From 14ed4e758d5baef263a0bda1b0549cad12f9c647 Mon Sep 17 00:00:00 2001 From: Maor Leger Date: Mon, 1 Feb 2021 15:51:48 -0800 Subject: [PATCH] [KeyVault] - Add support for custom role operations (#13470) ## What - Regenerate swagger to the latest version (and pin it to a sha) - Add CRUD operations for custom role definitions - A few renames from API feedback in roleAssignment ## Why - Now that the swagger is updated with the new RBAC operations we can add support for it resolves #12206 --- sdk/keyvault/keyvault-admin/CHANGELOG.md | 1 + sdk/keyvault/keyvault-admin/package.json | 2 +- ...roleassignment_and_deleteroleassignment.js | 38 +-- .../recording_listroleassignments.js | 18 +- ...and_delete_a_role_definition_happy_path.js | 178 ++++++++++++++ .../recording_listroledefinitions.js | 96 ++++++++ ...when_deleting_a_builtin_role_definition.js | 96 ++++++++ ..._deleting_a_nonexistent_role_definition.js | 5 + ...hen_the_role_definition_cannot_be_found.js | 92 ++++++++ ...rding_returns_a_role_definition_by_name.js | 126 ++++++++++ ...when_updating_a_builtin_role_definition.js | 168 ++++++++++++++ .../review/keyvault-admin.api.md | 44 ++-- .../typescript/src/accessControlHelloWorld.ts | 30 ++- .../keyvault-admin/src/accessControlClient.ts | 153 ++++++++++-- .../keyvault-admin/src/accessControlModels.ts | 71 +++++- .../keyvault-admin/src/generated/index.ts | 11 + .../src/generated/keyVaultClient.ts | 31 +-- .../src/generated/models/index.ts | 219 ++++++++++++++++-- .../src/generated/models/mappers.ts | 101 ++++++-- .../src/generated/models/parameters.ts | 77 ++++-- .../generated/operations/roleAssignments.ts | 12 +- .../generated/operations/roleDefinitions.ts | 150 +++++++++++- sdk/keyvault/keyvault-admin/src/mappings.ts | 8 +- sdk/keyvault/keyvault-admin/swagger/README.md | 33 +-- .../test/public/accessControlClient.spec.ts | 171 ++++++++++++-- 25 files changed, 1725 insertions(+), 206 deletions(-) create mode 100644 sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions/recording_can_create_update_and_delete_a_role_definition_happy_path.js create mode 100644 sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions/recording_listroledefinitions.js create mode 100644 sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_deleteroledefinition/recording_errors_when_deleting_a_builtin_role_definition.js create mode 100644 sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_deleteroledefinition/recording_errors_when_deleting_a_nonexistent_role_definition.js create mode 100644 sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_getroledefinition/recording_errors_when_the_role_definition_cannot_be_found.js create mode 100644 sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_getroledefinition/recording_returns_a_role_definition_by_name.js create mode 100644 sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_upsertroledefinition/recording_errors_when_updating_a_builtin_role_definition.js create mode 100644 sdk/keyvault/keyvault-admin/src/generated/index.ts diff --git a/sdk/keyvault/keyvault-admin/CHANGELOG.md b/sdk/keyvault/keyvault-admin/CHANGELOG.md index b84d23d7a683..5a6541e5dd4a 100644 --- a/sdk/keyvault/keyvault-admin/CHANGELOG.md +++ b/sdk/keyvault/keyvault-admin/CHANGELOG.md @@ -7,6 +7,7 @@ - Bug fix: The logging of HTTP requests wasn't properly working - now it has been fixed and tests have been written that verify the fix. - Return `BackupResult` and `RestoreResult` from backup/restore long running operations which will contain additional information about the operation as well any relevant data. - Backup / Restore polling will now correctly propagate any errors to the awaited call. +- Add support for custom role definitions - creating, updating, and deleting role definitions are now supported. ## 4.0.0-beta.1 (2020-09-11) diff --git a/sdk/keyvault/keyvault-admin/package.json b/sdk/keyvault/keyvault-admin/package.json index 4e890feaa814..57aa3f604a62 100644 --- a/sdk/keyvault/keyvault-admin/package.json +++ b/sdk/keyvault/keyvault-admin/package.json @@ -66,7 +66,7 @@ "lint": "eslint package.json api-extractor.json src --ext .ts", "pack": "npm pack 2>&1", "prebuild": "npm run clean", - "regenerate": "npx autorest swagger/README.md --typescript --version=3.0.6267", + "regenerate": "npx autorest swagger/README.md --typescript", "test:browser": "npm run clean && npm run build:test && npm run unit-test:browser", "test:node": "npm run clean && npm run build:test && npm run unit-test:node", "test": "npm run clean && npm run build:test && npm run unit-test", diff --git a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient/recording_createroleassignment_getroleassignment_and_deleteroleassignment.js b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient/recording_createroleassignment_getroleassignment_and_deleteroleassignment.js index a5635eededb2..4ee9d9f8ff05 100644 --- a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient/recording_createroleassignment_getroleassignment_and_deleteroleassignment.js +++ b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient/recording_createroleassignment_getroleassignment_and_deleteroleassignment.js @@ -1,6 +1,6 @@ let nock = require('nock'); -module.exports.hash = "8a0af3d5cdbe311d66dd646b50e18d5d"; +module.exports.hash = "cb3c3461eeb933a605624c89b8994889"; module.exports.testInfo = {"uniqueName":{},"newDate":{}} @@ -19,7 +19,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'content-length', '2', 'x-ms-request-id', - 'f4d4fc96-5ace-11eb-9b71-0242ac12000a', + '1da4d9f2-6196-11eb-aa64-0242ac120009', 'strict-transport-security', 'max-age=31536000; includeSubDomains', 'content-security-policy', @@ -29,7 +29,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'cache-control', 'no-cache', 'x-ms-server-latency', - '1' + '2' ]); nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) @@ -40,7 +40,7 @@ nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) 'Pragma', 'no-cache', 'Content-Length', - '1322', + '1317', 'Content-Type', 'application/json; charset=utf-8', 'Expires', @@ -52,33 +52,33 @@ nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) 'P3P', 'CP="DSP CUR OTPi IND OTRi ONL FIN"', 'x-ms-request-id', - '3c3b4bb2-8864-40f5-b1b0-9645d76a1001', + '5f15c7bb-a439-436a-a95d-27a958dacd00', 'x-ms-ests-server', - '2.1.11397.13 - NCUS ProdSlices', + '2.1.11444.8 - WUS2 ProdSlices', 'Set-Cookie', - 'fpc=AruM6-s0o4dGuoROwfwoa4NdWxHLBQAAAFGZmdcOAAAA; expires=Fri, 19-Feb-2021 03:24:08 GMT; path=/; secure; HttpOnly; SameSite=None', + 'fpc=AsL5eNaSdj9Hv8NUxPN0i95dWxHLAgAAAHP4pNcOAAAA; expires=Sat, 27-Feb-2021 18:24:53 GMT; path=/; secure; HttpOnly; SameSite=None', 'Set-Cookie', 'x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly', 'Set-Cookie', 'stsservicecookie=estsfd; path=/; secure; samesite=none; httponly', 'Date', - 'Wed, 20 Jan 2021 03:24:07 GMT' + 'Thu, 28 Jan 2021 18:24:52 GMT' ]); nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) .get('///providers/Microsoft.Authorization/roleDefinitions') .query(true) - .reply(200, {"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}, [ + .reply(200, {"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/0e2caeee-c32b-4f0b-92db-15920a0e576b","name":"0e2caeee-c32b-4f0b-92db-15920a0e576b","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"0e2caeee-c32b-4f0b-92db-15920a0e576b","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/d9340e70-7651-44b0-bcc8-f65db7f911f2","name":"d9340e70-7651-44b0-bcc8-f65db7f911f2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"d9340e70-7651-44b0-bcc8-f65db7f911f2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/foo","name":"foo","properties":{"assignableScopes":["/"],"description":"","permissions":[],"roleName":"foo","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7bba88c3-6be8-476e-aeeb-789f96cbf634","name":"7bba88c3-6be8-476e-aeeb-789f96cbf634","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"7bba88c3-6be8-476e-aeeb-789f96cbf634","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/86eb7f81-018e-43aa-b733-17b5f3d1fdfc","name":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","name":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}, [ 'x-frame-options', 'SAMEORIGIN', 'x-ms-request-id', - 'f507be88-5ace-11eb-9b71-0242ac12000a', + '1dc76030-6196-11eb-aa64-0242ac120009', 'content-type', 'application/json; charset=utf-8', 'x-ms-keyvault-region', 'westeurope', 'content-length', - '6772', + '10005', 'strict-transport-security', 'max-age=31536000; includeSubDomains', 'content-security-policy', @@ -92,7 +92,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'x-ms-keyvault-network-info', 'addr=50.35.231.105', 'x-ms-server-latency', - '0' + '2' ]); nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) @@ -106,7 +106,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'content-length', '398', 'x-ms-request-id', - 'f5205330-5ace-11eb-9b71-0242ac12000a', + '1de0c6b0-6196-11eb-aa64-0242ac120009', 'x-ms-keyvault-region', 'westeurope', 'strict-transport-security', @@ -116,7 +116,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'x-ms-keyvault-network-info', 'addr=50.35.231.105', 'x-ms-server-latency', - '75', + '67', 'cache-control', 'no-cache', 'x-frame-options', @@ -130,7 +130,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'x-frame-options', 'SAMEORIGIN', 'x-ms-request-id', - 'f54431d8-5ace-11eb-9b71-0242ac12000a', + '1e03c368-6196-11eb-aa64-0242ac120009', 'content-type', 'application/json; charset=utf-8', 'x-ms-keyvault-region', @@ -164,7 +164,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'content-length', '398', 'x-ms-request-id', - 'f55c97d2-5ace-11eb-9b71-0242ac12000a', + '1e1c51bc-6196-11eb-aa64-0242ac120009', 'x-ms-keyvault-region', 'westeurope', 'strict-transport-security', @@ -174,7 +174,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'x-ms-keyvault-network-info', 'addr=50.35.231.105', 'x-ms-server-latency', - '57', + '88', 'cache-control', 'no-cache', 'x-frame-options', @@ -184,7 +184,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) .get('///providers/Microsoft.Authorization/roleAssignments/b36b00af-89c6-435f-a43d-9a3087015c27') .query(true) - .reply(404, {"error":{"code":"RoleAssignmentNotFound","message":"Requested role assignment not found (Activity ID: f57e7cf8-5ace-11eb-9b71-0242ac12000a)"}}, [ + .reply(404, {"error":{"code":"RoleAssignmentNotFound","message":"Requested role assignment not found (Activity ID: 1e42e94e-6196-11eb-aa64-0242ac120009)"}}, [ 'content-type', 'application/json; charset=utf-8', 'x-ms-server-latency', @@ -194,7 +194,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'content-length', '143', 'x-ms-request-id', - 'f57e7cf8-5ace-11eb-9b71-0242ac12000a', + '1e42e94e-6196-11eb-aa64-0242ac120009', 'strict-transport-security', 'max-age=31536000; includeSubDomains', 'content-security-policy', diff --git a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient/recording_listroleassignments.js b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient/recording_listroleassignments.js index 7f6ff4249c8f..5b26aa851085 100644 --- a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient/recording_listroleassignments.js +++ b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient/recording_listroleassignments.js @@ -1,6 +1,6 @@ let nock = require('nock'); -module.exports.hash = "35cfadfb466022e6ec4de357d76294db"; +module.exports.hash = "56d7e691eb86750cc7e1ee277eec4bdc"; module.exports.testInfo = {"uniqueName":{},"newDate":{}} @@ -19,7 +19,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'content-length', '2', 'x-ms-request-id', - 'f4068c26-5ace-11eb-8415-0242ac120006', + '1cde8d9c-6196-11eb-b6fa-0242ac120008', 'strict-transport-security', 'max-age=31536000; includeSubDomains', 'content-security-policy', @@ -29,7 +29,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'cache-control', 'no-cache', 'x-ms-server-latency', - '0' + '2' ]); nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) @@ -50,17 +50,17 @@ nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) 'P3P', 