Azure · yonzhan · Dec 4, 2020 · Oct 14, 2020 · Oct 14, 2020 · Oct 15, 2020
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -409,8 +409,8 @@ jobs:
         pythonVersion: '$(python.version)'
         profile: 'latest'
 
-- job: AutomationTest20190301
-  displayName: Automation Test (Profile 2019-03-01)
+- job: AutomationTest20200901
+  displayName: Automation Test (Profile 2020-09-01)
   timeoutInMinutes: 120
   pool:
     vmImage: 'ubuntu-16.04'
@@ -424,10 +424,10 @@ jobs:
     - template: .azure-pipelines/templates/automation_test.yml
       parameters:
         pythonVersion: '$(python.version)'
-        profile: '2019-03-01-hybrid'
+        profile: '2020-09-01-hybrid'
 
-- job: AutomationTest20180301
-  displayName: Automation Test (Profile 2018-03-01)
+- job: AutomationTest20190301
+  displayName: Automation Test (Profile 2019-03-01)
   timeoutInMinutes: 120
   pool:
     vmImage: 'ubuntu-16.04'
@@ -441,10 +441,10 @@ jobs:
     - template: .azure-pipelines/templates/automation_test.yml
       parameters:
         pythonVersion: '$(python.version)'
-        profile: '2018-03-01-hybrid'
+        profile: '2019-03-01-hybrid'
 
-- job: AutomationTest20170309
-  displayName: Automation Test (Profile 2017-03-09)
+- job: AutomationTest20180301
+  displayName: Automation Test (Profile 2018-03-01)
   timeoutInMinutes: 120
   pool:
     vmImage: 'ubuntu-16.04'
@@ -458,7 +458,7 @@ jobs:
     - template: .azure-pipelines/templates/automation_test.yml
       parameters:
         pythonVersion: '$(python.version)'
-        profile: '2017-03-09-profile'
+        profile: '2018-03-01-hybrid'
 
 - job: TestExtensionsLoading
   displayName: Test Extensions Loading

@@ -847,7 +847,7 @@ AZURE_API_PROFILES = {
     ResourceType.MGMT_MYSERVICE: '2019-03-01' # the supported API version on that profile
     ...
   },
-  '2019-03-01-hybrid': {
+  '2020-09-01-hybrid': {
     ResourceType.MGMT_MYSERVICE: '2018-08-01' # different API version for this profile
     ...
   },

