[KeyVault] - Migrate Key Vault Admin package to Core V2 (Azure#15881)

## What

- Migrate @azure/keyvault-admin to core V2
- Migrate `KeyVaultBackupClient` and `KeyVaultAccessControlClient` to core CAE
- Bump our minimum `@azure/core-lro` version to 1.0.6

## Why

This PR proves out two important things: it demonstrates that core continuous access evaluation works for both container 
registry (already done) and Key Vault (this PR). It also demonstrates the migration path for Core V2 for Key Vault.

The change to core-lro addresses an issue where core-lro was incorrectly depending on core-http (Azure#15880)  That has been fixed on 1.0.6 
and allows package owners to migrate to core-rest-pipeline and remove core-http without seeing build breaks.


Resolves Azure#15522 
Resolves Azure#14306

common/config/rush/common-versions.json

@@ -71,12 +71,10 @@
     "@azure/ms-rest-nodeauth": ["^0.9.2"],
     // Idenity is moving from v1 to v2. Moving all packages to v2 is going to take a bit of time, in the mean time we could use v2 on the perf-identity tests.
     "@azure/identity": ["^2.0.0-beta.4", "2.0.0-beta.3", "^1.1.0"],
-    // App Config uses keyvault-secrets in a sample, switch to latest once the preview becomes GA
     // Issue #14771 tracks updating to these versions
     "@microsoft/api-extractor": ["7.13.2"],
     "prettier": ["2.2.1"],
     // All packages should move to 1.0.0 once core-rest-pipeline 1.1.0 GAs
     "@azure/core-tracing": ["1.0.0-preview.11"]
-
   }
 }

sdk/communication/communication-identity/package.json

@@ -77,7 +77,7 @@
     "@azure/communication-common": "^1.0.0",
     "@azure/core-auth": "^1.3.0",
     "@azure/core-http": "^1.2.0",
-    "@azure/core-lro": "^1.0.2",
+    "@azure/core-lro": "^1.0.6",
     "@azure/core-paging": "^1.1.1",
     "@azure/core-tracing": "1.0.0-preview.12",
     "@azure/logger": "^1.0.0",

sdk/communication/communication-phone-numbers/package.json

@@ -65,7 +65,7 @@
     "@azure/abort-controller": "^1.0.0",
     "@azure/core-auth": "^1.3.0",
     "@azure/core-http": "^1.2.0",
-    "@azure/core-lro": "^1.0.2",
+    "@azure/core-lro": "^1.0.6",
     "@azure/core-paging": "^1.1.1",
     "@azure/core-tracing": "1.0.0-preview.12",
     "@azure/logger": "^1.0.0",

sdk/formrecognizer/ai-form-recognizer/package.json

@@ -79,7 +79,7 @@
   "prettier": "@azure/eslint-plugin-azure-sdk/prettier.json",
   "dependencies": {
     "@azure/core-auth": "^1.3.0",
-    "@azure/core-lro": "^1.0.2",
+    "@azure/core-lro": "^1.0.6",
     "@azure/core-paging": "^1.1.1",
     "@azure/core-http": "^1.2.0",
     "@azure/core-tracing": "1.0.0-preview.12",

