[KeyVault] adding soft-delete support for KeyVault certificates #4400
Conversation
enabling soft-delete for KeyVault certificates: updating tests, help adding missing config file including Name parameter in ByDeletedCertificate parameter set picking up latest KV .net SDK
|
The build appears to be failing because of static analysis; there is a large number of warnings, none of which come from the KeyVault namespace. The only references to KeyVault listed in the build warnings file are several skipped management test cases. |
| @@ -196,6 +196,7 @@ | |||
| <Compile Include="UnitTests\SetKeyVaultSecretTests.cs" /> | |||
| </ItemGroup> | |||
| <ItemGroup> | |||
| <None Include="app.config" /> | |||
| @@ -0,0 +1,11 @@ | |||
| <?xml version="1.0" encoding="utf-8"?> | |||
There was a problem hiding this comment.
@dragav please remove this file
| @@ -12,176 +12,36 @@ Creates a key in a key vault or imports a key into a key vault. | |||
|
|
|||
| ## SYNTAX | |||
|
|
|||
| ### Create (Default) | |||
There was a problem hiding this comment.
@dragav what happened to this file?
There was a problem hiding this comment.
@cormacpayne help generation seems to output incorrect content for a few commands, I haven't figured out why. I've manually updated some of them, and this one slipped through; will revert the change.
| @@ -1,7 +1,11 @@ | |||
| <?xml version="1.0" encoding="utf-8"?> | |||
| <packages> | |||
| <package id="Microsoft.Azure.ActiveDirectory.GraphClient" version="2.1.0" targetFramework="net45" /> | |||
| <package id="Microsoft.Azure.KeyVault" version="2.3.0-preview" targetFramework="net452" /> | |||
| <package id="Microsoft.Azure.KeyVault.WebKey" version="2.0.6" targetFramework="net452" /> | |||
| <package id="Microsoft.Azure.Common" version="2.1.0" targetFramework="net45" /> | |||
There was a problem hiding this comment.
@dragav please remove the extra dependencies that were added outside of what previously resided in this file. We recently made some changes to move common dependencies into a separate targets file that is referenced by all projects, so anything defined in that target should not exist in your csproj file or packages.config
| Assert-NotNull $createdCert2 | ||
|
|
||
| Get-AzureKeyVaultCertificate $keyVault | Where-Object {$_.CertificateName -like $rootCertName + '*'} | Remove-AzureKeyVaultCertificate -Force -Confirm:$false | ||
| Wait-Seconds 30 |
There was a problem hiding this comment.
@dragav why do we need to wait 30 seconds?
There was a problem hiding this comment.
Soft-deletion is an asynchronous operation, performed in the background by a different role.
| { | ||
| [Cmdlet( VerbsCommon.Undo, "AzureKeyVaultCertificateRemoval", | ||
| SupportsShouldProcess = true, | ||
| ConfirmImpact = ConfirmImpact.Low, |
There was a problem hiding this comment.
@dragav why change the ConfirmImpact level?
| @@ -20,9 +20,6 @@ Adds a contact for certificate notifications. | |||
| ### [Add-AzureKeyVaultKey](Add-AzureKeyVaultKey.md) | |||
| Creates a key in a key vault or imports a key into a key vault. | |||
|
|
|||
| ### [Add-AzureKeyVaultManagedStorageAccount](Add-AzureKeyVaultManagedStorageAccount.md) | |||
There was a problem hiding this comment.
@dragav it seems like this file did not get refreshed properly
| @@ -65,7 +65,7 @@ public KeyAttributes() | |||
|
|
|||
| public DateTime? Updated { get; private set; } | |||
|
|
|||
| public bool PurgeDisabled { get; private set; } | |||
| public string RecoveryLevel { get; private set; } | |||
There was a problem hiding this comment.
