Skip to content

[KeyVault] adding recovery feature commands #3631

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
schaabs merged 17 commits into from
Jun 16, 2017
Merged

[KeyVault] adding recovery feature commands #3631

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
615e050
adding recovery feature commands for keyvault command module
Jun 7, 2017
30c940d
updating history and version
Jun 7, 2017
8f4abdf
Merge branch 'master' of https://github.com/Azure/azure-cli into reco…
Jun 7, 2017
4d4eb78
fixes and tests for new commands
Jun 12, 2017
8b75082
test updates and re-recording
Jun 13, 2017
8b5aef5
pylint fixes
Jun 13, 2017
c32bb26
pylint fixes in keyvault tests
Jun 13, 2017
8abd1ae
more pylint fixes in keyvault tests
Jun 13, 2017
a3d20af
updating batch and vm tests and recordings
Jun 16, 2017
85bbbe3
removing unneeded params
Jun 16, 2017
f7f941e
fixing cli argument typo
Jun 16, 2017
a531fdc
Merge branch 'master' into recovery-feature-updates
Jun 16, 2017
06d3b0f
fixing introduce pylint failure
Jun 16, 2017
a7e2044
adding comment as last commit didn't update PR
Jun 16, 2017
7134c92
updates from feedback
Jun 16, 2017
c43492f
removing docstring from recover_keyvault
Jun 16, 2017
5fef8c6
removing trailing whitespace
Jun 16, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/command_modules/azure-cli-batch/setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
DEPENDENCIES = [
'azure-batch==3.0.0',
'azure-mgmt-batch==4.0.0',
'azure-mgmt-keyvault==0.31.0',
'azure-mgmt-keyvault==0.40.0',
'azure-cli-core'
]

Expand Down
8 changes: 4 additions & 4 deletions src/command_modules/azure-cli-batch/tests/recordings/latest/test_batch_account_cmd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1205,7 +1205,7 @@ interactions:
AZURECLI/2.0.6+dev]
accept-language: [en-US]
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1?api-version=2015-06-01
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1?api-version=2016-10-01
response:
body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1","name":"clibatchtestkeyvault1","type":"Microsoft.KeyVault/vaults","location":"uksouth","tags":{},"properties":{"sku":{"family":"A","name":"standard"},"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","accessPolicies":[{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"27aa7661-2d45-410a-a506-0b75a866acfa","permissions":{"keys":["get","create","delete","list","update","import","backup","restore"],"secrets":["all"],"certificates":["all"]}}],"enabledForDeployment":true,"enabledForDiskEncryption":true,"enabledForTemplateDeployment":true,"vaultUri":"https://clibatchtestkeyvault1.vault.azure.net"}}'}
headers:
Expand Down Expand Up @@ -1238,7 +1238,7 @@ interactions:
AZURECLI/2.0.6+dev]
accept-language: [en-US]
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1?api-version=2015-06-01
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1?api-version=2016-10-01
response:
body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1","name":"clibatchtestkeyvault1","type":"Microsoft.KeyVault/vaults","location":"uksouth","tags":{},"properties":{"sku":{"family":"A","name":"standard"},"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","accessPolicies":[{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"27aa7661-2d45-410a-a506-0b75a866acfa","permissions":{"keys":["get","create","delete","list","update","import","backup","restore"],"secrets":["all"],"certificates":["all"]}}],"enabledForDeployment":true,"enabledForDiskEncryption":true,"enabledForTemplateDeployment":true,"vaultUri":"https://clibatchtestkeyvault1.vault.azure.net/"}}'}
headers:
Expand Down Expand Up @@ -1279,7 +1279,7 @@ interactions:
AZURECLI/2.0.6+dev]
accept-language: [en-US]
method: PUT
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1?api-version=2015-06-01
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1?api-version=2016-10-01
response:
body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1","name":"clibatchtestkeyvault1","type":"Microsoft.KeyVault/vaults","location":"uksouth","tags":{},"properties":{"sku":{"family":"A","name":"standard"},"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","accessPolicies":[{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"27aa7661-2d45-410a-a506-0b75a866acfa","permissions":{"keys":["get","create","delete","list","update","import","backup","restore"],"secrets":["all"],"certificates":["all"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"f520d84c-3fd3-4cc8-88d4-2ed25b00d27a","permissions":{"keys":["all"],"secrets":["all"]}}],"enabledForDeployment":true,"enabledForDiskEncryption":true,"enabledForTemplateDeployment":true,"vaultUri":"https://clibatchtestkeyvault1.vault.azure.net/"}}'}
headers:
Expand Down Expand Up @@ -1373,7 +1373,7 @@ interactions:
AZURECLI/2.0.6+dev]
accept-language: [en-US]
method: GET
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1?api-version=2015-06-01
uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1?api-version=2016-10-01
response:
body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.KeyVault/vaults/clibatchtestkeyvault1","name":"clibatchtestkeyvault1","type":"Microsoft.KeyVault/vaults","location":"uksouth","tags":{},"properties":{"sku":{"family":"A","name":"standard"},"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","accessPolicies":[{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"27aa7661-2d45-410a-a506-0b75a866acfa","permissions":{"keys":["get","create","delete","list","update","import","backup","restore"],"secrets":["all"],"certificates":["all"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"f520d84c-3fd3-4cc8-88d4-2ed25b00d27a","permissions":{"keys":["all"],"secrets":["all"]}}],"enabledForDeployment":true,"enabledForDiskEncryption":true,"enabledForTemplateDeployment":true,"vaultUri":"https://clibatchtestkeyvault1.vault.azure.net/"}}'}
headers:
Expand Down
13 changes: 11 additions & 2 deletions src/command_modules/azure-cli-batch/tests/test_batch_mgmt_commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@
from azure.cli.testsdk import ScenarioTest, ResourceGroupPreparer, JMESPathCheck, NoneCheck
from .batch_preparers import BatchAccountPreparer, BatchScenarioMixin
from azure.cli.core._config import az_config, CONFIG_FILE_NAME
from azure.mgmt.keyvault.models import SecretPermissions, KeyPermissions

