diff --git a/sdk/keyvault/azure-keyvault-keys/CHANGELOG.md b/sdk/keyvault/azure-keyvault-keys/CHANGELOG.md index 9d0bac12c7ed..d5345eefec14 100644 --- a/sdk/keyvault/azure-keyvault-keys/CHANGELOG.md +++ b/sdk/keyvault/azure-keyvault-keys/CHANGELOG.md @@ -5,6 +5,17 @@ ### Features Added ### Breaking Changes +> These changes do not impact the API of stable versions such as 4.4.0. +> Only code written against a beta version such as 4.5.0b1 may be affected. +- `KeyClient.update_key_rotation_policy` accepts a required `policy` argument + ([#22981](https://github.com/Azure/azure-sdk-for-python/issues/22981)) +- The optional `version` parameter in `KeyClient.release_key` is now a keyword-only argument + ([#22981](https://github.com/Azure/azure-sdk-for-python/issues/22981)) +- Renamed the `name` parameter in `KeyClient.get_key_rotation_policy` and + `KeyClient.update_key_rotation_policy` to `key_name` + ([#22981](https://github.com/Azure/azure-sdk-for-python/issues/22981)) +- Enum values in `azure-keyvault-keys` are now uniformly lower-cased + ([#22981](https://github.com/Azure/azure-sdk-for-python/issues/22981)) ### Bugs Fixed - `KeyType` now ignores casing during declaration, which resolves a scenario where Key Vault diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py index 5db1eef1f147..6d60bba138d5 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py @@ -689,8 +689,8 @@ def import_key(self, name, key, **kwargs): return KeyVaultKey._from_key_bundle(bundle) @distributed_trace - def release_key(self, name, target_attestation_token, version=None, **kwargs): - # type: (str, str, Optional[str], **Any) -> ReleaseKeyResult + def release_key(self, name, target_attestation_token, **kwargs): + # type: (str, str, **Any) -> ReleaseKeyResult """Releases a key. The release key operation is applicable to all key types. The target key must be marked @@ -698,9 +698,8 @@ def release_key(self, name, target_attestation_token, version=None, **kwargs): :param str name: The name of the key to get. :param str target_attestation_token: The attestation assertion for the target of the key release. - :param str version: (optional) A specific version of the key to release. If unspecified, the latest version is - released. + :keyword str version: A specific version of the key to release. If unspecified, the latest version is released. :keyword algorithm: The encryption algorithm to use to protect the released key material. :paramtype algorithm: ~azure.keyvault.keys.KeyExportEncryptionAlgorithm :keyword str nonce: A client-provided nonce for freshness. @@ -709,10 +708,11 @@ def release_key(self, name, target_attestation_token, version=None, **kwargs): :rtype: ~azure.keyvault.keys.ReleaseKeyResult :raises: :class:`~azure.core.exceptions.HttpResponseError` """ + version = kwargs.pop("version", "") result = self._client.release( vault_base_url=self._vault_url, key_name=name, - key_version=version or "", + key_version=version, parameters=self._models.KeyReleaseParameters( target_attestation_token=target_attestation_token, nonce=kwargs.pop("nonce", None), @@ -750,17 +750,17 @@ def get_random_bytes(self, count, **kwargs): return result.value @distributed_trace - def get_key_rotation_policy(self, name, **kwargs): + def get_key_rotation_policy(self, key_name, **kwargs): # type: (str, **Any) -> KeyRotationPolicy """Get the rotation policy of a Key Vault key. - :param str name: The name of the key. + :param str key_name: The name of the key. :return: The key rotation policy. :rtype: ~azure.keyvault.keys.KeyRotationPolicy :raises: :class: `~azure.core.exceptions.HttpResponseError` """ - policy = self._client.get_key_rotation_policy(vault_base_url=self._vault_url, key_name=name, **kwargs) + policy = self._client.get_key_rotation_policy(vault_base_url=self._vault_url, key_name=key_name, **kwargs) return KeyRotationPolicy._from_generated(policy) @distributed_trace @@ -780,25 +780,29 @@ def rotate_key(self, name, **kwargs): return KeyVaultKey._from_key_bundle(bundle) @distributed_trace - def update_key_rotation_policy(self, name, **kwargs): - # type: (str, **Any) -> KeyRotationPolicy + def update_key_rotation_policy(self, key_name, policy, **kwargs): + # type: (str, KeyRotationPolicy, **Any) -> KeyRotationPolicy """Updates the rotation policy of a Key Vault key. This operation requires the keys/update permission. - :param str name: The name of the key in the given vault. + :param str key_name: The name of the key in the given vault. + :param policy: The new rotation policy for the key. + :type policy: ~azure.keyvault.keys.KeyRotationPolicy - :keyword lifetime_actions: Actions that will be performed by Key Vault over the lifetime of a key. + :keyword lifetime_actions: Actions that will be performed by Key Vault over the lifetime of a key. This will + override the lifetime actions of the provided ``policy``. :paramtype lifetime_actions: Iterable[~azure.keyvault.keys.KeyRotationLifetimeAction] :keyword str expires_in: The expiry time of the policy that will be applied on new key versions, defined as an ISO 8601 duration. For example: 90 days is "P90D", 3 months is "P3M", and 48 hours is "PT48H". See `Wikipedia `_ for more information on ISO 8601 durations. + This will override the expiry time of the provided ``policy``. :return: The updated rotation policy. :rtype: ~azure.keyvault.keys.KeyRotationPolicy :raises: :class:`~azure.core.exceptions.HttpResponseError` """ - lifetime_actions = kwargs.pop("lifetime_actions", None) + lifetime_actions = kwargs.pop("lifetime_actions", policy.lifetime_actions) if lifetime_actions: lifetime_actions = [ self._models.LifetimeActions( @@ -810,9 +814,9 @@ def update_key_rotation_policy(self, name, **kwargs): for action in lifetime_actions ] - attributes = self._models.KeyRotationPolicyAttributes(expiry_time=kwargs.pop("expires_in", None)) - policy = self._models.KeyRotationPolicy(lifetime_actions=lifetime_actions, attributes=attributes) + attributes = self._models.KeyRotationPolicyAttributes(expiry_time=kwargs.pop("expires_in", policy.expires_in)) + new_policy = self._models.KeyRotationPolicy(lifetime_actions=lifetime_actions, attributes=attributes) result = self._client.update_key_rotation_policy( - vault_base_url=self._vault_url, key_name=name, key_rotation_policy=policy + vault_base_url=self._vault_url, key_name=key_name, key_rotation_policy=new_policy ) return KeyRotationPolicy._from_generated(result) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_enums.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_enums.py index 23d5bf81c3a2..bcc3cc106015 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_enums.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_enums.py @@ -21,9 +21,9 @@ class KeyCurveName(with_metaclass(CaseInsensitiveEnumMeta, str, Enum)): class KeyExportEncryptionAlgorithm(with_metaclass(CaseInsensitiveEnumMeta, str, Enum)): """Supported algorithms for protecting exported key material""" - CKM_RSA_AES_KEY_WRAP = "CKM_RSA_AES_KEY_WRAP" - RSA_AES_KEY_WRAP_256 = "RSA_AES_KEY_WRAP_256" - RSA_AES_KEY_WRAP_384 = "RSA_AES_KEY_WRAP_384" + ckm_rsa_aes_key_wrap = "CKM_RSA_AES_KEY_WRAP" + rsa_aes_key_wrap_256 = "RSA_AES_KEY_WRAP_256" + rsa_aes_key_wrap_384 = "RSA_AES_KEY_WRAP_384" class KeyOperation(with_metaclass(CaseInsensitiveEnumMeta, str, Enum)): @@ -42,8 +42,8 @@ class KeyOperation(with_metaclass(CaseInsensitiveEnumMeta, str, Enum)): class KeyRotationPolicyAction(with_metaclass(CaseInsensitiveEnumMeta, str, Enum)): """The action that will be executed in a key rotation policy""" - ROTATE = "Rotate" #: Rotate the key based on the key policy. - NOTIFY = "Notify" #: Trigger Event Grid events. + rotate = "Rotate" #: Rotate the key based on the key policy. + notify = "Notify" #: Trigger Event Grid events. class KeyType(with_metaclass(CaseInsensitiveEnumMeta, str, Enum)): diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py index 93ae135f962c..dd30eb8729e9 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py @@ -320,18 +320,18 @@ class KeyRotationPolicy(object): :ivar str id: The identifier of the key rotation policy. :ivar lifetime_actions: Actions that will be performed by Key Vault over the lifetime of a key. :type lifetime_actions: list[~azure.keyvault.keys.KeyRotationLifetimeAction] - :ivar str expires_in: The expiry time of the policy that will be applied on new key versions, defined as an ISO - 8601 duration. For example, 90 days is "P90D". See `Wikipedia `_ - for more information on ISO 8601 durations. + :ivar str expires_in: The expiry time of the policy that will be applied on new key versions, defined as an ISO 8601 + duration. For example, 90 days is "P90D". See `Wikipedia `_ for + more information on ISO 8601 durations. :ivar created_on: When the policy was created, in UTC :type created_on: ~datetime.datetime :ivar updated_on: When the policy was last updated, in UTC :type updated_on: ~datetime.datetime """ - def __init__(self, policy_id, **kwargs): - # type: (str, **Any) -> None - self.id = policy_id + def __init__(self, **kwargs): + # type: (**Any) -> None + self.id = kwargs.get("policy_id", None) self.lifetime_actions = kwargs.get("lifetime_actions", None) self.expires_in = kwargs.get("expires_in", None) self.created_on = kwargs.get("created_on", None) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/_client.py index ec7c86053f3c..bb702bf62143 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/_client.py @@ -675,9 +675,7 @@ async def import_key(self, name: str, key: JsonWebKey, **kwargs: "Any") -> KeyVa return KeyVaultKey._from_key_bundle(bundle) @distributed_trace_async - async def release_key( - self, name: str, target_attestation_token: str, version: "Optional[str]" = None, **kwargs: "Any" - ) -> ReleaseKeyResult: + async def release_key(self, name: str, target_attestation_token: str, **kwargs: "Any") -> ReleaseKeyResult: """Releases a key. The release key operation is applicable to all key types. The target key must be marked @@ -685,9 +683,8 @@ async def release_key( :param str name: The name of the key to get. :param str target_attestation_token: The attestation assertion for the target of the key release. - :param str version: (optional) A specific version of the key to release. If unspecified, the latest version is - released. + :keyword str version: A specific version of the key to release. If unspecified, the latest version is released. :keyword algorithm: The encryption algorithm to use to protect the released key material. :paramtype algorithm: ~azure.keyvault.keys.KeyExportEncryptionAlgorithm :keyword str nonce: A client-provided nonce for freshness. @@ -696,10 +693,11 @@ async def release_key( :rtype: ~azure.keyvault.keys.ReleaseKeyResult :raises: :class:`~azure.core.exceptions.HttpResponseError` """ + version = kwargs.pop("version", "") result = await self._client.release( vault_base_url=self._vault_url, key_name=name, - key_version=version or "", + key_version=version, parameters=self._models.KeyReleaseParameters( target_attestation_token=target_attestation_token, nonce=kwargs.pop("nonce", None), @@ -736,16 +734,16 @@ async def get_random_bytes(self, count: int, **kwargs: "Any") -> bytes: return result.value @distributed_trace_async - async def get_key_rotation_policy(self, name: str, **kwargs: "Any") -> "KeyRotationPolicy": + async def get_key_rotation_policy(self, key_name: str, **kwargs: "Any") -> "KeyRotationPolicy": """Get the rotation policy of a Key Vault key. - :param str name: The name of the key. + :param str key_name: The name of the key. :return: The key rotation policy. :rtype: ~azure.keyvault.keys.KeyRotationPolicy :raises: :class:`~azure.core.exceptions.HttpResponseError` """ - policy = await self._client.get_key_rotation_policy(vault_base_url=self._vault_url, key_name=name, **kwargs) + policy = await self._client.get_key_rotation_policy(vault_base_url=self._vault_url, key_name=key_name, **kwargs) return KeyRotationPolicy._from_generated(policy) @distributed_trace_async @@ -764,24 +762,30 @@ async def rotate_key(self, name: str, **kwargs: "Any") -> KeyVaultKey: return KeyVaultKey._from_key_bundle(bundle) @distributed_trace_async - async def update_key_rotation_policy(self, name: str, **kwargs: "Any") -> KeyRotationPolicy: + async def update_key_rotation_policy( + self, key_name: str, policy: KeyRotationPolicy, **kwargs: "Any" + ) -> KeyRotationPolicy: """Updates the rotation policy of a Key Vault key. This operation requires the keys/update permission. - :param str name: The name of the key in the given vault. + :param str key_name: The name of the key in the given vault. + :param policy: The new rotation policy for the key. + :type policy: ~azure.keyvault.keys.KeyRotationPolicy - :keyword lifetime_actions: Actions that will be performed by Key Vault over the lifetime of a key. + :keyword lifetime_actions: Actions that will be performed by Key Vault over the lifetime of a key. This will + override the lifetime actions of the provided ``policy``. :paramtype lifetime_actions: Iterable[~azure.keyvault.keys.KeyRotationLifetimeAction] :keyword str expires_in: The expiry time of the policy that will be applied on new key versions, defined as an ISO 8601 duration. For example: 90 days is "P90D", 3 months is "P3M", and 48 hours is "PT48H". See `Wikipedia `_ for more information on ISO 8601 durations. + This will override the expiry time of the provided ``policy``. :return: The updated rotation policy. :rtype: ~azure.keyvault.keys.KeyRotationPolicy :raises: :class:`~azure.core.exceptions.HttpResponseError` """ - lifetime_actions = kwargs.pop("lifetime_actions", None) + lifetime_actions = kwargs.pop("lifetime_actions", policy.lifetime_actions) if lifetime_actions: lifetime_actions = [ self._models.LifetimeActions( @@ -793,9 +797,9 @@ async def update_key_rotation_policy(self, name: str, **kwargs: "Any") -> KeyRot for action in lifetime_actions ] - attributes = self._models.KeyRotationPolicyAttributes(expiry_time=kwargs.pop("expires_in", None)) - policy = self._models.KeyRotationPolicy(lifetime_actions=lifetime_actions, attributes=attributes) + attributes = self._models.KeyRotationPolicyAttributes(expiry_time=kwargs.pop("expires_in", policy.expires_in)) + new_policy = self._models.KeyRotationPolicy(lifetime_actions=lifetime_actions, attributes=attributes) result = await self._client.update_key_rotation_policy( - vault_base_url=self._vault_url, key_name=name, key_rotation_policy=policy + vault_base_url=self._vault_url, key_name=key_name, key_rotation_policy=new_policy ) return KeyRotationPolicy._from_generated(result) diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_key_client.test_key_rotation_policy_7_3_preview_vault.