@@ -92,7 +92,7 @@
         "src\\azure-cli\\azure\\cli\\command_modules\\ams\\tests\\latest\\recordings\\test_live_output_list.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\ams\\tests\\latest\\recordings\\test_live_output_show.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\ams\\tests\\latest\\recordings\\test_content_key_policy_create_with_fairplay_offline.yaml",
-        "src\\azure-cli\\azure\\cli\\command_modules\\ams\\tests\\latest\\recordings\\test_live_event_stop_and_remove_outputs.yaml",
+        "src\\azure-cli\\azure\\cli\\command_modules\\ams\\tests\\latest\\recordings\\test_live_event_stop_and_remove_outputs.yaml"
       ],
       "_justification": "[AMS] response body contains random value recognized as secret"
     },
@@ -130,7 +130,8 @@
         "src\\azure-cli\\azure\\cli\\command_modules\\iot\\tests\\latest\\recordings\\test_iot_hub.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\iot\\tests\\latest\\recordings\\test_iot_pnp.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\iot\\tests\\latest\\recordings\\test_dps_lifecycle.yaml",
-        "src\\azure-cli\\azure\\cli\\command_modules\\iot\\tests\\hybrid_2019_03_01\\recordings\\test_iot_hub.yaml"
+        "src\\azure-cli\\azure\\cli\\command_modules\\iot\\tests\\hybrid_2019_03_01\\recordings\\test_iot_hub.yaml",
+        "src\\azure-cli\\azure\\cli\\command_modules\\iot\\tests\\hybrid_2020_09_01\\recordings\\test_dps_lifecycle.yaml"
       ],
       "_justification": "[IoT] response body contains random value recognized as secret"
     },
@@ -158,6 +159,7 @@
         "src\\azure-cli\\azure\\cli\\command_modules\\vm\\tests\\hybrid_2018_03_01\\recordings\\test_vm_create_existing_options.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\vm\\tests\\hybrid_2019_03_01\\recordings\\test_vm_managed_disk.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\vm\\tests\\hybrid_2018_03_01\\recordings\\test_vm_boot_diagnostics.yaml",
+        "src\\azure-cli\\azure\\cli\\command_modules\\vm\\tests\\hybrid_2020_09_01\\recordings\\test_vm_managed_disk.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\vm\\tests\\latest\\recordings\\test_vm_large_disk.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\vm\\tests\\latest\\recordings\\test_vm_managed_disk.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\vm\\tests\\latest\\recordings\\test_vm_update_with_workspace_linux.yaml",
@@ -237,6 +239,8 @@
         "src\\azure-cli\\azure\\cli\\command_modules\\storage\\tests\\hybrid_2018_03_01\\recordings\\test_storage_blob_snapshot_operations.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\storage\\tests\\hybrid_2019_03_01\\test_storage_url_helpers.py",
         "src\\azure-cli\\azure\\cli\\command_modules\\storage\\tests\\hybrid_2018_03_01\\test_storage_url_helpers.py",
+        "src\\azure-cli\\azure\\cli\\command_modules\\storage\\tests\\hybrid_2020_09_01\\test_storage_url_helpers.py",
+        "src\\azure-cli\\azure\\cli\\command_modules\\storage\\tests\\hybrid_2020_09_01\\recordings\\test_renew_account_key.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\storage\\tests\\latest\\test_storage_url_helpers.py",
         "src\\azure-cli\\azure\\cli\\command_modules\\storage\\tests\\latest\\recordings\\test_renew_account_key.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\storage\\tests\\latest\\recordings\\test_renew_account_kerb_key.yaml",
@@ -277,7 +281,8 @@
       "file": [
         "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\latest\\recordings\\test_keyvault_storage_account.yaml",
         "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\latest\\recordings\\test_keyvault_certificate_crud.yaml",
-        ""
+        "",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\recordings\\test_keyvault_certificate_crud.yaml"
       ],
       "_justification": "[KeyVault] response body contains random value recognized as secret"
     },
@@ -360,6 +365,20 @@
         "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2018_03_01\\import_pfx.pfx",
         "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2018_03_01\\mydomain.test.encrypted.pem",
         "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2018_03_01\\mydomain.test.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\ec256.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\keys\\ec-p256.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\keys\\ec-p256k.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\keys\\ec-p521.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\keys\\ec-p384.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\keys\\rsa-2048.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\keys\\rsa-3072.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\keys\\rsa-4096.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\import_pfx.pfx",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\mydomain.test.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\mydomain.test.encrypted.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\import_pfx.pfx",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\import_pem_plain.pem",
+        "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\hybrid_2020_09_01\\ec521pw.pem",
         "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\latest\\ec256.pem",
         "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\latest\\mydomain.test.pem",
         "src\\azure-cli\\azure\\cli\\command_modules\\keyvault\\tests\\latest\\mydomain.test.encrypted.pem",

@@ -96,7 +96,8 @@ def get_sdk(cli_ctx, resource_type, *attr_args, **kwargs):
     'latest': AZURE_API_PROFILES['latest'],
     '2017-03-09-profile': AZURE_API_PROFILES['2017-03-09-profile'],
     '2018-03-01-hybrid': AZURE_API_PROFILES['2018-03-01-hybrid'],
-    '2019-03-01-hybrid': AZURE_API_PROFILES['2019-03-01-hybrid']
+    '2019-03-01-hybrid': AZURE_API_PROFILES['2019-03-01-hybrid'],
+    '2020-09-01-hybrid': AZURE_API_PROFILES['2020-09-01-hybrid']
 }
 
 

