -version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_list_role_definitions.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_list_role_definitions.yaml deleted file mode 100644 index 131a7d6c32bc..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_list_role_definitions.yaml +++ /dev/null @@ -1,54 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json - Content-Length: - - '0' - User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/3.5.4 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - response: - body: - string: OK - headers: - content-length: '2' - content-type: application/json - www-authenticate: Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", - resource="https://managedhsm.azure.net" - x-content-type-options: nosniff - status: - code: 401 - message: Unauthorized - url: https://eastus.clitest.managedhsm-preview.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview -- request: - body: null - headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/3.5.4 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - response: - body: - string: '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Administrator","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Officer","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto User","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Policy Administrator","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Auditor","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Service Encryption","type":""},"type":"Microsoft.Authorization/roleDefinitions"}]}' - headers: - content-length: '5517' - content-type: application/json - x-content-type-options: nosniff - x-ms-keyvault-network-info: addr=24.17.201.78 - x-ms-keyvault-region: EASTUS - status: - code: 200 - message: OK - url: https://eastus.clitest.managedhsm-preview.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview -version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index 163eba116c74..bf53218fdc6f 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -2,7 +2,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ -import functools import os import uuid import time @@ -50,21 +49,6 @@ def get_service_principal_id(self): return value return replay_value - def _assert_role_definitions_equal(self, d1, d2): - assert d1.id == d2.id - assert d1.name == d2.name - assert d1.role_name == d2.role_name - assert d1.description == d2.description - assert d1.role_type == d2.role_type - assert d1.type == d2.type - assert len(d1.permissions) == len(d2.permissions) - for i in range(len(d1.permissions)): - assert d1.permissions[i].allowed_actions == d2.permissions[i].allowed_actions - assert d1.permissions[i].denied_actions == d2.permissions[i].denied_actions - assert d1.permissions[i].allowed_data_actions == d2.permissions[i].allowed_data_actions - assert d1.permissions[i].denied_data_actions == d2.permissions[i].denied_data_actions - assert d1.assignable_scopes == d2.assignable_scopes - def test_role_definitions(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) @@ -75,9 +59,7 @@ def test_role_definitions(self): # create custom role definition definition_name = self.get_replayable_uuid("definition-name") - permissions = [KeyVaultPermission( - allowed_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"] - )] + permissions = [KeyVaultPermission(allowed_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"])] created_definition = client.set_role_definition( role_scope=scope, role_definition_name=definition_name, permissions=permissions ) @@ -87,10 +69,11 @@ def test_role_definitions(self): assert len(created_definition.permissions[0].allowed_data_actions) == 1 # update custom role definition - permissions = [KeyVaultPermission( - allowed_data_actions=[], - denied_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"] - )] + permissions = [ + KeyVaultPermission( + allowed_data_actions=[], denied_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"] + ) + ] updated_definition = client.set_role_definition( role_scope=scope, role_definition_name=definition_name, permissions=permissions ) @@ -99,16 +82,19 @@ def test_role_definitions(self): assert len(updated_definition.permissions[0].denied_data_actions) == 1 # assert that the created role definition isn't duplicated - matching_definitions = [d for d in client.list_role_definitions(scope) if d.id == updated_definition.id] + matching_definitions = [ + d for d in client.list_role_definitions(scope) + if d.role_definition_id == updated_definition.role_definition_id + ] assert len(matching_definitions) == 1 # get custom role definition definition = client.get_role_definition(role_scope=scope, role_definition_name=definition_name) - self._assert_role_definitions_equal(definition, updated_definition) + assert_role_definitions_equal(definition, updated_definition) # delete custom role definition deleted_definition = client.delete_role_definition(scope, definition_name) - self._assert_role_definitions_equal(deleted_definition, definition) + assert_role_definitions_equal(deleted_definition, definition) def test_role_assignment(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) @@ -121,17 +107,19 @@ def test_role_assignment(self): principal_id = self.get_service_principal_id() name = self.get_replayable_uuid("some-uuid") - created = client.create_role_assignment(scope, definition.id, principal_id, role_assignment_name=name) + created = client.create_role_assignment( + scope, definition.role_definition_id, principal_id, role_assignment_name=name + ) assert created.name == name assert created.principal_id == principal_id - assert created.role_definition_id == definition.id + assert created.role_definition_id == definition.role_definition_id assert created.scope == scope # should be able to get the new assignment got = client.get_role_assignment(scope, name) assert got.name == name assert got.principal_id == principal_id - assert got.role_definition_id == definition.id + assert got.role_definition_id == definition.role_definition_id assert got.scope == scope # new assignment should be in the list of all assignments @@ -150,3 +138,19 @@ def test_role_assignment(self): assert not any( a for a in client.list_role_assignments(scope) if a.role_assignment_id == created.role_assignment_id ) + + +def assert_role_definitions_equal(d1, d2): + assert d1.role_definition_id == d2.role_definition_id + assert d1.name == d2.name + assert d1.role_name == d2.role_name + assert d1.description == d2.description + assert d1.role_type == d2.role_type + assert d1.type == d2.type + assert len(d1.permissions) == len(d2.permissions) + for i in range(len(d1.permissions)): + assert d1.permissions[i].allowed_actions == d2.permissions[i].allowed_actions + assert d1.permissions[i].denied_actions == d2.permissions[i].denied_actions + assert d1.permissions[i].allowed_data_actions == d2.permissions[i].allowed_data_actions + assert d1.permissions[i].denied_data_actions == d2.permissions[i].denied_data_actions + assert d1.assignable_scopes == d2.assignable_scopes diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py index 9e984beb91d4..d2559f0bac55 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py @@ -2,26 +2,39 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ -import functools import os import uuid +import time -from azure.keyvault.administration import KeyVaultRoleScope +from azure.core.credentials import AccessToken +from azure.identity import DefaultAzureCredential +from azure.keyvault.administration import KeyVaultRoleScope, KeyVaultPermission from azure.keyvault.administration.aio import KeyVaultAccessControlClient -from devtools_testutils import KeyVaultPreparer, ResourceGroupPreparer import pytest +from six.moves.urllib_parse import urlparse +from _shared.helpers import mock from _shared.test_case_async import KeyVaultTestCase -from _shared.preparer_async import KeyVaultClientPreparer as _KeyVaultClientPreparer - -AccessControlClientPreparer = functools.partial(_KeyVaultClientPreparer, KeyVaultAccessControlClient) +from test_access_control import assert_role_definitions_equal +@pytest.mark.usefixtures("managed_hsm") class AccessControlTests(KeyVaultTestCase): def __init__(self, *args, **kwargs): super(AccessControlTests, self).__init__(*args, **kwargs) + + def setUp(self, *args, **kwargs): + if self.is_live: + real = urlparse(self.managed_hsm["url"]) + playback = urlparse(self.managed_hsm["playback_url"]) + self.scrubber.register_name_pair(real.netloc, playback.netloc) + super(AccessControlTests, self).setUp(*args, **kwargs) + + @property + def credential(self): if self.is_live: - pytest.skip("test infrastructure can't yet create a Key Vault supporting the RBAC API") + return DefaultAzureCredential() + return mock.Mock(get_token=lambda *_, **__: AccessToken("secret", time.time() + 3600)) def get_replayable_uuid(self, replay_value): if self.is_live: @@ -38,29 +51,58 @@ def get_service_principal_id(self): return value return replay_value - @ResourceGroupPreparer(random_name_enabled=True) - @KeyVaultPreparer() - @AccessControlClientPreparer() - async def test_list_role_definitions(self, client): - definitions = [] - async for definition in client.list_role_definitions(KeyVaultRoleScope.global_value): - definitions.append(definition) - assert len(definitions) - - for definition in definitions: - assert "/" in definition.assignable_scopes - assert definition.description is not None - assert definition.id is not None - assert definition.name is not None - assert len(definition.permissions) - assert definition.role_name is not None - assert definition.role_type is not None - assert definition.type is not None - - @ResourceGroupPreparer(random_name_enabled=True) - @KeyVaultPreparer() - @AccessControlClientPreparer() - async def test_role_assignment(self, client): + async def test_role_definitions(self): + client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) + + # list initial role definitions + scope = KeyVaultRoleScope.global_value + original_definitions = [] + async for definition in client.list_role_definitions(scope): + original_definitions.append(definition) + assert len(original_definitions) + + # create custom role definition + definition_name = self.get_replayable_uuid("definition-name") + permissions = [KeyVaultPermission(allowed_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"])] + created_definition = await client.set_role_definition( + role_scope=scope, role_definition_name=definition_name, permissions=permissions + ) + assert "/" in created_definition.assignable_scopes + assert created_definition.name == definition_name + assert len(created_definition.permissions) == 1 + assert len(created_definition.permissions[0].allowed_data_actions) == 1 + + # update custom role definition + permissions = [ + KeyVaultPermission( + allowed_data_actions=[], denied_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"] + ) + ] + updated_definition = await client.set_role_definition( + role_scope=scope, role_definition_name=definition_name, permissions=permissions + ) + assert len(updated_definition.permissions) == 1 + assert len(updated_definition.permissions[0].allowed_data_actions) == 0 + assert len(updated_definition.permissions[0].denied_data_actions) == 1 + + # assert that the created role definition isn't duplicated + matching_definitions = [] + async for definition in client.list_role_definitions(scope): + if definition.role_definition_id == updated_definition.role_definition_id: + matching_definitions.append(definition) + assert len(matching_definitions) == 1 + + # get custom role definition + definition = await client.get_role_definition(role_scope=scope, role_definition_name=definition_name) + assert_role_definitions_equal(definition, updated_definition) + + # delete custom role definition + deleted_definition = await client.delete_role_definition(scope, definition_name) + assert_role_definitions_equal(deleted_definition, definition) + + async def test_role_assignment(self): + client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) + scope = KeyVaultRoleScope.global_value definitions = [] async for definition in client.list_role_definitions(scope): @@ -71,17 +113,19 @@ async def test_role_assignment(self, client): principal_id = self.get_service_principal_id() name = self.get_replayable_uuid("some-uuid") - created = await client.create_role_assignment(scope, definition.id, principal_id, role_assignment_name=name) + created = await client.create_role_assignment( + scope, definition.role_definition_id, principal_id, role_assignment_name=name + ) assert created.name == name assert created.principal_id == principal_id - assert created.role_definition_id == definition.id + assert created.role_definition_id == definition.role_definition_id assert created.scope == scope # should be able to get the new assignment got = await client.get_role_assignment(scope, name) assert got.name == name assert got.principal_id == principal_id - assert got.role_definition_id == definition.id + assert got.role_definition_id == definition.role_definition_id assert got.scope == scope # new assignment should be in the list of all assignments From b632199da41edc103dcd0cfa37dffe0ed9ab3a05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Thu, 14 Jan 2021 15:12:45 -0800 Subject: [PATCH 05/13] Add sync test recordings --- ...t_access_control.test_role_assignment.yaml | 181 ++++++++---- ..._access_control.test_role_definitions.yaml | 275 ++++++++++++++++++ ...ss_control_async.test_role_assignment.yaml | 145 --------- 3 files changed, 406 insertions(+), 195 deletions(-) create mode 100644 sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml delete mode 100644 sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml index 595db694da16..f31704eabec8 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml @@ -11,22 +11,34 @@ interactions: Content-Length: - '0' User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/2.7.15 (Windows-10-10.0.19041) + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview response: body: - string: !!python/unicode OK + string: OK headers: + cache-control: + - no-cache content-length: - '2' + content-security-policy: + - default-src 'self' content-type: - - application/json + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains www-authenticate: - Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", resource="https://managedhsm.azure.net" x-content-type-options: - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20201217-1-856d5963-develop + x-ms-server-latency: + - '1' status: code: 401 message: Unauthorized @@ -40,34 +52,47 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/2.7.15 (Windows-10-10.0.19041) + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview response: body: - string: !!python/unicode '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Administrator","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Officer","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto User","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Policy Administrator","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Auditor","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Service Encryption","type":""},"type":"Microsoft.Authorization/roleDefinitions"}]}' + string: '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' headers: + cache-control: + - no-cache content-length: - - '5517' + - '6772' + content-security-policy: + - default-src 'self' content-type: - - application/json + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains x-content-type-options: - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20201217-1-856d5963-develop x-ms-keyvault-network-info: - - addr=24.17.201.78 + - addr=162.211.216.102 x-ms-keyvault-region: - - EASTUS + - northeurope + x-ms-server-latency: + - '0' status: code: 200 message: OK - request: - body: !!python/unicode '{"properties": {"roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4", + body: '{"properties": {"roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8", "principalId": "service-principal-id"}}' headers: Accept: @@ -81,23 +106,33 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/2.7.15 (Windows-10-10.0.19041) + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) method: PUT - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview + uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview response: body: - string: !!python/unicode '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' + string: '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' headers: + cache-control: + - no-cache content-length: - '398' + content-security-policy: + - default-src 'self' content-type: - - application/json + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains x-content-type-options: - nosniff + x-frame-options: + - SAMEORIGIN x-ms-keyvault-network-info: - - addr=24.17.201.78 + - addr=162.211.216.102 x-ms-keyvault-region: - - EASTUS + - northeurope + x-ms-server-latency: + - '56' status: code: 201 message: Created @@ -111,23 +146,35 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/2.7.15 (Windows-10-10.0.19041) + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview + uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview response: body: - string: !!python/unicode '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' + string: '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' headers: + cache-control: + - no-cache content-length: - '398' + content-security-policy: + - default-src 'self' content-type: - - application/json + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains x-content-type-options: - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20201217-1-856d5963-develop x-ms-keyvault-network-info: - - addr=24.17.201.78 + - addr=162.211.216.102 x-ms-keyvault-region: - - EASTUS + - northeurope + x-ms-server-latency: + - '0' status: code: 200 message: OK @@ -141,23 +188,35 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/2.7.15 (Windows-10-10.0.19041) + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview + uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview response: body: - string: !!python/unicode '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/e1392147-41b5-498b-847d-ca061e8808a3","name":"e1392147-41b5-498b-847d-ca061e8808a3","properties":{"principalId":"67ca7f59-968b-4cde-8582-d6a5341fa721","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/f35aa2fd-545a-4f42-a44b-f862a530d4f1","name":"f35aa2fd-545a-4f42-a44b-f862a530d4f1","properties":{"principalId":"f84ae8f9-c979-4750-a2fe-b350a00bebff","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/457acfe4-7ff8-4608-b3ac-87139804539e","name":"457acfe4-7ff8-4608-b3ac-87139804539e","properties":{"principalId":"693a17da-7022-4cdd-9d4e-4e72e4ad449d","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/c6de6e40-d764-49e1-8e7c-be2f2a27de81","name":"c6de6e40-d764-49e1-8e7c-be2f2a27de81","properties":{"principalId":"3c1303ad-140b-493c-ab45-bed8ddbfa72c","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/2f070682-b1a6-0ad3-acd3-7b891e5c79b0","name":"2f070682-b1a6-0ad3-acd3-7b891e5c79b0","properties":{"principalId":"bf0cee9f-b26b-4e25-b4ab-92ec7466cf33","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/0480f9fc-1294-4668-b31e-e5d8bae7d5b3","name":"0480f9fc-1294-4668-b31e-e5d8bae7d5b3","properties":{"principalId":"74677558-f369-4792-afe5-f99738b5fa7c","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/25344e4c-a02f-06c7-9268-7181b6f4382e","name":"25344e4c-a02f-06c7-9268-7181b6f4382e","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' headers: + cache-control: + - no-cache content-length: - - '2804' + - '809' + content-security-policy: + - default-src 'self' content-type: - - application/json + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains x-content-type-options: - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20201217-1-856d5963-develop x-ms-keyvault-network-info: - - addr=24.17.201.78 + - addr=162.211.216.102 x-ms-keyvault-region: - - EASTUS + - northeurope + x-ms-server-latency: + - '0' status: code: 200 message: OK @@ -173,23 +232,33 @@ interactions: Content-Length: - '0' User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/2.7.15 (Windows-10-10.0.19041) + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) method: DELETE - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview + uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview response: body: - string: !!python/unicode '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' + string: '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' headers: + cache-control: + - no-cache content-length: - '398' + content-security-policy: + - default-src 'self' content-type: - - application/json + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains x-content-type-options: - nosniff + x-frame-options: + - SAMEORIGIN x-ms-keyvault-network-info: - - addr=24.17.201.78 + - addr=162.211.216.102 x-ms-keyvault-region: - - EASTUS + - northeurope + x-ms-server-latency: + - '67' status: code: 200 message: OK @@ -203,23 +272,35 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/2.7.15 (Windows-10-10.0.19041) + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview + uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview response: body: - string: !!python/unicode '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/e1392147-41b5-498b-847d-ca061e8808a3","name":"e1392147-41b5-498b-847d-ca061e8808a3","properties":{"principalId":"67ca7f59-968b-4cde-8582-d6a5341fa721","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/f35aa2fd-545a-4f42-a44b-f862a530d4f1","name":"f35aa2fd-545a-4f42-a44b-f862a530d4f1","properties":{"principalId":"f84ae8f9-c979-4750-a2fe-b350a00bebff","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/457acfe4-7ff8-4608-b3ac-87139804539e","name":"457acfe4-7ff8-4608-b3ac-87139804539e","properties":{"principalId":"693a17da-7022-4cdd-9d4e-4e72e4ad449d","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/c6de6e40-d764-49e1-8e7c-be2f2a27de81","name":"c6de6e40-d764-49e1-8e7c-be2f2a27de81","properties":{"principalId":"3c1303ad-140b-493c-ab45-bed8ddbfa72c","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/2f070682-b1a6-0ad3-acd3-7b891e5c79b0","name":"2f070682-b1a6-0ad3-acd3-7b891e5c79b0","properties":{"principalId":"bf0cee9f-b26b-4e25-b4ab-92ec7466cf33","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/0480f9fc-1294-4668-b31e-e5d8bae7d5b3","name":"0480f9fc-1294-4668-b31e-e5d8bae7d5b3","properties":{"principalId":"74677558-f369-4792-afe5-f99738b5fa7c","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/25344e4c-a02f-06c7-9268-7181b6f4382e","name":"25344e4c-a02f-06c7-9268-7181b6f4382e","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' headers: + cache-control: + - no-cache content-length: - - '2405' + - '410' + content-security-policy: + - default-src 'self' content-type: - - application/json + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains x-content-type-options: - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20201217-1-856d5963-develop x-ms-keyvault-network-info: - - addr=24.17.201.78 + - addr=162.211.216.102 x-ms-keyvault-region: - - EASTUS + - northeurope + x-ms-server-latency: + - '0' status: code: 200 message: OK diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml new file mode 100644 index 000000000000..b3d8af45f6bf --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml @@ -0,0 +1,275 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + response: + body: + string: '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + headers: + cache-control: + - no-cache + content-length: + - '6772' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20201217-1-856d5963-develop + x-ms-keyvault-network-info: + - addr=162.211.216.102 + x-ms-keyvault-region: + - northeurope + x-ms-server-latency: + - '0' + status: + code: 200 + message: OK +- request: + body: '{"properties": {"roleName": "definition-name", "permissions": [{"actions": + [], "dataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"], "notActions": + [], "notDataActions": []}]}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '209' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions/definition-name?api-version=7.2-preview + response: + body: + string: '{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}' + headers: + cache-control: + - no-cache + content-length: + - '468' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-keyvault-network-info: + - addr=162.211.216.102 + x-ms-keyvault-region: + - northeurope + x-ms-server-latency: + - '42' + status: + code: 201 + message: Created +- request: + body: '{"properties": {"roleName": "definition-name", "permissions": [{"actions": + [], "dataActions": [], "notActions": [], "notDataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"]}]}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '209' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions/definition-name?api-version=7.2-preview + response: + body: + string: '{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}' + headers: + cache-control: + - no-cache + content-length: + - '468' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-keyvault-network-info: + - addr=162.211.216.102 + x-ms-keyvault-region: + - northeurope + x-ms-server-latency: + - '37' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + response: + body: + string: '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + headers: + cache-control: + - no-cache + content-length: + - '7241' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20201217-1-856d5963-develop + x-ms-keyvault-network-info: + - addr=162.211.216.102 + x-ms-keyvault-region: + - northeurope + x-ms-server-latency: + - '0' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions/definition-name?api-version=7.2-preview + response: + body: + string: '{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}' + headers: + cache-control: + - no-cache + content-length: + - '468' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20201217-1-856d5963-develop + x-ms-keyvault-network-info: + - addr=162.211.216.102 + x-ms-keyvault-region: + - northeurope + x-ms-server-latency: + - '0' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: DELETE + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions/definition-name?api-version=7.2-preview + response: + body: + string: '{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}' + headers: + cache-control: + - no-cache + content-length: + - '468' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-keyvault-network-info: + - addr=162.211.216.102 + x-ms-keyvault-region: + - northeurope + x-ms-server-latency: + - '39' + status: + code: 200 + message: OK +version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml deleted file mode 100644 index a884c896a2ea..000000000000 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml +++ /dev/null @@ -1,145 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/3.5.4 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - response: - body: - string: '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Administrator","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Officer","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto User","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Policy Administrator","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Auditor","type":""},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Azure - Key Vault Managed HSM Crypto Service Encryption","type":""},"type":"Microsoft.Authorization/roleDefinitions"}]}' - headers: - content-length: '5517' - content-type: application/json - x-content-type-options: nosniff - x-ms-keyvault-network-info: addr=24.17.201.78 - x-ms-keyvault-region: EASTUS - status: - code: 200 - message: OK - url: https://eastus.clitest.managedhsm-preview.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview -- request: - body: '{"properties": {"roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4", - "principalId": "service-principal-id"}}' - headers: - Accept: - - application/json - Content-Length: - - '200' - Content-Type: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/3.5.4 (Windows-10-10.0.19041-SP0) - method: PUT - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview - response: - body: - string: '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' - headers: - content-length: '398' - content-type: application/json - x-content-type-options: nosniff - x-ms-keyvault-network-info: addr=24.17.201.78 - x-ms-keyvault-region: EASTUS - status: - code: 201 - message: Created - url: https://eastus.clitest.managedhsm-preview.azure.net/providers/Microsoft.Authorization/roleAssignments/4af0820d-e870-4795-878e-1869f6f0888e?api-version=7.2-preview -- request: - body: null - headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/3.5.4 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview - response: - body: - string: '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' - headers: - content-length: '398' - content-type: application/json - x-content-type-options: nosniff - x-ms-keyvault-network-info: addr=24.17.201.78 - x-ms-keyvault-region: EASTUS - status: - code: 200 - message: OK - url: https://eastus.clitest.managedhsm-preview.azure.net/providers/Microsoft.Authorization/roleAssignments/4af0820d-e870-4795-878e-1869f6f0888e?api-version=7.2-preview -- request: - body: null - headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/3.5.4 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview - response: - body: - string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/e1392147-41b5-498b-847d-ca061e8808a3","name":"e1392147-41b5-498b-847d-ca061e8808a3","properties":{"principalId":"67ca7f59-968b-4cde-8582-d6a5341fa721","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/f35aa2fd-545a-4f42-a44b-f862a530d4f1","name":"f35aa2fd-545a-4f42-a44b-f862a530d4f1","properties":{"principalId":"f84ae8f9-c979-4750-a2fe-b350a00bebff","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/457acfe4-7ff8-4608-b3ac-87139804539e","name":"457acfe4-7ff8-4608-b3ac-87139804539e","properties":{"principalId":"693a17da-7022-4cdd-9d4e-4e72e4ad449d","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/c6de6e40-d764-49e1-8e7c-be2f2a27de81","name":"c6de6e40-d764-49e1-8e7c-be2f2a27de81","properties":{"principalId":"3c1303ad-140b-493c-ab45-bed8ddbfa72c","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/2f070682-b1a6-0ad3-acd3-7b891e5c79b0","name":"2f070682-b1a6-0ad3-acd3-7b891e5c79b0","properties":{"principalId":"bf0cee9f-b26b-4e25-b4ab-92ec7466cf33","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/0480f9fc-1294-4668-b31e-e5d8bae7d5b3","name":"0480f9fc-1294-4668-b31e-e5d8bae7d5b3","properties":{"principalId":"74677558-f369-4792-afe5-f99738b5fa7c","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' - headers: - content-length: '2804' - content-type: application/json - x-content-type-options: nosniff - x-ms-keyvault-network-info: addr=24.17.201.78 - x-ms-keyvault-region: EASTUS - status: - code: 200 - message: OK - url: https://eastus.clitest.managedhsm-preview.azure.net/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview -- request: - body: null - headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/3.5.4 (Windows-10-10.0.19041-SP0) - method: DELETE - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview - response: - body: - string: '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' - headers: - content-length: '398' - content-type: application/json - x-content-type-options: nosniff - x-ms-keyvault-network-info: addr=24.17.201.78 - x-ms-keyvault-region: EASTUS - status: - code: 200 - message: OK - url: https://eastus.clitest.managedhsm-preview.azure.net/providers/Microsoft.Authorization/roleAssignments/4af0820d-e870-4795-878e-1869f6f0888e?api-version=7.2-preview -- request: - body: null - headers: - Accept: - - application/json - User-Agent: - - azsdk-python-keyvault-administration/1.0.0b1 Python/3.5.4 (Windows-10-10.0.19041-SP0) - method: GET - uri: https://vaultname.vault.azure.net/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview - response: - body: - string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/e1392147-41b5-498b-847d-ca061e8808a3","name":"e1392147-41b5-498b-847d-ca061e8808a3","properties":{"principalId":"67ca7f59-968b-4cde-8582-d6a5341fa721","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/f35aa2fd-545a-4f42-a44b-f862a530d4f1","name":"f35aa2fd-545a-4f42-a44b-f862a530d4f1","properties":{"principalId":"f84ae8f9-c979-4750-a2fe-b350a00bebff","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/457acfe4-7ff8-4608-b3ac-87139804539e","name":"457acfe4-7ff8-4608-b3ac-87139804539e","properties":{"principalId":"693a17da-7022-4cdd-9d4e-4e72e4ad449d","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/c6de6e40-d764-49e1-8e7c-be2f2a27de81","name":"c6de6e40-d764-49e1-8e7c-be2f2a27de81","properties":{"principalId":"3c1303ad-140b-493c-ab45-bed8ddbfa72c","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/2f070682-b1a6-0ad3-acd3-7b891e5c79b0","name":"2f070682-b1a6-0ad3-acd3-7b891e5c79b0","properties":{"principalId":"bf0cee9f-b26b-4e25-b4ab-92ec7466cf33","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/0480f9fc-1294-4668-b31e-e5d8bae7d5b3","name":"0480f9fc-1294-4668-b31e-e5d8bae7d5b3","properties":{"principalId":"74677558-f369-4792-afe5-f99738b5fa7c","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' - headers: - content-length: '2405' - content-type: application/json - x-content-type-options: nosniff - x-ms-keyvault-network-info: addr=24.17.201.78 - x-ms-keyvault-region: EASTUS - status: - code: 200 - message: OK - url: https://eastus.clitest.managedhsm-preview.azure.net/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview -version: 1 From 93461c2bffe5ca344f07add1519467749cd1d3fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Thu, 14 Jan 2021 16:57:46 -0800 Subject: [PATCH 06/13] Add async test recordings --- ...ss_control_async.test_role_assignment.yaml | 210 ++++++++++++++++++ ...s_control_async.test_role_definitions.yaml | 192 ++++++++++++++++ .../tests/test_access_control.py | 2 +- .../tests/test_access_control_async.py | 9 +- 4 files changed, 409 insertions(+), 4 deletions(-) create mode 100644 sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml create mode 100644 sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml new file mode 100644 index 000000000000..a5e09083cb13 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml @@ -0,0 +1,210 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + response: + body: + string: OK + headers: + cache-control: no-cache + content-length: '2' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + www-authenticate: Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://managedhsm.azure.net" + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-server-latency: '1' + status: + code: 401 + message: Unauthorized + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + response: + body: + string: '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + headers: + cache-control: no-cache + content-length: '6772' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '1' + status: + code: 200 + message: OK + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview +- request: + body: '{"properties": {"principalId": "service-principal-id", "roleDefinitionId": + "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8"}}' + headers: + Accept: + - application/json + Content-Length: + - '200' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview + response: + body: + string: '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' + headers: + cache-control: no-cache + content-length: '398' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '58' + status: + code: 201 + message: Created + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/7e370056-167e-4dec-9573-e0320619b981?api-version=7.2-preview +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview + response: + body: + string: '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' + headers: + cache-control: no-cache + content-length: '398' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '0' + status: + code: 200 + message: OK + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/7e370056-167e-4dec-9573-e0320619b981?api-version=7.2-preview +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview + response: + body: + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/25344e4c-a02f-06c7-9268-7181b6f4382e","name":"25344e4c-a02f-06c7-9268-7181b6f4382e","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + headers: + cache-control: no-cache + content-length: '809' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '1' + status: + code: 200 + message: OK + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: DELETE + uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments/some-uuid?api-version=7.2-preview + response: + body: + string: '{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}' + headers: + cache-control: no-cache + content-length: '398' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '43' + status: + code: 200 + message: OK + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/7e370056-167e-4dec-9573-e0320619b981?api-version=7.2-preview +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview + response: + body: + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/25344e4c-a02f-06c7-9268-7181b6f4382e","name":"25344e4c-a02f-06c7-9268-7181b6f4382e","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + headers: + cache-control: no-cache + content-length: '410' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '1' + status: + code: 200 + message: OK + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview +version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml new file mode 100644 index 000000000000..4e24d3808d06 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml @@ -0,0 +1,192 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + response: + body: + string: '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + headers: + cache-control: no-cache + content-length: '6772' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '1' + status: + code: 200 + message: OK + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview +- request: + body: '{"properties": {"permissions": [{"dataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"], + "actions": [], "notDataActions": [], "notActions": []}], "roleName": "definition-name"}}' + headers: + Accept: + - application/json + Content-Length: + - '209' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions/definition-name?api-version=7.2-preview + response: + body: + string: '{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}' + headers: + cache-control: no-cache + content-length: '468' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '41' + status: + code: 201 + message: Created + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/63b1434f-56d2-44bb-8057-0572515e6232?api-version=7.2-preview +- request: + body: '{"properties": {"permissions": [{"dataActions": [], "actions": [], "notDataActions": + ["Microsoft.KeyVault/managedHsm/keys/read/action"], "notActions": []}], "roleName": + "definition-name"}}' + headers: + Accept: + - application/json + Content-Length: + - '209' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions/definition-name?api-version=7.2-preview + response: + body: + string: '{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}' + headers: + cache-control: no-cache + content-length: '468' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '40' + status: + code: 201 + message: Created + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/63b1434f-56d2-44bb-8057-0572515e6232?api-version=7.2-preview +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + response: + body: + string: '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + headers: + cache-control: no-cache + content-length: '7241' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '0' + status: + code: 200 + message: OK + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions/definition-name?api-version=7.2-preview + response: + body: + string: '{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}' + headers: + cache-control: no-cache + content-length: '468' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '0' + status: + code: 200 + message: OK + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/63b1434f-56d2-44bb-8057-0572515e6232?api-version=7.2-preview +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: DELETE + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions/definition-name?api-version=7.2-preview + response: + body: + string: '{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}' + headers: + cache-control: no-cache + content-length: '468' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: northeurope + x-ms-server-latency: '65' + status: + code: 200 + message: OK + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/63b1434f-56d2-44bb-8057-0572515e6232?api-version=7.2-preview +version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index bf53218fdc6f..b314a719d37b 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -19,7 +19,7 @@ @pytest.mark.usefixtures("managed_hsm") class AccessControlTests(KeyVaultTestCase): def __init__(self, *args, **kwargs): - super(AccessControlTests, self).__init__(*args, **kwargs) + super(AccessControlTests, self).__init__(*args, match_body=False, **kwargs) def setUp(self, *args, **kwargs): if self.is_live: diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py index d2559f0bac55..560a03c7b104 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py @@ -7,13 +7,14 @@ import time from azure.core.credentials import AccessToken -from azure.identity import DefaultAzureCredential +from azure.identity.aio import DefaultAzureCredential from azure.keyvault.administration import KeyVaultRoleScope, KeyVaultPermission from azure.keyvault.administration.aio import KeyVaultAccessControlClient import pytest from six.moves.urllib_parse import urlparse +from devtools_testutils import AzureTestCase -from _shared.helpers import mock +from _shared.helpers_async import mock from _shared.test_case_async import KeyVaultTestCase from test_access_control import assert_role_definitions_equal @@ -21,7 +22,7 @@ @pytest.mark.usefixtures("managed_hsm") class AccessControlTests(KeyVaultTestCase): def __init__(self, *args, **kwargs): - super(AccessControlTests, self).__init__(*args, **kwargs) + super(AccessControlTests, self).__init__(*args, match_body=False, **kwargs) def setUp(self, *args, **kwargs): if self.is_live: @@ -51,6 +52,7 @@ def get_service_principal_id(self): return value return replay_value + @AzureTestCase.await_prepared_test async def test_role_definitions(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) @@ -100,6 +102,7 @@ async def test_role_definitions(self): deleted_definition = await client.delete_role_definition(scope, definition_name) assert_role_definitions_equal(deleted_definition, definition) + @AzureTestCase.await_prepared_test async def test_role_assignment(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) From b38a0d2ae2e208fc3456dc2837fb9d1602b753e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Tue, 19 Jan 2021 15:55:03 -0800 Subject: [PATCH 07/13] Re-generate with approved swagger changes --- .../v7_2_preview/models/__init__.py | 11 ++ .../models/_key_vault_client_enums.py | 112 ++++++++++++++++++ .../_generated/v7_2_preview/models/_models.py | 35 +++--- .../v7_2_preview/models/_models_py3.py | 53 +++++---- 4 files changed, 171 insertions(+), 40 deletions(-) create mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_key_vault_client_enums.py diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py index 90bc914d7f52..83314c66e32c 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py @@ -49,6 +49,13 @@ from ._models import SelectiveKeyRestoreOperation # type: ignore from ._models import SelectiveKeyRestoreOperationParameters # type: ignore +from ._key_vault_client_enums import ( + DataActionPermission, + RoleDefinitionType, + RoleScope, + RoleType, +) + __all__ = [ 'Attributes', 'Error', @@ -71,4 +78,8 @@ 'SASTokenParameter', 'SelectiveKeyRestoreOperation', 'SelectiveKeyRestoreOperationParameters', + 'DataActionPermission', + 'RoleDefinitionType', + 'RoleScope', + 'RoleType', ] diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_key_vault_client_enums.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_key_vault_client_enums.py new file mode 100644 index 000000000000..04826c5d27c4 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_key_vault_client_enums.py @@ -0,0 +1,112 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Code generated by Microsoft (R) AutoRest Code Generator (autorest: 3.0.6306, generator: {generator}) +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from enum import Enum, EnumMeta +from six import with_metaclass + +class _CaseInsensitiveEnumMeta(EnumMeta): + def __getitem__(self, name): + return super().__getitem__(name.upper()) + + def __getattr__(cls, name): + """Return the enum member matching `name` + We use __getattr__ instead of descriptors or inserting into the enum + class' __dict__ in order to support `name` and `value` being both + properties for enum members (which live in the class' __dict__) and + enum members themselves. + """ + try: + return cls._member_map_[name.upper()] + except KeyError: + raise AttributeError(name) + + +class DataActionPermission(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """Supported permissions for data actions. + """ + + #: Read HSM key metadata. + READ_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/read/action" + #: Update an HSM key. + WRITE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/write/action" + #: Read deleted HSM key. + READ_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action" + #: Recover deleted HSM key. + RECOVER_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action" + #: Backup HSM keys. + BACKUP_HSM_KEYS = "Microsoft.KeyVault/managedHsm/keys/backup/action" + #: Restore HSM keys. + RESTORE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/restore/action" + #: Delete role assignment. + DELETE_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" + #: Get role assignment. + GET_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/read/action" + #: Create or update role assignment. + WRITE_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/write/action" + #: Get role definition. + READ_ROLE_DEFINITION = "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action" + #: Encrypt using an HSM key. + ENCRYPT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/encrypt/action" + #: Decrypt using an HSM key. + DECRYPT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/decrypt/action" + #: Wrap using an HSM key. + WRAP_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/wrap/action" + #: Unwrap using an HSM key. + UNWRAP_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/unwrap/action" + #: Sign using an HSM key. + SIGN_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/sign/action" + #: Verify using an HSM key. + VERIFY_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/verify/action" + #: Create an HSM key. + CREATE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/create" + #: Delete an HSM key. + DELETE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/delete" + #: Export an HSM key. + EXPORT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/export/action" + #: Import an HSM key. + IMPORT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/import/action" + #: Purge a deleted HSM key. + PURGE_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete" + #: Download an HSM security domain. + DOWNLOAD_HSM_SECURITY_DOMAIN = "Microsoft.KeyVault/managedHsm/securitydomain/download/action" + #: Upload an HSM security domain. + UPLOAD_HSM_SECURITY_DOMAIN = "Microsoft.KeyVault/managedHsm/securitydomain/upload/action" + #: Check the status of the HSM security domain exchange file. + READ_HSM_SECURITY_DOMAIN_STATUS = "Microsoft.KeyVault/managedHsm/securitydomain/upload/read" + #: Download an HSM security domain transfer key. + READ_HSM_SECURITY_DOMAIN_TRANSFER_KEY = "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read" + #: Start an HSM backup. + START_HSM_BACKUP = "Microsoft.KeyVault/managedHsm/backup/start/action" + #: Start an HSM restore. + START_HSM_RESTORE = "Microsoft.KeyVault/managedHsm/restore/start/action" + #: Read an HSM backup status. + READ_HSM_BACKUP_STATUS = "Microsoft.KeyVault/managedHsm/backup/status/action" + #: Read an HSM restore status. + READ_HSM_RESTORE_STATUS = "Microsoft.KeyVault/managedHsm/restore/status/action" + +class RoleDefinitionType(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The role definition type. + """ + + MICROSOFT_AUTHORIZATION_ROLE_DEFINITIONS = "Microsoft.Authorization/roleDefinitions" + +class RoleScope(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The role scope. + """ + + #: Global scope. + GLOBAL_ENUM = "/" + #: Keys scope. + KEYS = "/keys" + +class RoleType(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The role type. + """ + + #: Built in role. + BUILT_IN_ROLE = "AKVBuiltInRole" + #: Custom role. + CUSTOM_ROLE = "CustomRole" diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py index e986809af8ce..41c6c9c5d606 