Merge 7.2 into master (#9590)

* Adding 7.2-preview version (#8397) * Adding 7.2-preview version Signed-off-by: vasanthrajams <[email protected]> * Resolve PR feedback * Fix output-folder for go code generation Co-authored-by: Heath Stewart <[email protected]> * full backup restore yaml changes (#8685) * Adding the required swagger file changes for full HSM backup Signed-off-by: vasanthrajams <[email protected]> * Resolved a few semantic errors in pipeline Signed-off-by: vasanthrajams <[email protected]> * Fixed incremental github pipeline model validation erors Signed-off-by: vasanthrajams <[email protected]> * Fixed review comments & ci pipeline * spell check fix * pretty fix * Adding required headers as per azure async operations guidelines Signed-off-by: vasanthrajams <[email protected]> * Fixed minor typos Signed-off-by: vasanthrajams <[email protected]> Co-authored-by: vasanthrajams <[email protected]> * selective key restore (#8781) * selective key restore * moved selective key restore to keys.json * fixed github pipeline checks * example missing folder property * Resolved review comments * minor fix * review comments * pretty check fix Co-authored-by: vasanthrajams <[email protected]> * Additional 7.2 preview changes (#9141) * Additional 7.2 preview changes * Corrections and Feedback updates * Remove ProtectedKey * Patch export sample * Fix validation errors * Fix more validation errors * More validation fixes * Add 6 more AES-CBC algorithms (#9317) * Add 6 more algorithms * Add new words to fix the spelling * Adding 7.2-preview version (#8397) * Adding 7.2-preview version Signed-off-by: vasanthrajams <[email protected]> * Resolve PR feedback * Fix output-folder for go code generation Co-authored-by: Heath Stewart <[email protected]> * selective key restore (#8781) * selective key restore * moved selective key restore to keys.json * fixed github pipeline checks * example missing folder property * Resolved review comments * minor fix * review comments * pretty check fix Co-authored-by: vasanthrajams <[email protected]> * Additional 7.2 preview changes (#9141) * Additional 7.2 preview changes * Corrections and Feedback updates * Remove ProtectedKey * Patch export sample * Fix validation errors * Fix more validation errors * More validation fixes * Add 6 more AES-CBC algorithms (#9317) * Add 6 more algorithms * Add new words to fix the spelling * fixing validation failures * key-version example fix * model validation Co-authored-by: Heath Stewart <[email protected]> Co-authored-by: vasanthrajams <[email protected]> Co-authored-by: Hervey Wilson <[email protected]> Co-authored-by: Rick Qing Xu <[email protected]>
Azure · May 29, 2020 · 9a54fc6 · 9a54fc6
1 parent d540ef6
commit 9a54fc6
Show file tree

Hide file tree

Showing 10 changed files with 436 additions and 6 deletions.
diff --git a/custom-words.txt b/custom-words.txt
@@ -1,4 +1,7 @@
-AADDS
+A128CBCPAD
+A192CBCPAD
+A256CBCPAD
+AADDS
 aadiam
 AADP
 AATP
@@ -115,6 +118,7 @@ australiaeast
 australiasoutheast
 authenticatable
 Authenticode
+authorityURL
 authorizationrules
 authprovider
 authproviders
@@ -264,6 +268,8 @@ CIDR
 CIDRs
 CIFS
 ciphertext
+claimCondition
+claimType
 clfs
 Clickthrough
 clientaccesspolicy

diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/backuprestore.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/backuprestore.json
@@ -5,6 +5,21 @@
     "description": "The key vault client performs cryptographic key operations and vault operations against the Key Vault service.",
     "version": "7.2-preview"
   },
+  "x-ms-parameterized-host": {
+    "hostTemplate": "{vaultBaseUrl}",
+    "useSchemePrefix": false,
+    "positionInOperation": "first",
+    "parameters": [
+      {
+        "name": "vaultBaseUrl",
+        "description": "The vault name, for example https://myvault.vault.azure.net.",
+        "required": true,
+        "type": "string",
+        "in": "path",
+        "x-ms-skip-url-encoding": true
+      }
+    ]
+  },
   "consumes": [
     "application/json"
   ],
@@ -193,6 +208,64 @@
           }
         }
       }
+    },
+    "/keys/{keyName}/restore": {
+      "put": {
+        "tags": [
+          "Keys"
+        ],
+        "operationId": "SelectiveKeyRestoreOperation",
+        "description": "Restores all key versions of a given key using user supplied SAS token pointing to a previously stored Azure Blob storage backup folder",
+        "parameters": [
+          {
+            "name": "keyName",
+            "in": "path",
+            "required": true,
+            "type": "string",
+            "description": "The name of the key to be restored from the user supplied backup"
+          },
+          {
+            "name": "restoreBlobDetails",
+            "in": "body",
+            "schema": {
+              "$ref": "#/definitions/SelectiveKeyRestoreOperationParameters"
+            },
+            "description": "The Azure blob SAS token pointing to a folder where the previous successful full backup was stored"
+          },
+          {
+            "$ref": "#/parameters/ApiVersionParameter"
+          }
+        ],
+        "responses": {
+          "202": {
+            "description": "Started selective key restore operation from the previously stored backup",
+            "headers": {
+              "Retry-After": {
+                "description": "The recommended number of seconds to wait before calling the URI specified in Azure-AsyncOperation.",
+                "type": "integer"
+              },
+              "Azure-AsyncOperation": {
+                "description": "The URI to poll for completion status.",
+                "type": "string"
+              }
+            },
+            "schema": {
+              "$ref": "#/definitions/SelectiveKeyRestoreOperation"
+            }
+          },
+          "default": {
+            "description": "Key Vault error response describing why the operation failed.",
+            "schema": {
+              "$ref": "common.json#/definitions/KeyVaultError"
+            }
+          }
+        },
+        "x-ms-examples": {
+          "Selectively restore key from a backup": {
+            "$ref": "./examples/SelectiveRestore-example.json"
+          }
+        }
+      }
     }
   },
   "definitions": {
@@ -211,6 +284,52 @@
         "sasTokenParameters"
       ]
     },
+    "SelectiveKeyRestoreOperationParameters": {
+      "properties": {
+        "sasTokenParameters": {
+          "$ref": "#/definitions/SASTokenParameter"
+        },
+        "folder": {
+          "type": "string",
+          "description": "The Folder name of the blob where the previous successful full backup was stored"
+        }
+      },
+      "required": [
+        "folder",
+        "sasTokenParameters"
+      ]
+    },
+    "SelectiveKeyRestoreOperation": {
+      "properties": {
+        "status": {
+          "type": "string",
+          "description": "Status of the restore operation."
+        },
+        "statusDetails": {
+          "type": "string",
+          "description": "The status details of restore operation."
+        },
+        "error": {
+          "$ref": "common.json#/definitions/Error",
+          "description": "Error encountered, if any, during the selective key restore operation."
+        },
+        "jobId": {
+          "type": "string",
+          "description": "Identifier for the selective key restore operation."
+        },
+        "startTime": {
+          "type": "integer",
+          "format": "unixtime",
+          "description": "The start time of the restore operation"
+        },
+        "endTime": {
+          "type": "integer",
+          "format": "unixtime",
+          "description": "The end time of the restore operation"
+        }
+      },
+      "description": "Selective Key Restore operation"
+    },
     "SASTokenParameter": {
       "properties": {
         "storageResourceUri": {