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_key_client.test_key_rotation_policy_7_3_preview_vault.yaml index fbe1b9c43e9a..e57ce4e81e44 100644 --- a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_key_client.test_key_rotation_policy_7_3_preview_vault.yaml +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_key_client.test_key_rotation_policy_7_3_preview_vault.yaml @@ -13,7 +13,7 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: POST uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/create?api-version=7.3-preview response: @@ -28,7 +28,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 06 Oct 2021 19:10:18 GMT + - Thu, 03 Mar 2022 05:34:43 GMT expires: - '-1' pragma: @@ -45,7 +45,7 @@ interactions: x-ms-keyvault-region: - westus x-ms-keyvault-service-version: - - 1.9.132.3 + - 1.9.291.1 x-powered-by: - ASP.NET status: @@ -65,12 +65,12 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: POST uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/create?api-version=7.3-preview response: body: - string: '{"key":{"kid":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/c4727665632f40458f317002b39a1504","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"2gbZmgfsdB98UZQ1YbmpvHYGNOICfyClDIBjVc5UatdptqMiUQU_1mbSB7ngynjQWFXH7AOnE4XH37lQ1ZQAGSvH6Z0LjYkyLT5tSG_MdJ5TGRqyMT6tEh-46QvPRGLAMbWm6uqAbmc6pX-Qsj2nxBsueH1p7Q9qR-IH0oXVS6v8If2YkwMvBo7Uzf6mtwfquDzXYOS5jwg5rWz7PlUTiQaws4s1Fwlth7Vxr6HFYPpmVBQM327hKgR50kcv6mjXmt0VT27apBOyJykGZlGjuZZLILT5Tffc3AC4qNhSEhKXZA2uqg5f7HB8PERZrexi0fI_AzTLySwtZStzJwBC_Q","e":"AQAB"},"attributes":{"enabled":true,"exp":1641323419,"created":1633547419,"updated":1633547419,"recoveryLevel":"CustomizedRecoverable+Purgeable","recoverableDays":7}}' + string: '{"key":{"kid":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/b916ba2ef8a34c7ba1229e86b3df7622","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"1tLPKv1ZNujC09DSeovV5-ihj4QRE48P6-bFTQgcRJMZxvczdUTx6RDEdQiTuKi8wOssiyh3yuSDpaWUiY-FI8ZGWAaP0Vnhr8ssnHtwBo9NCPd3NwXbahj4CERr7OAt9WPpIMjSmHEE-wJtki3-rgvCUVfv6Cu1IP5Hl1IqxsOes3L3BF9Y6BgaIqSGkgngirww42KGW_bEv4ILwW3phPvtFcF9kILEyXHi1dHb5Mwlv5rALlj8x5VuzULCWxz8sBjldZEomOdSLE6w2_jW1IN0pa2PB6u_jL51sBW5SqqGV2aMEGMR2MP06T3OU3GrhhrwagiMRCVAwiuAj1UEdQ","e":"AQAB"},"attributes":{"enabled":true,"exp":1654061684,"created":1646285684,"updated":1646285684,"recoveryLevel":"CustomizedRecoverable+Purgeable","recoverableDays":7}}' headers: cache-control: - no-cache @@ -79,7 +79,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 06 Oct 2021 19:10:19 GMT + - Thu, 03 Mar 2022 05:34:43 GMT expires: - '-1' pragma: @@ -93,7 +93,7 @@ interactions: x-ms-keyvault-region: - westus x-ms-keyvault-service-version: - - 1.9.132.3 + - 1.9.291.1 x-powered-by: - ASP.NET status: @@ -114,21 +114,21 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: PUT uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy?api-version=7.3-preview response: body: - string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy","lifetimeActions":[{"trigger":{"timeAfterCreate":"P2M"},"action":{"type":"Rotate"}}],"attributes":{"created":1633547268,"updated":1633547419}}' + string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy","lifetimeActions":[{"trigger":{"timeAfterCreate":"P2M"},"action":{"type":"Rotate"}},{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"created":1646285353,"updated":1646285684}}' headers: cache-control: - no-cache content-length: - - '237' + - '304' content-type: - application/json; charset=utf-8 date: - - Wed, 06 Oct 2021 19:10:19 GMT + - Thu, 03 Mar 2022 05:34:44 GMT expires: - '-1' pragma: @@ -142,7 +142,7 @@ interactions: x-ms-keyvault-region: - westus x-ms-keyvault-service-version: - - 1.9.132.3 + - 1.9.291.1 x-powered-by: - ASP.NET status: @@ -158,21 +158,21 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: GET uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy?api-version=7.3-preview response: body: - string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy","lifetimeActions":[{"trigger":{"timeAfterCreate":"P2M"},"action":{"type":"Rotate"}}],"attributes":{"created":1633547268,"updated":1633547419}}' + string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy","lifetimeActions":[{"trigger":{"timeAfterCreate":"P2M"},"action":{"type":"Rotate"}},{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"created":1646285353,"updated":1646285684}}' headers: cache-control: - no-cache content-length: - - '237' + - '304' content-type: - application/json; charset=utf-8 date: - - Wed, 06 Oct 2021 19:10:19 GMT + - Thu, 03 Mar 2022 05:34:44 GMT expires: - '-1' pragma: @@ -186,7 +186,57 @@ interactions: x-ms-keyvault-region: - westus x-ms-keyvault-service-version: - - 1.9.132.3 + - 1.9.291.1 