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py @@ -157,14 +157,16 @@ def __init__( class Permission(msrest.serialization.Model): """Role definition permissions. - :param actions: Allowed actions. + :param actions: Action permissions that are granted. :type actions: list[str] - :param not_actions: Denied actions. + :param not_actions: Action permissions that are excluded but not denied. They may be granted by + other role definitions assigned to a principal. :type not_actions: list[str] - :param data_actions: Allowed Data actions. - :type data_actions: list[str] - :param not_data_actions: Denied Data actions. - :type not_data_actions: list[str] + :param data_actions: Data action permissions that are granted. + :type data_actions: list[str or ~key_vault_client.models.DataActionPermission] + :param not_data_actions: Data action permissions that are excluded but not denied. They may be + granted by other role definitions assigned to a principal. + :type not_data_actions: list[str or ~key_vault_client.models.DataActionPermission] """ _attribute_map = { @@ -396,8 +398,8 @@ def __init__( class RoleAssignmentPropertiesWithScope(msrest.serialization.Model): """Role assignment properties with scope. - :param scope: The role assignment scope. - :type scope: str + :param scope: The role scope. Possible values include: "/", "/keys". + :type scope: str or ~key_vault_client.models.RoleScope :param role_definition_id: The role definition ID. :type role_definition_id: str :param principal_id: The principal ID. @@ -429,18 +431,19 @@ class RoleDefinition(msrest.serialization.Model): :vartype id: str :ivar name: The role definition name. :vartype name: str - :ivar type: The role definition type. - :vartype type: str + :ivar type: The role definition type. Possible values include: + "Microsoft.Authorization/roleDefinitions". + :vartype type: str or ~key_vault_client.models.RoleDefinitionType :param role_name: The role name. :type role_name: str :param description: The role definition description. :type description: str - :param role_type: The role type. - :type role_type: str + :param role_type: The role type. Possible values include: "AKVBuiltInRole", "CustomRole". + :type role_type: str or ~key_vault_client.models.RoleType :param permissions: Role definition permissions. :type permissions: list[~key_vault_client.models.Permission] :param assignable_scopes: Role definition assignable scopes. - :type assignable_scopes: list[str] + :type assignable_scopes: list[str or ~key_vault_client.models.RoleScope] """ _validation = { @@ -549,12 +552,12 @@ class RoleDefinitionProperties(msrest.serialization.Model): :type role_name: str :param description: The role definition description. :type description: str - :param role_type: The role type. - :type role_type: str + :param role_type: The role type. Possible values include: "AKVBuiltInRole", "CustomRole". + :type role_type: str or ~key_vault_client.models.RoleType :param permissions: Role definition permissions. :type permissions: list[~key_vault_client.models.Permission] :param assignable_scopes: Role definition assignable scopes. - :type assignable_scopes: list[str] + :type assignable_scopes: list[str or ~key_vault_client.models.RoleScope] """ _attribute_map = { diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py index f473fd567c5d..3a0195938632 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py @@ -5,11 +5,13 @@ # -------------------------------------------------------------------------- import datetime -from typing import List, Optional +from typing import List, Optional, Union from azure.core.exceptions import HttpResponseError import msrest.serialization +from ._key_vault_client_enums import * + class Attributes(msrest.serialization.Model): """The object attributes managed by the KeyVault service. @@ -172,14 +174,16 @@ def __init__( class Permission(msrest.serialization.Model): """Role definition permissions. - :param actions: Allowed actions. + :param actions: Action permissions that are granted. :type actions: list[str] - :param not_actions: Denied actions. + :param not_actions: Action permissions that are excluded but not denied. They may be granted by + other role definitions assigned to a principal. :type not_actions: list[str] - :param data_actions: Allowed Data actions. - :type data_actions: list[str] - :param not_data_actions: Denied Data actions. - :type not_data_actions: list[str] + :param data_actions: Data action permissions that are granted. + :type data_actions: list[str or ~key_vault_client.models.DataActionPermission] + :param not_data_actions: Data action permissions that are excluded but not denied. They may be + granted by other role definitions assigned to a principal. + :type not_data_actions: list[str or ~key_vault_client.models.DataActionPermission] """ _attribute_map = { @@ -194,8 +198,8 @@ def __init__( *, actions: Optional[List[str]] = None, not_actions: Optional[List[str]] = None, - data_actions: Optional[List[str]] = None, - not_data_actions: Optional[List[str]] = None, + data_actions: Optional[List[Union[str, "DataActionPermission"]]] = None, + not_data_actions: Optional[List[Union[str, "DataActionPermission"]]] = None, **kwargs ): super(Permission, self).__init__(**kwargs) @@ -438,8 +442,8 @@ def __init__( class RoleAssignmentPropertiesWithScope(msrest.serialization.Model): """Role assignment properties with scope. - :param scope: The role assignment scope. - :type scope: str + :param scope: The role scope. Possible values include: "/", "/keys". + :type scope: str or ~key_vault_client.models.RoleScope :param role_definition_id: The role definition ID. :type role_definition_id: str :param principal_id: The principal ID. @@ -455,7 +459,7 @@ class RoleAssignmentPropertiesWithScope(msrest.serialization.Model): def __init__( self, *, - scope: Optional[str] = None, + scope: Optional[Union[str, "RoleScope"]] = None, role_definition_id: Optional[str] = None, principal_id: Optional[str] = None, **kwargs @@ -475,18 +479,19 @@ class RoleDefinition(msrest.serialization.Model): :vartype id: str :ivar name: The role definition name. :vartype name: str - :ivar type: The role definition type. - :vartype type: str + :ivar type: The role definition type. Possible values include: + "Microsoft.Authorization/roleDefinitions". + :vartype type: str or ~key_vault_client.models.RoleDefinitionType :param role_name: The role name. :type role_name: str :param description: The role definition description. :type description: str - :param role_type: The role type. - :type role_type: str + :param role_type: The role type. Possible values include: "AKVBuiltInRole", "CustomRole". + :type role_type: str or ~key_vault_client.models.RoleType :param permissions: Role definition permissions. :type permissions: list[~key_vault_client.models.Permission] :param assignable_scopes: Role definition assignable scopes. - :type assignable_scopes: list[str] + :type assignable_scopes: list[str or ~key_vault_client.models.RoleScope] """ _validation = { @@ -511,9 +516,9 @@ def __init__( *, role_name: Optional[str] = None, description: Optional[str] = None, - role_type: Optional[str] = None, + role_type: Optional[Union[str, "RoleType"]] = None, permissions: Optional[List["Permission"]] = None, - assignable_scopes: Optional[List[str]] = None, + assignable_scopes: Optional[List[Union[str, "RoleScope"]]] = None, **kwargs ): super(RoleDefinition, self).__init__(**kwargs) @@ -608,12 +613,12 @@ class RoleDefinitionProperties(msrest.serialization.Model): :type role_name: str :param description: The role definition description. :type description: str - :param role_type: The role type. - :type role_type: str + :param role_type: The role type. Possible values include: "AKVBuiltInRole", "CustomRole". + :type role_type: str or ~key_vault_client.models.RoleType :param permissions: Role definition permissions. :type permissions: list[~key_vault_client.models.Permission] :param assignable_scopes: Role definition assignable scopes. - :type assignable_scopes: list[str] + :type assignable_scopes: list[str or ~key_vault_client.models.RoleScope] """ _attribute_map = { @@ -629,9 +634,9 @@ def __init__( *, role_name: Optional[str] = None, description: Optional[str] = None, - role_type: Optional[str] = None, + role_type: Optional[Union[str, "RoleType"]] = None, permissions: Optional[List["Permission"]] = None, - assignable_scopes: Optional[List[str]] = None, + assignable_scopes: Optional[List[Union[str, "RoleScope"]]] = None, **kwargs ): super(RoleDefinitionProperties, self).__init__(**kwargs) From 00481f3a6e4a9c9a1f774840b0575e2f67bae063 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Tue, 19 Jan 2021 21:46:10 -0800 Subject: [PATCH 08/13] Add enum, address feedback --- .../azure/keyvault/administration/__init__.py | 3 +- .../administration/_access_control_client.py | 4 +- .../azure/keyvault/administration/_enums.py | 77 ++++++++++++++++ .../azure/keyvault/administration/_models.py | 27 ++---- .../aio/_access_control_client.py | 4 +- ...t_access_control.test_role_assignment.yaml | 30 +++---- ..._access_control.test_role_definitions.yaml | 88 ++++++++++++++----- ...ss_control_async.test_role_assignment.yaml | 48 +++++----- ...s_control_async.test_role_definitions.yaml | 53 ++++++----- .../tests/test_access_control.py | 26 +++--- .../tests/test_access_control_async.py | 26 +++--- 11 files changed, 253 insertions(+), 133 deletions(-) create mode 100644 sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py index 1db879dd4265..1bceacb19698 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py @@ -4,13 +4,13 @@ # ------------------------------------ from ._access_control_client import KeyVaultAccessControlClient from ._backup_client import KeyVaultBackupClient +from ._enums import KeyVaultRoleScope, DataActionPermission from ._internal.client_base import ApiVersion from ._models import ( BackupOperation, KeyVaultPermission, KeyVaultRoleAssignment, KeyVaultRoleDefinition, - KeyVaultRoleScope, RestoreOperation, SelectiveKeyRestoreOperation, ) @@ -19,6 +19,7 @@ __all__ = [ "ApiVersion", "BackupOperation", + "DataActionPermission", "KeyVaultAccessControlClient", "KeyVaultBackupClient", "KeyVaultPermission", diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index ce3492d2859c..72c39534f97d 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -12,7 +12,7 @@ if TYPE_CHECKING: # pylint:disable=ungrouped-imports - from typing import Any, Union + from typing import Any, Iterable, Union from uuid import UUID from azure.core.paging import ItemPaged from ._models import KeyVaultRoleScope, KeyVaultPermission @@ -120,7 +120,7 @@ def set_role_definition(self, role_scope, **kwargs): :keyword role_definition_name: the role definition's name. Must be a UUID. :type role_definition_name: str or uuid.UUID :keyword permissions: the role definition's permissions. - :type permissions: list[KeyVaultPermission] + :type permissions: Iterable[KeyVaultPermission] :keyword assignable_scopes: the role definition's assignable scopes. :type assignable_scopes: list[str] :returns: The created or updated role definition diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py new file mode 100644 index 000000000000..067f63b78d9b --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py @@ -0,0 +1,77 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +from enum import Enum + + +class KeyVaultRoleScope(str, Enum): + """Collection of well known role scopes. This list is not exhaustive""" + + global_value = "/" #: use this if you want role assignments to apply to everything on the resource + + keys_value = "/keys" #: use this if you want role assignments to apply to all keys + + +class DataActionPermission(str, Enum): + """Supported permissions for data actions. + """ + + #: Read HSM key metadata. + read_hsm_key = "Microsoft.KeyVault/managedHsm/keys/read/action" + #: Update an HSM key. + write_hsm_key = "Microsoft.KeyVault/managedHsm/keys/write/action" + #: Read deleted HSM key. + read_deleted_hsm_key = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action" + #: Recover deleted HSM key. + recover_deleted_hsm_key = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action" + #: Backup HSM keys. + backup_hsm_keys = "Microsoft.KeyVault/managedHsm/keys/backup/action" + #: Restore HSM keys. + restore_hsm_key = "Microsoft.KeyVault/managedHsm/keys/restore/action" + #: Delete role assignment. + delete_role_assignment = "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" + #: Get role assignment. + get_role_assignment = "Microsoft.KeyVault/managedHsm/roleAssignments/read/action" + #: Create or update role assignment. + write_role_assignment = "Microsoft.KeyVault/managedHsm/roleAssignments/write/action" + #: Get role definition. + read_role_definition = "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action" + #: Encrypt using an HSM key. + encrypt_hsm_key = "Microsoft.KeyVault/managedHsm/keys/encrypt/action" + #: Decrypt using an HSM key. + decrypt_hsm_key = "Microsoft.KeyVault/managedHsm/keys/decrypt/action" + #: Wrap using an HSM key. + wrap_hsm_key = "Microsoft.KeyVault/managedHsm/keys/wrap/action" + #: Unwrap using an HSM key. + unwrap_hsm_key = "Microsoft.KeyVault/managedHsm/keys/unwrap/action" + #: Sign using an HSM key. + sign_hsm_key = "Microsoft.KeyVault/managedHsm/keys/sign/action" + #: Verify using an HSM key. + verify_hsm_key = "Microsoft.KeyVault/managedHsm/keys/verify/action" + #: Create an HSM key. + create_hsm_key = "Microsoft.KeyVault/managedHsm/keys/create" + #: Delete an HSM key. + delete_hsm_key = "Microsoft.KeyVault/managedHsm/keys/delete" + #: Export an HSM key. + export_hsm_key = "Microsoft.KeyVault/managedHsm/keys/export/action" + #: Import an HSM key. + import_hsm_key = "Microsoft.KeyVault/managedHsm/keys/import/action" + #: Purge a deleted HSM key. + purge_deleted_hsm_key = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete" + #: Download an HSM security domain. + download_hsm_security_domain = "Microsoft.KeyVault/managedHsm/securitydomain/download/action" + #: Upload an HSM security domain. + upload_hsm_security_domain = "Microsoft.KeyVault/managedHsm/securitydomain/upload/action" + #: Check the status of the HSM security domain exchange file. + read_hsm_security_domain_status = "Microsoft.KeyVault/managedHsm/securitydomain/upload/read" + #: Download an HSM security domain transfer key. + read_hsm_security_domain_transfer_key = "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read" + #: Start an HSM backup. + start_hsm_backup = "Microsoft.KeyVault/managedHsm/backup/start/action" + #: Start an HSM restore. + start_hsm_restore = "Microsoft.KeyVault/managedHsm/restore/start/action" + #: Read an HSM backup status. + read_hsm_backup_status = "Microsoft.KeyVault/managedHsm/backup/status/action" + #: Read an HSM restore status. + read_hsm_restore_status = "Microsoft.KeyVault/managedHsm/restore/status/action" diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py index 71994c463afb..a12ebe1eb332 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py @@ -2,7 +2,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ -from enum import Enum from typing import TYPE_CHECKING if TYPE_CHECKING: @@ -12,14 +11,6 @@ # pylint:disable=protected-access -class KeyVaultRoleScope(str, Enum): - """Collection of well known role scopes. This list is not exhaustive""" - - global_value = "/" #: use this if you want role assignments to apply to everything on the resource - - keys_value = "/keys" #: use this if you want role assignments to apply to all keys - - class KeyVaultPermission(object): """Role definition permissions. @@ -31,10 +22,10 @@ class KeyVaultPermission(object): def __init__(self, **kwargs): # type: (**Any) -> None - self.allowed_actions = kwargs.get("allowed_actions", []) - self.denied_actions = kwargs.get("denied_actions", []) - self.allowed_data_actions = kwargs.get("allowed_data_actions", []) - self.denied_data_actions = kwargs.get("denied_data_actions", []) + self.allowed_actions = kwargs.get("allowed_actions") + self.denied_actions = kwargs.get("denied_actions") + self.allowed_data_actions = kwargs.get("allowed_data_actions") + self.denied_data_actions = kwargs.get("denied_data_actions") @classmethod def _from_generated(cls, permissions): @@ -138,7 +129,7 @@ class KeyVaultRoleDefinition(object): def __init__(self, **kwargs): # type: (**Any) -> None - self._role_definition_id = kwargs.get("role_definition_id") + self._id = kwargs.get("id") self._name = kwargs.get("name") self._role_name = kwargs.get("role_name") self._description = kwargs.get("description") @@ -149,13 +140,13 @@ def __init__(self, **kwargs): def __repr__(self): # type: () -> str - return "KeyVaultRoleDefinition<{}>".format(self._role_definition_id) + return "KeyVaultRoleDefinition<{}>".format(self._id) @property - def role_definition_id(self): + def id(self): # type: () -> str """unique identifier for this role definition""" - return self._role_definition_id + return self._id @property def name(self): @@ -204,9 +195,9 @@ def _from_generated(cls, definition): return cls( assignable_scopes=definition.assignable_scopes, description=definition.description, + id=definition.id, name=definition.name, permissions=[KeyVaultPermission._from_generated(p) for p in definition.permissions], - role_definition_id=definition.id, role_name=definition.role_name, role_type=definition.role_type, type=definition.type, diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index 1e539f402260..6e94290365da 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -13,7 +13,7 @@ if TYPE_CHECKING: # pylint:disable=ungrouped-imports - from typing import Any, Union + from typing import Any, Iterable, Union from uuid import UUID from azure.core.async_paging import AsyncItemPaged from .._models import KeyVaultRoleScope, KeyVaultPermission @@ -126,7 +126,7 @@ async def set_role_definition( :keyword role_definition_name: the role definition's name. Must be a UUID. :type role_definition_name: str or uuid.UUID :keyword permissions: the role definition's permissions. - :type permissions: list[KeyVaultPermission] + :type permissions: Iterable[KeyVaultPermission] :keyword assignable_scopes: the role definition's assignable scopes. :type assignable_scopes: list[str] :returns: The created or updated role definition diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml index f31704eabec8..de0a7f693557 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml @@ -36,7 +36,7 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20201217-1-856d5963-develop + - 1.0.20210112-1-4fbf61ac-develop x-ms-server-latency: - '1' status: @@ -81,11 +81,11 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20201217-1-856d5963-develop + - 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - '0' status: @@ -130,9 +130,9 @@ interactions: x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - - '56' + - '47' status: code: 201 message: Created @@ -168,11 +168,11 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20201217-1-856d5963-develop + - 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - '0' status: @@ -193,7 +193,7 @@ interactions: uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview response: body: - string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/25344e4c-a02f-06c7-9268-7181b6f4382e","name":"25344e4c-a02f-06c7-9268-7181b6f4382e","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/19f8914d-c466-4ea8-b253-8fbfc3438422","name":"19f8914d-c466-4ea8-b253-8fbfc3438422","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' headers: cache-control: - no-cache @@ -210,11 +210,11 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20201217-1-856d5963-develop + - 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - '0' status: @@ -256,9 +256,9 @@ interactions: x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - - '67' + - '40' status: code: 200 message: OK @@ -277,7 +277,7 @@ interactions: uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview response: body: - string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/25344e4c-a02f-06c7-9268-7181b6f4382e","name":"25344e4c-a02f-06c7-9268-7181b6f4382e","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/19f8914d-c466-4ea8-b253-8fbfc3438422","name":"19f8914d-c466-4ea8-b253-8fbfc3438422","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' headers: cache-control: - no-cache @@ -294,11 +294,11 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20201217-1-856d5963-develop + - 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - '0' status: diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml index b3d8af45f6bf..9b9e7920c3c4 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml @@ -38,20 +38,19 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20201217-1-856d5963-develop + - 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - - '0' + - '1' status: code: 200 message: OK - request: - body: '{"properties": {"roleName": "definition-name", "permissions": [{"actions": - [], "dataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"], "notActions": - [], "notDataActions": []}]}}' + body: '{"properties": {"permissions": [{"dataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"]}], + "roleName": "definition-name"}}' headers: Accept: - application/json @@ -60,7 +59,7 @@ interactions: Connection: - keep-alive Content-Length: - - '209' + - '154' Content-Type: - application/json User-Agent: @@ -88,15 +87,15 @@ interactions: x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - - '42' + - '45' status: code: 201 message: Created - request: - body: '{"properties": {"roleName": "definition-name", "permissions": [{"actions": - [], "dataActions": [], "notActions": [], "notDataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"]}]}}' + body: '{"properties": {"permissions": [{"dataActions": [], "notDataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"]}], + "roleName": "definition-name"}}' headers: Accept: - application/json @@ -105,7 +104,7 @@ interactions: Connection: - keep-alive Content-Length: - - '209' + - '176' Content-Type: - application/json User-Agent: @@ -133,9 +132,9 @@ interactions: x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - - '37' + - '42' status: code: 201 message: Created @@ -178,11 +177,11 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20201217-1-856d5963-develop + - 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - '0' status: @@ -220,11 +219,11 @@ interactions: x-frame-options: - SAMEORIGIN x-ms-build-version: - - 1.0.20201217-1-856d5963-develop + - 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 x-ms-server-latency: - '0' status: @@ -266,9 +265,58 @@ interactions: x-ms-keyvault-network-info: - addr=162.211.216.102 x-ms-keyvault-region: - - northeurope + - eastus2 + x-ms-server-latency: + - '40' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + response: + body: + string: '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + headers: + cache-control: + - no-cache + content-length: + - '6772' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20210112-1-4fbf61ac-develop + x-ms-keyvault-network-info: + - addr=162.211.216.102 + x-ms-keyvault-region: + - eastus2 x-ms-server-latency: - - '39' + - '1' status: code: 200 message: OK diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml index a5e09083cb13..0025548b9ea2 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml @@ -23,7 +23,7 @@ interactions: resource="https://managedhsm.azure.net" x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-server-latency: '1' status: code: 401 @@ -47,26 +47,26 @@ interactions: HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed - HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/1a12547a-d8dd-45cd-828d-cd8e60b514bd","name":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' headers: cache-control: no-cache - content-length: '6772' + content-length: '7241' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope - x-ms-server-latency: '1' + x-ms-keyvault-region: eastus2 + x-ms-server-latency: '0' status: code: 200 message: OK url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - request: - body: '{"properties": {"principalId": "service-principal-id", "roleDefinitionId": - "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8"}}' + body: '{"properties": {"roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8", + "principalId": "service-principal-id"}}' headers: Accept: - application/json @@ -90,12 +90,12 @@ interactions: x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope - x-ms-server-latency: '58' + x-ms-keyvault-region: eastus2 + x-ms-server-latency: '68' status: code: 201 message: Created - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/7e370056-167e-4dec-9573-e0320619b981?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/b12284c1-0c8b-4728-8d7a-46588003d5ff?api-version=7.2-preview - request: body: null headers: @@ -116,14 +116,14 @@ interactions: strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope + x-ms-keyvault-region: eastus2 x-ms-server-latency: '0' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/7e370056-167e-4dec-9573-e0320619b981?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/b12284c1-0c8b-4728-8d7a-46588003d5ff?api-version=7.2-preview - request: body: null headers: @@ -135,7 +135,7 @@ interactions: uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview response: body: - string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/25344e4c-a02f-06c7-9268-7181b6f4382e","name":"25344e4c-a02f-06c7-9268-7181b6f4382e","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/19f8914d-c466-4ea8-b253-8fbfc3438422","name":"19f8914d-c466-4ea8-b253-8fbfc3438422","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' headers: cache-control: no-cache content-length: '809' @@ -144,10 +144,10 @@ interactions: strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope - x-ms-server-latency: '1' + x-ms-keyvault-region: eastus2 + x-ms-server-latency: '0' status: code: 200 message: OK @@ -173,12 +173,12 @@ interactions: x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope + x-ms-keyvault-region: eastus2 x-ms-server-latency: '43' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/7e370056-167e-4dec-9573-e0320619b981?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/b12284c1-0c8b-4728-8d7a-46588003d5ff?api-version=7.2-preview - request: body: null headers: @@ -190,7 +190,7 @@ interactions: uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview response: body: - string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/25344e4c-a02f-06c7-9268-7181b6f4382e","name":"25344e4c-a02f-06c7-9268-7181b6f4382e","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/19f8914d-c466-4ea8-b253-8fbfc3438422","name":"19f8914d-c466-4ea8-b253-8fbfc3438422","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' headers: cache-control: no-cache content-length: '410' @@ -199,10 +199,10 @@ interactions: strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope - x-ms-server-latency: '1' + x-ms-keyvault-region: eastus2 + x-ms-server-latency: '0' status: code: 200 message: OK diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml index 4e24d3808d06..f7eb5cd3c014 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml @@ -17,31 +17,31 @@ interactions: HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed - HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/1a12547a-d8dd-45cd-828d-cd8e60b514bd","name":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' headers: cache-control: no-cache - content-length: '6772' + content-length: '7241' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope + x-ms-keyvault-region: eastus2 x-ms-server-latency: '1' status: code: 200 message: OK url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - request: - body: '{"properties": {"permissions": [{"dataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"], - "actions": [], "notDataActions": [], "notActions": []}], "roleName": "definition-name"}}' + body: '{"properties": {"roleName": "definition-name", "permissions": [{"dataActions": + ["Microsoft.KeyVault/managedHsm/keys/read/action"]}]}}' headers: Accept: - application/json Content-Length: - - '209' + - '154' Content-Type: - application/json User-Agent: @@ -60,21 +60,20 @@ interactions: x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope - x-ms-server-latency: '41' + x-ms-keyvault-region: eastus2 + x-ms-server-latency: '43' status: code: 201 message: Created - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/63b1434f-56d2-44bb-8057-0572515e6232?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/d4baeef6-7216-4b1f-a49c-bb771a61c66c?api-version=7.2-preview - request: - body: '{"properties": {"permissions": [{"dataActions": [], "actions": [], "notDataActions": - ["Microsoft.KeyVault/managedHsm/keys/read/action"], "notActions": []}], "roleName": - "definition-name"}}' + body: '{"properties": {"roleName": "definition-name", "permissions": [{"dataActions": + [], "notDataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"]}]}}' headers: Accept: - application/json Content-Length: - - '209' + - '176' Content-Type: - application/json User-Agent: @@ -93,12 +92,12 @@ interactions: x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope - x-ms-server-latency: '40' + x-ms-keyvault-region: eastus2 + x-ms-server-latency: '42' status: code: 201 message: Created - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/63b1434f-56d2-44bb-8057-0572515e6232?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/d4baeef6-7216-4b1f-a49c-bb771a61c66c?api-version=7.2-preview - request: body: null headers: @@ -117,18 +116,18 @@ interactions: HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed - HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/1a12547a-d8dd-45cd-828d-cd8e60b514bd","name":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' headers: cache-control: no-cache - content-length: '7241' + content-length: '7710' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope + x-ms-keyvault-region: eastus2 x-ms-server-latency: '0' status: code: 200 @@ -154,14 +153,14 @@ interactions: strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: SAMEORIGIN - x-ms-build-version: 1.0.20201217-1-856d5963-develop + x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope + x-ms-keyvault-region: eastus2 x-ms-server-latency: '0' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/63b1434f-56d2-44bb-8057-0572515e6232?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/d4baeef6-7216-4b1f-a49c-bb771a61c66c?api-version=7.2-preview - request: body: null headers: @@ -183,10 +182,10 @@ interactions: x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 - x-ms-keyvault-region: northeurope - x-ms-server-latency: '65' + x-ms-keyvault-region: eastus2 + x-ms-server-latency: '40' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/63b1434f-56d2-44bb-8057-0572515e6232?