Microsoft.KeyVault 2023-07-01 Add changes for Trusted Access Mode #23813

fssevero · 2023-05-04T10:20:15Z

ARM API Information (Control Plane)

MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.

Azure 1st Party Service can try out the Shift Left experience to initiate API design review from ADO code repo. If you are interested, may request engineering support by filling in with the form https://aka.ms/ShiftLeftSupportForm.

Changelog

Add a changelog entry for this PR by answering the following questions:

What's the purpose of the update?
- new service onboarding
- new API version
- update existing version for new feature
- update existing version to fix swagger quality issue in s360
- Other, please clarify
When are you targeting to deploy the new service/feature to public regions? Please provide the date or, if the date is not yet available, the month.
- July
When do you expect to publish the swagger? Please provide date or, the the date is not yet available, the month.
- July
By default, Azure SDKs of all languages (.NET/Python/Java/JavaScript for both management-plane SDK and data-plane SDK, Go for management-plane SDK only ) MUST be refreshed with/after swagger of new version is published. If you prefer NOT to refresh any specific SDK language upon swagger updates in the current PR, please leave details with justification here.

Contribution checklist (MS Employees Only):

I commit to follow the Breaking Change Policy of "no breaking changes"
I have reviewed the documentation for the workflow.
Validation tools were run on swagger spec(s) and errors have all been fixed in this PR. How to fix?

If any further question about AME onboarding or validation tools, please view the FAQ.

ARM API Review Checklist

Applicability: ⚠️

If your changes encompass only the following scenarios, you should SKIP this section, as these scenarios do not require ARM review.

Change to data plane APIs

Adding new properties

All removals

Otherwise your PR may be subject to ARM review requirements. Complete the following:

Check this box if any of the following apply to the PR so that the label "ARMReview" and "WaitForARMFeedback" will be added by bot to kick off ARM API Review. Missing to check this box in the following scenario may result in delays to the ARM manifest review and deployment.
- Adding a new service
- Adding new API(s)
- Adding a new API version
  -[X] To review changes efficiently, ensure you copy the existing version into the new directory structure for first commit and then push new changes, including version updates, in separate commits. You can use OpenAPIHub to initialize the PR for adding a new version. For more details refer to the wiki.
Ensure you've reviewed following guidelines including ARM resource provider contract and REST guidelines. Estimated time (4 hours). This is required before you can request review from ARM API Review board.
If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.

Breaking Change Review Checklist

If you have any breaking changes as defined in the Breaking Change Policy, request approval from the Breaking Change Review Board.

Action: to initiate an evaluation of the breaking change, create a new intake using the template for breaking changes. Additional details on the process and office hours are on the Breaking Change Wiki.

NOTE: To update API(s) in public preview for over 1 year (refer to Retirement of Previews)

Please follow the link to find more details on PR review process.

…-01 to version 2023-07-01

openapi-workflow-bot · 2023-05-04T10:20:18Z

Hi, @fssevero Thanks for your PR. I am workflow bot for review process. Here are some small tips.

Please ensure to do self-check against checklists in first PR comment.

PR assignee is the person auto-assigned and responsible for your current PR reviewing and merging.

For specs comparison cross API versions, Use API Specs Comparison Report Generator

If there is CI failure(s), to fix CI error(s) is mandatory for PR merging; or you need to provide justification in PR comment for explanation. How to fix?

Any feedback about review process or workflow bot, pls contact swagger and tools team. vscswagger@microsoft.com

openapi-workflow-bot · 2023-05-04T10:20:20Z

Hi, @fssevero your PR are labelled with WaitForARMFeedback. A notification email will be sent out shortly afterwards to notify ARM review board(armapireview@microsoft.com).

openapi-pipeline-app · 2023-05-04T10:20:23Z

Swagger Validation Report

️️✔️BreakingChange succeeded [Detail] [Expand]

There are no breaking changes.