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"lifetimeActions": [{"trigger": {"timeAfterCreate": "P2M"}, "action": + {"type": "Rotate"}}, {"trigger": {"timeBeforeExpiry": "P30D"}, "action": {"type": + "Notify"}}], "attributes": {"expiryTime": "P90D"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '203' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) + method: PUT + uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy?api-version=7.3-preview + response: + body: + string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy","lifetimeActions":[{"trigger":{"timeAfterCreate":"P2M"},"action":{"type":"Rotate"}},{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"expiryTime":"P90D","created":1646285353,"updated":1646285685}}' + headers: + cache-control: + - no-cache + content-length: + - '324' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 03 Mar 2022 05:34:44 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000;includeSubDomains + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.9.291.1 x-powered-by: - ASP.NET status: @@ -207,12 +257,12 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: PUT uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy?api-version=7.3-preview response: body: - string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy","lifetimeActions":[{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"expiryTime":"P90D","created":1633547268,"updated":1633547419}}' + string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy","lifetimeActions":[{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"expiryTime":"P90D","created":1646285353,"updated":1646285685}}' headers: cache-control: - no-cache @@ -221,7 +271,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 06 Oct 2021 19:10:19 GMT + - Thu, 03 Mar 2022 05:34:44 GMT expires: - '-1' pragma: @@ -235,7 +285,7 @@ interactions: x-ms-keyvault-region: - westus x-ms-keyvault-service-version: - - 1.9.132.3 + - 1.9.291.1 x-powered-by: - ASP.NET status: @@ -251,12 +301,12 @@ interactions: Connection: - keep-alive User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: GET uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy?api-version=7.3-preview response: body: - string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy","lifetimeActions":[{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"expiryTime":"P90D","created":1633547268,"updated":1633547419}}' + string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keybd0f17af/rotationpolicy","lifetimeActions":[{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"expiryTime":"P90D","created":1646285353,"updated":1646285685}}' headers: cache-control: - no-cache @@ -265,7 +315,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Wed, 06 Oct 2021 19:10:19 GMT + - Thu, 03 Mar 2022 05:34:44 GMT expires: - '-1' pragma: @@ -279,7 +329,7 @@ interactions: x-ms-keyvault-region: - westus x-ms-keyvault-service-version: - - 1.9.132.3 + - 1.9.291.1 x-powered-by: - ASP.NET status: diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_keys_async.test_key_rotation_policy_7_3_preview_vault.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_keys_async.test_key_rotation_policy_7_3_preview_vault.yaml index 251c7d83de58..c0409904b751 100644 --- a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_keys_async.test_key_rotation_policy_7_3_preview_vault.yaml +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_keys_async.test_key_rotation_policy_7_3_preview_vault.yaml @@ -9,7 +9,7 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: POST uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/create?api-version=7.3-preview response: @@ -20,7 +20,7 @@ interactions: cache-control: no-cache content-length: '97' content-type: application/json; charset=utf-8 - date: Wed, 06 Oct 2021 19:12:17 GMT + date: Thu, 03 Mar 2022 05:37:33 GMT expires: '-1' pragma: no-cache strict-transport-security: max-age=31536000;includeSubDomains @@ -29,7 +29,7 @@ interactions: x-content-type-options: nosniff x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork; x-ms-keyvault-region: westus - x-ms-keyvault-service-version: 1.9.132.3 + x-ms-keyvault-service-version: 1.9.291.1 x-powered-by: ASP.NET status: code: 401 @@ -45,24 +45,24 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: POST uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/create?api-version=7.3-preview response: body: - string: '{"key":{"kid":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/b12e827147874902aa31394581c24ce9","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"vvcEH9RDFmGTytPDVYuU_NkTTDb3o3Sf0Lanq-e8DhUi8XOAlBv_gRx5EiqHzNrW8Xhs95dTQWuZTujjhXT_7ZF4r0IlK0wLBewYHF_KjsLUMOqgCBUOe94l8fzS07cKFup-mJyGtNnwFrEn8xh9S17wkan8SESy-cR1ay4l417JoKUQ_wU9rZzrm7UTmhCq6ok9zqfS5pypld9eV0QhgblK_h1ly44F6p35JTZpAb2f0yfWotCg7jAXhtnUo7VwdAushFc7FE04NRoBIW_rynBGWbZiLoojBiNOZAifoo6Pmfuh-vyfAe5TdaoLOA-H_3UWb4R17PdcCk7XAP8gMQ","e":"AQAB"},"attributes":{"enabled":true,"created":1633547537,"updated":1633547537,"recoveryLevel":"CustomizedRecoverable+Purgeable","recoverableDays":7}}' + string: '{"key":{"kid":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/31735a324c0244cbb4b5499a9cbe222c","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"xDICpK8C6V-71MWEN9dX_K-dvyvmK8dEfo_jsq0Wj1_bWsWFQY9fP-8PMMFiGs6RinBGzeaej1PAvfOE6qYX4rb23vdUVdUScUTsZ77nK69MOuArIZzZvV8E14Mj9bE1uzg9MnJgt_qyIOG3BzPKPRELwD705ZQE1Fq04qHLoFK4cWOsPzKa7UB9e8W8pHRs4N6G1aa-Vyoi55wKLHHrHDGhhfZbOEZtyzhL-5mHbEe3Kqtgw5ATs_kx1ASYJ73ZLZfqxLxBXFcRzR46USO6PaUJWSvwXkWM8v8A1ymf6-KnUT7bPnnczjiN4P2k3_jG0IFUMJ9npo3esU283Hp4RQ","e":"AQAB"},"attributes":{"enabled":true,"created":1646285854,"updated":1646285854,"recoveryLevel":"CustomizedRecoverable+Purgeable","recoverableDays":7}}' headers: cache-control: no-cache content-length: '706' content-type: application/json; charset=utf-8 - date: Wed, 06 Oct 2021 19:12:17 GMT + date: Thu, 03 Mar 2022 05:37:33 GMT expires: '-1' pragma: no-cache strict-transport-security: max-age=31536000;includeSubDomains x-content-type-options: nosniff x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork; x-ms-keyvault-region: westus - x-ms-keyvault-service-version: 1.9.132.3 + x-ms-keyvault-service-version: 1.9.291.1 x-powered-by: ASP.NET status: code: 200 @@ -79,24 +79,24 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: PUT uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy?api-version=7.3-preview response: body: - string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy","lifetimeActions":[{"trigger":{"timeAfterCreate":"P2M"},"action":{"type":"Rotate"}}],"attributes":{"created":1633547538,"updated":1633547538}}' + string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy","lifetimeActions":[{"trigger":{"timeAfterCreate":"P2M"},"action":{"type":"Rotate"}},{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"created":1646285854,"updated":1646285854}}' headers: cache-control: no-cache - content-length: '237' + content-length: '304' content-type: application/json; charset=utf-8 - date: Wed, 06 Oct 2021 19:12:18 GMT + date: Thu, 03 Mar 2022 05:37:33 GMT expires: '-1' pragma: no-cache strict-transport-security: max-age=31536000;includeSubDomains x-content-type-options: nosniff x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork; x-ms-keyvault-region: westus - x-ms-keyvault-service-version: 1.9.132.3 + x-ms-keyvault-service-version: 1.9.291.1 x-powered-by: ASP.NET status: code: 200 @@ -108,24 +108,59 @@ interactions: Accept: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: GET uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy?api-version=7.3-preview response: body: - string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy","lifetimeActions":[{"trigger":{"timeAfterCreate":"P2M"},"action":{"type":"Rotate"}}],"attributes":{"created":1633547538,"updated":1633547538}}' + string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy","lifetimeActions":[{"trigger":{"timeAfterCreate":"P2M"},"action":{"type":"Rotate"}},{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"created":1646285854,"updated":1646285854}}' headers: cache-control: no-cache - content-length: '237' + content-length: '304' content-type: application/json; charset=utf-8 - date: Wed, 06 Oct 2021 19:12:18 GMT + date: Thu, 03 Mar 2022 05:37:33 GMT expires: '-1' pragma: no-cache strict-transport-security: max-age=31536000;includeSubDomains x-content-type-options: nosniff x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork; x-ms-keyvault-region: westus - x-ms-keyvault-service-version: 1.9.132.3 + x-ms-keyvault-service-version: 1.9.291.1 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: https://mcpatino-kv.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy?api-version=7.3-preview +- request: + body: '{"lifetimeActions": [{"trigger": {"timeAfterCreate": "P2M"}, "action": + {"type": "Rotate"}}, {"trigger": {"timeBeforeExpiry": "P30D"}, "action": {"type": + "Notify"}}], "attributes": {"expiryTime": "P90D"}}' + headers: + Accept: + - application/json + Content-Length: + - '203' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) + method: PUT + uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy?api-version=7.3-preview + response: + body: + string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy","lifetimeActions":[{"trigger":{"timeAfterCreate":"P2M"},"action":{"type":"Rotate"}},{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"expiryTime":"P90D","created":1646285854,"updated":1646285854}}' + headers: + cache-control: no-cache + content-length: '324' + content-type: application/json; charset=utf-8 + date: Thu, 03 Mar 2022 05:37:33 GMT + expires: '-1' + pragma: no-cache + strict-transport-security: max-age=31536000;includeSubDomains + x-content-type-options: nosniff + x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.9.291.1 x-powered-by: ASP.NET status: code: 200 @@ -142,24 +177,24 @@ interactions: Content-Type: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: PUT uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy?api-version=7.3-preview response: body: - string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy","lifetimeActions":[{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"expiryTime":"P90D","created":1633547538,"updated":1633547538}}' + string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy","lifetimeActions":[{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"expiryTime":"P90D","created":1646285854,"updated":1646285854}}' headers: cache-control: no-cache content-length: '259' content-type: application/json; charset=utf-8 - date: Wed, 06 Oct 2021 19:12:18 GMT + date: Thu, 03 Mar 2022 05:37:33 GMT expires: '-1' pragma: no-cache strict-transport-security: max-age=31536000;includeSubDomains x-content-type-options: nosniff x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork; x-ms-keyvault-region: westus - x-ms-keyvault-service-version: 1.9.132.3 + x-ms-keyvault-service-version: 1.9.291.1 x-powered-by: ASP.NET status: code: 200 @@ -171,24 +206,24 @@ interactions: Accept: - application/json User-Agent: - - azsdk-python-keyvault-keys/4.5.0b4 Python/3.9.0 (Windows-10-10.0.22000-SP0) + - azsdk-python-keyvault-keys/4.5.0b7 Python/3.10.0 (Windows-10-10.0.22000-SP0) method: GET uri: https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy?api-version=7.3-preview response: body: - string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy","lifetimeActions":[{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"expiryTime":"P90D","created":1633547538,"updated":1633547538}}' + string: '{"id":"https://vaultname.vault.azure.net/keys/livekvtestrotation-keyc0a517c1/rotationpolicy","lifetimeActions":[{"trigger":{"timeBeforeExpiry":"P30D"},"action":{"type":"Notify"}}],"attributes":{"expiryTime":"P90D","created":1646285854,"updated":1646285854}}' headers: cache-control: no-cache content-length: '259' content-type: application/json; charset=utf-8 - date: Wed, 06 Oct 2021 19:12:18 GMT + date: Thu, 03 Mar 2022 05:37:34 GMT expires: '-1' pragma: no-cache strict-transport-security: max-age=31536000;includeSubDomains x-content-type-options: nosniff x-ms-keyvault-network-info: conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork; x-ms-keyvault-region: westus - x-ms-keyvault-service-version: 1.9.132.3 + x-ms-keyvault-service-version: 1.9.291.1 x-powered-by: ASP.NET status: code: 200 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/test_key_client.py b/sdk/keyvault/azure-keyvault-keys/tests/test_key_client.py index 83bf13905126..068739f685a1 100644 --- a/sdk/keyvault/azure-keyvault-keys/tests/test_key_client.py +++ b/sdk/keyvault/azure-keyvault-keys/tests/test_key_client.py @@ -17,6 +17,7 @@ KeyClient, KeyReleasePolicy, KeyRotationLifetimeAction, + KeyRotationPolicy, KeyRotationPolicyAction, KeyType, ) @@ -628,31 +629,38 @@ def test_key_rotation_policy(self, client, **kwargs): key_name = self.get_resource_name("rotation-key") self._create_rsa_key(client, key_name) - actions = [KeyRotationLifetimeAction(KeyRotationPolicyAction.ROTATE, time_after_create="P2M")] - updated_policy = client.update_key_rotation_policy(key_name, lifetime_actions=actions) + # updating a rotation policy with an empty policy and override + actions = [KeyRotationLifetimeAction(KeyRotationPolicyAction.rotate, time_after_create="P2M")] + updated_policy = client.update_key_rotation_policy(key_name, KeyRotationPolicy(), lifetime_actions=actions) fetched_policy = client.get_key_rotation_policy(key_name) assert updated_policy.expires_in is None _assert_rotation_policies_equal(updated_policy, fetched_policy) updated_policy_actions = updated_policy.lifetime_actions[0] fetched_policy_actions = fetched_policy.lifetime_actions[0] - assert updated_policy_actions.action == KeyRotationPolicyAction.ROTATE + assert updated_policy_actions.action == KeyRotationPolicyAction.rotate assert updated_policy_actions.time_after_create == "P2M" assert updated_policy_actions.time_before_expiry is None _assert_lifetime_actions_equal(updated_policy_actions, fetched_policy_actions) - new_actions = [KeyRotationLifetimeAction(KeyRotationPolicyAction.NOTIFY, time_before_expiry="P30D")] - new_policy = client.update_key_rotation_policy(key_name, expires_in="P90D", lifetime_actions=new_actions) - new_fetched_policy = client.get_key_rotation_policy(key_name) + # updating with a round-tripped policy and overriding expires_in + new_policy = client.update_key_rotation_policy(key_name, policy=updated_policy, expires_in="P90D") assert new_policy.expires_in == "P90D" - _assert_rotation_policies_equal(new_policy, new_fetched_policy) - - new_policy_actions = new_policy.lifetime_actions[0] - new_fetched_policy_actions = new_fetched_policy.lifetime_actions[0] - assert new_policy_actions.action == KeyRotationPolicyAction.NOTIFY - assert new_policy_actions.time_after_create is None - assert new_policy_actions.time_before_expiry == "P30D" - _assert_lifetime_actions_equal(new_policy_actions, new_fetched_policy_actions) + _assert_lifetime_actions_equal(updated_policy_actions, new_policy.lifetime_actions[0]) + + # updating with a round-tripped policy and overriding lifetime_actions + newest_actions = [KeyRotationLifetimeAction(KeyRotationPolicyAction.notify, time_before_expiry="P30D")] + newest_policy = client.update_key_rotation_policy(key_name, policy=new_policy, lifetime_actions=newest_actions) + newest_fetched_policy = client.get_key_rotation_policy(key_name) + assert newest_policy.expires_in == "P90D" + _assert_rotation_policies_equal(newest_policy, newest_fetched_policy) + + newest_policy_actions = newest_policy.lifetime_actions[0] + newest_fetched_policy_actions = newest_fetched_policy.lifetime_actions[0] + assert newest_policy_actions.action == KeyRotationPolicyAction.notify + assert newest_policy_actions.time_after_create is None + assert newest_policy_actions.time_before_expiry == "P30D" + _assert_lifetime_actions_equal(newest_policy_actions, newest_fetched_policy_actions) @all_api_versions() @client_setup diff --git a/sdk/keyvault/azure-keyvault-keys/tests/test_keys_async.py b/sdk/keyvault/azure-keyvault-keys/tests/test_keys_async.py index 22a3a710f6a9..c1bc5ce9ae02 100644 --- a/sdk/keyvault/azure-keyvault-keys/tests/test_keys_async.py +++ b/sdk/keyvault/azure-keyvault-keys/tests/test_keys_async.py @@ -16,6 +16,7 @@ JsonWebKey, KeyReleasePolicy, KeyRotationLifetimeAction, + KeyRotationPolicy, KeyRotationPolicyAction, ) from azure.keyvault.keys.aio import KeyClient @@ -624,31 +625,42 @@ async def test_key_rotation_policy(self, client, **kwargs): key_name = self.get_resource_name("rotation-key") await self._create_rsa_key(client, key_name) - actions = [KeyRotationLifetimeAction(KeyRotationPolicyAction.ROTATE, time_after_create="P2M")] - updated_policy = await client.update_key_rotation_policy(key_name, lifetime_actions=actions) + # updating a rotation policy with an empty policy and override + actions = [KeyRotationLifetimeAction(KeyRotationPolicyAction.rotate, time_after_create="P2M")] + updated_policy = await client.update_key_rotation_policy( + key_name, KeyRotationPolicy(), lifetime_actions=actions + ) fetched_policy = await client.get_key_rotation_policy(key_name) assert updated_policy.expires_in is None _assert_rotation_policies_equal(updated_policy, fetched_policy) updated_policy_actions = updated_policy.lifetime_actions[0] fetched_policy_actions = fetched_policy.lifetime_actions[0] - assert updated_policy_actions.action == KeyRotationPolicyAction.ROTATE + assert updated_policy_actions.action == KeyRotationPolicyAction.rotate assert updated_policy_actions.time_after_create == "P2M" assert updated_policy_actions.time_before_expiry is None _assert_lifetime_actions_equal(updated_policy_actions, fetched_policy_actions) - new_actions = [KeyRotationLifetimeAction(KeyRotationPolicyAction.NOTIFY, time_before_expiry="P30D")] - new_policy = await client.update_key_rotation_policy(key_name, expires_in="P90D", lifetime_actions=new_actions) - new_fetched_policy = await client.get_key_rotation_policy(key_name) + # updating with a round-tripped policy and overriding expires_in + new_policy = await client.update_key_rotation_policy(key_name, policy=updated_policy, expires_in="P90D") assert new_policy.expires_in == "P90D" - _assert_rotation_policies_equal(new_policy, new_fetched_policy) - - new_policy_actions = new_policy.lifetime_actions[0] - new_fetched_policy_actions = new_fetched_policy.lifetime_actions[0] - assert new_policy_actions.action == KeyRotationPolicyAction.NOTIFY - assert new_policy_actions.time_after_create is None - assert new_policy_actions.time_before_expiry == "P30D" - _assert_lifetime_actions_equal(new_policy_actions, new_fetched_policy_actions) + _assert_lifetime_actions_equal(updated_policy_actions, new_policy.lifetime_actions[0]) + + # updating with a round-tripped policy and overriding lifetime_actions + newest_actions = [KeyRotationLifetimeAction(KeyRotationPolicyAction.notify, time_before_expiry="P30D")] + newest_policy = await client.update_key_rotation_policy( + key_name, policy=new_policy, lifetime_actions=newest_actions + ) + newest_fetched_policy = await client.get_key_rotation_policy(key_name) + assert newest_policy.expires_in == "P90D" + _assert_rotation_policies_equal(newest_policy, newest_fetched_policy) + + newest_policy_actions = newest_policy.lifetime_actions[0] + newest_fetched_policy_actions = newest_fetched_policy.lifetime_actions[0] + assert newest_policy_actions.action == KeyRotationPolicyAction.notify + assert newest_policy_actions.time_after_create is None + assert newest_policy_actions.time_before_expiry == "P30D" + _assert_lifetime_actions_equal(newest_policy_actions, newest_fetched_policy_actions) @all_api_versions() @client_setup