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/d4baeef6-7216-4b1f-a49c-bb771a61c66c?api-version=7.2-preview version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index b314a719d37b..7843669216d3 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -8,7 +8,7 @@ from azure.core.credentials import AccessToken from azure.identity import DefaultAzureCredential -from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope, KeyVaultPermission +from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope, KeyVaultPermission, DataActionPermission import pytest from six.moves.urllib_parse import urlparse @@ -59,19 +59,19 @@ def test_role_definitions(self): # create custom role definition definition_name = self.get_replayable_uuid("definition-name") - permissions = [KeyVaultPermission(allowed_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"])] + permissions = [KeyVaultPermission(allowed_data_actions=[DataActionPermission.read_hsm_key])] created_definition = client.set_role_definition( role_scope=scope, role_definition_name=definition_name, permissions=permissions ) assert "/" in created_definition.assignable_scopes assert created_definition.name == definition_name assert len(created_definition.permissions) == 1 - assert len(created_definition.permissions[0].allowed_data_actions) == 1 + assert created_definition.permissions[0].allowed_data_actions == [DataActionPermission.read_hsm_key] # update custom role definition permissions = [ KeyVaultPermission( - allowed_data_actions=[], denied_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"] + allowed_data_actions=[], denied_data_actions=[DataActionPermission.read_hsm_key] ) ] updated_definition = client.set_role_definition( @@ -79,12 +79,12 @@ def test_role_definitions(self): ) assert len(updated_definition.permissions) == 1 assert len(updated_definition.permissions[0].allowed_data_actions) == 0 - assert len(updated_definition.permissions[0].denied_data_actions) == 1 + assert updated_definition.permissions[0].denied_data_actions == [DataActionPermission.read_hsm_key] # assert that the created role definition isn't duplicated matching_definitions = [ d for d in client.list_role_definitions(scope) - if d.role_definition_id == updated_definition.role_definition_id + if d.id == updated_definition.id ] assert len(matching_definitions) == 1 @@ -96,6 +96,10 @@ def test_role_definitions(self): deleted_definition = client.delete_role_definition(scope, definition_name) assert_role_definitions_equal(deleted_definition, definition) + assert not any( + d for d in client.list_role_definitions(scope) if d.id == deleted_definition.id + ) + def test_role_assignment(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) @@ -107,19 +111,17 @@ def test_role_assignment(self): principal_id = self.get_service_principal_id() name = self.get_replayable_uuid("some-uuid") - created = client.create_role_assignment( - scope, definition.role_definition_id, principal_id, role_assignment_name=name - ) + created = client.create_role_assignment(scope, definition.id, principal_id, role_assignment_name=name) assert created.name == name assert created.principal_id == principal_id - assert created.role_definition_id == definition.role_definition_id + assert created.role_definition_id == definition.id assert created.scope == scope # should be able to get the new assignment got = client.get_role_assignment(scope, name) assert got.name == name assert got.principal_id == principal_id - assert got.role_definition_id == definition.role_definition_id + assert got.role_definition_id == definition.id assert got.scope == scope # new assignment should be in the list of all assignments @@ -141,7 +143,7 @@ def test_role_assignment(self): def assert_role_definitions_equal(d1, d2): - assert d1.role_definition_id == d2.role_definition_id + assert d1.id == d2.id assert d1.name == d2.name assert d1.role_name == d2.role_name assert d1.description == d2.description diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py index 560a03c7b104..bfb2729f8d4a 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py @@ -8,7 +8,7 @@ from azure.core.credentials import AccessToken from azure.identity.aio import DefaultAzureCredential -from azure.keyvault.administration import KeyVaultRoleScope, KeyVaultPermission +from azure.keyvault.administration import KeyVaultRoleScope, KeyVaultPermission, DataActionPermission from azure.keyvault.administration.aio import KeyVaultAccessControlClient import pytest from six.moves.urllib_parse import urlparse @@ -35,7 +35,11 @@ def setUp(self, *args, **kwargs): def credential(self): if self.is_live: return DefaultAzureCredential() - return mock.Mock(get_token=lambda *_, **__: AccessToken("secret", time.time() + 3600)) + + async def get_token(*_, **__): + return AccessToken("secret", time.time() + 3600) + + return mock.Mock(get_token=get_token) def get_replayable_uuid(self, replay_value): if self.is_live: @@ -65,19 +69,19 @@ async def test_role_definitions(self): # create custom role definition definition_name = self.get_replayable_uuid("definition-name") - permissions = [KeyVaultPermission(allowed_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"])] + permissions = [KeyVaultPermission(allowed_data_actions=[DataActionPermission.read_hsm_key])] created_definition = await client.set_role_definition( role_scope=scope, role_definition_name=definition_name, permissions=permissions ) assert "/" in created_definition.assignable_scopes assert created_definition.name == definition_name assert len(created_definition.permissions) == 1 - assert len(created_definition.permissions[0].allowed_data_actions) == 1 + assert created_definition.permissions[0].allowed_data_actions == [DataActionPermission.read_hsm_key] # update custom role definition permissions = [ KeyVaultPermission( - allowed_data_actions=[], denied_data_actions=["Microsoft.KeyVault/managedHsm/keys/read/action"] + allowed_data_actions=[], denied_data_actions=[DataActionPermission.read_hsm_key] ) ] updated_definition = await client.set_role_definition( @@ -85,12 +89,12 @@ async def test_role_definitions(self): ) assert len(updated_definition.permissions) == 1 assert len(updated_definition.permissions[0].allowed_data_actions) == 0 - assert len(updated_definition.permissions[0].denied_data_actions) == 1 + assert updated_definition.permissions[0].denied_data_actions == [DataActionPermission.read_hsm_key] # assert that the created role definition isn't duplicated matching_definitions = [] async for definition in client.list_role_definitions(scope): - if definition.role_definition_id == updated_definition.role_definition_id: + if definition.id == updated_definition.id: matching_definitions.append(definition) assert len(matching_definitions) == 1 @@ -116,19 +120,17 @@ async def test_role_assignment(self): principal_id = self.get_service_principal_id() name = self.get_replayable_uuid("some-uuid") - created = await client.create_role_assignment( - scope, definition.role_definition_id, principal_id, role_assignment_name=name - ) + created = await client.create_role_assignment(scope, definition.id, principal_id, role_assignment_name=name) assert created.name == name assert created.principal_id == principal_id - assert created.role_definition_id == definition.role_definition_id + assert created.role_definition_id == definition.id assert created.scope == scope # should be able to get the new assignment got = await client.get_role_assignment(scope, name) assert got.name == name assert got.principal_id == principal_id - assert got.role_definition_id == definition.role_definition_id + assert got.role_definition_id == definition.id assert got.scope == scope # new assignment should be in the list of all assignments From 4738f4a3aefde34f9eeecbb65f21e24201644e85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Wed, 20 Jan 2021 10:06:05 -0800 Subject: [PATCH 09/13] Update KeyVaultRoleScope location --- .../azure/keyvault/administration/_access_control_client.py | 3 ++- .../keyvault/administration/aio/_access_control_client.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 72c39534f97d..ee04d998a2c4 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -15,7 +15,8 @@ from typing import Any, Iterable, Union from uuid import UUID from azure.core.paging import ItemPaged - from ._models import KeyVaultRoleScope, KeyVaultPermission + from ._enums import KeyVaultRoleScope + from ._models import KeyVaultPermission class KeyVaultAccessControlClient(KeyVaultClientBase): diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index 6e94290365da..fc37b920a662 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -16,7 +16,8 @@ from typing import Any, Iterable, Union from uuid import UUID from azure.core.async_paging import AsyncItemPaged - from .._models import KeyVaultRoleScope, KeyVaultPermission + from .._enums import KeyVaultRoleScope + from .._models import KeyVaultPermission class KeyVaultAccessControlClient(AsyncKeyVaultClientBase): From 25be3af69fd0ffac6e2930e27eded3c1c2bcbcaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Wed, 20 Jan 2021 15:24:54 -0800 Subject: [PATCH 10/13] Address feedback --- .../azure/keyvault/administration/__init__.py | 4 +- .../azure/keyvault/administration/_enums.py | 69 +++++++++---------- .../tests/test_access_control.py | 29 +++----- .../tests/test_access_control_async.py | 19 ++--- 4 files changed, 56 insertions(+), 65 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py index 1bceacb19698..d2070ae881cf 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py @@ -4,7 +4,7 @@ # ------------------------------------ from ._access_control_client import KeyVaultAccessControlClient from ._backup_client import KeyVaultBackupClient -from ._enums import KeyVaultRoleScope, DataActionPermission +from ._enums import KeyVaultRoleScope, KeyVaultDataAction from ._internal.client_base import ApiVersion from ._models import ( BackupOperation, @@ -19,9 +19,9 @@ __all__ = [ "ApiVersion", "BackupOperation", - "DataActionPermission", "KeyVaultAccessControlClient", "KeyVaultBackupClient", + "KeyVaultDataAction", "KeyVaultPermission", "KeyVaultRoleAssignment", "KeyVaultRoleDefinition", diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py index 067f63b78d9b..0ca888506f88 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py @@ -6,72 +6,71 @@ class KeyVaultRoleScope(str, Enum): - """Collection of well known role scopes. This list is not exhaustive""" + """Collection of well known role scopes. This list is not exhaustive.""" - global_value = "/" #: use this if you want role assignments to apply to everything on the resource + GLOBAL = "/" #: use this if you want role assignments to apply to everything on the resource - keys_value = "/keys" #: use this if you want role assignments to apply to all keys + KEYS = "/keys" #: use this if you want role assignments to apply to all keys -class DataActionPermission(str, Enum): - """Supported permissions for data actions. - """ +class KeyVaultDataAction(str, Enum): + """Supported permissions for data actions.""" #: Read HSM key metadata. - read_hsm_key = "Microsoft.KeyVault/managedHsm/keys/read/action" + READ_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/read/action" #: Update an HSM key. - write_hsm_key = "Microsoft.KeyVault/managedHsm/keys/write/action" + WRITE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/write/action" #: Read deleted HSM key. - read_deleted_hsm_key = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action" + READ_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action" #: Recover deleted HSM key. - recover_deleted_hsm_key = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action" + RECOVER_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action" #: Backup HSM keys. - backup_hsm_keys = "Microsoft.KeyVault/managedHsm/keys/backup/action" + BACKUP_HSM_KEYS = "Microsoft.KeyVault/managedHsm/keys/backup/action" #: Restore HSM keys. - restore_hsm_key = "Microsoft.KeyVault/managedHsm/keys/restore/action" + RESTORE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/restore/action" #: Delete role assignment. - delete_role_assignment = "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" + DELETE_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" #: Get role assignment. - get_role_assignment = "Microsoft.KeyVault/managedHsm/roleAssignments/read/action" + GET_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/read/action" #: Create or update role assignment. - write_role_assignment = "Microsoft.KeyVault/managedHsm/roleAssignments/write/action" + WRITE_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/write/action" #: Get role definition. - read_role_definition = "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action" + READ_ROLE_DEFINITION = "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action" #: Encrypt using an HSM key. - encrypt_hsm_key = "Microsoft.KeyVault/managedHsm/keys/encrypt/action" + ENCRYPT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/encrypt/action" #: Decrypt using an HSM key. - decrypt_hsm_key = "Microsoft.KeyVault/managedHsm/keys/decrypt/action" + DECRYPT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/decrypt/action" #: Wrap using an HSM key. - wrap_hsm_key = "Microsoft.KeyVault/managedHsm/keys/wrap/action" + WRAP_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/wrap/action" #: Unwrap using an HSM key. - unwrap_hsm_key = "Microsoft.KeyVault/managedHsm/keys/unwrap/action" + UNWRAP_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/unwrap/action" #: Sign using an HSM key. - sign_hsm_key = "Microsoft.KeyVault/managedHsm/keys/sign/action" + SIGN_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/sign/action" #: Verify using an HSM key. - verify_hsm_key = "Microsoft.KeyVault/managedHsm/keys/verify/action" + VERIFY_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/verify/action" #: Create an HSM key. - create_hsm_key = "Microsoft.KeyVault/managedHsm/keys/create" + CREATE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/create" #: Delete an HSM key. - delete_hsm_key = "Microsoft.KeyVault/managedHsm/keys/delete" + DELETE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/delete" #: Export an HSM key. - export_hsm_key = "Microsoft.KeyVault/managedHsm/keys/export/action" + EXPORT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/export/action" #: Import an HSM key. - import_hsm_key = "Microsoft.KeyVault/managedHsm/keys/import/action" + IMPORT_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/import/action" #: Purge a deleted HSM key. - purge_deleted_hsm_key = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete" + PURGE_DELETED_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete" #: Download an HSM security domain. - download_hsm_security_domain = "Microsoft.KeyVault/managedHsm/securitydomain/download/action" + DOWNLOAD_HSM_SECURITY_DOMAIN = "Microsoft.KeyVault/managedHsm/securitydomain/download/action" #: Upload an HSM security domain. - upload_hsm_security_domain = "Microsoft.KeyVault/managedHsm/securitydomain/upload/action" + UPLOAD_HSM_SECURITY_DOMAIN = "Microsoft.KeyVault/managedHsm/securitydomain/upload/action" #: Check the status of the HSM security domain exchange file. - read_hsm_security_domain_status = "Microsoft.KeyVault/managedHsm/securitydomain/upload/read" + READ_HSM_SECURITY_DOMAIN_STATUS = "Microsoft.KeyVault/managedHsm/securitydomain/upload/read" #: Download an HSM security domain transfer key. - read_hsm_security_domain_transfer_key = "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read" + READ_HSM_SECURITY_DOMAIN_TRANSFER_KEY = "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read" #: Start an HSM backup. - start_hsm_backup = "Microsoft.KeyVault/managedHsm/backup/start/action" + START_HSM_BACKUP = "Microsoft.KeyVault/managedHsm/backup/start/action" #: Start an HSM restore. - start_hsm_restore = "Microsoft.KeyVault/managedHsm/restore/start/action" + START_HSM_RESTORE = "Microsoft.KeyVault/managedHsm/restore/start/action" #: Read an HSM backup status. - read_hsm_backup_status = "Microsoft.KeyVault/managedHsm/backup/status/action" + READ_HSM_BACKUP_STATUS = "Microsoft.KeyVault/managedHsm/backup/status/action" #: Read an HSM restore status. - read_hsm_restore_status = "Microsoft.KeyVault/managedHsm/restore/status/action" + READ_HSM_RESTORE_STATUS = "Microsoft.KeyVault/managedHsm/restore/status/action" diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index 7843669216d3..e290ab2934b9 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -8,7 +8,7 @@ from azure.core.credentials import AccessToken from azure.identity import DefaultAzureCredential -from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope, KeyVaultPermission, DataActionPermission +from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope, KeyVaultPermission, KeyVaultDataAction import pytest from six.moves.urllib_parse import urlparse @@ -53,39 +53,34 @@ def test_role_definitions(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) # list initial role definitions - scope = KeyVaultRoleScope.global_value + scope = KeyVaultRoleScope.GLOBAL original_definitions = [d for d in client.list_role_definitions(scope)] assert len(original_definitions) # create custom role definition definition_name = self.get_replayable_uuid("definition-name") - permissions = [KeyVaultPermission(allowed_data_actions=[DataActionPermission.read_hsm_key])] + permissions = [KeyVaultPermission(allowed_data_actions=[KeyVaultDataAction.READ_HSM_KEY])] created_definition = client.set_role_definition( role_scope=scope, role_definition_name=definition_name, permissions=permissions ) assert "/" in created_definition.assignable_scopes assert created_definition.name == definition_name assert len(created_definition.permissions) == 1 - assert created_definition.permissions[0].allowed_data_actions == [DataActionPermission.read_hsm_key] + assert created_definition.permissions[0].allowed_data_actions == [KeyVaultDataAction.READ_HSM_KEY] # update custom role definition permissions = [ - KeyVaultPermission( - allowed_data_actions=[], denied_data_actions=[DataActionPermission.read_hsm_key] - ) + KeyVaultPermission(allowed_data_actions=[], denied_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) ] updated_definition = client.set_role_definition( role_scope=scope, role_definition_name=definition_name, permissions=permissions ) assert len(updated_definition.permissions) == 1 assert len(updated_definition.permissions[0].allowed_data_actions) == 0 - assert updated_definition.permissions[0].denied_data_actions == [DataActionPermission.read_hsm_key] + assert updated_definition.permissions[0].denied_data_actions == [KeyVaultDataAction.READ_HSM_KEY] # assert