️⚠️Breaking Change(Cross-Version): 3 Warnings warning [Detail]

compared swaggers (via Oad v0.10.4)]	new version	base version
common.json	2023-07-01(0ac12df)	2023-02-01(main)
common.json	2023-07-01(0ac12df)	2022-02-01-preview(main)
keys.json	2023-07-01(0ac12df)	2023-02-01(main)
keys.json	2023-07-01(0ac12df)	2022-02-01-preview(main)
keysManagedHsm.json	2023-07-01(0ac12df)	2023-02-01(main)
keyvault.json	2023-07-01(0ac12df)	2023-02-01(main)
keyvault.json	2023-07-01(0ac12df)	2022-02-01-preview(main)
managedHsm.json	2023-07-01(0ac12df)	2023-02-01(main)
managedHsm.json	2023-07-01(0ac12df)	2022-02-01-preview(main)
providers.json	2023-07-01(0ac12df)	2023-02-01(main)
providers.json	2023-07-01(0ac12df)	2022-02-01-preview(main)
secrets.json	2023-07-01(0ac12df)	2023-02-01(main)
secrets.json	2023-07-01(0ac12df)	2022-02-01-preview(main)

The following breaking changes are detected by comparison with the latest preview version:

Rule	Message
⚠️ 1027 - DefaultValueChanged	The new version has a different default value than the previous one. New: Microsoft.KeyVault/stable/2023-07-01/keys.json#L482:9 Old: Microsoft.KeyVault/preview/2022-02-01-preview/keys.json#L482:9
⚠️ 1027 - DefaultValueChanged	The new version has a different default value than the previous one. New: Microsoft.KeyVault/stable/2023-07-01/managedHsm.json#L1350:9 Old: Microsoft.KeyVault/preview/2022-02-01-preview/managedHsm.json#L1250:9
⚠️ 1027 - DefaultValueChanged	The new version has a different default value than the previous one. New: Microsoft.KeyVault/stable/2023-07-01/managedHsm.json#L1362:9 Old: Microsoft.KeyVault/preview/2022-02-01-preview/managedHsm.json#L1263:9

️️✔️CredScan succeeded [Detail] [Expand]

There is no credential detected.

️⚠️LintDiff: 0 Warnings warning [Detail]

compared tags (via openapi-validator v2.1.4)	new version	base version
package-2023-07	package-2023-07(0ac12df)	default(main)

The following errors/warnings exist before current PR submission:

Only 30 items are listed, please refer to log for more details.