# Key Vault permissions
ALL_SECRET_PERMISSIONS = ' '.join([perm.value for perm in SecretPermissions])
ALL_KEY_PERMISSIONS = ' '.join([perm.value for perm in KeyPermissions])


class BatchMgmtScenarioTests(ScenarioTest): # pylint: disable=too-many-instance-attributes
Expand Down Expand Up @@ -45,8 +50,12 @@ def test_batch_account_cmd(self, resource_group):
JMESPathCheck('type(properties.accessPolicies)', 'array'),
JMESPathCheck('length(properties.accessPolicies)', 1),
JMESPathCheck('properties.sku.name', 'standard')])
self.cmd('keyvault set-policy -g {} -n {} --object-id {} --key-permissions all '
'--secret-permissions all'.format(resource_group, keyvault_name, object_id))
self.cmd('keyvault set-policy -g {} -n {} --object-id {} --key-permissions {} '
'--secret-permissions {}'.format(resource_group,
keyvault_name,
object_id,
ALL_KEY_PERMISSIONS,
ALL_SECRET_PERMISSIONS))

# test create account with default set
self.cmd('batch account create -g {} -n {} -l {}'.format(
Expand Down
12 changes: 11 additions & 1 deletion src/command_modules/azure-cli-keyvault/HISTORY.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,23 @@

Release History
===============
Unreleased
++++++++++++++++++++

* Adding commands for KeyVault recovery features
* az keyvault purge, recover, list-deleted
* az keyvault secret backup, restore, purge, recover, list-deleted
* az keyvault certificate purge, recover, list-deleted
* az keyvault key purge, recover, list-deleted

