adding support for backing up and restoring of KeyVault secrets #3787
Conversation
|
@dragav, |
|
Can one of the admins verify this patch? |
| OutputFile = GetDefaultFileForOperation("backup", VaultName, Name); | ||
| } | ||
|
|
||
| var filePath = ResolvePathFromFilename(OutputFile, throwOnPreExisting: true, errorMessage: KeyVaultProperties.Resources.BackupSecretFileAlreadyExists); |
There was a problem hiding this comment.
Two things:
(1) You should be using AzureSession.DataStore when interacting with the file system (checking for existence and the like), as this is mockable in tests
(2) The normal standrad would be to prompt for overwite if the file exists, which would mena having a ShouldContinue prompt asking if the user wants to overwrite and a Force parameter. Is there a reason why you wouldn't want to allow the user to overwrite the file?
| [Cmdlet( VerbsData.Backup, "AzureKeyVaultSecret", | ||
| SupportsShouldProcess = true, | ||
| HelpUri = Constants.KeyVaultHelpUri )] | ||
| [OutputType( typeof( String ) )] |
There was a problem hiding this comment.
Not sure the OutputType is useful. You should probably return nothing and implement a passthrough parameter so you can return true/false for success / failure
There was a problem hiding this comment.
The output of this cmdlet is the file path of the newly generated backup file.
| { | ||
| #region Input Parameter Definitions | ||
|
|
||
| /// <summary> |
There was a problem hiding this comment.
You should consider having an alternate parameter set that takes a KeyVaultSecret so that users can more easily pipe get-AzureKeyVaultSecret to this cmdlet.
There was a problem hiding this comment.
I don't quite see the value of this scenario - the piped-in object would only serve to extract the identifier, as that's what the server expects. The service must find/load/encrypt the object before creating a backup - the client can't upload an object to be backed up.
Another thing to consider is that the secret can be retrieved by id (ie a specific version) whereas the backup acts on the entire family (head secret + all versions). I'm concerned that the user expectation (on passing in a specific secret object) will be that an individual backup of that object will be generated.
|
|
||
| private string ResolvePath( string filePath ) | ||
| { | ||
| FileInfo secretFile = new FileInfo(this.GetUnresolvedProviderPathFromPSPath(filePath)); |
There was a problem hiding this comment.
Please use the data store, as outlined above
| [Cmdlet( VerbsData.Restore, "AzureKeyVaultSecret", | ||
| SupportsShouldProcess = true, | ||
| HelpUri = Constants.KeyVaultHelpUri )] | ||
| [OutputType( typeof( Secret ) )] |
There was a problem hiding this comment.
It looks like you are returnign the secret FullName, isn't that a string?
There was a problem hiding this comment.
Restore returns the newly reinstated secret (or key, for existing cmdlets). It is similar in that sense with the Get command.
| Position = 1, | ||
| HelpMessage = "Input file. The input file containing the backed-up blob" )] | ||
| [ValidateNotNullOrEmpty] | ||
| public string InputFile { get; set; } |
There was a problem hiding this comment.
It would be nice to take a list of files in this parameter, and process each one
There was a problem hiding this comment.
Will add this to the backlog for a future release :)
There was a problem hiding this comment.
Sounds good, this would be a non-breaking change
|
@dragav please pull the latest changes from the |
|
Addressed feedback and ported these changes to the corresponding preview branch. Will resubmit the PR shortly. |
Description
This checklist is used to make sure that common guidelines for a pull request are followed. You can find a more complete discussion of PowerShell cmdlet best practices here.
General Guidelines
Testing Guidelines
Cmdlet Signature Guidelines
ShouldProcessand haveSupportShouldProcess=truespecified in the cmdlet attribute. You can find more information onShouldProcesshere.OutputTypeattribute if any output is produced - if the cmdlet produces no output, it should implement aPassThruparameter.Cmdlet Parameter Guidelines