Rule	Message
`❌` PutRequestResponseSchemeArm	A PUT operation request body schema should be the same as its 200 response schema, to allow reusing the same entity between GET and PUT. If the schema of the PUT request body is a superset of the GET response body, make sure you have a PATCH operation to make the resource updatable. Operation: 'Keys_CreateIfNotExist' Request Model: 'parameters[5].schema' Response Model: 'responses[200].schema' Location: Microsoft.KeyVault/stable/2023-07-01/keys.json#L14
`❌` PutResponseSchemaDescription	Any Put MUST contain 200 and 201 return codes. Location: Microsoft.KeyVault/stable/2023-07-01/keys.json#L60
`❌` DefinitionsPropertiesNamesCamelCase	Property name should be camel case. Location: Microsoft.KeyVault/stable/2023-07-01/keys.json#L428
`❌` AllTrackedResourcesMustHaveDelete	The resource Key does not have a corresponding delete operation. Location: Microsoft.KeyVault/stable/2023-07-01/keys.json#L512
`❌` TrackedResourcePatchOperation	Tracked resource 'Key' must have patch operation that at least supports the update of tags. Location: Microsoft.KeyVault/stable/2023-07-01/keys.json#L512
`❌` XmsParameterLocation	The parameter 'SubscriptionIdParameter' is defined in global parameters section without 'x-ms-parameter-location' extension. This would add the parameter as the client property. Please ensure that this is exactly you want. If so, apply the extension 'x-ms-parameter-location': 'client'. Else, apply the extension 'x-ms-parameter-location': 'method'. Location: Microsoft.KeyVault/stable/2023-07-01/keys.json#L646
`❌` XmsParameterLocation	The parameter 'ApiVersionParameter' is defined in global parameters section without 'x-ms-parameter-location' extension. This would add the parameter as the client property. Please ensure that this is exactly you want. If so, apply the extension 'x-ms-parameter-location': 'client'. Else, apply the extension 'x-ms-parameter-location': 'method'. Location: Microsoft.KeyVault/stable/2023-07-01/keys.json#L653
`❌` PutRequestResponseSchemeArm	A PUT operation request body schema should be the same as its 200 response schema, to allow reusing the same entity between GET and PUT. If the schema of the PUT request body is a superset of the GET response body, make sure you have a PATCH operation to make the resource updatable. Operation: 'ManagedHsmKeys_CreateIfNotExist' Request Model: 'parameters[5].schema' Response Model: 'responses[200].schema' Location: Microsoft.KeyVault/stable/2023-07-01/keysManagedHsm.json#L14
`❌` PutResponseSchemaDescription	Any Put MUST contain 200 and 201 return codes. Location: Microsoft.KeyVault/stable/2023-07-01/keysManagedHsm.json#L46
`❌` PutRequestResponseSchemeArm	A PUT operation request body schema should be the same as its 200 response schema, to allow reusing the same entity between GET and PUT. If the schema of the PUT request body is a superset of the GET response body, make sure you have a PATCH operation to make the resource updatable. Operation: 'Vaults_CreateOrUpdate' Request Model: 'parameters[3].schema' Response Model: 'responses[200].schema' Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L14
`❌` LroErrorContent	Error response content of long running operations must follow the error schema provided in the common types v2 and above. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L69
`❌` RequestSchemaForTrackedResourcesMustHaveTags	A tracked resource MUST always have tags as a top level optional property. Tracked resource does not have tags in the request schema. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L268
`❌` PutResponseSchemaDescription	Description of 201 response code of a PUT operation MUST include term 'create'. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L322
`❌` ResourceNameRestriction	The resource name parameter 'vaultName' should be defined with a 'pattern' restriction. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L511
`❌` ParametersOrder	The parameters:vaultName,location should be kept in the same order as they present in the path. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L512
`❌` ResourceNameRestriction	The resource name parameter 'vaultName' should be defined with a 'pattern' restriction. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L567
`❌` LroPostReturn	200 response for a LRO POST operation must have a response schema specified. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L568
`❌` ParametersOrder	The parameters:vaultName,location should be kept in the same order as they present in the path. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L568
`❌` PostOperationAsyncResponseValidation	An async POST operation must set long running operation options 'x-ms-long-running-operation-options' Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L568
`❌` LroLocationHeader	A 202 response should include an Location response header. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L601
`❌` LroErrorContent	Error response content of long running operations must follow the error schema provided in the common types v2 and above. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L607
`❌` PathContainsResourceType	The path for the CURD methods do not contain a resource type. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L624
`❌` ResourceNameRestriction	The resource name parameter 'privateEndpointConnectionName' should be defined with a 'pattern' restriction. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L750
`❌` GetOperation200	The get operation should only return 200. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L789
`❌` PutResponseSchemaDescription	Any Put MUST contain 200 and 201 return codes. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L843
`❌` DeleteResponseBodyEmpty	The delete response body must be empty. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L903
`❌` LroErrorContent	Error response content of long running operations must follow the error schema provided in the common types v2 and above. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L927
`❌` GetCollectionOnlyHasValueAndNextLink	Get endpoints for collections of resources must only have the `value` and `nextLink` properties in their model. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L1014
`❌` GuidUsage	Usage of Guid is not recommended. If GUIDs are absolutely required in your service, please get sign off from the Azure API review board. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L1067
`❌` GuidUsage	Usage of Guid is not recommended. If GUIDs are absolutely required in your service, please get sign off from the Azure API review board. Location: Microsoft.KeyVault/stable/2023-07-01/keyvault.json#L1076

️️✔️Avocado succeeded [Detail] [Expand]

Validation passes for Avocado.

️️✔️SwaggerAPIView succeeded [Detail] [Expand]

️️✔️TypeSpecAPIView succeeded [Detail] [Expand]

️️✔️ModelValidation succeeded [Detail] [Expand]

Validation passes for ModelValidation.

️️✔️SemanticValidation succeeded [Detail] [Expand]

Validation passes for SemanticValidation.

️️✔️PoliCheck succeeded [Detail] [Expand]

Validation passed for PoliCheck.

️️✔️PrettierCheck succeeded [Detail] [Expand]

Validation passes for PrettierCheck.

️️✔️SpellCheck succeeded [Detail] [Expand]

Validation passes for SpellCheck.

️️✔️Lint(RPaaS) succeeded [Detail] [Expand]

Validation passes for Lint(RPaaS).

️️✔️PR Summary succeeded [Detail] [Expand]

Validation passes for Summary.

️️✔️Automated merging requirements met succeeded [Detail] [Expand]

_{Posted by Swagger Pipeline | How to fix these errors?}

openapi-pipeline-app · 2023-05-04T10:20:24Z

Swagger Generation Artifacts

️️✔️ApiDocPreview succeeded [Detail] [Expand]

 Please click here to preview with your @microsoft account.