2.0.6 (2017-06-13)
^^^^^^^^^^^^^^^^^^
++++++++++++++++++
* Remove useless line-too-long suppression
* Remove various pylint disable statements
* Move all existing recording files to latest folder
* Fix various pylint disable rules


2.0.5 (2017-05-30)
++++++++++++++++++++

Expand Down
6 changes: 6 additions & 0 deletions src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/_help.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@
short-summary: Update the properties of a key vault.
"""

helps['keyvault recover'] = """
type: command
short-summary: Recover a key vault.
long-summary: Recovers a previously deleted key vault for which soft delete was enabled.
"""

helps['keyvault key'] = """
type: group
short-summary: Manage keys.
Expand Down
4 changes: 4 additions & 0 deletions src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,9 @@ def register_attributes_argument(scope, name, attr_class, create=False, ignore=N
register_cli_argument('keyvault', 'enabled_for_template_deployment',
help='Allow Resource Manager to retrieve secrets from the vault.',
**three_state_flag())
register_cli_argument('keyvault', 'enable_soft_delete',
help='Enable vault deletion recovery for the vault, and all contained entities',
**three_state_flag())

register_cli_argument('keyvault create', 'resource_group_name', resource_group_name_type,
required=True, completer=None, validator=None)
Expand Down Expand Up @@ -164,6 +167,7 @@ def register_attributes_argument(scope, name, attr_class, create=False, ignore=N
help='Space separated list. Possible values: {}'.format(
certificate_permission_values), arg_group='Permission')


for item in ['key', 'secret', 'certificate']:
register_cli_argument('keyvault {}'.format(item), '{}_name'.format(item),
options_list=('--name', '-n'), help='Name of the {}.'.format(item),
Expand Down
33 changes: 32 additions & 1 deletion src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,22 @@

cli_command(__name__, 'keyvault create', custom_path.format('create_keyvault'),
keyvault_client_vaults_factory)
cli_command(__name__, 'keyvault recover', custom_path.format('recover_keyvault'),
keyvault_client_vaults_factory)
cli_command(__name__, 'keyvault list', custom_path.format('list_keyvault'),
keyvault_client_vaults_factory)
cli_command(__name__, 'keyvault show', mgmt_path.format('VaultsOperations.get'),
keyvault_client_vaults_factory, exception_handler=empty_on_404)
cli_command(__name__, 'keyvault delete', mgmt_path.format('VaultsOperations.delete'),
keyvault_client_vaults_factory)

cli_command(__name__, 'keyvault purge', mgmt_path.format('VaultsOperations.purge_deleted'),
keyvault_client_vaults_factory)
cli_command(__name__, 'keyvault set-policy', custom_path.format('set_policy'),
keyvault_client_vaults_factory)
cli_command(__name__, 'keyvault delete-policy', custom_path.format('delete_policy'),
keyvault_client_vaults_factory)
cli_command(__name__, 'keyvault list-deleted', mgmt_path.format('VaultsOperations.list_deleted'),
keyvault_client_vaults_factory)

cli_generic_update_command(__name__,
'keyvault update',
Expand All @@ -42,13 +47,21 @@
data_client_path.format('KeyVaultClient.get_keys'))
cli_keyvault_data_plane_command('keyvault key list-versions',
data_client_path.format('KeyVaultClient.get_key_versions'))
cli_keyvault_data_plane_command('keyvault key list-deleted',
Copy link
Member

@tjprescott tjprescott Jun 12, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternatively, you could simply enhance the existing list command with a --deleted flag (or something similar) rather than have a completely separate command. This would be similar to list/list-all folding that many commands do

