[KeyVault] adding recovery feature commands#3631
Conversation
| StoragePermissions.setsas, | ||
| StoragePermissions.listsas, | ||
| StoragePermissions.getsas, | ||
| StoragePermissions.deletesas]) |
There was a problem hiding this comment.
Is there a way to get these options from SDK?
There was a problem hiding this comment.
All the permissions enumerations used here are defined in the SDK, we explicitly list out the values because the permissions granted by default are not all available permissions.
| 'azure-mgmt-authorization==0.30.0rc6', | ||
| 'azure-graphrbac==0.30.0rc6', | ||
| 'azure-keyvault==0.3.0', | ||
| 'azure-keyvault==0.3.4', |
There was a problem hiding this comment.
Changing the API versions of other command modules may break their tests depending on whether there were breaking changes between the different SDK versions.
There was a problem hiding this comment.
there are no breaking changes between azure-keyvault 0.3.0 and 0.3.4
tjprescott
left a comment
tjprescott
left a comment
There was a problem hiding this comment.
Tests needed for the new commands.
| help='Allow Resource Manager to retrieve secrets from the vault.', | ||
| **three_state_flag()) | ||
| register_cli_argument('keyvault', 'enable_for_soft_delete', | ||
| help='Enable vault deletion recovery for the vault, and all contained entities', |
There was a problem hiding this comment.
I'd recommend shortening the option name for this to "--enable-soft-delete".
|
|
||
| # purge arguments | ||
| register_cli_argument('keyvault purge', 'vault_name', required=True, completer=None, validator=None) | ||
| register_cli_argument('keyvault purge', 'location', required=True, completer=None, validator=None) |
There was a problem hiding this comment.
What is the reason for these two registrations?
| data_client_path.format('KeyVaultClient.get_keys')) | ||
| cli_keyvault_data_plane_command('keyvault key list-versions', | ||
| data_client_path.format('KeyVaultClient.get_key_versions')) | ||
| cli_keyvault_data_plane_command('keyvault key list-deleted', |
There was a problem hiding this comment.
Alternatively, you could simply enhance the existing list command with a --deleted flag (or something similar) rather than have a completely separate command. This would be similar to list/list-all folding that many commands do
There was a problem hiding this comment.
list and list-deleted have some conflicting arguments in some cases and return different types in all, this is why I created them as separate commands
| backup_secret.__doc__ = KeyVaultClient.backup_secret.__doc__ | ||
|
|
||
|
|
||
| def restore_secret(client, vault_base_url, file_path): |
There was a problem hiding this comment.
You should add a scenario tests that backs up and restores a secret successfully. From doing the original KV commands, I would be surprised if more edge cases didn't need to be covered on account of Python2 vs 3 and Linux vs Windows.
There was a problem hiding this comment.
Backup and restore has been added to the secret scenario
|
@tjprescott All the commands have tests, and I've made updates based on your comments. PTAL |
Codecov Report
@@ Coverage Diff @@
## master #3631 +/- ##
==========================================
- Coverage 72.14% 72.13% -0.01%
==========================================
Files 421 421
Lines 26010 26046 +36
Branches 3943 3943
==========================================
+ Hits 18765 18789 +24
- Misses 6026 6040 +14
+ Partials 1219 1217 -2
Continue to review full report at Codecov.
|
schaabs
changed the title
tjprescott
left a comment
tjprescott
left a comment
There was a problem hiding this comment.
A couple small changes but otherwise LGTM.
|
|
||
| Release History | ||
| =============== | ||
| 2.0.7 (2017-06-16) |
There was a problem hiding this comment.
This should just say "unreleased". Derek will fill this in later.
| :param resource_group_name: The original resource group of the vault to recover | ||
| :param location: The original location of the vault to recover | ||
| :return: The properties of the recovered key vault | ||
| """ |
There was a problem hiding this comment.
This help text should be moved (and reformatted) to the help.py file for the module. This is because the live docs links to help.py if someone wants to make a change to help text. While this way of creating help text is still supported (for SDK reflection) we don't allow it in custom commands for new PRs.
|
|
||
| byok_key_file = os.path.join(TEST_DIR, 'TestBYOK-NA.byok') | ||
| self.cmd( | ||
| 'keyvault key import --vault-name {} -n import-key-byok --byok-file "{}"'.format(kv, |
There was a problem hiding this comment.
I understand why you removed the BYOK test, but why the PEM file import?
| kv, pfx_plain_file, pfx_policy_path)) | ||
|
|
||
|
|
||
| class KeyVaultSoftDeleteScenarioTest(ResourceGroupVCRTestBase): |
There was a problem hiding this comment.
Ideally this would inherit from ScenarioTest, but I'm fine merging this as is.
7 participants
This checklist is used to make sure that common guidelines for a pull request are followed.
General Guidelines
Command Guidelines
(see Authoring Command Modules)