From 277443939d9aeb5bfad0f26d160732a52457d412 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Thu, 10 Sep 2020 15:33:41 -0700 Subject: [PATCH] KeyVaultBackupClient tests (#13709) --- .../azure-keyvault-administration/conftest.py | 14 + .../dev_requirements.txt | 2 + .../tests/blob_container_preparer.py | 36 ++ ...p_client.test_full_backup_and_restore.yaml | 286 ++++++++++ ...kup_client.test_selective_key_restore.yaml | 504 ++++++++++++++++++ ...nt_async.test_full_backup_and_restore.yaml | 186 +++++++ ...ient_async.test_selective_key_restore.yaml | 331 ++++++++++++ .../tests/test_backup_client.py | 101 ++++ .../tests/test_backup_client_async.py | 113 ++++ 9 files changed, 1573 insertions(+) create mode 100644 sdk/keyvault/azure-keyvault-administration/tests/blob_container_preparer.py create mode 100644 sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_full_backup_and_restore.yaml create mode 100644 sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_selective_key_restore.yaml create mode 100644 sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_full_backup_and_restore.yaml create mode 100644 sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_selective_key_restore.yaml create mode 100644 sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py create mode 100644 sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py diff --git a/sdk/keyvault/azure-keyvault-administration/conftest.py b/sdk/keyvault/azure-keyvault-administration/conftest.py index 445dcb60c7d2..41a0b93b50d8 100644 --- a/sdk/keyvault/azure-keyvault-administration/conftest.py +++ b/sdk/keyvault/azure-keyvault-administration/conftest.py @@ -2,7 +2,21 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ +import os import sys +import pytest + if sys.version_info < (3, 5, 3): collect_ignore_glob = ["*_async.py"] + + +@pytest.fixture(scope="class") +def managed_hsm(request): + """Fixture for tests requiring a Managed HSM instance""" + + playback_url = "https://managedhsm" + request.cls.managed_hsm = { + "url": os.environ.get("MANAGED_HSM_URL", playback_url), + "playback_url": playback_url, + } diff --git a/sdk/keyvault/azure-keyvault-administration/dev_requirements.txt b/sdk/keyvault/azure-keyvault-administration/dev_requirements.txt index 6641317a8516..dff688564e44 100644 --- a/sdk/keyvault/azure-keyvault-administration/dev_requirements.txt +++ b/sdk/keyvault/azure-keyvault-administration/dev_requirements.txt @@ -2,6 +2,8 @@ -e ../../../tools/azure-sdk-tools -e ../../core/azure-core -e ../../identity/azure-identity +-e ../../storage/azure-storage-blob +-e ../azure-keyvault-keys -e ../azure-mgmt-keyvault ../azure-keyvault-nspkg aiohttp>=3.0; python_version >= '3.5' diff --git a/sdk/keyvault/azure-keyvault-administration/tests/blob_container_preparer.py b/sdk/keyvault/azure-keyvault-administration/tests/blob_container_preparer.py new file mode 100644 index 000000000000..5c2e3076cf04 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tests/blob_container_preparer.py @@ -0,0 +1,36 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +from datetime import datetime, timedelta + +from azure.storage.blob import BlobServiceClient, generate_account_sas, ResourceTypes, AccountSasPermissions +from devtools_testutils import AzureMgmtPreparer + + +class BlobContainerPreparer(AzureMgmtPreparer): + def __init__(self, **kwargs): + super(BlobContainerPreparer, self).__init__("container", 24, random_name_enabled=True, **kwargs) + + def create_resource(self, name, **kwargs): + if self.is_live: + storage_account = kwargs.pop("storage_account") + storage_account_key = kwargs.pop("storage_account_key") + sas_token = generate_account_sas( + account_name=storage_account.name, + account_key=storage_account_key, + resource_types=ResourceTypes(container=True, object=True), + permission=AccountSasPermissions( + create=True, list=True, write=True, read=True, add=True, delete=True, delete_previous_version=True + ), + expiry=datetime.utcnow() + timedelta(minutes=5), + ) + blob_client = BlobServiceClient(storage_account.primary_endpoints.blob, sas_token) + container = blob_client.create_container(name) + container_uri = storage_account.primary_endpoints.blob + container.container_name + self.test_class_instance.scrubber.register_name_pair(sas_token, "redacted") + self.test_class_instance.scrubber.register_name_pair(container_uri, "https://storage/container") + else: + sas_token = "fake-sas" + container_uri = "https://storage/container" + return {"container_uri": container_uri, "sas_token": sas_token} diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_full_backup_and_restore.