'CP="DSP CUR OTPi IND OTRi ONL FIN"', 'x-ms-request-id', - '34572a1e-f2c4-4290-bed6-1f54cfd00801', + '7315331b-99ab-46b6-8e34-f688a38eb900', 'x-ms-ests-server', - '2.1.11397.13 - EUS ProdSlices', + '2.1.11444.8 - WUS2 ProdSlices', 'Set-Cookie', - 'fpc=AruM6-s0o4dGuoROwfwoa4NdWxHLBAAAAFGZmdcOAAAA; expires=Fri, 19-Feb-2021 03:24:07 GMT; path=/; secure; HttpOnly; SameSite=None', + 'fpc=AsL5eNaSdj9Hv8NUxPN0i95dWxHLAQAAAHP4pNcOAAAA; expires=Sat, 27-Feb-2021 18:24:52 GMT; path=/; secure; HttpOnly; SameSite=None', 'Set-Cookie', 'x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly', 'Set-Cookie', 'stsservicecookie=estsfd; path=/; secure; samesite=none; httponly', 'Date', - 'Wed, 20 Jan 2021 03:24:06 GMT', + 'Thu, 28 Jan 2021 18:24:51 GMT', 'Content-Length', '1322' ]); @@ -72,7 +72,7 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'x-frame-options', 'SAMEORIGIN', 'x-ms-request-id', - 'f43b7724-5ace-11eb-8415-0242ac120006', + '1d0869f0-6196-11eb-b6fa-0242ac120008', 'content-type', 'application/json; charset=utf-8', 'x-ms-keyvault-region', @@ -92,5 +92,5 @@ nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams": 'x-ms-keyvault-network-info', 'addr=50.35.231.105', 'x-ms-server-latency', - '0' + '1' ]); diff --git a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions/recording_can_create_update_and_delete_a_role_definition_happy_path.js b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions/recording_can_create_update_and_delete_a_role_definition_happy_path.js new file mode 100644 index 000000000000..195ea705546b --- /dev/null +++ b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions/recording_can_create_update_and_delete_a_role_definition_happy_path.js @@ -0,0 +1,178 @@ +let nock = require('nock'); + +module.exports.hash = "1c491ac4038e6f302d3f0c8847514f15"; + +module.exports.testInfo = {"uniqueName":{},"newDate":{}} + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .put('///providers/Microsoft.Authorization/roleDefinitions/b36b00af-89c6-435f-a43d-9a3087015c27') + .query(true) + .reply(401, "", [ + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-server-latency', + '1', + 'x-content-type-options', + 'nosniff', + 'www-authenticate', + 'Bearer authorization="https://login.microsoftonline.com/azure_tenant_id", resource="https://managedhsm.azure.net"', + 'x-frame-options', + 'SAMEORIGIN', + 'content-length', + '0', + 'x-ms-request-id', + '1fa284fc-6196-11eb-acb6-0242ac120003', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'cache-control', + 'no-cache' +]); + +nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) + .post('/azure_tenant_id/oauth2/v2.0/token', "response_type=token&grant_type=client_credentials&client_id=azure_client_id&client_secret=azure_client_secret&scope=https%3A%2F%2Fmanagedhsm.azure.net%2F.default") + .reply(200, {"token_type":"Bearer","expires_in":86399,"ext_expires_in":86399,"access_token":"access_token"}, [ + 'Cache-Control', + 'no-store, no-cache', + 'Pragma', + 'no-cache', + 'Content-Type', + 'application/json; charset=utf-8', + 'Expires', + '-1', + 'Strict-Transport-Security', + 'max-age=31536000; includeSubDomains', + 'X-Content-Type-Options', + 'nosniff', + 'P3P', + 'CP="DSP CUR OTPi IND OTRi ONL FIN"', + 'x-ms-request-id', + '439b6820-0034-4f6e-93d6-0e8b60971800', + 'x-ms-ests-server', + '2.1.11444.8 - EUS ProdSlices', + 'Set-Cookie', + 'fpc=AsL5eNaSdj9Hv8NUxPN0i95dWxHLBAAAAHP4pNcOAAAA; expires=Sat, 27-Feb-2021 18:24:57 GMT; path=/; secure; HttpOnly; SameSite=None', + 'Set-Cookie', + 'x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly', + 'Set-Cookie', + 'stsservicecookie=estsfd; path=/; secure; samesite=none; httponly', + 'Date', + 'Thu, 28 Jan 2021 18:24:56 GMT', + 'Content-Length', + '1322' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .put('///providers/Microsoft.Authorization/roleDefinitions/b36b00af-89c6-435f-a43d-9a3087015c27', {"properties":{"roleName":"b36b00af-89c6-435f-a43d-9a3087015c27","description":"custom role description","type":"CustomRole","permissions":[{"actions":[],"notActions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notDataActions":[]}],"assignableScopes":["/"]}}) + .query(true) + .reply(201, {"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/b36b00af-89c6-435f-a43d-9a3087015c27","name":"b36b00af-89c6-435f-a43d-9a3087015c27","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"b36b00af-89c6-435f-a43d-9a3087015c27","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}, [ + 'content-type', + 'application/json; charset=utf-8', + 'x-content-type-options', + 'nosniff', + 'content-length', + '547', + 'x-ms-request-id', + '1fd61222-6196-11eb-acb6-0242ac120003', + 'x-ms-keyvault-region', + 'westeurope', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-ms-keyvault-network-info', + 'addr=50.35.231.105', + 'x-ms-server-latency', + '68', + 'cache-control', + 'no-cache', + 'x-frame-options', + 'SAMEORIGIN' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .put('///providers/Microsoft.Authorization/roleDefinitions/b36b00af-89c6-435f-a43d-9a3087015c27', {"properties":{"roleName":"b36b00af-89c6-435f-a43d-9a3087015c27","description":"custom role description","type":"CustomRole","permissions":[{"actions":[],"notActions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notDataActions":[]},{"actions":[],"notActions":[],"dataActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"assignableScopes":["/"]}}) + .query(true) + .reply(201, {"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/b36b00af-89c6-435f-a43d-9a3087015c27","name":"b36b00af-89c6-435f-a43d-9a3087015c27","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"b36b00af-89c6-435f-a43d-9a3087015c27","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}, [ + 'content-type', + 'application/json; charset=utf-8', + 'x-content-type-options', + 'nosniff', + 'content-length', + '666', + 'x-ms-request-id', + '1ff9c366-6196-11eb-acb6-0242ac120003', + 'x-ms-keyvault-region', + 'westeurope', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-ms-keyvault-network-info', + 'addr=50.35.231.105', + 'x-ms-server-latency', + '60', + 'cache-control', + 'no-cache', + 'x-frame-options', + 'SAMEORIGIN' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .delete('///providers/Microsoft.Authorization/roleDefinitions/b36b00af-89c6-435f-a43d-9a3087015c27') + .query(true) + .reply(200, {"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/b36b00af-89c6-435f-a43d-9a3087015c27","name":"b36b00af-89c6-435f-a43d-9a3087015c27","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"b36b00af-89c6-435f-a43d-9a3087015c27","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}, [ + 'content-type', + 'application/json; charset=utf-8', + 'x-content-type-options', + 'nosniff', + 'content-length', + '666', + 'x-ms-request-id', + '201be036-6196-11eb-acb6-0242ac120003', + 'x-ms-keyvault-region', + 'westeurope', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-ms-keyvault-network-info', + 'addr=50.35.231.105', + 'x-ms-server-latency', + '61', + 'cache-control', + 'no-cache', + 'x-frame-options', + 'SAMEORIGIN' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions') + .query(true) + .reply(200, {"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/0e2caeee-c32b-4f0b-92db-15920a0e576b","name":"0e2caeee-c32b-4f0b-92db-15920a0e576b","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"0e2caeee-c32b-4f0b-92db-15920a0e576b","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/d9340e70-7651-44b0-bcc8-f65db7f911f2","name":"d9340e70-7651-44b0-bcc8-f65db7f911f2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"d9340e70-7651-44b0-bcc8-f65db7f911f2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/foo","name":"foo","properties":{"assignableScopes":["/"],"description":"","permissions":[],"roleName":"foo","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7bba88c3-6be8-476e-aeeb-789f96cbf634","name":"7bba88c3-6be8-476e-aeeb-789f96cbf634","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"7bba88c3-6be8-476e-aeeb-789f96cbf634","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/86eb7f81-018e-43aa-b733-17b5f3d1fdfc","name":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","name":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}, [ + 'x-frame-options', + 'SAMEORIGIN', + 'x-ms-request-id', + '203dcfb6-6196-11eb-acb6-0242ac120003', + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-keyvault-region', + 'westeurope', + 'content-length', + '10005', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'cache-control', + 'no-cache', + 'x-content-type-options', + 'nosniff', + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'x-ms-keyvault-network-info', + 'addr=50.35.231.105', + 'x-ms-server-latency', + '0' +]); diff --git a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions/recording_listroledefinitions.js b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions/recording_listroledefinitions.js new file mode 100644 index 000000000000..eb8a5595955b --- /dev/null +++ b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions/recording_listroledefinitions.js @@ -0,0 +1,96 @@ +let nock = require('nock'); + +module.exports.hash = "8dba027321e3fcff1315799257b3a5a0"; + +module.exports.testInfo = {"uniqueName":{},"newDate":{}} + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions') + .query(true) + .reply(401, "OK", [ + 'content-type', + 'application/json; charset=utf-8', + 'x-content-type-options', + 'nosniff', + 'www-authenticate', + 'Bearer authorization="https://login.microsoftonline.com/azure_tenant_id", resource="https://managedhsm.azure.net"', + 'x-frame-options', + 'SAMEORIGIN', + 'content-length', + '2', + 'x-ms-request-id', + '1edda0d8-6196-11eb-a38c-0242ac120008', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'cache-control', + 'no-cache', + 'x-ms-server-latency', + '0' +]); + +nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) + .post('/azure_tenant_id/oauth2/v2.0/token', "response_type=token&grant_type=client_credentials&client_id=azure_client_id&client_secret=azure_client_secret&scope=https%3A%2F%2Fmanagedhsm.azure.net%2F.default") + .reply(200, {"token_type":"Bearer","expires_in":86399,"ext_expires_in":86399,"access_token":"access_token"}, [ + 'Cache-Control', + 'no-store, no-cache', + 'Pragma', + 'no-cache', + 'Content-Length', + '1322', + 'Content-Type', + 'application/json; charset=utf-8', + 'Expires', + '-1', + 'Strict-Transport-Security', + 'max-age=31536000; includeSubDomains', + 'X-Content-Type-Options', + 'nosniff', + 'P3P', + 'CP="DSP CUR OTPi IND OTRi ONL FIN"', + 'x-ms-request-id', + 'adc79562-d7d1-4fd3-a29b-2bc9b59e9b00', + 'x-ms-ests-server', + '2.1.11444.8 - WUS2 ProdSlices', + 'Set-Cookie', + 'fpc=AsL5eNaSdj9Hv8NUxPN0i95dWxHLAwAAAHP4pNcOAAAA; expires=Sat, 27-Feb-2021 18:24:55 GMT; path=/; secure; HttpOnly; SameSite=None', + 'Set-Cookie', + 'x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly', + 'Set-Cookie', + 'stsservicecookie=estsfd; path=/; secure; samesite=none; httponly', + 'Date', + 'Thu, 28 Jan 2021 18:24:54 GMT' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions') + .query(true) + .reply(200, {"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/0e2caeee-c32b-4f0b-92db-15920a0e576b","name":"0e2caeee-c32b-4f0b-92db-15920a0e576b","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"0e2caeee-c32b-4f0b-92db-15920a0e576b","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/d9340e70-7651-44b0-bcc8-f65db7f911f2","name":"d9340e70-7651-44b0-bcc8-f65db7f911f2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"d9340e70-7651-44b0-bcc8-f65db7f911f2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/foo","name":"foo","properties":{"assignableScopes":["/"],"description":"","permissions":[],"roleName":"foo","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7bba88c3-6be8-476e-aeeb-789f96cbf634","name":"7bba88c3-6be8-476e-aeeb-789f96cbf634","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"7bba88c3-6be8-476e-aeeb-789f96cbf634","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/86eb7f81-018e-43aa-b733-17b5f3d1fdfc","name":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","name":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}, [ + 'x-frame-options', + 'SAMEORIGIN', + 'x-ms-request-id', + '1f01014a-6196-11eb-a38c-0242ac120008', + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-keyvault-region', + 'westeurope', + 'content-length', + '10005', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'cache-control', + 'no-cache', + 'x-content-type-options', + 'nosniff', + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'x-ms-keyvault-network-info', + 'addr=50.35.231.105', + 'x-ms-server-latency', + '0' +]); diff --git a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_deleteroledefinition/recording_errors_when_deleting_a_builtin_role_definition.js b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_deleteroledefinition/recording_errors_when_deleting_a_builtin_role_definition.js new file mode 100644 index 000000000000..c155157b514b --- /dev/null +++ b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_deleteroledefinition/recording_errors_when_deleting_a_builtin_role_definition.js @@ -0,0 +1,96 @@ +let nock = require('nock'); + +module.exports.hash = "65ec7475762d2809acb5bda33cf68036"; + +module.exports.testInfo = {"uniqueName":{},"newDate":{}} + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions') + .query(true) + .reply(401, "OK", [ + 'content-type', + 'application/json; charset=utf-8', + 'x-content-type-options', + 'nosniff', + 'www-authenticate', + 'Bearer authorization="https://login.microsoftonline.com/azure_tenant_id", resource="https://managedhsm.azure.net"', + 'x-frame-options', + 'SAMEORIGIN', + 'content-length', + '2', + 'x-ms-request-id', + '35afcce6-6196-11eb-a4a2-0242ac120008', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'cache-control', + 'no-cache', + 'x-ms-server-latency', + '1' +]); + +nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) + .post('/azure_tenant_id/oauth2/v2.0/token', "response_type=token&grant_type=client_credentials&client_id=azure_client_id&client_secret=azure_client_secret&scope=https%3A%2F%2Fmanagedhsm.azure.net%2F.default") + .reply(200, {"token_type":"Bearer","expires_in":86399,"ext_expires_in":86399,"access_token":"access_token"}, [ + 'Cache-Control', + 'no-store, no-cache', + 'Pragma', + 'no-cache', + 'Content-Length', + '1322', + 'Content-Type', + 'application/json; charset=utf-8', + 'Expires', + '-1', + 'Strict-Transport-Security', + 'max-age=31536000; includeSubDomains', + 'X-Content-Type-Options', + 'nosniff', + 'P3P', + 'CP="DSP CUR OTPi IND OTRi ONL FIN"', + 'x-ms-request-id', + '34c218c4-d2d2-4e1c-8dd8-846cda9e2400', + 'x-ms-ests-server', + '2.1.11444.8 - NCUS ProdSlices', + 'Set-Cookie', + 'fpc=AsL5eNaSdj9Hv8NUxPN0i95dWxHLBgAAAHP4pNcOAAAA; expires=Sat, 27-Feb-2021 18:25:34 GMT; path=/; secure; HttpOnly; SameSite=None', + 'Set-Cookie', + 'x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly', + 'Set-Cookie', + 'stsservicecookie=estsfd; path=/; secure; samesite=none; httponly', + 'Date', + 'Thu, 28 Jan 2021 18:25:34 GMT' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions') + .query(true) + .reply(200, {"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/0e2caeee-c32b-4f0b-92db-15920a0e576b","name":"0e2caeee-c32b-4f0b-92db-15920a0e576b","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"0e2caeee-c32b-4f0b-92db-15920a0e576b","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/d9340e70-7651-44b0-bcc8-f65db7f911f2","name":"d9340e70-7651-44b0-bcc8-f65db7f911f2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"d9340e70-7651-44b0-bcc8-f65db7f911f2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/foo","name":"foo","properties":{"assignableScopes":["/"],"description":"","permissions":[],"roleName":"foo","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7bba88c3-6be8-476e-aeeb-789f96cbf634","name":"7bba88c3-6be8-476e-aeeb-789f96cbf634","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"7bba88c3-6be8-476e-aeeb-789f96cbf634","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/86eb7f81-018e-43aa-b733-17b5f3d1fdfc","name":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","name":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}, [ + 'x-frame-options', + 'SAMEORIGIN', + 'x-ms-request-id', + '35db285a-6196-11eb-a4a2-0242ac120008', + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-keyvault-region', + 'westeurope', + 'content-length', + '10005', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'cache-control', + 'no-cache', + 'x-content-type-options', + 'nosniff', + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'x-ms-keyvault-network-info', + 'addr=50.35.231.105', + 'x-ms-server-latency', + '1' +]); diff --git a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_deleteroledefinition/recording_errors_when_deleting_a_nonexistent_role_definition.js b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_deleteroledefinition/recording_errors_when_deleting_a_nonexistent_role_definition.js new file mode 100644 index 000000000000..73385e4cc6cb --- /dev/null +++ b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_deleteroledefinition/recording_errors_when_deleting_a_nonexistent_role_definition.js @@ -0,0 +1,5 @@ +let nock = require('nock'); + +module.exports.hash = "60801893b6cc749c99c933c78d48f87a"; + +module.exports.testInfo = {"uniqueName":{},"newDate":{}} diff --git a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_getroledefinition/recording_errors_when_the_role_definition_cannot_be_found.js b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_getroledefinition/recording_errors_when_the_role_definition_cannot_be_found.js new file mode 100644 index 000000000000..04fa58a504d3 --- /dev/null +++ b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_getroledefinition/recording_errors_when_the_role_definition_cannot_be_found.js @@ -0,0 +1,92 @@ +let nock = require('nock'); + +module.exports.hash = "b96059cfe95741f044cae7bbb098b470"; + +module.exports.testInfo = {"uniqueName":{},"newDate":{}} + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions/does_not_exist') + .query(true) + .reply(401, "OK", [ + 'content-type', + 'application/json; charset=utf-8', + 'x-content-type-options', + 'nosniff', + 'www-authenticate', + 'Bearer authorization="https://login.microsoftonline.com/azure_tenant_id", resource="https://managedhsm.azure.net"', + 'x-frame-options', + 'SAMEORIGIN', + 'content-length', + '2', + 'x-ms-request-id', + '4f0aa482-619f-11eb-b800-0242ac120008', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'cache-control', + 'no-cache', + 'x-ms-server-latency', + '1' +]); + +nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) + .post('/azure_tenant_id/oauth2/v2.0/token', "response_type=token&grant_type=client_credentials&client_id=azure_client_id&client_secret=azure_client_secret&scope=https%3A%2F%2Fmanagedhsm.azure.net%2F.default") + .reply(200, {"token_type":"Bearer","expires_in":86399,"ext_expires_in":86399,"access_token":"access_token"}, [ + 'Cache-Control', + 'no-store, no-cache', + 'Pragma', + 'no-cache', + 'Content-Type', + 'application/json; charset=utf-8', + 'Expires', + '-1', + 'Strict-Transport-Security', + 'max-age=31536000; includeSubDomains', + 'X-Content-Type-Options', + 'nosniff', + 'P3P', + 'CP="DSP CUR OTPi IND OTRi ONL FIN"', + 'x-ms-request-id', + 'bf7144ff-ceda-4fe4-9558-67d92cc74000', + 'x-ms-ests-server', + '2.1.11444.8 - WUS2 ProdSlices', + 'Set-Cookie', + 'fpc=AtPrFn7AQ_pDqMxLfhrMzbZdWxHLAgAAAOAHpdcOAAAA; expires=Sat, 27-Feb-2021 19:30:42 GMT; path=/; secure; HttpOnly; SameSite=None', + 'Set-Cookie', + 'x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly', + 'Set-Cookie', + 'stsservicecookie=estsfd; path=/; secure; samesite=none; httponly', + 'Date', + 'Thu, 28 Jan 2021 19:30:41 GMT', + 'Content-Length', + '1322' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions/does_not_exist') + .query(true) + .reply(404, {"error":{"code":"RoleDefinitionNotFound","message":"Requested role definition not found (Activity ID: 4f3d786c-619f-11eb-b800-0242ac120008)"}}, [ + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-server-latency', + '1', + 'x-content-type-options', + 'nosniff', + 'content-length', + '143', + 'x-ms-request-id', + '4f3d786c-619f-11eb-b800-0242ac120008', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'cache-control', + 'no-cache', + 'x-frame-options', + 'SAMEORIGIN' +]); diff --git a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_getroledefinition/recording_returns_a_role_definition_by_name.js b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_getroledefinition/recording_returns_a_role_definition_by_name.js new file mode 100644 index 000000000000..3c3516833ed2 --- /dev/null +++ b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_getroledefinition/recording_returns_a_role_definition_by_name.js @@ -0,0 +1,126 @@ +let nock = require('nock'); + +module.exports.hash = "610340909fa1db1b2df45b64084a0476"; + +module.exports.testInfo = {"uniqueName":{},"newDate":{}} + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions') + .query(true) + .reply(401, "OK", [ + 'content-type', + 'application/json; charset=utf-8', + 'x-content-type-options', + 'nosniff', + 'www-authenticate', + 'Bearer authorization="https://login.microsoftonline.com/azure_tenant_id", resource="https://managedhsm.azure.net"', + 'x-frame-options', + 'SAMEORIGIN', + 'content-length', + '2', + 'x-ms-request-id', + '4e00749a-619f-11eb-8850-0242ac120003', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'cache-control', + 'no-cache', + 'x-ms-server-latency', + '1' +]); + +nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) + .post('/azure_tenant_id/oauth2/v2.0/token', "response_type=token&grant_type=client_credentials&client_id=azure_client_id&client_secret=azure_client_secret&scope=https%3A%2F%2Fmanagedhsm.azure.net%2F.default") + .reply(200, {"token_type":"Bearer","expires_in":86399,"ext_expires_in":86399,"access_token":"access_token"}, [ + 'Cache-Control', + 'no-store, no-cache', + 'Pragma', + 'no-cache', + 'Content-Type', + 'application/json; charset=utf-8', + 'Expires', + '-1', + 'Strict-Transport-Security', + 'max-age=31536000; includeSubDomains', + 'X-Content-Type-Options', + 'nosniff', + 'P3P', + 'CP="DSP CUR OTPi IND OTRi ONL FIN"', + 'x-ms-request-id', + 'aa37f050-69d1-4566-a2e2-568cbb7f8700', + 'x-ms-ests-server', + '2.1.11444.8 - SCUS ProdSlices', + 'Set-Cookie', + 'fpc=AtPrFn7AQ_pDqMxLfhrMzbZdWxHLAQAAAOAHpdcOAAAA; expires=Sat, 27-Feb-2021 19:30:40 GMT; path=/; secure; HttpOnly; SameSite=None', + 'Set-Cookie', + 'x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly', + 'Set-Cookie', + 'stsservicecookie=estsfd; path=/; secure; samesite=none; httponly', + 'Date', + 'Thu, 28 Jan 2021 19:30:40 GMT', + 'Content-Length', + '1322' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions') + .query(true) + .reply(200, {"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/0e2caeee-c32b-4f0b-92db-15920a0e576b","name":"0e2caeee-c32b-4f0b-92db-15920a0e576b","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"0e2caeee-c32b-4f0b-92db-15920a0e576b","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/d9340e70-7651-44b0-bcc8-f65db7f911f2","name":"d9340e70-7651-44b0-bcc8-f65db7f911f2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"d9340e70-7651-44b0-bcc8-f65db7f911f2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/foo","name":"foo","properties":{"assignableScopes":["/"],"description":"","permissions":[],"roleName":"foo","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7bba88c3-6be8-476e-aeeb-789f96cbf634","name":"7bba88c3-6be8-476e-aeeb-789f96cbf634","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"7bba88c3-6be8-476e-aeeb-789f96cbf634","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/86eb7f81-018e-43aa-b733-17b5f3d1fdfc","name":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","name":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}, [ + 'x-frame-options', + 'SAMEORIGIN', + 