Add support for Key Vault 7.5-preview.1

Also treats KeyRotationPolicyAction as case-insensitive.

sdk/keyvault/Azure.Security.KeyVault.Administration/CHANGELOG.md

@@ -4,6 +4,8 @@
 
 ### Features Added
 
+- TODO: sasToken vs. useManagedIdentity.
+
 ### Breaking Changes
 
 ### Bugs Fixed
@@ -12,6 +14,8 @@
 
 ### Other Changes
 
+- The default service version is now "7.5-preview.1".
+
 ## 4.3.0 (2023-03-14)
 
 ### Breaking Changes

sdk/keyvault/Azure.Security.KeyVault.Administration/assets.json

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "net",
   "TagPrefix": "net/keyvault/Azure.Security.KeyVault.Administration",
-  "Tag": "net/keyvault/Azure.Security.KeyVault.Administration_92615e7932"
+  "Tag": "net/keyvault/Azure.Security.KeyVault.Administration_ecca1d12cb"
 }

sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultAdministrationClientOptions.cs

@@ -16,7 +16,7 @@ public class KeyVaultAdministrationClientOptions : ClientOptions
         /// For more information, see
         /// <see href="https://docs.microsoft.com/rest/api/keyvault/key-vault-versions">Key Vault versions</see>.
         /// </summary>
-        internal const ServiceVersion LatestVersion = ServiceVersion.V7_4;
+        internal const ServiceVersion LatestVersion = ServiceVersion.V7_5_Preview_1;
 
         /// <summary>
         /// The versions of Azure Key Vault supported by this client
@@ -39,6 +39,11 @@ public enum ServiceVersion
             /// The Key Vault API version 7.4.
             /// </summary>
             V7_4 = 3,
+
+            /// <summary>
+            /// The Key Vault API version 7.5-preview.1.
+            /// </summary>
+            V7_5_Preview_1 = 4,
 #pragma warning restore CA1707 // Identifiers should not contain underscores
         }
 
@@ -75,6 +80,7 @@ internal string GetVersionString()
                 ServiceVersion.V7_2 => "7.2",
                 ServiceVersion.V7_3 => "7.3",
                 ServiceVersion.V7_4 => "7.4",
+                ServiceVersion.V7_5_Preview_1 => "7.5-preview.1",
                 _ => throw new ArgumentException(Version.ToString()),
             };
         }

sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultBackupClient.cs

@@ -68,12 +68,12 @@ public KeyVaultBackupClient(Uri vaultUri, TokenCredential credential, KeyVaultAd
         /// Initiates a full key backup of the Key Vault.
         /// </summary>
         /// <param name="blobStorageUri">The <see cref="Uri"/> for the blob storage resource.</param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="blobStorageUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultBackupOperation"/> to wait on this long-running operation.</returns>
-        public virtual async Task<KeyVaultBackupOperation> StartBackupAsync(Uri blobStorageUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual async Task<KeyVaultBackupOperation> StartBackupAsync(Uri blobStorageUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartBackup)}");
             scope.Start();
@@ -98,12 +98,12 @@ public virtual async Task<KeyVaultBackupOperation> StartBackupAsync(Uri blobStor
         /// Initiates a full key backup of the Key Vault.
         /// </summary>
         /// <param name="blobStorageUri">The <see cref="Uri"/> for the blob storage resource.</param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="blobStorageUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultBackupOperation"/> to wait on this long-running operation.</returns>
-        public virtual KeyVaultBackupOperation StartBackup(Uri blobStorageUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual KeyVaultBackupOperation StartBackup(Uri blobStorageUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartBackup)}");
             scope.Start();
@@ -131,12 +131,12 @@ public virtual KeyVaultBackupOperation StartBackup(Uri blobStorageUri, string sa
         /// This would be the exact value that is returned as the result of a <see cref="KeyVaultBackupOperation"/>.
         /// An example Uri may look like the following: https://contoso.blob.core.windows.net/backup/mhsm-contoso-2020090117323313.
         /// </param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="folderUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultRestoreOperation"/> to wait on this long-running operation.</returns>
-        public virtual async Task<KeyVaultRestoreOperation> StartRestoreAsync(Uri folderUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual async Task<KeyVaultRestoreOperation> StartRestoreAsync(Uri folderUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartRestore)}");
             scope.Start();
@@ -170,12 +170,12 @@ public virtual async Task<KeyVaultRestoreOperation> StartRestoreAsync(Uri folder
         /// This would be the exact value that is returned as the result of a <see cref="KeyVaultBackupOperation"/>.
         /// An example Uri path may look like the following: https://contoso.blob.core.windows.net/backup/mhsm-contoso-2020090117323313.
         /// </param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="folderUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultRestoreOperation"/> to wait on this long-running operation.</returns>
-        public virtual KeyVaultRestoreOperation StartRestore(Uri folderUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual KeyVaultRestoreOperation StartRestore(Uri folderUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartRestore)}");
             scope.Start();
@@ -210,12 +210,12 @@ public virtual KeyVaultRestoreOperation StartRestore(Uri folderUri, string sasTo
         /// This would be the exact value that is returned as the result of a <see cref="KeyVaultBackupOperation"/>.
         /// An example Uri path may look like the following: https://contoso.blob.core.windows.net/backup/mhsm-contoso-2020090117323313.
         /// </param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="folderUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultSelectiveKeyRestoreOperation"/> to wait on this long-running operation.</returns>
-        public virtual async Task<KeyVaultSelectiveKeyRestoreOperation> StartSelectiveKeyRestoreAsync(string keyName, Uri folderUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual async Task<KeyVaultSelectiveKeyRestoreOperation> StartSelectiveKeyRestoreAsync(string keyName, Uri folderUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartSelectiveKeyRestore)}");
             scope.Start();
@@ -253,12 +253,12 @@ public virtual async Task<KeyVaultSelectiveKeyRestoreOperation> StartSelectiveKe
         /// This would be the exact value that is returned as the result of a <see cref="KeyVaultBackupOperation"/>.
         /// An example Uri path may look like the following: https://contoso.blob.core.windows.net/backup/mhsm-contoso-2020090117323313.
         /// </param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="folderUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultSelectiveKeyRestoreOperation"/> to wait on this long-running operation.</returns>
-        public virtual KeyVaultSelectiveKeyRestoreOperation StartSelectiveKeyRestore(string keyName, Uri folderUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual KeyVaultSelectiveKeyRestoreOperation StartSelectiveKeyRestore(string keyName, Uri folderUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartSelectiveKeyRestore)}");
             scope.Start();

sdk/keyvault/Azure.Security.KeyVault.Administration/src/Models/SASTokenParameter.cs

@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+namespace Azure.Security.KeyVault.Administration.Models
+{
+    internal partial class SASTokenParameter
+    {
+        /// <summary>
+        /// Creates a new instance of the <see cref="SASTokenParameter"/> class.
+        /// </summary>
+        /// <param name="storageResourceUri">The URI for the blob storage resource.</param>
+        /// <param name="sasToken">
+        /// Optional Shared Access Signature (SAS) token to authorize access to the blob. Sets <see cref="Token"/>.
+        /// If null, <see cref="UseManagedIdentity"/> will be set to true and Managed Identity will be used to authenticate instead.
+        /// </param>
+        public SASTokenParameter(string storageResourceUri, string sasToken)
+            : this(storageResourceUri)
+        {
+            Token = sasToken;
+            UseManagedIdentity = sasToken == null;
+        }
+    }
+}

sdk/keyvault/Azure.Security.KeyVault.Administration/src/autorest.md

@@ -9,9 +9,9 @@ Run `dotnet build /t:GenerateCode` in src directory to re-generate.
 ``` yaml
 title: Azure.Security.KeyVault.Administration
 input-file:
-- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/551275acb80e1f8b39036b79dfc35a8f63b601a7/specification/keyvault/data-plane/Microsoft.KeyVault/stable/7.4/rbac.json
-- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/551275acb80e1f8b39036b79dfc35a8f63b601a7/specification/keyvault/data-plane/Microsoft.KeyVault/stable/7.4/backuprestore.json
-- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/551275acb80e1f8b39036b79dfc35a8f63b601a7/specification/keyvault/data-plane/Microsoft.KeyVault/stable/7.4/settings.json
+- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/c06b7c22971d4c71e52f0962728c99aabf70127e/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.5-preview.1/rbac.json
+- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/c06b7c22971d4c71e52f0962728c99aabf70127e/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.5-preview.1/backuprestore.json
+- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/c06b7c22971d4c71e52f0962728c99aabf70127e/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.5-preview.1/settings.json
 namespace: Azure.Security.KeyVault.Administration
 generation1-convenience-client: true
 include-csproj: disable