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_full_backup_and_restore.yaml new file mode 100644 index 000000000000..2813fc3d642a --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_full_backup_and_restore.yaml @@ -0,0 +1,286 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/backup?api-version=7.2-preview + response: + body: + string: '' + headers: + cache-control: + - no-cache + content-length: + - '0' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + www-authenticate: + - Bearer authorization="https://login.windows-ppe.net/f686d426-8d16-42db-81b7-ab578e110ccd", + resource="https://managedhsm-int.azure-int.net" + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-server-latency: + - '2' + status: + code: 401 + message: Unauthorized +- request: + body: '{"storageResourceUri": "https://storname.blob.core.windows.net/containerlpibiggddqawmbw", + "token": "redacted"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '235' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/backup?api-version=7.2-preview + response: + body: + string: '{"status":"InProgress","statusDetails":null,"error":{"code":null,"message":null,"innererror":null},"startTime":1599693259,"endTime":null,"jobId":"0c6890ada4cf411987b1c8fff2e8d20f","azureStorageBlobContainerUri":null}' + headers: + azure-asyncoperation: + - https://managedhsm/backup/0c6890ada4cf411987b1c8fff2e8d20f/pending + cache-control: + - no-cache + content-length: + - '216' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:14:19 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '962' + status: + code: 202 + message: '' +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/backup/0c6890ada4cf411987b1c8fff2e8d20f/pending + response: + body: + string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/containerlpibiggddqawmbw/mhsm-chriss-eu2-2020090923141950","endTime":1599693269,"error":null,"jobId":"0c6890ada4cf411987b1c8fff2e8d20f","startTime":1599693259,"status":"Succeeded","statusDetails":null}' + headers: + cache-control: + - no-cache + content-length: + - '289' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:14:29 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '599' + status: + code: 200 + message: OK +- request: + body: '{"folderToRestore": "mhsm-chriss-eu2-2020090923141950", "sasTokenParameters": + {"storageResourceUri": "https://storname.blob.core.windows.net/containerlpibiggddqawmbw", + "token": "redacted"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '314' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://managedhsm/restore?api-version=7.2-preview + response: + body: + string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"f45c5ed12efc498990690cc92ed43684","startTime":1599693271,"status":"InProgress","statusDetails":null}' + headers: + azure-asyncoperation: + - https://managedhsm/restore/f45c5ed12efc498990690cc92ed43684/pending + cache-control: + - no-cache + content-length: + - '180' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:14:30 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '812' + status: + code: 202 + message: '' +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/restore/f45c5ed12efc498990690cc92ed43684/pending + response: + body: + string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"f45c5ed12efc498990690cc92ed43684","startTime":1599693271,"status":"InProgress","statusDetails":null}' + headers: + cache-control: + - no-cache + content-length: + - '180' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:14:42 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '534' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/restore/f45c5ed12efc498990690cc92ed43684/pending + response: + body: + string: '{"endTime":1599693288,"error":null,"jobId":"f45c5ed12efc498990690cc92ed43684","startTime":1599693271,"status":"Succeeded","statusDetails":null}' + headers: + cache-control: + - no-cache + content-length: + - '143' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:14:50 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '656' + status: + code: 200 + message: OK +version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_selective_key_restore.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_selective_key_restore.yaml new file mode 100644 index 000000000000..955f4233ba3b --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client.test_selective_key_restore.yaml @@ -0,0 +1,504 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-keys/4.2.1 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/keys/selective-restore-test-keya85a1290/create?api-version=7.1 + response: + body: + string: '' + headers: + cache-control: + - no-cache + content-length: + - '0' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + www-authenticate: + - Bearer authorization="https://login.windows-ppe.net/f686d426-8d16-42db-81b7-ab578e110ccd", + resource="https://managedhsm-int.azure-int.net" + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-server-latency: + - '1' + status: + code: 401 + message: Unauthorized +- request: + body: '{"kty": "RSA"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '14' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-keys/4.2.1 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/keys/selective-restore-test-keya85a1290/create?api-version=7.1 + response: + body: + string: '{"attributes":{"created":1599693317,"enabled":true,"exportable":false,"recoverableDays":7,"recoveryLevel":"CustomizedRecoverable+Purgeable","updated":1599693317},"key":{"e":"AQAB","key_ops":["wrapKey","decrypt","encrypt","unwrapKey","sign","verify"],"kid":"https://managedhsm/keys/selective-restore-test-keya85a1290/012b1544acb10c63b57eb1d95ebcf9c6","kty":"RSA-HSM","n":"i6Kf3a2-Jfv9735-DX9cAOONQ7OtSaKwgx84JgRs0wZFcfe1cIw7nyPnsZtHb5TJfp5oTXDj7_EZWUYIyUhwHEKpLSKK_nlAx1Y1izm_3_01nhGLtLMERg0GGQJlYCO7G8IGIKJ2XkC1EItj_LV1BNF3qozJziVOtYdycHckUpzwD5ij-VVegxwF9KeaMO8wmzVMgxyVDWctQVjuwB0-lbnZr_aJj9uo1ntEyNbpkiuxe6scJqKL3c8siu1gAeZ7K7Z0r8TEWYFEispB3NnX63AFkpMhRF8XjD4HyhTMMIU7JiBR-0h1CXrCaRb7Ys7Hpq1E5jcvdpspCbN94B3f1Q"}}' + headers: + cache-control: + - no-cache + content-length: + - '753' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '713' + status: + code: 200 + message: OK +- request: + body: '{"storageResourceUri": "https://storname.blob.core.windows.net/containerr5j67u54ef7gqx7", + "token": "redacted"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '233' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/backup?api-version=7.2-preview + response: + body: + string: '{"status":"InProgress","statusDetails":null,"error":{"code":null,"message":null,"innererror":null},"startTime":1599693320,"endTime":null,"jobId":"7161b3a9af704527b36d5a94c34d435c","azureStorageBlobContainerUri":null}' + headers: + azure-asyncoperation: + - https://managedhsm/backup/7161b3a9af704527b36d5a94c34d435c/pending + cache-control: + - no-cache + content-length: + - '216' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:15:20 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '878' + status: + code: 202 + message: '' +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/backup/7161b3a9af704527b36d5a94c34d435c/pending + response: + body: + string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/containerr5j67u54ef7gqx7/mhsm-chriss-eu2-2020090923152045","endTime":1599693331,"error":null,"jobId":"7161b3a9af704527b36d5a94c34d435c","startTime":1599693320,"status":"Succeeded","statusDetails":null}' + headers: + cache-control: + - no-cache + content-length: + - '289' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:15:30 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '632' + status: + code: 200 + message: OK +- request: + body: '{"folder": "mhsm-chriss-eu2-2020090923152045", "sasTokenParameters": {"storageResourceUri": + "https://storname.blob.core.windows.net/containerr5j67u54ef7gqx7", "token": + "redacted"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '303' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://managedhsm/keys/selective-restore-test-keya85a1290/restore?api-version=7.2-preview + response: + body: + string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"a364959910264ceb91edb1df21290d87","startTime":1599693332,"status":"InProgress","statusDetails":null}' + headers: + azure-asyncoperation: + - https://managedhsm/restore/a364959910264ceb91edb1df21290d87/pending + cache-control: + - no-cache + content-length: + - '180' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:15:32 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '853' + status: + code: 202 + message: '' +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/restore/a364959910264ceb91edb1df21290d87/pending + response: + body: + string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"a364959910264ceb91edb1df21290d87","startTime":1599693332,"status":"InProgress","statusDetails":null}' + headers: + cache-control: + - no-cache + content-length: + - '180' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:15:43 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '654' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/restore/a364959910264ceb91edb1df21290d87/pending + response: + body: + string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"a364959910264ceb91edb1df21290d87","startTime":1599693332,"status":"InProgress","statusDetails":null}' + headers: + cache-control: + - no-cache + content-length: + - '180' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:15:49 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '610' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/restore/a364959910264ceb91edb1df21290d87/pending + response: + body: + string: '{"endTime":1599693349,"error":null,"jobId":"a364959910264ceb91edb1df21290d87","startTime":1599693332,"status":"Succeeded","statusDetails":"Number + of successful key versions restored: 0, Number of key versions could not overwrite: + 2"}' + headers: + cache-control: + - no-cache + content-length: + - '233' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + date: + - Wed, 09 Sep 2020 23:15:54 GMT + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '616' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + User-Agent: + - azsdk-python-keyvault-keys/4.2.1 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: DELETE + uri: https://managedhsm/keys/selective-restore-test-keya85a1290?api-version=7.1 + response: + body: + string: '{"attributes":{"created":1599693317,"enabled":true,"exportable":false,"recoverableDays":7,"recoveryLevel":"CustomizedRecoverable+Purgeable","updated":1599693317},"deletedDate":1599693356,"key":{"e":"AQAB","key_ops":["wrapKey","verify","sign","unwrapKey","decrypt","encrypt"],"kid":"https://managedhsm/keys/selective-restore-test-keya85a1290/012b1544acb10c63b57eb1d95ebcf9c6","kty":"RSA-HSM","n":"i6Kf3a2-Jfv9735-DX9cAOONQ7OtSaKwgx84JgRs0wZFcfe1cIw7nyPnsZtHb5TJfp5oTXDj7_EZWUYIyUhwHEKpLSKK_nlAx1Y1izm_3_01nhGLtLMERg0GGQJlYCO7G8IGIKJ2XkC1EItj_LV1BNF3qozJziVOtYdycHckUpzwD5ij-VVegxwF9KeaMO8wmzVMgxyVDWctQVjuwB0-lbnZr_aJj9uo1ntEyNbpkiuxe6scJqKL3c8siu1gAeZ7K7Z0r8TEWYFEispB3NnX63AFkpMhRF8XjD4HyhTMMIU7JiBR-0h1CXrCaRb7Ys7Hpq1E5jcvdpspCbN94B3f1Q"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-keya85a1290","scheduledPurgeDate":1600298156}' + headers: + cache-control: + - no-cache + content-length: + - '928' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '485' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-keyvault-keys/4.2.1 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/deletedkeys/selective-restore-test-keya85a1290?api-version=7.1 + response: + body: + string: '{"attributes":{"created":1599693317,"enabled":true,"exportable":false,"recoverableDays":7,"recoveryLevel":"CustomizedRecoverable+Purgeable","updated":1599693317},"deletedDate":1599693356,"key":{"e":"AQAB","key_ops":["encrypt","decrypt","unwrapKey","sign","verify","wrapKey"],"kid":"https://managedhsm/keys/selective-restore-test-keya85a1290/012b1544acb10c63b57eb1d95ebcf9c6","kty":"RSA-HSM","n":"i6Kf3a2-Jfv9735-DX9cAOONQ7OtSaKwgx84JgRs0wZFcfe1cIw7nyPnsZtHb5TJfp5oTXDj7_EZWUYIyUhwHEKpLSKK_nlAx1Y1izm_3_01nhGLtLMERg0GGQJlYCO7G8IGIKJ2XkC1EItj_LV1BNF3qozJziVOtYdycHckUpzwD5ij-VVegxwF9KeaMO8wmzVMgxyVDWctQVjuwB0-lbnZr_aJj9uo1ntEyNbpkiuxe6scJqKL3c8siu1gAeZ7K7Z0r8TEWYFEispB3NnX63AFkpMhRF8XjD4HyhTMMIU7JiBR-0h1CXrCaRb7Ys7Hpq1E5jcvdpspCbN94B3f1Q"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-keya85a1290","scheduledPurgeDate":1600298156}' + headers: + cache-control: + - no-cache + content-length: + - '928' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-build-version: + - 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '183' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + User-Agent: + - azsdk-python-keyvault-keys/4.2.1 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: DELETE + uri: https://managedhsm/deletedkeys/selective-restore-test-keya85a1290?api-version=7.1 + response: + body: + string: '' + headers: + cache-control: + - no-cache + content-length: + - '0' + content-security-policy: + - default-src 'self' + content-type: + - application/json; charset=utf-8 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-frame-options: + - SAMEORIGIN + x-ms-keyvault-network-info: + - addr=24.17.201.78 + x-ms-keyvault-region: + - EASTUS + x-ms-server-latency: + - '506' + status: + code: 204 + message: '' +version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_full_backup_and_restore.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_full_backup_and_restore.yaml new file mode 100644 index 000000000000..a89f1a466194 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_full_backup_and_restore.yaml @@ -0,0 +1,186 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/backup?api-version=7.2-preview + response: + body: + string: '' + headers: + cache-control: no-cache + content-length: '0' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + www-authenticate: Bearer authorization="https://login.windows-ppe.net/f686d426-8d16-42db-81b7-ab578e110ccd", + resource="https://managedhsm-int.azure-int.net" + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-server-latency: '1' + status: + code: 401 + message: Unauthorized + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/backup?api-version=7.2-preview +- request: + body: '{"token": "redacted", "storageResourceUri": "https://storname.blob.core.windows.net/containerukawv6vxixb3rhm"}' + headers: + Accept: + - application/json + Content-Length: + - '233' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/backup?api-version=7.2-preview + response: + body: + string: '{"status":"InProgress","statusDetails":null,"error":{"code":null,"message":null,"innererror":null},"startTime":1599693526,"endTime":null,"jobId":"c41d7765beaa4c3eae7a1e6159f9efb2","azureStorageBlobContainerUri":null}' + headers: + azure-asyncoperation: https://managedhsm/backup/c41d7765beaa4c3eae7a1e6159f9efb2/pending + cache-control: no-cache + content-length: '216' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + date: Wed, 09 Sep 2020 23:18:46 GMT + server: Kestrel + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '1033' + status: + code: 202 + message: null + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/backup?api-version=7.2-preview +- request: + body: null + headers: + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/backup/c41d7765beaa4c3eae7a1e6159f9efb2/pending + response: + body: + string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/containerukawv6vxixb3rhm/mhsm-chriss-eu2-2020090923184683","endTime":1599693537,"error":null,"jobId":"c41d7765beaa4c3eae7a1e6159f9efb2","startTime":1599693526,"status":"Succeeded","statusDetails":null}' + headers: + cache-control: no-cache + content-length: '289' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + date: Wed, 09 Sep 2020 23:18:57 GMT + server: Kestrel + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '641' + status: + code: 200 + message: OK + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/backup/c41d7765beaa4c3eae7a1e6159f9efb2/pending +- request: + body: '{"folderToRestore": "mhsm-chriss-eu2-2020090923184683", "sasTokenParameters": + {"token": "redacted", "storageResourceUri": "https://storname.blob.core.windows.net/containerukawv6vxixb3rhm"}}' + headers: + Accept: + - application/json + Content-Length: + - '312' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://managedhsm/restore?api-version=7.2-preview + response: + body: + string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"e82968b7701143aeaddcc851525eca02","startTime":1599693539,"status":"InProgress","statusDetails":null}' + headers: + azure-asyncoperation: https://managedhsm/restore/e82968b7701143aeaddcc851525eca02/pending + cache-control: no-cache + content-length: '180' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + date: Wed, 09 Sep 2020 23:18:59 GMT + server: Kestrel + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '932' + status: + code: 202 + message: null + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/restore?api-version=7.2-preview +- request: + body: null + headers: + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/restore/e82968b7701143aeaddcc851525eca02/pending + response: + body: + string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"e82968b7701143aeaddcc851525eca02","startTime":1599693539,"status":"InProgress","statusDetails":null}' + headers: + cache-control: no-cache + content-length: '180' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + date: Wed, 09 Sep 2020 23:19:10 GMT + server: Kestrel + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '675' + status: + code: 200 + message: OK + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/restore/e82968b7701143aeaddcc851525eca02/pending +- request: + body: null + headers: + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/restore/e82968b7701143aeaddcc851525eca02/pending + response: + body: + string: '{"endTime":1599693551,"error":null,"jobId":"e82968b7701143aeaddcc851525eca02","startTime":1599693539,"status":"Succeeded","statusDetails":null}' + headers: + cache-control: no-cache + content-length: '143' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + date: Wed, 09 Sep 2020 23:19:17 GMT + server: Kestrel + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '629' + status: + code: 200 + message: OK + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/restore/e82968b7701143aeaddcc851525eca02/pending +version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_selective_key_restore.yaml b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_selective_key_restore.yaml new file mode 100644 index 000000000000..02cc71c423fa --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tests/recordings/test_backup_client_async.test_selective_key_restore.yaml @@ -0,0 +1,331 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-keys/4.2.1 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/keys/selective-restore-test-key20e5150d/create?api-version=7.1 + response: + body: + string: '' + headers: + cache-control: no-cache + content-length: '0' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + www-authenticate: Bearer authorization="https://login.windows-ppe.net/f686d426-8d16-42db-81b7-ab578e110ccd", + resource="https://managedhsm-int.azure-int.net" + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-server-latency: '0' + status: + code: 401 + message: Unauthorized + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/keys/selective-restore-test-key20e5150d/create?api-version=7.1 +- request: + body: '{"kty": "RSA"}' + headers: + Accept: + - application/json + Content-Length: + - '14' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-keys/4.2.1 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/keys/selective-restore-test-key20e5150d/create?api-version=7.1 + response: + body: + string: '{"attributes":{"created":1599693613,"enabled":true,"exportable":false,"recoverableDays":7,"recoveryLevel":"CustomizedRecoverable+Purgeable","updated":1599693613},"key":{"e":"AQAB","key_ops":["wrapKey","decrypt","encrypt","unwrapKey","sign","verify"],"kid":"https://managedhsm/keys/selective-restore-test-key20e5150d/7500af2095d145ba1792f41a676385a2","kty":"RSA-HSM","n":"nk0J5UifiL3C-Wb2BzSUMAR8wDVPGIa5eMT0GNHBLjKai-IMj5GF55-yHD-GP2qQgrDWIIPM2wD5j03fcTqdehqSlyOrqBrRTqfBi2dc8hRuZr9bPttLwqrWzQR3mFag5PiDYvSMBj0cRNcp6ZlIONbMcaq68SV8H559sKowLxJIhF4z-5GRfCJboxvcLwtIGSvuv9HnB4qkrJF5tT9OOqeFQUGJgD01XmACGOZedKhJXzUqhUGm8XvwYDHx0aKXebWudw34ClAl7lWIMw5bd2DR-GUQ9T9i-bj4ipkosVZtZl4iyexhWFjKECJZC53kdLJ7K6rW-wlPb2129DvfwQ"}}' + headers: + cache-control: no-cache + content-length: '753' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '719' + status: + code: 200 + message: OK + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/keys/selective-restore-test-key20e5150d/create?api-version=7.1 +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/backup?api-version=7.2-preview + response: + body: + string: '' + headers: + cache-control: no-cache + content-length: '0' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + www-authenticate: Bearer authorization="https://login.windows-ppe.net/f686d426-8d16-42db-81b7-ab578e110ccd", + resource="https://managedhsm-int.azure-int.net" + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-server-latency: '1' + status: + code: 401 + message: Unauthorized + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/backup?api-version=7.2-preview +- request: + body: '{"storageResourceUri": "https://storname.blob.core.windows.net/container46nad73wruezm7t", + "token": "redacted"}' + headers: + Accept: + - application/json + Content-Length: + - '233' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: POST + uri: https://managedhsm/backup?api-version=7.2-preview + response: + body: + string: '{"status":"InProgress","statusDetails":null,"error":{"code":null,"message":null,"innererror":null},"startTime":1599693615,"endTime":null,"jobId":"6dd3d9ef3c4340d583da7967d366f43c","azureStorageBlobContainerUri":null}' + headers: + azure-asyncoperation: https://managedhsm/backup/6dd3d9ef3c4340d583da7967d366f43c/pending + cache-control: no-cache + content-length: '216' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + date: Wed, 09 Sep 2020 23:20:14 GMT + server: Kestrel + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '880' + status: + code: 202 + message: null + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/backup?api-version=7.2-preview +- request: + body: null + headers: + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/backup/6dd3d9ef3c4340d583da7967d366f43c/pending + response: + body: + string: '{"azureStorageBlobContainerUri":"https://storname.blob.core.windows.net/container46nad73wruezm7t/mhsm-chriss-eu2-2020090923201530","endTime":1599693626,"error":null,"jobId":"6dd3d9ef3c4340d583da7967d366f43c","startTime":1599693615,"status":"Succeeded","statusDetails":null}' + headers: + cache-control: no-cache + content-length: '289' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + date: Wed, 09 Sep 2020 23:20:26 GMT + server: Kestrel + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '636' + status: + code: 200 + message: OK + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/backup/6dd3d9ef3c4340d583da7967d366f43c/pending +- request: + body: '{"sasTokenParameters": {"storageResourceUri": "https://storname.blob.core.windows.net/container46nad73wruezm7t", + "token": "redacted"}, "folder": "mhsm-chriss-eu2-2020090923201530"}' + headers: + Accept: + - application/json + Content-Length: + - '303' + Content-Type: + - application/json + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://managedhsm/keys/selective-restore-test-key20e5150d/restore?api-version=7.2-preview + response: + body: + string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"d8ca0b63bcac42f9b36997f4e163db2f","startTime":1599693627,"status":"InProgress","statusDetails":null}' + headers: + azure-asyncoperation: https://managedhsm/restore/d8ca0b63bcac42f9b36997f4e163db2f/pending + cache-control: no-cache + content-length: '180' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + date: Wed, 09 Sep 2020 23:20:27 GMT + server: Kestrel + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '898' + status: + code: 202 + message: null + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/keys/selective-restore-test-key20e5150d/restore?api-version=7.2-preview +- request: + body: null + headers: + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/restore/d8ca0b63bcac42f9b36997f4e163db2f/pending + response: + body: + string: '{"endTime":null,"error":{"code":null,"innererror":null,"message":null},"jobId":"d8ca0b63bcac42f9b36997f4e163db2f","startTime":1599693627,"status":"InProgress","statusDetails":null}' + headers: + cache-control: no-cache + content-length: '180' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + date: Wed, 09 Sep 2020 23:20:38 GMT + server: Kestrel + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '656' + status: + code: 200 + message: OK + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/restore/d8ca0b63bcac42f9b36997f4e163db2f/pending +- request: + body: null + headers: + User-Agent: + - azsdk-python-keyvault-administration/4.0.0b2 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/restore/d8ca0b63bcac42f9b36997f4e163db2f/pending + response: + body: + string: '{"endTime":1599693639,"error":null,"jobId":"d8ca0b63bcac42f9b36997f4e163db2f","startTime":1599693627,"status":"Succeeded","statusDetails":"Number + of successful key versions restored: 0, Number of key versions could not overwrite: + 2"}' + headers: + cache-control: no-cache + content-length: '233' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + date: Wed, 09 Sep 2020 23:20:44 GMT + server: Kestrel + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '655' + status: + code: 200 + message: OK + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/restore/d8ca0b63bcac42f9b36997f4e163db2f/pending +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-keys/4.2.1 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: DELETE + uri: https://managedhsm/keys/selective-restore-test-key20e5150d?api-version=7.1 + response: + body: + string: '{"attributes":{"created":1599693613,"enabled":true,"exportable":false,"recoverableDays":7,"recoveryLevel":"CustomizedRecoverable+Purgeable","updated":1599693613},"deletedDate":1599693645,"key":{"e":"AQAB","key_ops":["wrapKey","verify","sign","unwrapKey","decrypt","encrypt"],"kid":"https://managedhsm/keys/selective-restore-test-key20e5150d/7500af2095d145ba1792f41a676385a2","kty":"RSA-HSM","n":"nk0J5UifiL3C-Wb2BzSUMAR8wDVPGIa5eMT0GNHBLjKai-IMj5GF55-yHD-GP2qQgrDWIIPM2wD5j03fcTqdehqSlyOrqBrRTqfBi2dc8hRuZr9bPttLwqrWzQR3mFag5PiDYvSMBj0cRNcp6ZlIONbMcaq68SV8H559sKowLxJIhF4z-5GRfCJboxvcLwtIGSvuv9HnB4qkrJF5tT9OOqeFQUGJgD01XmACGOZedKhJXzUqhUGm8XvwYDHx0aKXebWudw34ClAl7lWIMw5bd2DR-GUQ9T9i-bj4ipkosVZtZl4iyexhWFjKECJZC53kdLJ7K6rW-wlPb2129DvfwQ"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-key20e5150d","scheduledPurgeDate":1600298445}' + headers: + cache-control: no-cache + content-length: '928' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '483' + status: + code: 200 + message: OK + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/keys/selective-restore-test-key20e5150d?api-version=7.1 +- request: + body: null + headers: + Accept: + - application/json + User-Agent: + - azsdk-python-keyvault-keys/4.2.1 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://managedhsm/deletedkeys/selective-restore-test-key20e5150d?api-version=7.1 + response: + body: + string: '{"attributes":{"created":1599693613,"enabled":true,"exportable":false,"recoverableDays":7,"recoveryLevel":"CustomizedRecoverable+Purgeable","updated":1599693613},"deletedDate":1599693645,"key":{"e":"AQAB","key_ops":["encrypt","decrypt","unwrapKey","sign","verify","wrapKey"],"kid":"https://managedhsm/keys/selective-restore-test-key20e5150d/7500af2095d145ba1792f41a676385a2","kty":"RSA-HSM","n":"nk0J5UifiL3C-Wb2BzSUMAR8wDVPGIa5eMT0GNHBLjKai-IMj5GF55-yHD-GP2qQgrDWIIPM2wD5j03fcTqdehqSlyOrqBrRTqfBi2dc8hRuZr9bPttLwqrWzQR3mFag5PiDYvSMBj0cRNcp6ZlIONbMcaq68SV8H559sKowLxJIhF4z-5GRfCJboxvcLwtIGSvuv9HnB4qkrJF5tT9OOqeFQUGJgD01XmACGOZedKhJXzUqhUGm8XvwYDHx0aKXebWudw34ClAl7lWIMw5bd2DR-GUQ9T9i-bj4ipkosVZtZl4iyexhWFjKECJZC53kdLJ7K6rW-wlPb2129DvfwQ"},"recoveryId":"https://managedhsm/deletedkeys/selective-restore-test-key20e5150d","scheduledPurgeDate":1600298445}' + headers: + cache-control: no-cache + content-length: '928' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-build-version: 1.0.20200909-2-c73be597-develop + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '192' + status: + code: 200 + message: OK + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/deletedkeys/selective-restore-test-key20e5150d?api-version=7.1 +- request: + body: null + headers: + User-Agent: + - azsdk-python-keyvault-keys/4.2.1 Python/3.5.4 (Windows-10-10.0.19041-SP0) + method: DELETE + uri: https://managedhsm/deletedkeys/selective-restore-test-key20e5150d?api-version=7.1 + response: + body: + string: '' + headers: + cache-control: no-cache + content-length: '0' + content-security-policy: default-src 'self' + content-type: application/json; charset=utf-8 + strict-transport-security: max-age=31536000; includeSubDomains + x-content-type-options: nosniff + x-frame-options: SAMEORIGIN + x-ms-keyvault-network-info: addr=24.17.201.78 + x-ms-keyvault-region: EASTUS + x-ms-server-latency: '545' + status: + code: 204 + message: null + url: https://eastus2.chriss-eu2.managedhsm-int.azure-int.net/deletedkeys/selective-restore-test-key20e5150d?api-version=7.1 +version: 1 diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py new file mode 100644 index 000000000000..22b510c02e64 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client.py @@ -0,0 +1,101 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +from datetime import datetime +import time + +from azure.core.credentials import AccessToken +from azure.identity import DefaultAzureCredential +from azure.keyvault.keys import KeyClient +from azure.keyvault.administration import KeyVaultBackupClient, BackupOperation +from devtools_testutils import ResourceGroupPreparer, StorageAccountPreparer +import pytest + +from _shared.helpers import mock +from _shared.test_case import KeyVaultTestCase +from blob_container_preparer import BlobContainerPreparer + + +@pytest.mark.usefixtures("managed_hsm") +class BackupClientTests(KeyVaultTestCase): + def __init__(self, *args, **kwargs): + super(BackupClientTests, self).__init__(*args, match_body=False, **kwargs) + + def setUp(self, *args, **kwargs): + if self.is_live: + self.scrubber.register_name_pair(self.managed_hsm["url"].lower(), self.managed_hsm["playback_url"]) + super(BackupClientTests, self).setUp(*args, **kwargs) + + @property + def credential(self): + if self.is_live: + return DefaultAzureCredential() + return mock.Mock(get_token=lambda *_, **__: AccessToken("secret", time.time() + 3600)) + + @ResourceGroupPreparer(random_name_enabled=True, use_cache=True) + @StorageAccountPreparer(random_name_enabled=True) + @BlobContainerPreparer() + def test_full_backup_and_restore(self, container_uri, sas_token): + # backup the vault + backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential) + backup_poller = backup_client.begin_full_backup(container_uri, sas_token) + backup_operation = backup_poller.result() + assert_successful_operation(backup_operation) + + # restore the backup + folder_name = backup_operation.azure_storage_blob_container_uri.split("/")[-1] + restore_poller = backup_client.begin_full_restore(container_uri, sas_token, folder_name) + restore_operation = restore_poller.result() + assert_successful_operation(restore_operation) + + @ResourceGroupPreparer(random_name_enabled=True, use_cache=True) + @StorageAccountPreparer(random_name_enabled=True) + @BlobContainerPreparer() + def test_selective_key_restore(self, container_uri, sas_token): + # create a key to selectively restore + key_client = KeyClient(self.managed_hsm["url"], self.credential) + key_name = self.get_resource_name("selective-restore-test-key") + key_client.create_rsa_key(key_name) + + # backup the vault + backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential) + backup_poller = backup_client.begin_full_backup(container_uri, sas_token) + backup_operation = backup_poller.result() + assert_successful_operation(backup_operation) + + # restore the key + folder_name = backup_operation.azure_storage_blob_container_uri.split("/")[-1] + restore_poller = backup_client.begin_selective_restore(container_uri, sas_token, folder_name, key_name) + restore_operation = restore_poller.result() + assert_successful_operation(restore_operation) + + key_client.begin_delete_key(key_name).wait() + key_client.purge_deleted_key(key_name) + + +def test_continuation_token(): + """Methods returning pollers should accept continuation tokens""" + + expected_token = "token" + mock_generated_client = mock.Mock() + + backup_client = KeyVaultBackupClient("vault-url", object()) + backup_client._client = mock_generated_client + backup_client.begin_full_restore("storage