'x-ms-request-id', + '4e5623e0-619f-11eb-8850-0242ac120003', + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-keyvault-region', + 'westeurope', + 'content-length', + '10005', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'cache-control', + 'no-cache', + 'x-content-type-options', + 'nosniff', + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'x-ms-keyvault-network-info', + 'addr=50.35.231.105', + 'x-ms-server-latency', + '1' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8') + .query(true) + .reply(200, {"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"}, [ + 'x-frame-options', + 'SAMEORIGIN', + 'x-ms-request-id', + '4e6f8c22-619f-11eb-8850-0242ac120003', + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-keyvault-region', + 'westeurope', + 'content-length', + '561', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'cache-control', + 'no-cache', + 'x-content-type-options', + 'nosniff', + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'x-ms-keyvault-network-info', + 'addr=50.35.231.105', + 'x-ms-server-latency', + '1' +]); diff --git a/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_upsertroledefinition/recording_errors_when_updating_a_builtin_role_definition.js b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_upsertroledefinition/recording_errors_when_updating_a_builtin_role_definition.js new file mode 100644 index 000000000000..848fc2c5dba4 --- /dev/null +++ b/sdk/keyvault/keyvault-admin/recordings/node/keyvaultaccesscontrolclient_role_definitions_upsertroledefinition/recording_errors_when_updating_a_builtin_role_definition.js @@ -0,0 +1,168 @@ +let nock = require('nock'); + +module.exports.hash = "d3c5c6b29c41654207108723285fdc45"; + +module.exports.testInfo = {"uniqueName":{},"newDate":{}} + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions') + .query(true) + .reply(401, "OK", [ + 'content-type', + 'application/json; charset=utf-8', + 'x-content-type-options', + 'nosniff', + 'www-authenticate', + 'Bearer authorization="https://login.microsoftonline.com/azure_tenant_id", resource="https://managedhsm.azure.net"', + 'x-frame-options', + 'SAMEORIGIN', + 'content-length', + '2', + 'x-ms-request-id', + '20d99054-6196-11eb-85df-0242ac120009', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'cache-control', + 'no-cache', + 'x-ms-server-latency', + '0' +]); + +nock('https://login.microsoftonline.com:443', {"encodedQueryParams":true}) + .post('/azure_tenant_id/oauth2/v2.0/token', "response_type=token&grant_type=client_credentials&client_id=azure_client_id&client_secret=azure_client_secret&scope=https%3A%2F%2Fmanagedhsm.azure.net%2F.default") + .reply(200, {"token_type":"Bearer","expires_in":86399,"ext_expires_in":86399,"access_token":"access_token"}, [ + 'Cache-Control', + 'no-store, no-cache', + 'Pragma', + 'no-cache', + 'Content-Length', + '1322', + 'Content-Type', + 'application/json; charset=utf-8', + 'Expires', + '-1', + 'Strict-Transport-Security', + 'max-age=31536000; includeSubDomains', + 'X-Content-Type-Options', + 'nosniff', + 'P3P', + 'CP="DSP CUR OTPi IND OTRi ONL FIN"', + 'x-ms-request-id', + 'f1aabf96-fb5c-47ee-a441-ae48ae518100', + 'x-ms-ests-server', + '2.1.11444.8 - NCUS ProdSlices', + 'Set-Cookie', + 'fpc=AsL5eNaSdj9Hv8NUxPN0i95dWxHLBQAAAHP4pNcOAAAA; expires=Sat, 27-Feb-2021 18:24:59 GMT; path=/; secure; HttpOnly; SameSite=None', + 'Set-Cookie', + 'x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly', + 'Set-Cookie', + 'stsservicecookie=estsfd; path=/; secure; samesite=none; httponly', + 'Date', + 'Thu, 28 Jan 2021 18:24:58 GMT' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .get('///providers/Microsoft.Authorization/roleDefinitions') + .query(true) + .reply(200, {"value":[{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","name":"7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/keys/backup/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Backup","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/33413926-3206-4cdd-b39a-83574fe37a17","name":"33413926-3206-4cdd-b39a-83574fe37a17","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Service Encryption","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","name":"2c18b078-7c48-4d3a-af88-5a3a1b3f82b3","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Auditor","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/4bd23610-cdcf-4971-bdee-bdc562cc28e4","name":"4bd23610-cdcf-4971-bdee-bdc562cc28e4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Policy Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/21dbd100-6940-42c2-9190-5d6cb909625b","name":"21dbd100-6940-42c2-9190-5d6cb909625b","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto User","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/515eb02d-2335-4d2d-92f2-b1cbdf9c3778","name":"515eb02d-2335-4d2d-92f2-b1cbdf9c3778","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Crypto Officer","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4","name":"a290e904-7015-4bba-90c8-60543313cdb4","properties":{"assignableScopes":["/"],"description":"","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/keys/read/action","Microsoft.KeyVault/managedHsm/keys/write/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action","Microsoft.KeyVault/managedHsm/keys/backup/action","Microsoft.KeyVault/managedHsm/keys/restore/action","Microsoft.KeyVault/managedHsm/roleAssignments/delete/action","Microsoft.KeyVault/managedHsm/roleAssignments/read/action","Microsoft.KeyVault/managedHsm/roleAssignments/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/read/action","Microsoft.KeyVault/managedHsm/roleDefinitions/write/action","Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action","Microsoft.KeyVault/managedHsm/keys/encrypt/action","Microsoft.KeyVault/managedHsm/keys/decrypt/action","Microsoft.KeyVault/managedHsm/keys/wrap/action","Microsoft.KeyVault/managedHsm/keys/unwrap/action","Microsoft.KeyVault/managedHsm/keys/sign/action","Microsoft.KeyVault/managedHsm/keys/verify/action","Microsoft.KeyVault/managedHsm/keys/create","Microsoft.KeyVault/managedHsm/keys/delete","Microsoft.KeyVault/managedHsm/keys/export/action","Microsoft.KeyVault/managedHsm/keys/import/action","Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete","Microsoft.KeyVault/managedHsm/securitydomain/download/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/action","Microsoft.KeyVault/managedHsm/securitydomain/upload/read","Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read","Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/restore/start/action","Microsoft.KeyVault/managedHsm/backup/status/action","Microsoft.KeyVault/managedHsm/restore/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"Managed HSM Administrator","type":"AKVBuiltInRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/0e2caeee-c32b-4f0b-92db-15920a0e576b","name":"0e2caeee-c32b-4f0b-92db-15920a0e576b","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"0e2caeee-c32b-4f0b-92db-15920a0e576b","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/d9340e70-7651-44b0-bcc8-f65db7f911f2","name":"d9340e70-7651-44b0-bcc8-f65db7f911f2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"d9340e70-7651-44b0-bcc8-f65db7f911f2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/foo","name":"foo","properties":{"assignableScopes":["/"],"description":"","permissions":[],"roleName":"foo","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/7bba88c3-6be8-476e-aeeb-789f96cbf634","name":"7bba88c3-6be8-476e-aeeb-789f96cbf634","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"7bba88c3-6be8-476e-aeeb-789f96cbf634","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/86eb7f81-018e-43aa-b733-17b5f3d1fdfc","name":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]}],"roleName":"86eb7f81-018e-43aa-b733-17b5f3d1fdfc","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"},{"id":"Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","name":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","properties":{"assignableScopes":["/"],"description":"custom role description","permissions":[{"actions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notActions":[],"notDataActions":[]},{"actions":[],"dataActions":[],"notActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"roleName":"a5e8be4f-79ef-40d7-8b21-dfe4cf04beb2","type":"CustomRole"},"type":"Microsoft.Authorization/roleDefinitions"}]}, [ + 'x-frame-options', + 'SAMEORIGIN', + 'x-ms-request-id', + '21062f24-6196-11eb-85df-0242ac120009', + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-keyvault-region', + 'westeurope', + 'content-length', + '10005', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'cache-control', + 'no-cache', + 'x-content-type-options', + 'nosniff', + 'x-ms-build-version', + '1.0.20210112-1-4fbf61ac-develop', + 'x-ms-keyvault-network-info', + 'addr=50.35.231.105', + 'x-ms-server-latency', + '1' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .put('///providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4', {"properties":{"roleName":"a290e904-7015-4bba-90c8-60543313cdb4","type":"CustomRole","permissions":[{"actions":[],"notActions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notDataActions":[]},{"actions":[],"notActions":[],"dataActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"assignableScopes":["/"]}}) + .query(true) + .reply(500, {"error":{"code":"UnknownError","message":"Unknown error (Activity ID: 211f5828-6196-11eb-85df-0242ac120009)"}}, [ + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-server-latency', + '0', + 'cache-control', + 'no-cache', + 'x-content-type-options', + 'nosniff', + 'content-length', + '111', + 'x-ms-request-id', + '211f5828-6196-11eb-85df-0242ac120009', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-frame-options', + 'SAMEORIGIN' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .put('///providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4', {"properties":{"roleName":"a290e904-7015-4bba-90c8-60543313cdb4","type":"CustomRole","permissions":[{"actions":[],"notActions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notDataActions":[]},{"actions":[],"notActions":[],"dataActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"assignableScopes":["/"]}}) + .query(true) + .reply(500, {"error":{"code":"UnknownError","message":"Unknown error (Activity ID: 213a5268-6196-11eb-85df-0242ac120009)"}}, [ + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-server-latency', + '0', + 'cache-control', + 'no-cache', + 'x-content-type-options', + 'nosniff', + 'content-length', + '111', + 'x-ms-request-id', + '213a5268-6196-11eb-85df-0242ac120009', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-frame-options', + 'SAMEORIGIN' +]); + +nock('https://azure_managedhsm.managedhsm.azure.net:443', {"encodedQueryParams":true}) + .put('///providers/Microsoft.Authorization/roleDefinitions/a290e904-7015-4bba-90c8-60543313cdb4', {"properties":{"roleName":"a290e904-7015-4bba-90c8-60543313cdb4","type":"CustomRole","permissions":[{"actions":[],"notActions":[],"dataActions":["Microsoft.KeyVault/managedHsm/backup/start/action","Microsoft.KeyVault/managedHsm/backup/status/action"],"notDataActions":[]},{"actions":[],"notActions":[],"dataActions":[],"notDataActions":["Microsoft.KeyVault/managedHsm/keys/encrypt/action"]}],"assignableScopes":["/"]}}) + .query(true) + .reply(500, {"error":{"code":"UnknownError","message":"Unknown error (Activity ID: 350df0ec-6196-11eb-85df-0242ac120009)"}}, [ + 'content-type', + 'application/json; charset=utf-8', + 'x-ms-server-latency', + '1', + 'cache-control', + 'no-cache', + 'x-content-type-options', + 'nosniff', + 'content-length', + '111', + 'x-ms-request-id', + '350df0ec-6196-11eb-85df-0242ac120009', + 'strict-transport-security', + 'max-age=31536000; includeSubDomains', + 'content-security-policy', + "default-src 'self'", + 'x-frame-options', + 'SAMEORIGIN' +]); diff --git a/sdk/keyvault/keyvault-admin/review/keyvault-admin.api.md b/sdk/keyvault/keyvault-admin/review/keyvault-admin.api.md index