@dragav removing the PurgeDisabled property is a breaking change. Users who run the following will be broken:
$recoveredKey = Undo-AzureKeyVaultKeyRemoval -VaultName $vault -Name $keyName
$recoveredKey.Attributes.PurgeDisabledOur recommendation is to keep supporting this property, making it obsolete until the next breaking change release (this fall) when you can then remove it since users will have been warned ahead of time of the change.
There was a problem hiding this comment.
Normally I'd heed your recommendation; in this case, however, the presence of this field has security implications. The server protocol does not include this field, and a default here conveys the wrong information. I would rather have the client be broken (and make a quick script change) than use incorrect information.
Furthermore, the previous PSH release was based on a non-public KV SDK; that is, this field should have been considered "pre-release" via PSH as well, but we did not find a way to mark it as such. This PSH release uses a public KV SDK, and so it is in line with the REST API spec and the service itself.
I can add this as an entry to the breaking change log..
There was a problem hiding this comment.
We don't have the option of the client being broken, we will not ship any breaking changes until November, except in the case of critical security issues or other critical bugs.
There was a problem hiding this comment.
This can't be a breaking change, since PurgeDisabled was never part of the service REST API spec. Yes, there is a publicly-released PowerShell out there which includes PurgeDisabled, but nobody should have taken a dependency on that since the feature was in preview.
There was a problem hiding this comment.
Unfortunately, no breaking changes are a hard requirement
There was a problem hiding this comment.
Understood; reverted the breaking change.
| @@ -36,7 +36,7 @@ internal KeyIdentityItem(Azure.KeyVault.Models.KeyItem keyItem, VaultUriHelper v | |||
| NotBefore = keyItem.Attributes.NotBefore; | |||
| Created = keyItem.Attributes.Created; | |||
| Updated = keyItem.Attributes.Updated; | |||
| PurgeDisabled = keyItem.Attributes.PurgeDisabled; | |||
There was a problem hiding this comment.
@dragav same comment throughout this file
| @@ -27,7 +27,7 @@ namespace Microsoft.Azure.Commands.KeyVault | |||
| SupportsShouldProcess = true, | |||
| ConfirmImpact = ConfirmImpact.High, | |||
| HelpUri = Constants.KeyVaultHelpUri)] | |||
| [OutputType(typeof(KeyVaultCertificate))] | |||
| [OutputType(typeof(DeletedCertificateBundle))] | |||
There was a problem hiding this comment.
@dragav nothing has changed about the output of this cmdlet, right? It is still returning a KeyVaultCertificate below the block of code you added. The block you added does not write any object to the output stream, either.
There was a problem hiding this comment.
Not sure what you mean.. The response of this cmdlet is instantiated on line 93:
DeletedCertificateBundle certBundle = null;
The DataServiceClient (invoked to delete the cert) returns:
DeletedCertificateBundle DeleteCertificate(string vaultName, string certName);
There was a problem hiding this comment.
@dragav the object being written to the output stream is still a KeyVaultCertificate on line 111, so the output type has not changed
…ng-change release
…feature/updates4aug
|
@azuresdkci retest this please |
…-powershell into feature/updates4aug
…et Remove-AzureKeyVaultCertificate (a non-breaking change)
There was a problem hiding this comment.
@dragav please open a new PR that fixes the error in the change log
| @@ -24,6 +24,10 @@ | |||
| ## Version 3.3.0 | |||
|
|
|||
| ## Version 3.2.1 | |||
| * New/updated Cmdlets to support soft-delete for KeyVault certificates | |||
There was a problem hiding this comment.
@dragav please move this to under Current Release; the versions that are already listed are the notes from previous releases
Description
This checklist is used to make sure that common guidelines for a pull request are followed. You can find a more complete discussion of PowerShell cmdlet best practices here.
General Guidelines
Testing Guidelines
Cmdlet Signature Guidelines
ShouldProcessand haveSupportShouldProcess=truespecified in the cmdlet attribute. You can find more information onShouldProcesshere.OutputTypeattribute if any output is produced - if the cmdlet produces no output, it should implement aPassThruparameter.Cmdlet Parameter Guidelines