@@ -210,6 +210,45 @@ def default_api_version(self):
         ResourceType.MGMT_IOTHUB: '2020-03-01',
         ResourceType.MGMT_ARO: '2020-04-30'
     },
+    '2020-09-01-hybrid': {
+        ResourceType.MGMT_STORAGE: '2019-06-01',
+        ResourceType.MGMT_NETWORK: '2018-11-01',
+        ResourceType.MGMT_COMPUTE: SDKProfile('2020-06-01', {
+            'resource_skus': '2019-04-01',
+            'disks': '2019-07-01',
+            'disk_encryption_sets': '2019-07-01',
+            'disk_accesses': '2020-05-01',
+            'snapshots': '2019-07-01',
+            'galleries': '2019-12-01',
+            'gallery_images': '2019-12-01',
+            'gallery_image_versions': '2019-12-01',
+            'virtual_machine_scale_sets': '2020-06-01'
+        }),
+        ResourceType.MGMT_KEYVAULT: '2016-10-01',
+        ResourceType.MGMT_RESOURCE_FEATURES: '2015-12-01',
+        ResourceType.MGMT_RESOURCE_LINKS: '2016-09-01',
+        ResourceType.MGMT_RESOURCE_LOCKS: '2016-09-01',
+        ResourceType.MGMT_RESOURCE_POLICY: '2016-12-01',
+        ResourceType.MGMT_RESOURCE_RESOURCES: '2019-10-01',
+        ResourceType.MGMT_RESOURCE_SUBSCRIPTIONS: '2016-06-01',
+        ResourceType.MGMT_RESOURCE_TEMPLATESPECS: '2015-01-01',
+        ResourceType.MGMT_NETWORK_DNS: '2016-04-01',
+        ResourceType.MGMT_AUTHORIZATION: SDKProfile('2016-09-01', {
+            'classic_administrators': '2015-06-01',
+            'policy_assignments': '2016-12-01',
+            'policy_definitions': '2016-12-01'
+        }),
+        ResourceType.DATA_KEYVAULT: '2016-10-01',
+        ResourceType.DATA_STORAGE: '2018-11-09',
+        ResourceType.DATA_STORAGE_BLOB: '2019-07-07',
+        ResourceType.DATA_STORAGE_FILEDATALAKE: '2019-07-07',
+        ResourceType.DATA_STORAGE_FILESHARE: '2019-07-07',
+        ResourceType.DATA_STORAGE_QUEUE: '2019-07-07',
+        ResourceType.DATA_COSMOS_TABLE: '2017-04-17',
+        ResourceType.MGMT_APPSERVICE: '2018-02-01',
+        ResourceType.MGMT_EVENTHUB: '2018-01-01-preview',
+        ResourceType.MGMT_IOTHUB: '2019-07-01-preview'
+    },
     '2019-03-01-hybrid': {
         ResourceType.MGMT_STORAGE: '2017-10-01',
         ResourceType.MGMT_NETWORK: '2017-10-01',