diff --git a/...cation/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/ExportKey-example.json b/...cation/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/ExportKey-example.json
@@ -0,0 +1,54 @@
+{
+  "parameters": {
+    "vaultBaseUrl": "https://myvault.vault.azure.net/",
+    "key-name": "exportable-aes-key",
+    "key-version": "4eb68492b5f6421e835d961ad2be3155",
+    "api-version": "7.2-preview",
+    "parameters": {
+      "env": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkdXQXkxNk5ieFJJQ3lCUzVKckJxRk5DdXdjS2YxYUVYbS1hUDVsUlJ4UEUiLCJqa3UiOiJodHRwOi8vbG9jYWxob3N0OjgwMjMva2V5cyJ9.eyJhYXMtZWhkIjoiZXlKclpYbHpJanBiZXlKbElqb2lRVkZCUWlJc0ltdGxlVjl2Y0hNaU9sc2laR1ZqY25sd2RDSXNJbVZ1WTNKNWNIUWlYU3dpYTJsa0lqb2lOVE16TmpReU5HTXRaV1kzWlMxaU1tRm1MVFU1WmprdE5HUXdPRGhtTURRMFpHVTFJaXdpYTNSNUlqb2lVbE5CSWl3aWJpSTZJbkJPYkhoWVNuRTNPSGRPUkVVd2FXMVNOa1JCWWs5alNrRXpUekp1UlZvNVdFaGtjMDVQTjB0b00xWlJRVTh5VWt0eFlqQk9iRXh4TVhwUFRVOTVZVlJPUW5rNWMzUTRjbG95TURWYU1EWTFjalY2YlRKa1FrSllkRkJUU21Sc1VtSm9WRXd0TlRCcWFFVXpiRUV4WjFVemVYcDJaR0o1U1Zob2NtMDNkWEJFVGtKemFXeFNlR1ZVUW1KUGNWOW1XSE5vT1dGMVVHeGxVM0pOWlZCR2JGbElkVmRNTjJacGNYWktiMHMyZUZSSVZFSmZUa2R1WjBWMlFrMTVPRGRxWlVsbExWbEJUbUYxWkRsRk5GYzFhWHBLZFVwNmJGOHhORkJFY1VWdWVGcFNTM0F5YW1WUGJsZEpTRXRVVm0wMWFsRmhiakZoTlVkdmJGWmxRV2szWlhoalNtRXlNaTFLZERSRWEwNHlWakZMTUZCZlR6YzJSME5ETjNCWlVYVlpTWEkxZFZWclExUmtWVVYxYmxKSWIyaFRWbTFHZVZGaldFSlVkVmxuUVdNMVJFZEpaVGQ1UjNSRFdtOW9WRjlsVmxGQ2NESldVU0lzSW5WelpTSTZJbVZ1WXlKOVhYMCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODAyMy8iLCJzZ3gtbXJlbmNsYXZlIjoiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsInNneC1tcnNpZ25lciI6Ijg2Nzg4ZmU0MDQ0OGYyYTEyZTIwYmY4ZDVlN2ExYzMxMzliYzVmZGMxNDMyYjM3MGMxZGEzNDg5YWI2NDlhODUiLCJpcy1kZWJ1Z2dhYmxlIjp0cnVlLCJ0ZWUiOiJzZ3giLCJpYXQiOjE1ODc0MjUxNzMsImV4cCI6MTU4ODAyOTk3M30.CA9gO0kRMHt6e9xTKopwEnDt-Mc52oAAe6zicFwX3REZd5E0m3WzJuSYS8H9iKTGL1dfusflPx74C5xLTZiHe0D2YFHYoW3efEm3r55DwkpTbA6tbDjMY7OIC9XuC7prAf4nQ5hYRk0LATzwytYIZ-c-R08ZEt5CV5XqR5MuSDKWWslPm36BHD3l03VVNEEG4hC9KuCIZ2z9YK5ofGze-IY1J9x1EwnG-y_1RF6rDKENjOROOaOH9JvohHGIfK0FKVj8_7E6JxMTQMb7K-45GfE20tTVdCs4A4k3jXNrIRcGmSK5EMrB_LbHzk0PIc6sjl-VuPZVqGxhsaAyoH3cdA"
+    }
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "attributes": {
+          "created": 1587425174,
+          "enabled": true,
+          "exportable": true,
+          "recoverableDays": 90,
+          "recoveryLevel": "Recoverable+Purgeable",
+          "updated": 1587425174
+        },
+        "key": {
+          "key_ops": [
+            "decrypt",
+            "encrypt"
+          ],
+          "kid": "https://myvault.vault.azure.net/keys/exportable-aes-key/903fab0c1bab0b30266200be85f5f2ed",
+          "kty": "oct",
+          "key_hsm": "CxX3qVTt22ZvjwdS-fmMSsLpaQQ8IcfGAC2TYWo3FXIPnOrSmZWdWN3gLMNSLUtUOhXqwXCe6jOxH2jMr6suO4Q0mfrKurAB-IC5gbDZGGD9XksrAkyYS-0p4p4I4Q4QxEOCtCKYPYWWu91dg5xg5aYjVRyR5G3C6O0haotp1FL1FiOB1PVcW9HchDIdHMFCszsb33pbvDuYvJXPPqdSIGIT8P8ExVG9_RwYTZl2Kj3MTSbe9zjOEEW-EnA6Phr0EFO0h94dWK0Y2tPhyzGYOSBScJCWIdwD9lT1aaHNFE0rSLJ9wv0qGezR10nD7V7ALZiEscsrAcwrWTtmmCJMAIJpGf0u9rN1_JQiXuO4Q9Cf4b73nSP1kIIAPkZ3r6Fqmrm8F7NeKis"
+        },
+        "release_policy": {
+          "anyOf": [
+            {
+              "allOf": [
+                {
+                  "claim": "sgx-mrsigner",
+                  "condition": "equals",
+                  "value": "86788fe40448f2a12e20bf8d5e7a1c3139bc5fdc1432b370c1da3489ab649a85"
+                },
+                {
+                  "claim": "is-debuggable",
+                  "condition": "equals",
+                  "value": "false"
+                }
+              ],
+              "authority": "http://localhost:8023/"
+            }
+          ],
+          "version": "0.2"
+        }
+      }
+    }
+  }
+}
diff --git a/...ation/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-example.json b/...ation/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-example.json
@@ -1,5 +1,6 @@
 {
   "parameters": {
+    "vaultBaseUrl": "https://myvault.vault.azure.net/",
     "azureStorageBlobContainerUri": {
       "storageResourceUri": "https://myaccount.blob.core.windows.net/sascontainer/sasContainer",
       "token": "se=2018-02-01T00%3A00Z&spr=https&sv=2017-04-17&sr=b&sig=XXFNfuMCHYrBx0bhemJ7PWn0xGfImMXT6LfbXWvtRUk%3D"