uri", "sas", "folder", continuation_token=expected_token) + backup_client.begin_full_backup("storage uri", "sas", continuation_token=expected_token) + backup_client.begin_selective_restore("storage uri", "sas", "folder", "key", continuation_token=expected_token) + + for method in ("begin_full_backup", "begin_full_restore_operation", "begin_selective_key_restore_operation"): + mock_method = getattr(mock_generated_client, method) + assert mock_method.call_count == 1 + _, kwargs = mock_method.call_args + assert kwargs["continuation_token"] == expected_token + + +def assert_successful_operation(operation): + if isinstance(operation, BackupOperation): + assert operation.azure_storage_blob_container_uri + assert operation.status == "Succeeded" + assert isinstance(operation.end_time, datetime) + assert operation.start_time < operation.end_time diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py new file mode 100644 index 000000000000..8e9fee466006 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_backup_client_async.py @@ -0,0 +1,113 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +from datetime import datetime +import time +from unittest import mock + +from azure.core.credentials import AccessToken +from azure.identity.aio import DefaultAzureCredential +from azure.keyvault.keys.aio import KeyClient +from azure.keyvault.administration.aio import KeyVaultBackupClient +from devtools_testutils import ResourceGroupPreparer, StorageAccountPreparer +import pytest + +from _shared.helpers_async import get_completed_future +from _shared.test_case_async import KeyVaultTestCase +from blob_container_preparer import BlobContainerPreparer +from test_backup_client import assert_successful_operation + + +@pytest.mark.usefixtures("managed_hsm") +class BackupClientTests(KeyVaultTestCase): + def __init__(self, *args, **kwargs): + super().__init__(*args, match_body=False, **kwargs) + + def setUp(self, *args, **kwargs): + if self.is_live: + self.scrubber.register_name_pair(self.managed_hsm["url"].lower(), self.managed_hsm["playback_url"]) + super().setUp(*args, **kwargs) + + @property + def credential(self): + if self.is_live: + return DefaultAzureCredential() + + async def get_token(*_, **__): + return AccessToken("secret", time.time() + 3600) + + return mock.Mock(get_token=get_token) + + @ResourceGroupPreparer(random_name_enabled=True, use_cache=True) + @StorageAccountPreparer(random_name_enabled=True) + @BlobContainerPreparer() + async def test_full_backup_and_restore(self, container_uri, sas_token): + # backup the vault + backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential) + backup_poller = await backup_client.begin_full_backup(container_uri, sas_token) + backup_operation = await backup_poller.result() + assert_successful_operation(backup_operation) + + # restore the backup + folder_name = backup_operation.azure_storage_blob_container_uri.split("/")[-1] + restore_poller = await backup_client.begin_full_restore(container_uri, sas_token, folder_name) + restore_operation = await restore_poller.result() + assert_successful_operation(restore_operation) + + @ResourceGroupPreparer(random_name_enabled=True, use_cache=True) + @StorageAccountPreparer(random_name_enabled=True) + @BlobContainerPreparer() + async def test_selective_key_restore(self, container_uri, sas_token): + # create a key to selectively restore + key_client = KeyClient(self.managed_hsm["url"], self.credential) + key_name = self.get_resource_name("selective-restore-test-key") + await key_client.create_rsa_key(key_name) + + # backup the vault + backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential) + backup_poller = await backup_client.begin_full_backup(container_uri, sas_token) + backup_operation = await backup_poller.result() + assert_successful_operation(backup_operation) + + # restore the key + folder_name = backup_operation.azure_storage_blob_container_uri.split("/")[-1] + restore_poller = await backup_client.begin_selective_restore(container_uri, sas_token, folder_name, key_name) + restore_operation = await restore_poller.result() + assert_successful_operation(restore_operation) + + await key_client.delete_key(key_name) + await key_client.purge_deleted_key(key_name) + + +@pytest.mark.asyncio +async def test_continuation_token(): + """Methods returning pollers should accept continuation tokens""" + + expected_token = "token" + + mock_generated_client = mock.Mock() + mock_methods = [ + getattr(mock_generated_client, method_name) + for method_name in ( + "begin_full_backup", + "begin_full_restore_operation", + "begin_selective_key_restore_operation", + ) + ] + for method in mock_methods: + # the mock client's methods must return awaitables, and we don't have AsyncMock before 3.8 + method.return_value = get_completed_future() + + backup_client = KeyVaultBackupClient("vault-url", object()) + backup_client._client = mock_generated_client + await backup_client.begin_full_restore("storage uri", "sas", "folder", continuation_token=expected_token) + await backup_client.begin_full_backup("storage uri", "sas", continuation_token=expected_token) + await backup_client.begin_selective_restore( + "storage uri", "sas", "folder", "key", continuation_token=expected_token + ) + + for method in mock_methods: + assert method.call_count == 1 + _, kwargs = method.call_args + assert kwargs["continuation_token"] == expected_token