that the created role definition isn't duplicated - matching_definitions = [ - d for d in client.list_role_definitions(scope) - if d.id == updated_definition.id - ] + matching_definitions = [d for d in client.list_role_definitions(scope) if d.id == updated_definition.id] assert len(matching_definitions) == 1 # get custom role definition @@ -96,14 +91,12 @@ def test_role_definitions(self): deleted_definition = client.delete_role_definition(scope, definition_name) assert_role_definitions_equal(deleted_definition, definition) - assert not any( - d for d in client.list_role_definitions(scope) if d.id == deleted_definition.id - ) + assert not any(d.id == deleted_definition.id for d in client.list_role_definitions(scope)) def test_role_assignment(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) - scope = KeyVaultRoleScope.global_value + scope = KeyVaultRoleScope.GLOBAL definitions = [d for d in client.list_role_definitions(scope)] # assign an arbitrary role to the service principal authenticating these requests @@ -137,9 +130,7 @@ def test_role_assignment(self): assert deleted.scope == scope assert deleted.role_definition_id == created.role_definition_id - assert not any( - a for a in client.list_role_assignments(scope) if a.role_assignment_id == created.role_assignment_id - ) + assert not any(a.role_assignment_id == created.role_assignment_id for a in client.list_role_assignments(scope)) def assert_role_definitions_equal(d1, d2): diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py index bfb2729f8d4a..37de85fe8304 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py @@ -8,7 +8,7 @@ from azure.core.credentials import AccessToken from azure.identity.aio import DefaultAzureCredential -from azure.keyvault.administration import KeyVaultRoleScope, KeyVaultPermission, DataActionPermission +from azure.keyvault.administration import KeyVaultRoleScope, KeyVaultPermission, KeyVaultDataAction from azure.keyvault.administration.aio import KeyVaultAccessControlClient import pytest from six.moves.urllib_parse import urlparse @@ -61,7 +61,7 @@ async def test_role_definitions(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) # list initial role definitions - scope = KeyVaultRoleScope.global_value + scope = KeyVaultRoleScope.GLOBAL original_definitions = [] async for definition in client.list_role_definitions(scope): original_definitions.append(definition) @@ -69,27 +69,25 @@ async def test_role_definitions(self): # create custom role definition definition_name = self.get_replayable_uuid("definition-name") - permissions = [KeyVaultPermission(allowed_data_actions=[DataActionPermission.read_hsm_key])] + permissions = [KeyVaultPermission(allowed_data_actions=[KeyVaultDataAction.READ_HSM_KEY])] created_definition = await client.set_role_definition( role_scope=scope, role_definition_name=definition_name, permissions=permissions ) assert "/" in created_definition.assignable_scopes assert created_definition.name == definition_name assert len(created_definition.permissions) == 1 - assert created_definition.permissions[0].allowed_data_actions == [DataActionPermission.read_hsm_key] + assert created_definition.permissions[0].allowed_data_actions == [KeyVaultDataAction.READ_HSM_KEY] # update custom role definition permissions = [ - KeyVaultPermission( - allowed_data_actions=[], denied_data_actions=[DataActionPermission.read_hsm_key] - ) + KeyVaultPermission(allowed_data_actions=[], denied_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) ] updated_definition = await client.set_role_definition( role_scope=scope, role_definition_name=definition_name, permissions=permissions ) assert len(updated_definition.permissions) == 1 assert len(updated_definition.permissions[0].allowed_data_actions) == 0 - assert updated_definition.permissions[0].denied_data_actions == [DataActionPermission.read_hsm_key] + assert updated_definition.permissions[0].denied_data_actions == [KeyVaultDataAction.READ_HSM_KEY] # assert that the created role definition isn't duplicated matching_definitions = [] @@ -106,11 +104,14 @@ async def test_role_definitions(self): deleted_definition = await client.delete_role_definition(scope, definition_name) assert_role_definitions_equal(deleted_definition, definition) + async for definition in client.list_role_definitions(scope): + assert (definition.id != deleted_definition.id), "the role definition should have been deleted" + @AzureTestCase.await_prepared_test async def test_role_assignment(self): client = KeyVaultAccessControlClient(self.managed_hsm["url"], self.credential) - scope = KeyVaultRoleScope.global_value + scope = KeyVaultRoleScope.GLOBAL definitions = [] async for definition in client.list_role_definitions(scope): definitions.append(definition) From c3ab5280054b0d6408a1c7b343b296efbf1b13ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Thu, 21 Jan 2021 10:25:22 -0800 Subject: [PATCH 11/13] Add test recordings --- ...t_access_control.test_role_assignment.yaml | 16 ++--- ..._access_control.test_role_definitions.yaml | 6 +- ...ss_control_async.test_role_assignment.yaml | 24 +++---- ...s_control_async.test_role_definitions.yaml | 69 ++++++++++++++----- 4 files changed, 75 insertions(+), 40 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml index de0a7f693557..d299f92466bd 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_assignment.yaml @@ -87,13 +87,13 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '0' + - '332' status: code: 200 message: OK - request: - body: '{"properties": {"roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8", - "principalId": "service-principal-id"}}' + body: '{"properties": {"principalId": "service-principal-id", "roleDefinitionId": + "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8"}}' headers: Accept: - application/json @@ -132,7 +132,7 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '47' + - '62' status: code: 201 message: Created @@ -174,7 +174,7 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '0' + - '1' status: code: 200 message: OK @@ -193,7 +193,7 @@ interactions: uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview response: body: - string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/19f8914d-c466-4ea8-b253-8fbfc3438422","name":"19f8914d-c466-4ea8-b253-8fbfc3438422","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/9f810469-b448-03af-ab69-9157ab298955","name":"9f810469-b448-03af-ab69-9157ab298955","properties":{"principalId":"cbd24137-615e-47bf-840a-c2a268157bf7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' headers: cache-control: - no-cache @@ -258,7 +258,7 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '40' + - '43' status: code: 200 message: OK @@ -277,7 +277,7 @@ interactions: uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview response: body: - string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/19f8914d-c466-4ea8-b253-8fbfc3438422","name":"19f8914d-c466-4ea8-b253-8fbfc3438422","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/9f810469-b448-03af-ab69-9157ab298955","name":"9f810469-b448-03af-ab69-9157ab298955","properties":{"principalId":"cbd24137-615e-47bf-840a-c2a268157bf7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' headers: cache-control: - no-cache diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml index 9b9e7920c3c4..c2f44b710ac8 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml @@ -89,7 +89,7 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '45' + - '53' status: code: 201 message: Created @@ -183,7 +183,7 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '0' + - '1' status: code: 200 message: OK @@ -316,7 +316,7 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '1' + - '0' status: code: 200 message: OK diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml index 0025548b9ea2..e038e117d8a2 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_assignment.yaml @@ -47,10 +47,10 @@ interactions: HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed - HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/1a12547a-d8dd-45cd-828d-cd8e60b514bd","name":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' headers: cache-control: no-cache - content-length: '7241' + content-length: '6772' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 strict-transport-security: max-age=31536000; includeSubDomains @@ -59,14 +59,14 @@ interactions: x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '0' + x-ms-server-latency: '361' status: code: 200 message: OK url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - request: - body: '{"properties": {"roleDefinitionId": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8", - "principalId": "service-principal-id"}}' + body: '{"properties": {"principalId": "service-principal-id", "roleDefinitionId": + "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8"}}' headers: Accept: - application/json @@ -91,11 +91,11 @@ interactions: x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '68' + x-ms-server-latency: '1073' status: code: 201 message: Created - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/b12284c1-0c8b-4728-8d7a-46588003d5ff?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/9226dc58-113e-4315-8dba-1cce42d3c96b?api-version=7.2-preview - request: body: null headers: @@ -123,7 +123,7 @@ interactions: status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/b12284c1-0c8b-4728-8d7a-46588003d5ff?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/9226dc58-113e-4315-8dba-1cce42d3c96b?api-version=7.2-preview - request: body: null headers: @@ -135,7 +135,7 @@ interactions: uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview response: body: - string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/19f8914d-c466-4ea8-b253-8fbfc3438422","name":"19f8914d-c466-4ea8-b253-8fbfc3438422","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/9f810469-b448-03af-ab69-9157ab298955","name":"9f810469-b448-03af-ab69-9157ab298955","properties":{"principalId":"cbd24137-615e-47bf-840a-c2a268157bf7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"},{"id":"/providers/Microsoft.Authorization/roleAssignments/some-uuid","name":"some-uuid","properties":{"principalId":"service-principal-id","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' headers: cache-control: no-cache content-length: '809' @@ -174,11 +174,11 @@ interactions: x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '43' + x-ms-server-latency: '49' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/b12284c1-0c8b-4728-8d7a-46588003d5ff?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleAssignments/9226dc58-113e-4315-8dba-1cce42d3c96b?api-version=7.2-preview - request: body: null headers: @@ -190,7 +190,7 @@ interactions: uri: https://managedhsm/providers/Microsoft.Authorization/roleAssignments?api-version=7.2-preview response: body: - string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/19f8914d-c466-4ea8-b253-8fbfc3438422","name":"19f8914d-c466-4ea8-b253-8fbfc3438422","properties":{"principalId":"17682169-9b01-44bc-84ae-8b39398ac6b7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' + string: '{"value":[{"id":"/providers/Microsoft.Authorization/roleAssignments/9f810469-b448-03af-ab69-9157ab298955","name":"9f810469-b448-03af-ab69-9157ab298955","properties":{"principalId":"cbd24137-615e-47bf-840a-c2a268157bf7","roleDefinitionId":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","scope":"/"},"type":"Microsoft.Authorization/roleAssignments"}]}' headers: cache-control: no-cache content-length: '410' diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml index f7eb5cd3c014..926b3482fc8d 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml @@ -17,10 +17,10 @@ interactions: HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed - HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/1a12547a-d8dd-45cd-828d-cd8e60b514bd","name":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' headers: cache-control: no-cache - content-length: '7241' + content-length: '6772' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 strict-transport-security: max-age=31536000; includeSubDomains @@ -29,14 +29,14 @@ interactions: x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '1' + x-ms-server-latency: '0' status: code: 200 message: OK url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - request: - body: '{"properties": {"roleName": "definition-name", "permissions": [{"dataActions": - ["Microsoft.KeyVault/managedHsm/keys/read/action"]}]}}' + body: '{"properties": {"permissions": [{"dataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"]}], + "roleName": "definition-name"}}' headers: Accept: - application/json @@ -61,14 +61,14 @@ interactions: x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '43' + x-ms-server-latency: '41' status: code: 201 message: Created - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/d4baeef6-7216-4b1f-a49c-bb771a61c66c?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/f6d3b4bc-abc7-4919-a958-939b0447129f?api-version=7.2-preview - request: - body: '{"properties": {"roleName": "definition-name", "permissions": [{"dataActions": - [], "notDataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"]}]}}' + body: '{"properties": {"permissions": [{"notDataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"], + "dataActions": []}], "roleName": "definition-name"}}' headers: Accept: - application/json @@ -93,11 +93,11 @@ interactions: x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '42' + x-ms-server-latency: '43' status: code: 201 message: Created - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/d4baeef6-7216-4b1f-a49c-bb771a61c66c?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/f6d3b4bc-abc7-4919-a958-939b0447129f?api-version=7.2-preview - request: body: null headers: @@ -116,10 +116,10 @@ interactions: HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed - HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/1a12547a-d8dd-45cd-828d-cd8e60b514bd","name":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"1a12547a-d8dd-45cd-828d-cd8e60b514bd","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/definition-name","name":"definition-name","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/read/action"]}],"roleName":"definition-name","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' headers: cache-control: no-cache - content-length: '7710' + content-length: '7241' content-security-policy: default-src 'self' content-type: application/json; charset=utf-8 strict-transport-security: max-age=31536000; includeSubDomains @@ -156,11 +156,11 @@ interactions: x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '0' + x-ms-server-latency: '1' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/d4baeef6-7216-4b1f-a49c-bb771a61c66c?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/f6d3b4bc-abc7-4919-a958-939b0447129f?api-version=7.2-preview - request: body: null headers: @@ -183,9 +183,44 @@ interactions: x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '40' + x-ms-server-latency: '41' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/d4baeef6-7216-4b1f-a49c-bb771a61c66c?