diff --git a/...yvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-pending-example.json b/...yvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullBackup-pending-example.json
@@ -1,5 +1,6 @@
 {
   "parameters": {
+    "vaultBaseUrl": "https://myvault.vault.azure.net/",
     "jobId": "45aacd568ab049a2803861e8dd3ae21f",
     "api-version": "7.2-preview"
   },

diff --git a/...tion/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-example.json b/...tion/keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-example.json
@@ -1,11 +1,12 @@
 {
   "parameters": {
+    "vaultBaseUrl": "https://myhsm.managedhsm.azure.net",
     "restoreBlobDetails": {
       "sasTokenParameters": {
         "storageResourceUri": "https://myaccount.blob.core.windows.net/sascontainer/sasContainer",
         "token": "se=2018-02-01T00%3A00Z&spr=https&sv=2017-04-17&sr=b&sig=XXFNfuMCHYrBx0bhemJ7PWn0xGfImMXT6LfbXWvtRUk%3D"
       },
-      "folderToRestore": "1490790332"
+      "folderToRestore": "mhsm-mypool-20200303062926785"
     },
     "api-version": "7.2-preview"
   },

diff --git a/...vault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-pending-example.json b/...vault/data-plane/Microsoft.KeyVault/preview/7.2/examples/FullRestore-pending-example.json
@@ -1,5 +1,6 @@
 {
   "parameters": {
+    "vaultBaseUrl": "https://myvault.vault.azure.net/",
     "jobId": "45aacd568ab049a2803861e8dd3ae21f",
     "api-version": "7.2-preview"
   },

diff --git a/...keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/SelectiveRestore-example.json b/...keyvault/data-plane/Microsoft.KeyVault/preview/7.2/examples/SelectiveRestore-example.json
@@ -0,0 +1,29 @@
+{
+  "parameters": {
+    "vaultBaseUrl": "https://myvault.vault.azure.net",
+    "keyName": "hsm-mail-key",
+    "restoreBlobDetails": {
+      "sasTokenParameters": {
+        "storageResourceUri": "https://myaccount.blob.core.windows.net/sascontainer/sasContainer",
+        "token": "se=2018-02-01T00%3A00Z&spr=https&sv=2017-04-17&sr=b&sig=XXFNfuMCH112BxhemJ7PWn0xGfImMXT6LfbXWvtRUk%3D"
+      },
+      "folder": "mhsm-mypool-20200303062926785"
+    },
+    "api-version": "7.2-preview"
+  },
+  "responses": {
+    "202": {
+      "headers": {
+        "Retry-After": 5,
+        "Azure-AsyncOperation": "https://myvault.vault.azure.net/restore/45aacd568a23b0s49a2803861e8dd3ase21f/pending"
+      },
+      "body": {
+        "status": "InProgress",
+        "statusDetails": "Selective Key restore is in progress",
+        "jobId": "45aacd568a23b0s49a2803861e8dd3ase21f",
+        "startTime": 1490790000,
+        "endTime": 0
+      }
+    }
+  }
+}