Copy link
Author

@schaabs schaabs Jun 16, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

list and list-deleted have some conflicting arguments in some cases and return different types in all, this is why I created them as separate commands

data_client_path.format('KeyVaultClient.get_deleted_keys'))
cli_keyvault_data_plane_command('keyvault key create', custom_path.format('create_key'))
cli_keyvault_data_plane_command('keyvault key set-attributes',
data_client_path.format('KeyVaultClient.update_key'))
cli_keyvault_data_plane_command('keyvault key show',
data_client_path.format('KeyVaultClient.get_key'))
cli_keyvault_data_plane_command('keyvault key show-deleted',
data_client_path.format('KeyVaultClient.get_deleted_key'))
cli_keyvault_data_plane_command('keyvault key delete',
data_client_path.format('KeyVaultClient.delete_key'))
cli_keyvault_data_plane_command('keyvault key purge',
data_client_path.format('KeyVaultClient.purge_deleted_key'))
cli_keyvault_data_plane_command('keyvault key recover',
data_client_path.format('KeyVaultClient.recover_deleted_key'))
cli_keyvault_data_plane_command('keyvault key backup', custom_path.format('backup_key'))
cli_keyvault_data_plane_command('keyvault key restore', custom_path.format('restore_key'))
cli_keyvault_data_plane_command('keyvault key import', custom_path.format('import_key'))
Expand All @@ -57,26 +70,44 @@
data_client_path.format('KeyVaultClient.get_secrets'))
cli_keyvault_data_plane_command('keyvault secret list-versions',
data_client_path.format('KeyVaultClient.get_secret_versions'))
cli_keyvault_data_plane_command('keyvault secret list-deleted',
data_client_path.format('KeyVaultClient.get_deleted_secrets'))
cli_keyvault_data_plane_command('keyvault secret set',
data_client_path.format('KeyVaultClient.set_secret'))
cli_keyvault_data_plane_command('keyvault secret set-attributes',
data_client_path.format('KeyVaultClient.update_secret'))
cli_keyvault_data_plane_command('keyvault secret show',
data_client_path.format('KeyVaultClient.get_secret'))
cli_keyvault_data_plane_command('keyvault secret show-deleted',
data_client_path.format('KeyVaultClient.get_deleted_secret'))
cli_keyvault_data_plane_command('keyvault secret delete',
data_client_path.format('KeyVaultClient.delete_secret'))
cli_keyvault_data_plane_command('keyvault secret purge',
data_client_path.format('KeyVaultClient.purge_deleted_secret'))
cli_keyvault_data_plane_command('keyvault secret recover',
data_client_path.format('KeyVaultClient.recover_deleted_secret'))
cli_keyvault_data_plane_command('keyvault secret download', custom_path.format('download_secret'))
cli_keyvault_data_plane_command('keyvault secret backup', custom_path.format('backup_secret'))
cli_keyvault_data_plane_command('keyvault secret restore', custom_path.format('restore_secret'))

cli_keyvault_data_plane_command('keyvault certificate create',
custom_path.format('create_certificate'))
cli_keyvault_data_plane_command('keyvault certificate list',
data_client_path.format('KeyVaultClient.get_certificates'))
cli_keyvault_data_plane_command('keyvault certificate list-versions',
data_client_path.format('KeyVaultClient.get_certificate_versions'))
cli_keyvault_data_plane_command('keyvault certificate list-deleted',
data_client_path.format('KeyVaultClient.get_deleted_certificates'))
cli_keyvault_data_plane_command('keyvault certificate show',
data_client_path.format('KeyVaultClient.get_certificate'))
cli_keyvault_data_plane_command('keyvault certificate show-deleted',
data_client_path.format('KeyVaultClient.get_deleted_certificate'))
cli_keyvault_data_plane_command('keyvault certificate delete',
data_client_path.format('KeyVaultClient.delete_certificate'))
cli_keyvault_data_plane_command('keyvault certificate purge',
data_client_path.format('KeyVaultClient.purge_deleted_certificate'))
cli_keyvault_data_plane_command('keyvault certificate recover',
data_client_path.format('KeyVaultClient.recover_deleted_certificate'))
cli_keyvault_data_plane_command('keyvault certificate set-attributes',
data_client_path.format('KeyVaultClient.update_certificate'))
cli_keyvault_data_plane_command('keyvault certificate import',
Expand Down
Loading