sdk/keyvault/keyvault-admin/package.json

@@ -104,17 +104,21 @@
   "sideEffects": false,
   "dependencies": {
     "@azure/abort-controller": "^1.0.0",
+    "@azure/core-auth": "^1.3.0",
+    "@azure/core-client": "^1.0.0",
     "@azure/core-http": "^1.2.0",
-    "@azure/core-lro": "^1.0.2",
+    "@azure/core-lro": "^1.0.6",
     "@azure/core-paging": "^1.1.1",
-    "@azure/core-tracing": "1.0.0-preview.12",
+    "@azure/core-rest-pipeline": "1.1.0-beta.4",
+    "@azure/core-tracing": "1.0.0-preview.11",
     "@azure/logger": "^1.0.0",
     "@types/uuid": "^8.0.0",
-    "uuid": "^8.3.0",
-    "tslib": "^2.2.0"
+    "tslib": "^2.2.0",
+    "uuid": "^8.3.0"
   },
   "devDependencies": {
     "@azure/abort-controller": "^1.0.0",
+    "@azure/core-util": "^1.0.0-beta.1",
     "@azure/dev-tool": "^1.0.0",
     "@azure/eslint-plugin-azure-sdk": "^3.0.0",
     "@azure/identity": "2.0.0-beta.4",
@@ -128,9 +132,9 @@
     "@rollup/plugin-replace": "^2.2.0",
     "@types/chai": "^4.1.6",
     "@types/chai-as-promised": "^7.1.0",
-    "@types/sinon": "^9.0.4",
     "@types/mocha": "^7.0.2",
     "@types/node": "^8.0.0",
+    "@types/sinon": "^9.0.4",
     "assert": "^1.4.1",
     "chai": "^4.2.0",
     "chai-as-promised": "^7.1.1",
@@ -150,7 +154,7 @@
     "rollup-plugin-visualizer": "^4.0.4",
     "sinon": "^9.0.2",
     "source-map-support": "^0.5.9",
-    "typescript": "~4.2.0",
-    "typedoc": "0.15.2"
+    "typedoc": "0.15.2",
+    "typescript": "~4.2.0"
   }
 }