@@ -0,0 +1,4 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
@@ -0,0 +1,80 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
+
+from os.path import exists
+import os
+from OpenSSL import crypto
+
+
+def _create_test_cert(cert_file, key_file, subject, valid_days, serial_number):
+    # create a key pair
+    k = crypto.PKey()
+    k.generate_key(crypto.TYPE_RSA, 2046)
+
+    # create a self-signed cert with some basic constraints
+    cert = crypto.X509()
+    cert.get_subject().CN = subject
+    cert.gmtime_adj_notBefore(-1 * 24 * 60 * 60)
+    cert.gmtime_adj_notAfter(valid_days * 24 * 60 * 60)
+    cert.set_version(2)
+    cert.set_serial_number(serial_number)
+    cert.add_extensions([
+        crypto.X509Extension(b"basicConstraints", True, b"CA:TRUE, pathlen:1"),
+        crypto.X509Extension(b"subjectKeyIdentifier", False, b"hash",
+                             subject=cert),
+    ])
+    cert.add_extensions([
+        crypto.X509Extension(b"authorityKeyIdentifier", False, b"keyid:always",
+                             issuer=cert)
+    ])
+    cert.set_issuer(cert.get_subject())
+    cert.set_pubkey(k)
+    cert.sign(k, 'sha256')
+
+    cert_str = crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('ascii')
+    key_str = crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode('ascii')
+
+    open(cert_file, 'w').write(cert_str)
+    open(key_file, 'w').write(key_str)
+
+
+def _delete_test_cert(cert_file, key_file, verification_file):
+    if exists(cert_file) and exists(key_file):
+        os.remove(cert_file)
+        os.remove(key_file)
+
+    if exists(verification_file):
+        os.remove(verification_file)
+
+
+def _create_verification_cert(cert_file, key_file, verification_file, nonce, valid_days, serial_number):
+    if exists(cert_file) and exists(key_file):
+        # create a key pair
+        public_key = crypto.PKey()
+        public_key.generate_key(crypto.TYPE_RSA, 2046)
+
+        # open the root cert and key
+        signing_cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(cert_file).read())
+        k = crypto.load_privatekey(crypto.FILETYPE_PEM, open(key_file).read())
+
+        # create a cert signed by the root
+        verification_cert = crypto.X509()
+        verification_cert.get_subject().CN = nonce
+        verification_cert.gmtime_adj_notBefore(-1 * 24 * 60 * 60)
+        verification_cert.gmtime_adj_notAfter(valid_days * 24 * 60 * 60)
+        verification_cert.set_version(2)
+        verification_cert.set_serial_number(serial_number)
+
+        verification_cert.set_pubkey(public_key)
+        verification_cert.set_issuer(signing_cert.get_subject())
+        verification_cert.add_extensions([
+            crypto.X509Extension(b"authorityKeyIdentifier", False, b"keyid:always",
+                                 issuer=signing_cert)
+        ])
+        verification_cert.sign(k, 'sha256')
+
+        verification_cert_str = crypto.dump_certificate(crypto.FILETYPE_PEM, verification_cert).decode('ascii')
+
+        open(verification_file, 'w').write(verification_cert_str)
@@ -0,0 +1,46 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
+
+from azure_devtools.scenario_tests import RecordingProcessor
+from azure_devtools.scenario_tests.utilities import is_text_payload
+
+MOCK_KEY = 'mock_key'
+
+
+class KeyReplacer(RecordingProcessor):
+
+    def process_request(self, request):
+        if is_text_payload(request) and isinstance(request.body, bytes):
+            request.body = self._replace_byte_keys(request.body)
+        elif is_text_payload(request) and isinstance(request.body, str):
+            request.body = self._replace_string_keys(request.body)
+        return request
+
+    def process_response(self, response):
+        if is_text_payload(response) and response['body']['string']:
+            response['body']['string'] = self._replace_string_keys(response['body']['string'])
+        return response
+
+    # pylint: disable=no-self-use
+    def _replace_string_keys(self, val):
+        import re
+        if 'primaryKey' in val:
+            val = re.sub(r'"primaryKey":( ?)"([^"]+)"', r'"primaryKey":"{}"'
+                         .format(MOCK_KEY), val, flags=re.IGNORECASE)
+        if 'secondaryKey' in val:
+            val = re.sub(r'"secondaryKey":( ?)"([^"]+)"', r'"secondaryKey":"{}"'
+                         .format(MOCK_KEY), val, flags=re.IGNORECASE)
+        return val
+
+    # pylint: disable=no-self-use
+    def _replace_byte_keys(self, val):
+        import re
+        if b'primaryKey' in val:
+            val = re.sub(b'"primaryKey":( ?)"([^"]+)"', '"primaryKey":"{}"'
+                         .format(MOCK_KEY).encode(), val, flags=re.IGNORECASE)
+        if b'secondaryKey' in val:
+            val = re.sub(b'"secondaryKey":( ?)"([^"]+)"', '"secondaryKey":"{}"'
+                         .format(MOCK_KEY).encode(), val, flags=re.IGNORECASE)
+        return val