️️✔️SDK Breaking Change Tracking succeeded [Detail] [Expand]

Breaking Changes Tracking

️⚠️ azure-sdk-for-net-track2 warning [Detail]

⚠️Warning [Logs]Release - Generate from b594fd4. SDK Automation 14.0.0

command	pwsh ./eng/scripts/Automation-Sdk-Init.ps1 ../azure-sdk-for-net_tmp/initInput.json ../azure-sdk-for-net_tmp/initOutput.json
command	pwsh ./eng/scripts/Invoke-GenerateAndBuildV2.ps1 ../azure-sdk-for-net_tmp/generateInput.json ../azure-sdk-for-net_tmp/generateOutput.json
warn	No file changes detected after generation

️✔️Azure.ResourceManager.KeyVault [View full logs]
- Azure.ResourceManager.KeyVault.1.2.0-alpha.20231012.1.nupkg
```
info	[Changelog]
```

️⚠️ azure-sdk-for-python-track2 warning [Detail]

⚠️Warning [Logs]Release - Generate from b594fd4. SDK Automation 14.0.0

command	sh scripts/automation_init.sh ../azure-sdk-for-python_tmp/initInput.json ../azure-sdk-for-python_tmp/initOutput.json
cmderr	[automation_init.sh] WARNING: Skipping azure-nspkg as it is not installed.
command	sh scripts/automation_generate.sh ../azure-sdk-for-python_tmp/generateInput.json ../azure-sdk-for-python_tmp/generateOutput.json
cmderr	[automation_generate.sh]
cmderr	[automation_generate.sh] npm notice New major version of npm available! 9.8.1 -> 10.2.0
cmderr	[automation_generate.sh] npm notice Changelog: <https://github.com/npm/cli/releases/tag/v10.2.0>
cmderr	[automation_generate.sh] npm notice Run `npm install -g npm@10.2.0` to update!
cmderr	[automation_generate.sh] npm notice

️✔️track2_azure-mgmt-keyvault [View full logs] [Release SDK Changes]

info	[Changelog] ### Features Added
info	[Changelog]
info	[Changelog]   - Model MHSMPrivateEndpointConnection has a new parameter identity
info	[Changelog]   - Model MHSMPrivateLinkResource has a new parameter identity
info	[Changelog]   - Model ManagedHsm has a new parameter identity
info	[Changelog]   - Model ManagedHsmResource has a new parameter identity

️⚠️ azure-sdk-for-java warning [Detail]

⚠️Warning [Logs]Release - Generate from b594fd4. SDK Automation 14.0.0

command	./eng/mgmt/automation/init.sh ../azure-sdk-for-java_tmp/initInput.json ../azure-sdk-for-java_tmp/initOutput.json
cmderr	[init.sh] [notice] A new release of pip is available: 23.0.1 -> 23.2.1
cmderr	[init.sh] [notice] To update, run: pip install --upgrade pip
cmderr	[init.sh] [notice] A new release of pip is available: 23.0.1 -> 23.2.1
cmderr	[init.sh] [notice] To update, run: pip install --upgrade pip
command	./eng/mgmt/automation/generate.py ../azure-sdk-for-java_tmp/generateInput.json ../azure-sdk-for-java_tmp/generateOutput.json

️✔️azure-resourcemanager-keyvault-generated [View full logs] [Release SDK Changes]

️️✔️ azure-sdk-for-go succeeded [Detail] [Expand]

️✔️Succeeded [Logs]Release - Generate from b594fd4. SDK Automation 14.0.0

command	sh ./eng/scripts/automation_init.sh ../../../../../azure-sdk-for-go_tmp/initInput.json ../../../../../azure-sdk-for-go_tmp/initOutput.json
command	generator automation-v2 ../../../../../azure-sdk-for-go_tmp/generateInput.json ../../../../../azure-sdk-for-go_tmp/generateOutput.json

️✔️sdk/resourcemanager/keyvault/armkeyvault [View full logs] [Release SDK Changes]

info	[Changelog] ### Features Added
info	[Changelog]
info	[Changelog] - New value `ManagedHsmSKUNameCustomB6` added to enum type `ManagedHsmSKUName`
info	[Changelog] - New enum type `ManagedServiceIdentityType` with values `ManagedServiceIdentityTypeNone`, `ManagedServiceIdentityTypeSystemAssigned`, `ManagedServiceIdentityTypeSystemAssignedUserAssigned`, `ManagedServiceIdentityTypeUserAssigned`
info	[Changelog] - New struct `ManagedServiceIdentity`
info	[Changelog] - New struct `UserAssignedIdentity`
info	[Changelog] - New field `Identity` in struct `MHSMPrivateEndpointConnection`
info	[Changelog] - New field `Identity` in struct `MHSMPrivateLinkResource`
info	[Changelog] - New field `Identity` in struct `ManagedHsm`
info	[Changelog] - New field `Identity` in struct `ManagedHsmResource`
info	[Changelog]
info	[Changelog] Total 0 breaking change(s), 14 additive change(s).