sdk/keyvault/keyvault-admin/review/keyvault-admin.api.md

@@ -4,35 +4,36 @@
 
 ```ts
 
-import * as coreHttp from '@azure/core-http';
+import { CommonClientOptions } from '@azure/core-client';
+import { OperationOptions } from '@azure/core-client';
 import { PagedAsyncIterableIterator } from '@azure/core-paging';
 import { PollerLike } from '@azure/core-lro';
 import { PollOperationState } from '@azure/core-lro';
-import { TokenCredential } from '@azure/core-http';
+import { TokenCredential } from '@azure/core-auth';
 
 // @public
-export interface AccessControlClientOptions extends coreHttp.PipelineOptions {
+export interface AccessControlClientOptions extends CommonClientOptions {
     serviceVersion?: SUPPORTED_API_VERSIONS;
 }
 
 // @public
-export interface CreateRoleAssignmentOptions extends coreHttp.OperationOptions {
+export interface CreateRoleAssignmentOptions extends OperationOptions {
 }
 
 // @public
-export interface DeleteRoleAssignmentOptions extends coreHttp.OperationOptions {
+export interface DeleteRoleAssignmentOptions extends OperationOptions {
 }
 
 // @public
-export interface DeleteRoleDefinitionOptions extends coreHttp.OperationOptions {
+export interface DeleteRoleDefinitionOptions extends OperationOptions {
 }
 
 // @public
-export interface GetRoleAssignmentOptions extends coreHttp.OperationOptions {
+export interface GetRoleAssignmentOptions extends OperationOptions {
 }
 
 // @public
-export interface GetRoleDefinitionOptions extends coreHttp.OperationOptions {
+export interface GetRoleDefinitionOptions extends OperationOptions {
 }
 
 // @public
@@ -68,15 +69,15 @@ export class KeyVaultBackupClient {
 }
 
 // @public
-export interface KeyVaultBackupClientOptions extends coreHttp.PipelineOptions {
+export interface KeyVaultBackupClientOptions extends CommonClientOptions {
     serviceVersion?: SUPPORTED_API_VERSIONS;
 }
 
 // @public
 export type KeyVaultBackupOperationState = KeyVaultAdminPollOperationState<KeyVaultBackupResult>;
 
 // @public
-export interface KeyVaultBackupPollerOptions extends coreHttp.OperationOptions {
+export interface KeyVaultBackupPollerOptions extends OperationOptions {
     intervalInMs?: number;
     resumeFrom?: string;
 }
@@ -204,7 +205,7 @@ export enum KnownKeyVaultRoleScope {
 export const LATEST_API_VERSION = "7.2";
 
 // @public
-export interface ListRoleAssignmentsOptions extends coreHttp.OperationOptions {
+export interface ListRoleAssignmentsOptions extends OperationOptions {
 }
 
 // @public
@@ -213,7 +214,7 @@ export interface ListRoleAssignmentsPageSettings {
 }
 
 // @public
-export interface ListRoleDefinitionsOptions extends coreHttp.OperationOptions {
+export interface ListRoleDefinitionsOptions extends OperationOptions {
 }
 
 // @public
@@ -225,7 +226,7 @@ export interface ListRoleDefinitionsPageSettings {
 export const SDK_VERSION: string;
 
 // @public
-export interface SetRoleDefinitionOptions extends coreHttp.OperationOptions {
+export interface SetRoleDefinitionOptions extends OperationOptions {
     assignableScopes?: KeyVaultRoleScope[];
     description?: string;
     permissions?: KeyVaultPermission[];

sdk/keyvault/keyvault-admin/src/accessControlClient.ts

@@ -2,21 +2,12 @@
 // Licensed under the MIT license.
 /// <reference lib="esnext.asynciterable" />
 
-import {
-  TokenCredential,
-  isTokenCredential,
-  signingPolicy,
-  createPipelineFromOptions,
-  InternalPipelineOptions
-} from "@azure/core-http";
+import { TokenCredential } from "@azure/core-auth";
 import { PagedAsyncIterableIterator } from "@azure/core-paging";
 
-import { challengeBasedAuthenticationPolicy, createTraceFunction } from "../../keyvault-common/src";
+import { createTraceFunction } from "./tracingHelpers";
 import { KeyVaultClient } from "./generated/keyVaultClient";
-import {
-  KeyVaultClientOptionalParams,
-  RoleAssignmentsListForScopeOptionalParams
-} from "./generated/models";
+import { RoleAssignmentsListForScopeOptionalParams } from "./generated/models";
 
 import {
   CreateRoleAssignmentOptions,
@@ -35,10 +26,12 @@ import {
   DeleteRoleDefinitionOptions
 } from "./accessControlModels";
 
-import { SDK_VERSION, LATEST_API_VERSION } from "./constants";
+import { SDK_VERSION, LATEST_API_VERSION, authenticationScopes } from "./constants";
 import { mappings } from "./mappings";
 import { logger } from "./log";
 import { v4 as v4uuid } from "uuid";
+import { bearerTokenAuthenticationPolicy } from "@azure/core-rest-pipeline";
+import { createChallengeCallbacks } from "./challengeAuthenticationCallbacks";
 
 const withTrace = createTraceFunction("Azure.KeyVault.Admin.KeyVaultAccessControlClient");
 
@@ -94,28 +87,29 @@ export class KeyVaultAccessControlClient {
           : libInfo
     };
 
-    const authPolicy = isTokenCredential(credential)
-      ? challengeBasedAuthenticationPolicy(credential)
-      : signingPolicy(credential);
+    const serviceVersion = options.serviceVersion || LATEST_API_VERSION;
 
-    const internalPipelineOptions: InternalPipelineOptions = {
+    const clientOptions = {
       ...options,
       loggingOptions: {
         logger: logger.info,
-        allowedHeaderNames: [
+        additionalAllowedHeaderNames: [
           "x-ms-keyvault-region",
           "x-ms-keyvault-network-info",
           "x-ms-keyvault-service-version"
         ]
       }
     };
 
-    const params: KeyVaultClientOptionalParams = createPipelineFromOptions(
-      internalPipelineOptions,
-      authPolicy
+    this.client = new KeyVaultClient(serviceVersion, clientOptions);
+
+    this.client.pipeline.addPolicy(
+      bearerTokenAuthenticationPolicy({
+        credential,
+        scopes: authenticationScopes,
+        challengeCallbacks: createChallengeCallbacks()
+      })
     );
-    params.apiVersion = options.serviceVersion || LATEST_API_VERSION;
-    this.client = new KeyVaultClient(params);
   }
 
   /**