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/f6d3b4bc-abc7-4919-a958-939b0447129f?api-version=7.2-preview +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + response: + body: + string: '{"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed + HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}' + headers: + cache-control: no-cache + content-length: '6772' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop + x-ms-keyvault-network-info: addr=162.211.216.102 + x-ms-keyvault-region: eastus2 + x-ms-server-latency: '1' + status: + code: 200 + message: OK + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview version: 1 From f6dd2a9d8fd50a750b55994a9195bef8413361f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Thu, 21 Jan 2021 15:20:05 -0800 Subject: [PATCH 12/13] Apply naming changes --- .../administration/_access_control_client.py | 29 +++++---- .../azure/keyvault/administration/_enums.py | 2 +- .../v7_2_preview/models/__init__.py | 4 +- .../models/_key_vault_client_enums.py | 4 +- .../_generated/v7_2_preview/models/_models.py | 4 +- .../v7_2_preview/models/_models_py3.py | 8 +-- ..._access_control.test_role_definitions.yaml | 59 ++++++++++++++++--- ...s_control_async.test_role_definitions.yaml | 58 +++++++++++++----- .../tests/test_access_control.py | 4 +- .../tests/test_access_control_async.py | 4 +- 10 files changed, 124 insertions(+), 52 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index ee04d998a2c4..43a0e6b70ba2 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -111,34 +111,33 @@ def list_role_assignments(self, role_scope, **kwargs): ) @distributed_trace - def set_role_definition(self, role_scope, **kwargs): - # type: (Union[str, KeyVaultRoleScope], **Any) -> KeyVaultRoleDefinition + def set_role_definition(self, role_scope, permissions, **kwargs): + # type: (Union[str, KeyVaultRoleScope], Iterable[KeyVaultPermission], **Any) -> KeyVaultRoleDefinition """Creates or updates a custom role definition. :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value. :type role_scope: str or KeyVaultRoleScope + :param permissions: the role definition's permissions. An empty list results in a role definition with no action + permissions. + :type permissions: Iterable[KeyVaultPermission] :keyword role_definition_name: the role definition's name. Must be a UUID. :type role_definition_name: str or uuid.UUID - :keyword permissions: the role definition's permissions. - :type permissions: Iterable[KeyVaultPermission] :keyword assignable_scopes: the role definition's assignable scopes. :type assignable_scopes: list[str] :returns: The created or updated role definition :rtype: KeyVaultRoleDefinition """ role_definition_name = kwargs.pop("role_definition_name", None) or uuid4() - permissions = kwargs.pop("permissions", None) - if permissions is not None: - permissions = [ - self._client.role_definitions.models.Permission( - actions=p.allowed_actions, - not_actions=p.denied_actions, - data_actions=p.allowed_data_actions, - not_data_actions=p.denied_data_actions, - ) - for p in permissions - ] + permissions = [ + self._client.role_definitions.models.Permission( + actions=p.allowed_actions, + not_actions=p.denied_actions, + data_actions=p.allowed_data_actions, + not_data_actions=p.denied_data_actions, + ) + for p in permissions + ] properties = self._client.role_definitions.models.RoleDefinitionProperties( role_name=role_definition_name, permissions=permissions, **kwargs diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py index 0ca888506f88..3d6f7b89d061 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_enums.py @@ -27,7 +27,7 @@ class KeyVaultDataAction(str, Enum): #: Backup HSM keys. BACKUP_HSM_KEYS = "Microsoft.KeyVault/managedHsm/keys/backup/action" #: Restore HSM keys. - RESTORE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/restore/action" + RESTORE_HSM_KEYS = "Microsoft.KeyVault/managedHsm/keys/restore/action" #: Delete role assignment. DELETE_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" #: Get role assignment. diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py index 83314c66e32c..e65cfcf3dde4 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/__init__.py @@ -50,7 +50,7 @@ from ._models import SelectiveKeyRestoreOperationParameters # type: ignore from ._key_vault_client_enums import ( - DataActionPermission, + DataAction, RoleDefinitionType, RoleScope, RoleType, @@ -78,7 +78,7 @@ 'SASTokenParameter', 'SelectiveKeyRestoreOperation', 'SelectiveKeyRestoreOperationParameters', - 'DataActionPermission', + 'DataAction', 'RoleDefinitionType', 'RoleScope', 'RoleType', diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_key_vault_client_enums.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_key_vault_client_enums.py index 04826c5d27c4..6130c70fe5ef 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_key_vault_client_enums.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_key_vault_client_enums.py @@ -24,7 +24,7 @@ def __getattr__(cls, name): raise AttributeError(name) -class DataActionPermission(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): +class DataAction(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): """Supported permissions for data actions. """ @@ -39,7 +39,7 @@ class DataActionPermission(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): #: Backup HSM keys. BACKUP_HSM_KEYS = "Microsoft.KeyVault/managedHsm/keys/backup/action" #: Restore HSM keys. - RESTORE_HSM_KEY = "Microsoft.KeyVault/managedHsm/keys/restore/action" + RESTORE_HSM_KEYS = "Microsoft.KeyVault/managedHsm/keys/restore/action" #: Delete role assignment. DELETE_ROLE_ASSIGNMENT = "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" #: Get role assignment. diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py index 41c6c9c5d606..ab47754e5607 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models.py @@ -163,10 +163,10 @@ class Permission(msrest.serialization.Model): other role definitions assigned to a principal. :type not_actions: list[str] :param data_actions: Data action permissions that are granted. - :type data_actions: list[str or ~key_vault_client.models.DataActionPermission] + :type data_actions: list[str or ~key_vault_client.models.DataAction] :param not_data_actions: Data action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal. - :type not_data_actions: list[str or ~key_vault_client.models.DataActionPermission] + :type not_data_actions: list[str or ~key_vault_client.models.DataAction] """ _attribute_map = { diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py index 3a0195938632..802d4b7f6dff 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_generated/v7_2_preview/models/_models_py3.py @@ -180,10 +180,10 @@ class Permission(msrest.serialization.Model): other role definitions assigned to a principal. :type not_actions: list[str] :param data_actions: Data action permissions that are granted. - :type data_actions: list[str or ~key_vault_client.models.DataActionPermission] + :type data_actions: list[str or ~key_vault_client.models.DataAction] :param not_data_actions: Data action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal. - :type not_data_actions: list[str or ~key_vault_client.models.DataActionPermission] + :type not_data_actions: list[str or ~key_vault_client.models.DataAction] """ _attribute_map = { @@ -198,8 +198,8 @@ def __init__( *, actions: Optional[List[str]] = None, not_actions: Optional[List[str]] = None, - data_actions: Optional[List[Union[str, "DataActionPermission"]]] = None, - not_data_actions: Optional[List[Union[str, "DataActionPermission"]]] = None, + data_actions: Optional[List[Union[str, "DataAction"]]] = None, + not_data_actions: Optional[List[Union[str, "DataAction"]]] = None, **kwargs ): super(Permission, self).__init__(**kwargs) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml index c2f44b710ac8..1292780607a6 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control.test_role_definitions.yaml @@ -1,4 +1,47 @@ interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + response: + body: + string: OK + headers: + cache-control: + - no-cache + content-length: + - '2' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + www-authenticate: + - Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://managedhsm.azure.net" + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20210112-1-4fbf61ac-develop + x-ms-server-latency: + - '2' + status: + code: 401 + message: Unauthorized - request: body: null headers: @@ -44,13 +87,13 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '1' + - '353' status: code: 200 message: OK - request: - body: '{"properties": {"permissions": [{"dataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"]}], - "roleName": "definition-name"}}' + body: '{"properties": {"roleName": "definition-name", "permissions": [{"dataActions": + ["Microsoft.KeyVault/managedHsm/keys/read/action"]}]}}' headers: Accept: - application/json @@ -94,8 +137,8 @@ interactions: code: 201 message: Created - request: - body: '{"properties": {"permissions": [{"dataActions": [], "notDataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"]}], - "roleName": "definition-name"}}' + body: '{"properties": {"roleName": "definition-name", "permissions": [{"notDataActions": + ["Microsoft.KeyVault/managedHsm/keys/read/action"], "dataActions": []}]}}' headers: Accept: - application/json @@ -134,7 +177,7 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '42' + - '57' status: code: 201 message: Created @@ -225,7 +268,7 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '0' + - '1' status: code: 200 message: OK @@ -267,7 +310,7 @@ interactions: x-ms-keyvault-region: - eastus2 x-ms-server-latency: - - '40' + - '44' status: code: 200 message: OK diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml index 926b3482fc8d..b8cd67e50085 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_access_control_async.test_role_definitions.yaml @@ -1,4 +1,34 @@ interactions: +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b3 Python/3.5.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview + response: + body: + string: OK + headers: + cache-control: no-cache + content-length: '2' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + www-authenticate: Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://managedhsm.azure.net" + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop + x-ms-server-latency: '1' + status: + code: 401 + message: Unauthorized + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - request: body: null headers: @@ -29,14 +59,14 @@ interactions: x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '0' + x-ms-server-latency: '1' status: code: 200 message: OK url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions?api-version=7.2-preview - request: - body: '{"properties": {"permissions": [{"dataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"]}], - "roleName": "definition-name"}}' + body: '{"properties": {"roleName": "definition-name", "permissions": [{"dataActions": + ["Microsoft.KeyVault/managedHsm/keys/read/action"]}]}}' headers: Accept: - application/json @@ -61,14 +91,14 @@ interactions: x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '41' + x-ms-server-latency: '36' status: code: 201 message: Created - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/f6d3b4bc-abc7-4919-a958-939b0447129f?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/bc61b7be-db21-4213-bc8f-1f0a3715b316?api-version=7.2-preview - request: - body: '{"properties": {"permissions": [{"notDataActions": ["Microsoft.KeyVault/managedHsm/keys/read/action"], - "dataActions": []}], "roleName": "definition-name"}}' + body: '{"properties": {"roleName": "definition-name", "permissions": [{"notDataActions": + ["Microsoft.KeyVault/managedHsm/keys/read/action"], "dataActions": []}]}}' headers: Accept: - application/json @@ -93,11 +123,11 @@ interactions: x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '43' + x-ms-server-latency: '39' status: code: 201 message: Created - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/f6d3b4bc-abc7-4919-a958-939b0447129f?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/bc61b7be-db21-4213-bc8f-1f0a3715b316?api-version=7.2-preview - request: body: null headers: @@ -156,11 +186,11 @@ interactions: x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '1' + x-ms-server-latency: '0' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/f6d3b4bc-abc7-4919-a958-939b0447129f?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/bc61b7be-db21-4213-bc8f-1f0a3715b316?api-version=7.2-preview - request: body: null headers: @@ -183,11 +213,11 @@ interactions: x-frame-options: SAMEORIGIN x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '41' + x-ms-server-latency: '42' status: code: 200 message: OK - url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/f6d3b4bc-abc7-4919-a958-939b0447129f?api-version=7.2-preview + url: https://mcpatinotesthsm.managedhsm.azure.net/providers/Microsoft.Authorization/roleDefinitions/bc61b7be-db21-4213-bc8f-1f0a3715b316?api-version=7.2-preview - request: body: null headers: @@ -218,7 +248,7 @@ interactions: x-ms-build-version: 1.0.20210112-1-4fbf61ac-develop x-ms-keyvault-network-info: addr=162.211.216.102 x-ms-keyvault-region: eastus2 - x-ms-server-latency: '1' + x-ms-server-latency: '0' status: code: 200 message: OK diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index e290ab2934b9..c24c3894ab23 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -61,7 +61,7 @@ def test_role_definitions(self): definition_name = self.get_replayable_uuid("definition-name") permissions = [KeyVaultPermission(allowed_data_actions=[KeyVaultDataAction.READ_HSM_KEY])] created_definition = client.set_role_definition( - role_scope=scope, role_definition_name=definition_name, permissions=permissions + role_scope=scope, permissions=permissions, role_definition_name=definition_name ) assert "/" in created_definition.assignable_scopes assert created_definition.name == definition_name @@ -73,7 +73,7 @@ def test_role_definitions(self): KeyVaultPermission(allowed_data_actions=[], denied_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) ] updated_definition = client.set_role_definition( - role_scope=scope, role_definition_name=definition_name, permissions=permissions + role_scope=scope, permissions=permissions, role_definition_name=definition_name ) assert len(updated_definition.permissions) == 1 assert len(updated_definition.permissions[0].allowed_data_actions) == 0 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py index 37de85fe8304..41b9bafd8356 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py @@ -71,7 +71,7 @@ async def test_role_definitions(self): definition_name = self.get_replayable_uuid("definition-name") permissions = [KeyVaultPermission(allowed_data_actions=[KeyVaultDataAction.READ_HSM_KEY])] created_definition = await client.set_role_definition( - role_scope=scope, role_definition_name=definition_name, permissions=permissions + role_scope=scope, permissions=permissions, role_definition_name=definition_name ) assert "/" in created_definition.assignable_scopes assert created_definition.name == definition_name @@ -83,7 +83,7 @@ async def test_role_definitions(self): KeyVaultPermission(allowed_data_actions=[], denied_data_actions=[KeyVaultDataAction.READ_HSM_KEY]) ] updated_definition = await client.set_role_definition( - role_scope=scope, role_definition_name=definition_name, permissions=permissions + role_scope=scope, permissions=permissions, role_definition_name=definition_name ) assert len(updated_definition.permissions) == 1 assert len(updated_definition.permissions[0].allowed_data_actions) == 0 From f0c5d83d8a84dc7f7a454880322b0661c25a5a99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= Date: Thu, 21 Jan 2021 17:22:32 -0800 Subject: [PATCH 13/13] Thanks, Charles! --- .../azure/keyvault/administration/_access_control_client.py | 4 ++-- .../keyvault/administration/aio/_access_control_client.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 43a0e6b70ba2..51e795965928 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -84,7 +84,7 @@ def get_role_assignment(self, role_scope, role_assignment_name, **kwargs): :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope - :param role_assignment_name: the assignment's name. Must be a UUID. + :param role_assignment_name: the assignment's name. :type role_assignment_name: str or uuid.UUID :rtype: KeyVaultRoleAssignment """ @@ -161,7 +161,7 @@ def get_role_definition(self, role_scope, role_definition_name, **kwargs): :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value. :type role_scope: str or KeyVaultRoleScope - :param role_definition_name: the role definition's name. Must be a UUID. + :param role_definition_name: the role definition's name. :type role_definition_name: str or uuid.UUID :rtype: KeyVaultRoleDefinition """ diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index fc37b920a662..ba73fe21b2bd 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -88,7 +88,7 @@ async def get_role_assignment( :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/". :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope - :param role_assignment_name: the assignment's name. Must be a UUID. + :param role_assignment_name: the assignment's name. :type role_assignment_name: str or uuid.UUID :rtype: KeyVaultRoleAssignment """ @@ -169,7 +169,7 @@ async def get_role_definition( :param role_scope: scope of the role definition. :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. Managed HSM only supports '/', or KeyVaultRoleScope.global_value. :type role_scope: str or KeyVaultRoleScope - :param role_definition_name: the role definition's name. Must be a UUID. + :param role_definition_name: the role definition's name. :type role_definition_name: str or uuid.UUID :rtype: KeyVaultRoleDefinition """