️️✔️ azure-sdk-for-js succeeded [Detail] [Expand]

️✔️Succeeded [Logs]Release - Generate from b594fd4. SDK Automation 14.0.0

command	sh .scripts/automation_init.sh ../azure-sdk-for-js_tmp/initInput.json ../azure-sdk-for-js_tmp/initOutput.json
warn	File azure-sdk-for-js_tmp/initOutput.json not found to read
command	sh .scripts/automation_generate.sh ../azure-sdk-for-js_tmp/generateInput.json ../azure-sdk-for-js_tmp/generateOutput.json

️✔️@azure/arm-keyvault [View full logs] [Release SDK Changes]

azure-arm-keyvault-3.1.0.tgz

info	[Changelog] **Features**
info	[Changelog]
info	[Changelog]   - Added Interface ManagedServiceIdentity
info	[Changelog]   - Added Interface UserAssignedIdentity
info	[Changelog]   - Added Type Alias ManagedServiceIdentityType
info	[Changelog]   - Interface ManagedHsmResource has a new optional parameter identity
info	[Changelog]   - Added Enum KnownManagedServiceIdentityType

️⚠️ azure-resource-manager-schemas warning [Detail]

⚠️Warning [Logs]Release - Generate from b594fd4. Schema Automation 14.0.0

command	.sdkauto/initScript.sh ../azure-resource-manager-schemas_tmp/initInput.json ../azure-resource-manager-schemas_tmp/initOutput.json
cmderr	[initScript.sh]  notice
cmderr	[initScript.sh] npm notice New major version of npm available! 8.19.4 -> 10.2.0
cmderr	[initScript.sh] npm notice Changelog: <https://github.com/npm/cli/releases/tag/v10.2.0>
cmderr	[initScript.sh] npm notice Run `npm install -g npm@10.2.0` to update!
cmderr	[initScript.sh] npm notice
warn	File azure-resource-manager-schemas_tmp/initOutput.json not found to read
command	.sdkauto/generateScript.sh ../azure-resource-manager-schemas_tmp/generateInput.json ../azure-resource-manager-schemas_tmp/generateOutput.json

️✔️keyvault [View full logs] [Release Schema Changes]

️❌ azure-powershell failed [Detail]

❌Pipeline Framework Failed [Logs]Release - Generate from b594fd4. SDK Automation 14.0.0

command	sh ./tools/SwaggerCI/init.sh ../azure-powershell_tmp/initInput.json ../azure-powershell_tmp/initOutput.json
command	pwsh ./tools/SwaggerCI/psci.ps1 ../azure-powershell_tmp/generateInput.json ../azure-powershell_tmp/generateOutput.json
SSL error: syscall failure: Broken pipe
Error: SSL error: syscall failure: Broken pipe

⚠️Az.keyvault.DefaultTag [View full logs]

error	Fatal error: SSL error: syscall failure: Broken pipe
error	The following packages are still pending:
error		Az.keyvault.DefaultTag

_{Posted by Swagger Pipeline | How to fix these errors?}

openapi-pipeline-app · 2023-05-04T10:20:24Z

Generated ApiView

Language	Package Name	ApiView Link
Go	sdk/resourcemanager/keyvault/armkeyvault	https://apiview.dev/Assemblies/Review/ed6fef18c615413c92f259992054e9c6
.Net	Azure.ResourceManager.KeyVault	There is no API change compared with the previous version
Java	azure-resourcemanager-keyvault-generated	https://apiview.dev/Assemblies/Review/424cb1442f7441cb9e73fa660293d41c
JavaScript	@azure/arm-keyvault	https://apiview.dev/Assemblies/Review/cd0728418ecd4f7da48cadf8cdcf05ec

openapi-workflow-bot · 2023-05-04T10:27:59Z

Hi, @fssevero, For review efficiency consideration, when creating a new api version, it is required to place API specs of the base version in the first commit, and push new version updates into successive commits. You can use OpenAPIHub to initialize the PR for adding a new version. For more details refer to the wiki. Or you could onboard API spec pipeline

microsoft-github-policy-service · 2023-09-25T01:34:12Z