bda0b0655a05..43977c60b9d7 100644 --- a/sdk/keyvault/keyvault-admin/review/keyvault-admin.api.md +++ b/sdk/keyvault/keyvault-admin/review/keyvault-admin.api.md @@ -56,18 +56,29 @@ export interface CreateRoleAssignmentOptions extends coreHttp.OperationOptions { export interface DeleteRoleAssignmentOptions extends coreHttp.OperationOptions { } +// @public +export interface DeleteRoleDefinitionOptions extends coreHttp.OperationOptions { +} + // @public export interface GetRoleAssignmentOptions extends coreHttp.OperationOptions { } +// @public +export interface GetRoleDefinitionOptions extends coreHttp.OperationOptions { +} + // @public export class KeyVaultAccessControlClient { constructor(vaultUrl: string, credential: TokenCredential, options?: AccessControlClientOptions); - createRoleAssignment(roleScope: RoleAssignmentScope, name: string, roleDefinitionId: string, principalId: string, options?: CreateRoleAssignmentOptions): Promise; - deleteRoleAssignment(roleScope: RoleAssignmentScope, name: string, options?: DeleteRoleAssignmentOptions): Promise; - getRoleAssignment(roleScope: RoleAssignmentScope, name: string, options?: GetRoleAssignmentOptions): Promise; - listRoleAssignments(roleScope: RoleAssignmentScope, options?: ListRoleAssignmentsOptions): PagedAsyncIterableIterator; - listRoleDefinitions(roleScope: RoleAssignmentScope, options?: ListRoleDefinitionsOptions): PagedAsyncIterableIterator; + createRoleAssignment(roleScope: KeyVaultRoleScope, name: string, roleDefinitionId: string, principalId: string, options?: CreateRoleAssignmentOptions): Promise; + deleteRoleAssignment(roleScope: KeyVaultRoleScope, name: string, options?: DeleteRoleAssignmentOptions): Promise; + deleteRoleDefinition(roleScope: KeyVaultRoleScope, name: string, options?: DeleteRoleDefinitionOptions): Promise; + getRoleAssignment(roleScope: KeyVaultRoleScope, name: string, options?: GetRoleAssignmentOptions): Promise; + getRoleDefinition(roleScope: KeyVaultRoleScope, name: string, options?: GetRoleDefinitionOptions): Promise; + listRoleAssignments(roleScope: KeyVaultRoleScope, options?: ListRoleAssignmentsOptions): PagedAsyncIterableIterator; + listRoleDefinitions(roleScope: KeyVaultRoleScope, options?: ListRoleDefinitionsOptions): PagedAsyncIterableIterator; + upsertRoleDefinition(roleScope: KeyVaultRoleScope, name: string, permissions: KeyVaultPermission[], description?: string, options?: UpsertRoleDefinitionOptions): Promise; readonly vaultUrl: string; } @@ -89,20 +100,23 @@ export class KeyVaultBackupClient { readonly vaultUrl: string; } +// @public +export type KeyVaultDataAction = "Microsoft.KeyVault/managedHsm/keys/read/action" | "Microsoft.KeyVault/managedHsm/keys/write/action" | "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action" | "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action" | "Microsoft.KeyVault/managedHsm/keys/backup/action" | "Microsoft.KeyVault/managedHsm/keys/restore/action" | "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" | "Microsoft.KeyVault/managedHsm/roleAssignments/read/action" | "Microsoft.KeyVault/managedHsm/roleAssignments/write/action" | "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action" | "Microsoft.KeyVault/managedHsm/keys/encrypt/action" | "Microsoft.KeyVault/managedHsm/keys/decrypt/action" | "Microsoft.KeyVault/managedHsm/keys/wrap/action" | "Microsoft.KeyVault/managedHsm/keys/unwrap/action" | "Microsoft.KeyVault/managedHsm/keys/sign/action" | "Microsoft.KeyVault/managedHsm/keys/verify/action" | "Microsoft.KeyVault/managedHsm/keys/create" | "Microsoft.KeyVault/managedHsm/keys/delete" | "Microsoft.KeyVault/managedHsm/keys/export/action" | "Microsoft.KeyVault/managedHsm/keys/import/action" | "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete" | "Microsoft.KeyVault/managedHsm/securitydomain/download/action" | "Microsoft.KeyVault/managedHsm/securitydomain/upload/action" | "Microsoft.KeyVault/managedHsm/securitydomain/upload/read" | "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read" | "Microsoft.KeyVault/managedHsm/backup/start/action" | "Microsoft.KeyVault/managedHsm/restore/start/action" | "Microsoft.KeyVault/managedHsm/backup/status/action" | "Microsoft.KeyVault/managedHsm/restore/status/action" | string; + // @public export interface KeyVaultPermission { actions?: string[]; - dataActions?: string[]; + dataActions?: KeyVaultDataAction[]; notActions?: string[]; - notDataActions?: string[]; + notDataActions?: KeyVaultDataAction[]; } // @public export interface KeyVaultRoleAssignment { readonly id: string; + readonly kind: string; readonly name: string; properties: KeyVaultRoleAssignmentPropertiesWithScope; - readonly roleAssignmentType: string; } // @public @@ -115,7 +129,7 @@ export interface KeyVaultRoleAssignmentProperties { export interface KeyVaultRoleAssignmentPropertiesWithScope { principalId: string; roleDefinitionId: string; - scope?: RoleAssignmentScope; + scope?: KeyVaultRoleScope; } // @public @@ -123,13 +137,16 @@ export interface KeyVaultRoleDefinition { assignableScopes: string[]; description: string; readonly id: string; + readonly kind: string; readonly name: string; permissions: KeyVaultPermission[]; roleName: string; roleType: string; - readonly type: string; } +// @public +export type KeyVaultRoleScope = "/" | "/keys" | string; + // @public export const LATEST_API_VERSION = "7.2-preview"; @@ -161,9 +178,6 @@ export interface RestoreResult { startTime: Date; } -// @public -export type RoleAssignmentScope = "/" | "/keys" | string; - // @public export const SDK_VERSION: string; @@ -174,6 +188,10 @@ export interface SelectiveRestoreOperationState extends KeyVaultAdminPollOperati // @public export type SUPPORTED_API_VERSIONS = "7.2-preview"; +// @public +export interface UpsertRoleDefinitionOptions extends coreHttp.OperationOptions { +} + // (No @packageDocumentation comment for this package) diff --git a/sdk/keyvault/keyvault-admin/samples/typescript/src/accessControlHelloWorld.ts b/sdk/keyvault/keyvault-admin/samples/typescript/src/accessControlHelloWorld.ts index e5955e4f9b3f..2cc42c49c827 100644 --- a/sdk/keyvault/keyvault-admin/samples/typescript/src/accessControlHelloWorld.ts +++ b/sdk/keyvault/keyvault-admin/samples/typescript/src/accessControlHelloWorld.ts @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT license. -import { KeyVaultAccessControlClient } from "@azure/keyvault-admin"; +import { KeyVaultAccessControlClient, KeyVaultPermission } from "@azure/keyvault-admin"; import { DefaultAzureCredential } from "@azure/identity"; import { v4 as uuidv4 } from "uuid"; @@ -14,8 +14,6 @@ export async function main(): Promise { // - AZURE_TENANT_ID: The tenant ID in Azure Active Directory // - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant // - AZURE_CLIENT_SECRET: The client secret for the registered application - // - BLOB_STORAGE_URI: URI of the Blob Storage instance, with the name of the container where the Key Vault backups will be generated - // - BLOB_STORAGE_SAS_TOKEN: URI of the Blob Storage instance, with the name of the container where the Key Vault backups will be generated // - CLIENT_OBJECT_ID: Object ID of the application, tenant or principal to whom the role will be assigned to const credential = new DefaultAzureCredential(); const url = process.env["KEYVAULT_URI"] || ""; @@ -27,15 +25,30 @@ export async function main(): Promise { const globalScope = "/"; - // Please refer to https://docs.microsoft.com/azure/key-vault/managed-hsm/built-in-roles - // For information about built-in roles. This sample uses the Managed HSM Backup role definition ID - const managedHsmBackupRoleDefinitionId = "7b127d3c-77bd-4e3e-bbe0-dbb8971fa7f8"; + const roleDefintionName = uuidv4(); + const permissions: KeyVaultPermission[] = [ + { + dataActions: [ + "Microsoft.KeyVault/managedHsm/backup/start/action", + "Microsoft.KeyVault/managedHsm/backup/status/action" + ] + } + ]; + let roleDefinition = await client.upsertRoleDefinition( + globalScope, + roleDefintionName, + permissions, + "Allow backup actions" + ); + console.log(roleDefinition); + // This sample uses a custom role but you may assign one of the many built-in roles. + // Please refer to https://docs.microsoft.com/azure/key-vault/managed-hsm/built-in-roles for more information. const roleAssignmentName = uuidv4(); let assignment = await client.createRoleAssignment( globalScope, roleAssignmentName, - managedHsmBackupRoleDefinitionId, + roleDefinition.id, process.env["CLIENT_OBJECT_ID"] ); console.log(assignment); @@ -45,6 +58,9 @@ export async function main(): Promise { assignment = await client.deleteRoleAssignment(globalScope, roleAssignmentName); console.log(assignment); + + roleDefinition = await client.deleteRoleDefinition(globalScope, roleDefinition.name); + console.log(roleDefinition); } main().catch((err) => { diff --git a/sdk/keyvault/keyvault-admin/src/accessControlClient.ts b/sdk/keyvault/keyvault-admin/src/accessControlClient.ts index 3f4d175024db..2bb59c1ffee7 100644 --- a/sdk/keyvault/keyvault-admin/src/accessControlClient.ts +++ b/sdk/keyvault/keyvault-admin/src/accessControlClient.ts @@ -17,21 +17,28 @@ import { KeyVaultClientOptionalParams, RoleAssignmentsCreateResponse, RoleAssignmentsDeleteResponse, - RoleAssignmentsListForScopeOptionalParams + RoleAssignmentsListForScopeOptionalParams, + RoleDefinitionsCreateOrUpdateResponse, + RoleDefinitionsDeleteResponse, + RoleDefinitionsGetResponse } from "./generated/models"; import { CreateRoleAssignmentOptions, KeyVaultRoleAssignment, AccessControlClientOptions, - RoleAssignmentScope, + KeyVaultRoleScope, DeleteRoleAssignmentOptions, ListRoleAssignmentsOptions, ListRoleDefinitionsOptions, KeyVaultRoleDefinition, GetRoleAssignmentOptions, ListRoleDefinitionsPageSettings, - ListRoleAssignmentsPageSettings + ListRoleAssignmentsPageSettings, + KeyVaultPermission, + GetRoleDefinitionOptions, + UpsertRoleDefinitionOptions, + DeleteRoleDefinitionOptions } from "./accessControlModels"; import { SDK_VERSION, LATEST_API_VERSION } from "./constants"; @@ -133,7 +140,7 @@ export class KeyVaultAccessControlClient { * @param options - The optional parameters. */ public async createRoleAssignment( - roleScope: RoleAssignmentScope, + roleScope: KeyVaultRoleScope, name: string, roleDefinitionId: string, principalId: string, @@ -175,7 +182,7 @@ export class KeyVaultAccessControlClient { * ```ts * const client = new KeyVaultAccessControlClient(url, credentials); * const roleAssignment = await client.createRoleAssignment("/", "295c179b-9ad3-4117-99cd-b1aa66cf4517"); - * const deletedRoleAssignment = const await client.deleteRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name); + * const deletedRoleAssignment = await client.deleteRoleAssignment(roleAssignment.properties.roleScope, roleAssignment.name); * console.log(deletedRoleAssignment); * ``` * Deletes an existing role assignment. @@ -184,7 +191,7 @@ export class KeyVaultAccessControlClient { * @param options - The optional parameters. */ public async deleteRoleAssignment( - roleScope: RoleAssignmentScope, + roleScope: KeyVaultRoleScope, name: string, options?: DeleteRoleAssignmentOptions ): Promise { @@ -221,7 +228,7 @@ export class KeyVaultAccessControlClient { * @param options - The optional parameters. */ public async getRoleAssignment( - roleScope: RoleAssignmentScope, + roleScope: KeyVaultRoleScope, name: string, options?: GetRoleAssignmentOptions ): Promise { @@ -250,7 +257,7 @@ export class KeyVaultAccessControlClient { * @param options - Common options for the iterative endpoints. */ private async *listRoleAssignmentsPage( - roleScope: RoleAssignmentScope, + roleScope: KeyVaultRoleScope, continuationState: ListRoleAssignmentsPageSettings, options?: ListRoleAssignmentsOptions ): AsyncIterableIterator { @@ -289,7 +296,7 @@ export class KeyVaultAccessControlClient { * @param options - Common options for the iterative endpoints. */ private async *listRoleAssignmentsAll( - roleScope: RoleAssignmentScope, + roleScope: KeyVaultRoleScope, options?: ListRoleAssignmentsOptions ): AsyncIterableIterator { for await (const page of this.listRoleAssignmentsPage(roleScope, {}, options)) { @@ -312,7 +319,7 @@ export class KeyVaultAccessControlClient { * @param options - The optional parameters. */ public listRoleAssignments( - roleScope: RoleAssignmentScope, + roleScope: KeyVaultRoleScope, options: ListRoleAssignmentsOptions = {} ): PagedAsyncIterableIterator { const span = createSpan("listRoleAssignments", options); @@ -344,7 +351,7 @@ export class KeyVaultAccessControlClient { * @param options - Common options for the iterative endpoints. */ private async *listRoleDefinitionsPage( - roleScope: RoleAssignmentScope, + roleScope: KeyVaultRoleScope, continuationState: ListRoleDefinitionsPageSettings, options?: ListRoleDefinitionsOptions ): AsyncIterableIterator { @@ -383,7 +390,7 @@ export class KeyVaultAccessControlClient { * @param options - Common options for the iterative endpoints. */ private async *listRoleDefinitionsAll( - roleScope: RoleAssignmentScope, + roleScope: KeyVaultRoleScope, options?: ListRoleDefinitionsOptions ): AsyncIterableIterator { for await (const page of this.listRoleDefinitionsPage(roleScope, {}, options)) { @@ -406,7 +413,7 @@ export class KeyVaultAccessControlClient { * @param options - The optional parameters. */ public listRoleDefinitions( - roleScope: RoleAssignmentScope, + roleScope: KeyVaultRoleScope, options: ListRoleDefinitionsOptions = {} ): PagedAsyncIterableIterator { const span = createSpan("listRoleDefinitions", options); @@ -429,4 +436,124 @@ export class KeyVaultAccessControlClient { this.listRoleDefinitionsPage(roleScope, settings, updatedOptions) }; } + + /** + * Gets a role definition from Azure Key Vault. + * + * Example usage: + * ``` + * const client = new KeyVaultAccessControlClient(url, credentials); + * const roleDefinition = await client.getRoleDefinition("/", "b86a8fe4-44ce-4948-aee5-eccb2c155cd7"); + * console.log(roleDefinition); + * ``` + * @param roleScope - The scope of the role definition. + * @param name - The name of the role definition. + * @param options - The optional parameters. + */ + public async getRoleDefinition( + roleScope: KeyVaultRoleScope, + name: string, + options: GetRoleDefinitionOptions = {} + ): Promise { + const span = createSpan("getRoleDefinition", options); + + let response: RoleDefinitionsGetResponse; + try { + response = await this.client.roleDefinitions.get( + this.vaultUrl, + roleScope, + name, + setParentSpan(span, options) + ); + } finally { + span.end(); + } + + return mappings.roleDefinition.generatedToPublic(response); + } + + /** + * Upserts a role definition in an Azure Key Vault. + * + * Example usage: + * ```ts + * const client = new KeyVaultAccessControlClient(url, credentials); + * const permissions = [{ dataActions: "Microsoft.KeyVault/managedHsm/backup/start/action" }]; + * const roleDefinition = await client.upsertRoleDefintion("/", "23b8bb1a-39c0-4c89-a85b-dd3c99273a8a", permissions); + * console.log(roleDefinition); + * ``` + * @param roleScope - The scope of the role definition. + * @param name - The name of the role definition. Must be a UUID. + * @param permissions - The set of {@link KeyVaultPermission} for this role definition. + * @param description - The role definition description. + * @param options - The optional parameters. + */ + public async upsertRoleDefinition( + roleScope: KeyVaultRoleScope, + name: string, + permissions: KeyVaultPermission[], + description?: string, + options: UpsertRoleDefinitionOptions = {} + ): Promise { + const span = createSpan("upsertRoleDefinition", options); + + let response: RoleDefinitionsCreateOrUpdateResponse; + try { + response = await this.client.roleDefinitions.createOrUpdate( + this.vaultUrl, + roleScope, + name, + { + properties: { + description, + permissions, + assignableScopes: [roleScope], + roleName: name, + roleType: "CustomRole" + } + }, + setParentSpan(span, options) + ); + } finally { + span.end(); + } + + return mappings.roleDefinition.generatedToPublic(response); + } + + /** + * Deletes a custom role definition previously created in an Azure Key Vault. + * + * Example usage: + * ```ts + * const client = new KeyVaultAccessControlClient(url, credentials); + * const roleDefinition = await client.upsertRoleDefintion("/", "23b8bb1a-39c0-4c89-a85b-dd3c99273a8a", []); + * const deletedRoleDefinition = await client.deleteRoleDefinition("/", roleDefinition.name); + * console.log(deletedRoleDefinition); + * ``` + * @param roleScope - The scope of the role definition. + * @param name - The name of the role definition to delete. + * @param options - The optional parameters. + */ + public async deleteRoleDefinition( + roleScope: KeyVaultRoleScope, + name: string, + options: DeleteRoleDefinitionOptions = {} + ): Promise { + const span = createSpan("deleteRoleDefinition", options); + + let response: RoleDefinitionsDeleteResponse; + try { + response = await this.client.roleDefinitions.delete( + this.vaultUrl, + roleScope, + name, + setParentSpan(span, options) + ); + } finally { + span.end(); + } + + return mappings.roleDefinition.generatedToPublic(response); + } } diff --git a/sdk/keyvault/keyvault-admin/src/accessControlModels.ts b/sdk/keyvault/keyvault-admin/src/accessControlModels.ts index eb72f1ec829d..971afbea4c00 100644 --- a/sdk/keyvault/keyvault-admin/src/accessControlModels.ts +++ b/sdk/keyvault/keyvault-admin/src/accessControlModels.ts @@ -29,7 +29,7 @@ export interface KeyVaultRoleAssignment { /** * The role assignment type. */ - readonly roleAssignmentType: string; + readonly kind: string; /** * Role assignment properties. */ @@ -37,7 +37,7 @@ export interface KeyVaultRoleAssignment { } /** - * VaA list of Key Vault permissions. + * A list of Key Vault permissions. */ export interface KeyVaultPermission { /** @@ -45,19 +45,55 @@ export interface KeyVaultPermission { */ actions?: string[]; /** - * Denied actions. + * Actions that are excluded but not denied. They may be granted by other role definitions assigned to a principal. */ notActions?: string[]; /** * Allowed Data actions. */ - dataActions?: string[]; + dataActions?: KeyVaultDataAction[]; /** - * Denied Data actions. + * Data actions that are excluded but not denied. They may be granted by other role definitions assigned to a principal. */ - notDataActions?: string[]; + notDataActions?: KeyVaultDataAction[]; } +/** + * A union type representing all possible values for + * both {@link KeyVaultPermission.dataActions} and {@link KeyVaultPermission.notDataActions}. + */ +export type KeyVaultDataAction = + | "Microsoft.KeyVault/managedHsm/keys/read/action" + | "Microsoft.KeyVault/managedHsm/keys/write/action" + | "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action" + | "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action" + | "Microsoft.KeyVault/managedHsm/keys/backup/action" + | "Microsoft.KeyVault/managedHsm/keys/restore/action" + | "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" + | "Microsoft.KeyVault/managedHsm/roleAssignments/read/action" + | "Microsoft.KeyVault/managedHsm/roleAssignments/write/action" + | "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action" + | "Microsoft.KeyVault/managedHsm/keys/encrypt/action" + | "Microsoft.KeyVault/managedHsm/keys/decrypt/action" + | "Microsoft.KeyVault/managedHsm/keys/wrap/action" + | "Microsoft.KeyVault/managedHsm/keys/unwrap/action" + | "Microsoft.KeyVault/managedHsm/keys/sign/action" + | "Microsoft.KeyVault/managedHsm/keys/verify/action" + | "Microsoft.KeyVault/managedHsm/keys/create" + | "Microsoft.KeyVault/managedHsm/keys/delete" + | "Microsoft.KeyVault/managedHsm/keys/export/action" + | "Microsoft.KeyVault/managedHsm/keys/import/action" + | "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete" + | "Microsoft.KeyVault/managedHsm/securitydomain/download/action" + | "Microsoft.KeyVault/managedHsm/securitydomain/upload/action" + | "Microsoft.KeyVault/managedHsm/securitydomain/upload/read" + | "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read" + | "Microsoft.KeyVault/managedHsm/backup/start/action" + | "Microsoft.KeyVault/managedHsm/restore/start/action" + | "Microsoft.KeyVault/managedHsm/backup/status/action" + | "Microsoft.KeyVault/managedHsm/restore/status/action" + | string; + /** * A Key Vault role definition. */ @@ -73,7 +109,7 @@ export interface KeyVaultRoleDefinition { /** * The role definition type. */ - readonly type: string; + readonly kind: string; /** * The role name. */ @@ -111,10 +147,10 @@ export interface KeyVaultRoleAssignmentProperties { } /** - * A scope of the role assignment. + * A scope of the role assignment or definition. * The valid scopes are: "/", "/keys" and any a specific resource Id followed by a slash, as in "ID/". */ -export type RoleAssignmentScope = "/" | "/keys" | string; +export type KeyVaultRoleScope = "/" | "/keys" | string; /** * Role assignment properties with the scope property. @@ -123,7 +159,7 @@ export interface KeyVaultRoleAssignmentPropertiesWithScope { /** * The role assignment scope. */ - scope?: RoleAssignmentScope; + scope?: KeyVaultRoleScope; /** * The role definition ID. */ @@ -162,6 +198,21 @@ export interface ListRoleAssignmentsOptions extends coreHttp.OperationOptions {} */ export interface ListRoleDefinitionsOptions extends coreHttp.OperationOptions {} +/** + * An interface representing optional parameters passed to {@link getRoleDefinition}. + */ +export interface GetRoleDefinitionOptions extends coreHttp.OperationOptions {} + +/** + * An interface representing optional parameters passed to {@link upsertRoleDefinition}. + */ +export interface UpsertRoleDefinitionOptions extends coreHttp.OperationOptions {} + +/** + * An interface representing optional parameters passed to {@link deleteRoleDefinition}. + */ +export interface DeleteRoleDefinitionOptions extends coreHttp.OperationOptions {} + /** * Arguments for retrieving the next page of search results. */ diff --git a/sdk/keyvault/keyvault-admin/src/generated/index.ts b/sdk/keyvault/keyvault-admin/src/generated/index.ts new file mode 100644 index 000000000000..1ed0b66df617 --- /dev/null +++ b/sdk/keyvault/keyvault-admin/src/generated/index.ts @@ -0,0 +1,11 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export * from "./models"; +export { KeyVaultClient } from "./keyVaultClient"; +export { KeyVaultClientContext } from "./keyVaultClientContext"; diff --git a/sdk/keyvault/keyvault-admin/src/generated/keyVaultClient.ts b/sdk/keyvault/keyvault-admin/src/generated/keyVaultClient.ts index 662b29b422be..d141d0668046 100644 --- a/sdk/keyvault/keyvault-admin/src/generated/keyVaultClient.ts +++ b/sdk/keyvault/keyvault-admin/src/generated/keyVaultClient.ts @@ -7,9 +7,8 @@ */ import * as coreHttp from "@azure/core-http"; -import * as operations from "./operations"; +import { RoleDefinitions, RoleAssignments } from "./operations"; import * as Parameters from "./models/parameters"; -import * as Models from "./models"; import * as Mappers from "./models/mappers"; import { KeyVaultClientContext } from "./keyVaultClientContext"; import { @@ -24,15 +23,15 @@ import { KeyVaultClientSelectiveKeyRestoreOperationResponse } from "./models"; -class KeyVaultClient extends KeyVaultClientContext { +export class KeyVaultClient extends KeyVaultClientContext { /** * Initializes a new instance of the KeyVaultClient class. * @param options The parameter options */ constructor(options?: KeyVaultClientOptionalParams) { super(options); - this.roleDefinitions = new operations.RoleDefinitions(this); - this.roleAssignments = new operations.RoleAssignments(this); + this.roleDefinitions = new RoleDefinitions(this); + this.roleAssignments = new RoleAssignments(this); } /** @@ -133,8 +132,8 @@ class KeyVaultClient extends KeyVaultClientContext { ) as Promise; } - roleDefinitions: operations.RoleDefinitions; - roleAssignments: operations.RoleAssignments; + roleDefinitions: RoleDefinitions; + roleAssignments: RoleAssignments; } // Operation Specifications @@ -155,7 +154,7 @@ const fullBackupOperationSpec: coreHttp.OperationSpec = { requestBody: Parameters.azureStorageBlobContainerUri, queryParameters: [Parameters.apiVersion], urlParameters: [Parameters.vaultBaseUrl], - headerParameters: [Parameters.contentType], + headerParameters: [Parameters.contentType, Parameters.accept1], mediaType: "json", serializer }; @@ -172,6 +171,7 @@ const fullBackupStatusOperationSpec: coreHttp.OperationSpec = { }, queryParameters: [Parameters.apiVersion], urlParameters: [Parameters.vaultBaseUrl, Parameters.jobId], + headerParameters: [Parameters.accept], serializer }; const fullRestoreOperationOperationSpec: coreHttp.OperationSpec = { @@ -189,7 +189,7 @@ const fullRestoreOperationOperationSpec: coreHttp.OperationSpec = { requestBody: Parameters.restoreBlobDetails, queryParameters: [Parameters.apiVersion], urlParameters: [Parameters.vaultBaseUrl], - headerParameters: [Parameters.contentType], + headerParameters: [Parameters.contentType, Parameters.accept1], mediaType: "json", serializer }; @@ -206,6 +206,7 @@ const restoreStatusOperationSpec: coreHttp.OperationSpec = { }, queryParameters: [Parameters.apiVersion], urlParameters: [Parameters.vaultBaseUrl, Parameters.jobId], + headerParameters: [Parameters.accept], serializer }; const selectiveKeyRestoreOperationOperationSpec: coreHttp.OperationSpec = { @@ -223,17 +224,7 @@ const selectiveKeyRestoreOperationOperationSpec: coreHttp.OperationSpec = { requestBody: Parameters.restoreBlobDetails1, queryParameters: [Parameters.apiVersion], urlParameters: [Parameters.vaultBaseUrl, Parameters.keyName], - headerParameters: [Parameters.contentType], + headerParameters: [Parameters.contentType, Parameters.accept1], mediaType: "json", serializer }; - -// Operation Specifications - -export { - KeyVaultClient, - KeyVaultClientContext, - Models as KeyVaultModels, - Mappers as KeyVaultMappers -}; -export * from "./operations"; diff --git a/sdk/keyvault/keyvault-admin/src/generated/models/index.ts b/sdk/keyvault/keyvault-admin/src/generated/models/index.ts index c1d0e4bf3e36..d9d9ceb408c7 100644 --- a/sdk/keyvault/keyvault-admin/src/generated/models/index.ts +++ b/sdk/keyvault/keyvault-admin/src/generated/models/index.ts @@ -8,20 +8,6 @@ import * as coreHttp from "@azure/core-http"; -/** - * Role definition list operation result. - */ -export interface RoleDefinitionListResult { - /** - * Role definition list. - */ - value?: RoleDefinition[]; - /** - * The URL to use for getting the next set of results. - */ - nextLink?: string; -} - /** * Role definition. */ @@ -37,7 +23,33 @@ export interface RoleDefinition { /** * The role definition type. */ - readonly type?: string; + readonly type?: RoleDefinitionType; + /** + * The role name. + */ + roleName?: string; + /** + * The role definition description. + */ + description?: string; + /** + * The role type. + */ + roleType?: RoleType; + /** + * Role definition permissions. + */ + permissions?: Permission[]; + /** + * Role definition assignable scopes. + */ + assignableScopes?: RoleScope[]; +} + +/** + * Role definition properties. + */ +export interface RoleDefinitionProperties { /** * The role name. */ @@ -49,7 +61,7 @@ export interface RoleDefinition { /** * The role type. */ - roleType?: string; + roleType?: RoleType; /** * Role definition permissions. */ @@ -57,7 +69,7 @@ export interface RoleDefinition { /** * Role definition assignable scopes. */ - assignableScopes?: string[]; + assignableScopes?: RoleScope[]; } /** @@ -65,21 +77,21 @@ export interface RoleDefinition { */ export interface Permission { /** - * Allowed actions. + * Action permissions that are granted. */ actions?: string[]; /** - * Denied actions. + * Action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal. */ notActions?: string[]; /** - * Allowed Data actions. + * Data action permissions that are granted. */ - dataActions?: string[]; + dataActions?: DataAction[]; /** - * Denied Data actions. + * Data action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal. */ - notDataActions?: string[]; + notDataActions?: DataAction[]; } /** @@ -110,6 +122,30 @@ export interface ErrorModel { readonly innerError?: ErrorModel; } +/** + * Role definition create parameters. + */ +export interface RoleDefinitionCreateParameters { + /** + * Role definition properties. + */ + properties: RoleDefinitionProperties; +} + +/** + * Role definition list operation result. + */ +export interface RoleDefinitionListResult { + /** + * Role definition list. + */ + value?: RoleDefinition[]; + /** + * The URL to use for getting the next set of results. + */ + nextLink?: string; +} + /** * Role Assignments */ @@ -137,9 +173,9 @@ export interface RoleAssignment { */ export interface RoleAssignmentPropertiesWithScope { /** - * The role assignment scope. + * The role scope. */ - scope?: string; + scope?: RoleScope; /** * The role definition ID. */ @@ -234,6 +270,9 @@ export interface FullBackupOperation { } export interface RestoreOperationParameters { + /** + * SAS token parameter object containing Azure storage resourceUri and token + */ sasTokenParameters: SASTokenParameter; /** * The Folder name of the blob where the previous successful full backup was stored @@ -272,6 +311,9 @@ export interface RestoreOperation { } export interface SelectiveKeyRestoreOperationParameters { + /** + * SAS token parameter object containing Azure storage resourceUri and token + */ sasTokenParameters: SASTokenParameter; /** * The Folder name of the blob where the previous successful full backup was stored @@ -333,7 +375,13 @@ export interface RoleDefinitionFilter { * Defines headers for KeyVaultClient_fullBackup operation. */ export interface KeyVaultClientFullBackupHeaders { + /** + * The recommended number of seconds to wait before calling the URI specified in Azure-AsyncOperation. + */ retryAfter?: number; + /** + * The URI to poll for completion status. + */ azureAsyncOperation?: string; } @@ -341,7 +389,13 @@ export interface KeyVaultClientFullBackupHeaders { * Defines headers for KeyVaultClient_fullRestoreOperation operation. */ export interface KeyVaultClientFullRestoreOperationHeaders { + /** + * The recommended number of seconds to wait before calling the URI specified in Azure-AsyncOperation. + */ retryAfter?: number; + /** + * The URI to poll for completion status. + */ azureAsyncOperation?: string; } @@ -349,10 +403,125 @@ export interface KeyVaultClientFullRestoreOperationHeaders { * Defines headers for KeyVaultClient_selectiveKeyRestoreOperation operation. */ export interface KeyVaultClientSelectiveKeyRestoreOperationHeaders { + /** + * The recommended number of seconds to wait before calling the URI specified in Azure-AsyncOperation. + */ retryAfter?: number; + /** + * The URI to poll for completion status. + */ azureAsyncOperation?: string; } +/** + * Defines values for RoleDefinitionType. + */ +export type RoleDefinitionType = + | "Microsoft.Authorization/roleDefinitions" + | string; +/** + * Defines values for RoleType. + */ +export type RoleType = "AKVBuiltInRole" | "CustomRole" | string; +/** + * Defines values for DataAction. + */ +export type DataAction = + | "Microsoft.KeyVault/managedHsm/keys/read/action" + | "Microsoft.KeyVault/managedHsm/keys/write/action" + | "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action" + | "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action" + | "Microsoft.KeyVault/managedHsm/keys/backup/action" + | "Microsoft.KeyVault/managedHsm/keys/restore/action" + | "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action" + | "Microsoft.KeyVault/managedHsm/roleAssignments/read/action" + | "Microsoft.KeyVault/managedHsm/roleAssignments/write/action" + | "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action" + | "Microsoft.KeyVault/managedHsm/keys/encrypt/action" + | "Microsoft.KeyVault/managedHsm/keys/decrypt/action" + | "Microsoft.KeyVault/managedHsm/keys/wrap/action" + | "Microsoft.KeyVault/managedHsm/keys/unwrap/action" + | "Microsoft.KeyVault/managedHsm/keys/sign/action" + | "Microsoft.KeyVault/managedHsm/keys/verify/action" + | "Microsoft.KeyVault/managedHsm/keys/create" + | "Microsoft.KeyVault/managedHsm/keys/delete" + | "Microsoft.KeyVault/managedHsm/keys/export/action" + | "Microsoft.KeyVault/managedHsm/keys/import/action" + | "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete" + | "Microsoft.KeyVault/managedHsm/securitydomain/download/action" + | "Microsoft.KeyVault/managedHsm/securitydomain/upload/action" + | "Microsoft.KeyVault/managedHsm/securitydomain/upload/read" + | "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read" + | "Microsoft.KeyVault/managedHsm/backup/start/action" + | "Microsoft.KeyVault/managedHsm/restore/start/action" + | "Microsoft.KeyVault/managedHsm/backup/status/action" + | "Microsoft.KeyVault/managedHsm/restore/status/action" + | string; +/** + * Defines values for RoleScope. + */ +export type RoleScope = "/" | "/keys" | string; + +/** + * Contains response data for the delete operation. + */ +export type RoleDefinitionsDeleteResponse = RoleDefinition & { + /** + * The underlying HTTP response. + */ + _response: coreHttp.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: RoleDefinition; + }; +}; + +/** + * Contains response data for the createOrUpdate operation. + */ +export type RoleDefinitionsCreateOrUpdateResponse = RoleDefinition & { + /** + * The underlying HTTP response. + */ + _response: coreHttp.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: RoleDefinition; + }; +}; + +/** + * Contains response data for the get operation. + */ +export type RoleDefinitionsGetResponse = RoleDefinition & { + /** + * The underlying HTTP response. + */ + _response: coreHttp.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: RoleDefinition; + }; +}; + /** * Optional parameters. */ diff --git a/sdk/keyvault/keyvault-admin/src/generated/models/mappers.ts b/sdk/keyvault/keyvault-admin/src/generated/models/mappers.ts index 55d55e34a007..93fe23c5501c 100644 --- a/sdk/keyvault/keyvault-admin/src/generated/models/mappers.ts +++ b/sdk/keyvault/keyvault-admin/src/generated/models/mappers.ts @@ -8,28 +8,6 @@ import * as coreHttp from "@azure/core-http"; -export const RoleDefinitionListResult: coreHttp.CompositeMapper = { - type: { - name: "Composite", - className: "RoleDefinitionListResult", - modelProperties: { - value: { - serializedName: "value", - type: { - name: "Sequence", - element: { type: { name: "Composite", className: "RoleDefinition" } } - } - }, - nextLink: { - serializedName: "nextLink", - type: { - name: "String" - } - } - } - } -}; - export const RoleDefinition: coreHttp.CompositeMapper = { type: { name: "Composite", @@ -92,6 +70,47 @@ export const RoleDefinition: coreHttp.CompositeMapper = { } }; +export const RoleDefinitionProperties: coreHttp.CompositeMapper = { + type: { + name: "Composite", + className: "RoleDefinitionProperties", + modelProperties: { + roleName: { + serializedName: "roleName", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + roleType: { + serializedName: "type", + type: { + name: "String" + } + }, + permissions: { + serializedName: "permissions", + type: { + name: "Sequence", + element: { type: { name: "Composite", className: "Permission" } } + } + }, + assignableScopes: { + serializedName: "assignableScopes", + type: { + name: "Sequence", + element: { type: { name: "String" } } + } + } + } + } +}; + export const Permission: coreHttp.CompositeMapper = { type: { name: "Composite", @@ -175,6 +194,44 @@ export const ErrorModel: coreHttp.CompositeMapper = { } }; +export const RoleDefinitionCreateParameters: coreHttp.CompositeMapper = { + type: { + name: "Composite", + className: "RoleDefinitionCreateParameters", + modelProperties: { + properties: { + serializedName: "properties", + type: { + name: "Composite", + className: "RoleDefinitionProperties" + } + } + } + } +}; + +export const RoleDefinitionListResult: coreHttp.CompositeMapper = { + type: { + name: "Composite", + className: "RoleDefinitionListResult", + modelProperties: { + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { type: { name: "Composite", className: "RoleDefinition" } } + } + }, + nextLink: { + serializedName: "nextLink", + type: { + name: "String" + } + } + } + } +}; + export const RoleAssignment: coreHttp.CompositeMapper = { type: { name: "Composite", diff --git a/sdk/keyvault/keyvault-admin/src/generated/models/parameters.ts b/sdk/keyvault/keyvault-admin/src/generated/models/parameters.ts index 8798767fd55e..43a0531c87d1 100644 --- a/sdk/keyvault/keyvault-admin/src/generated/models/parameters.ts +++ b/sdk/keyvault/keyvault-admin/src/generated/models/parameters.ts @@ -7,17 +7,30 @@ */ import { + OperationParameter, OperationURLParameter, - OperationQueryParameter, - OperationParameter + OperationQueryParameter } from "@azure/core-http"; import { + RoleDefinitionCreateParameters as RoleDefinitionCreateParametersMapper, RoleAssignmentCreateParameters as RoleAssignmentCreateParametersMapper, SASTokenParameter as SASTokenParameterMapper, RestoreOperationParameters as RestoreOperationParametersMapper, SelectiveKeyRestoreOperationParameters as SelectiveKeyRestoreOperationParametersMapper } from "../models/mappers"; +export const accept: OperationParameter = { + parameterPath: "accept", + mapper: { + defaultValue: "application/json", + isConstant: true, + serializedName: "Accept", + type: { + name: "String" + } + } +}; + export const vaultBaseUrl: OperationURLParameter = { parameterPath: "vaultBaseUrl", mapper: { @@ -42,10 +55,11 @@ export const scope: OperationURLParameter = { skipEncoding: true }; -export const filter: OperationQueryParameter = { - parameterPath: ["options", "filter"], +export const roleDefinitionName: OperationURLParameter = { + parameterPath: "roleDefinitionName", mapper: { - serializedName: "$filter", + serializedName: "roleDefinitionName", + required: true, type: { name: "String" } @@ -64,6 +78,45 @@ export const apiVersion: OperationQueryParameter = { } }; +export const contentType: OperationParameter = { + parameterPath: ["options", "contentType"], + mapper: { + defaultValue: "application/json", + isConstant: true, + serializedName: "Content-Type", + type: { + name: "String" + } + } +}; + +export const parameters: OperationParameter = { + parameterPath: "parameters", + mapper: RoleDefinitionCreateParametersMapper +}; + +export const accept1: OperationParameter = { + parameterPath: "accept", + mapper: { + defaultValue: "application/json", + isConstant: true, + serializedName: "Accept", + type: { + name: "String" + } + } +}; + +export const filter: OperationQueryParameter = { + parameterPath: ["options", "filter"], + mapper: { + serializedName: "$filter", + type: { + name: "String" + } + } +}; + export const nextLink: OperationURLParameter = { parameterPath: "nextLink", mapper: { @@ -87,19 +140,7 @@ export const roleAssignmentName: OperationURLParameter = { } }; -export const contentType: OperationParameter = { - parameterPath: ["options", "contentType"], - mapper: { - defaultValue: "application/json", - isConstant: true, - serializedName: "Content-Type", - type: { - name: "String" - } - } -}; - -export const parameters: OperationParameter = { +export const parameters1: OperationParameter = { parameterPath: "parameters", mapper: RoleAssignmentCreateParametersMapper }; diff --git a/sdk/keyvault/keyvault-admin/src/generated/operations/roleAssignments.ts b/sdk/keyvault/keyvault-admin/src/generated/operations/roleAssignments.ts index e8251fac8d9e..7e6c98a4e1d3 100644 --- a/sdk/keyvault/keyvault-admin/src/generated/operations/roleAssignments.ts +++ b/sdk/keyvault/keyvault-admin/src/generated/operations/roleAssignments.ts @@ -173,6 +173,7 @@ const deleteOperationSpec: coreHttp.OperationSpec = { Parameters.scope, Parameters.roleAssignmentName ], + headerParameters: [Parameters.accept], serializer }; const createOperationSpec: coreHttp.OperationSpec = { @@ -187,14 +188,14 @@ const createOperationSpec: coreHttp.OperationSpec = { bodyMapper: Mappers.KeyVaultError } }, - requestBody: Parameters.parameters, + requestBody: Parameters.parameters1, queryParameters: [Parameters.apiVersion], urlParameters: [ Parameters.vaultBaseUrl, Parameters.scope, Parameters.roleAssignmentName ], - headerParameters: [Parameters.contentType], + headerParameters: [Parameters.contentType, Parameters.accept1], mediaType: "json", serializer }; @@ -216,6 +217,7 @@ const getOperationSpec: coreHttp.OperationSpec = { Parameters.scope, Parameters.roleAssignmentName ], + headerParameters: [Parameters.accept], serializer }; const listForScopeOperationSpec: coreHttp.OperationSpec = { @@ -229,8 +231,9 @@ const listForScopeOperationSpec: coreHttp.OperationSpec = { bodyMapper: Mappers.KeyVaultError } }, - queryParameters: [Parameters.filter, Parameters.apiVersion], + queryParameters: [Parameters.apiVersion, Parameters.filter], urlParameters: [Parameters.vaultBaseUrl, Parameters.scope], + headerParameters: [Parameters.accept], serializer }; const listForScopeNextOperationSpec: coreHttp.OperationSpec = { @@ -244,11 +247,12 @@ const listForScopeNextOperationSpec: coreHttp.OperationSpec = { bodyMapper: Mappers.KeyVaultError } }, - queryParameters: [Parameters.filter, Parameters.apiVersion], + queryParameters: [Parameters.apiVersion, Parameters.filter], urlParameters: [ Parameters.vaultBaseUrl, Parameters.scope, Parameters.nextLink ], + headerParameters: [Parameters.accept], serializer }; diff --git a/sdk/keyvault/keyvault-admin/src/generated/operations/roleDefinitions.ts b/sdk/keyvault/keyvault-admin/src/generated/operations/roleDefinitions.ts index 092ec8799d3d..2a048b3d6b68 100644 --- a/sdk/keyvault/keyvault-admin/src/generated/operations/roleDefinitions.ts +++ b/sdk/keyvault/keyvault-admin/src/generated/operations/roleDefinitions.ts @@ -11,6 +11,10 @@ import * as Mappers from "../models/mappers"; import * as Parameters from "../models/parameters"; import { KeyVaultClient } from "../keyVaultClient"; import { + RoleDefinitionsDeleteResponse, + RoleDefinitionCreateParameters, + RoleDefinitionsCreateOrUpdateResponse, + RoleDefinitionsGetResponse, RoleDefinitionsListOptionalParams, RoleDefinitionsListResponse, RoleDefinitionsListNextOptionalParams, @@ -31,6 +35,81 @@ export class RoleDefinitions { this.client = client; } + /** + * Deletes a custom role definition. + * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net. + * @param scope The scope of the role definition to delete. Managed HSM only supports '/'. + * @param roleDefinitionName The name (GUID) of the role definition to delete. + * @param options The options parameters. + */ + delete( + vaultBaseUrl: string, + scope: string, + roleDefinitionName: string, + options?: coreHttp.OperationOptions + ): Promise { + const operationOptions: coreHttp.RequestOptionsBase = coreHttp.operationOptionsToRequestOptionsBase( + options || {} + ); + return this.client.sendOperationRequest( + { vaultBaseUrl, scope, roleDefinitionName, options: operationOptions }, + deleteOperationSpec + ) as Promise; + } + + /** + * Creates or updates a custom role definition. + * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net. + * @param scope The scope of the role definition to create or update. Managed HSM only supports '/'. + * @param roleDefinitionName The name of the role definition to create or update. It can be any valid + * GUID. + * @param parameters Parameters for the role definition. + * @param options The options parameters. + */ + createOrUpdate( + vaultBaseUrl: string, + scope: string, + roleDefinitionName: string, + parameters: RoleDefinitionCreateParameters, + options?: coreHttp.OperationOptions + ): Promise { + const operationOptions: coreHttp.RequestOptionsBase = coreHttp.operationOptionsToRequestOptionsBase( + options || {} + ); + return this.client.sendOperationRequest( + { + vaultBaseUrl, + scope, + roleDefinitionName, + parameters, + options: operationOptions + }, + createOrUpdateOperationSpec + ) as Promise; + } + + /** + * Get the specified role definition. + * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net. + * @param scope The scope of the role definition to get. Managed HSM only supports '/'. + * @param roleDefinitionName The name of the role definition to get. + * @param options The options parameters. + */ + get( + vaultBaseUrl: string, + scope: string, + roleDefinitionName: string, + options?: coreHttp.OperationOptions + ): Promise { + const operationOptions: coreHttp.RequestOptionsBase = coreHttp.operationOptionsToRequestOptionsBase( + options || {} + ); + return this.client.sendOperationRequest( + { vaultBaseUrl, scope, roleDefinitionName, options: operationOptions }, + getOperationSpec + ) as Promise; + } + /** * Get all role definitions that are applicable at scope and above. * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net. @@ -77,6 +156,71 @@ export class RoleDefinitions { const serializer = new coreHttp.Serializer(Mappers, /* isXml */ false); +const deleteOperationSpec: coreHttp.OperationSpec = { + path: + "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}", + httpMethod: "DELETE", + responses: { + 200: { + bodyMapper: Mappers.RoleDefinition + }, + default: { + bodyMapper: Mappers.KeyVaultError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.vaultBaseUrl, + Parameters.scope, + Parameters.roleDefinitionName + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreHttp.OperationSpec = { + path: + "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}", + httpMethod: "PUT", + responses: { + 201: { + bodyMapper: Mappers.RoleDefinition + }, + default: { + bodyMapper: Mappers.KeyVaultError + } + }, + requestBody: Parameters.parameters, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.vaultBaseUrl, + Parameters.scope, + Parameters.roleDefinitionName + ], + headerParameters: [Parameters.contentType, Parameters.accept1], + mediaType: "json", + serializer +}; +const getOperationSpec: coreHttp.OperationSpec = { + path: + "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.RoleDefinition + }, + default: { + bodyMapper: Mappers.KeyVaultError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.vaultBaseUrl, + Parameters.scope, + Parameters.roleDefinitionName + ], + headerParameters: [Parameters.accept], + serializer +}; const listOperationSpec: coreHttp.OperationSpec = { path: "/{scope}/providers/Microsoft.Authorization/roleDefinitions", httpMethod: "GET", @@ -88,8 +232,9 @@ const listOperationSpec: coreHttp.OperationSpec = { bodyMapper: Mappers.KeyVaultError } }, - queryParameters: [Parameters.filter, Parameters.apiVersion], + queryParameters: [Parameters.apiVersion, Parameters.filter], urlParameters: [Parameters.vaultBaseUrl, Parameters.scope], + headerParameters: [Parameters.accept], serializer }; const listNextOperationSpec: coreHttp.OperationSpec = { @@ -103,11 +248,12 @@ const listNextOperationSpec: coreHttp.OperationSpec = { bodyMapper: Mappers.KeyVaultError } }, - queryParameters: [Parameters.filter, Parameters.apiVersion], + queryParameters: [Parameters.apiVersion, Parameters.filter], urlParameters: [ Parameters.vaultBaseUrl, Parameters.scope, Parameters.nextLink ], + headerParameters: [Parameters.accept], serializer }; diff --git a/sdk/keyvault/keyvault-admin/src/mappings.ts b/sdk/keyvault/keyvault-admin/src/mappings.ts index dcce9595dcef..a9a5f86b2813 100644 --- a/sdk/keyvault/keyvault-admin/src/mappings.ts +++ b/sdk/keyvault/keyvault-admin/src/mappings.ts @@ -5,7 +5,7 @@ import { RoleAssignment, RoleDefinition } from "./generated/models"; import { KeyVaultRoleAssignment, KeyVaultRoleDefinition, - RoleAssignmentScope + KeyVaultRoleScope } from "./accessControlModels"; export const mappings = { @@ -16,9 +16,9 @@ export const mappings = { return { id: id!, name: name!, - roleAssignmentType: type!, + kind: type!, properties: { - scope: scope as RoleAssignmentScope, + scope: scope as KeyVaultRoleScope, roleDefinitionId: roleDefinitionId!, principalId: principalId! } @@ -40,7 +40,7 @@ export const mappings = { return { id: id!, name: name!, - type: type!, + kind: type!, roleName: roleName!, description: description!, roleType: roleType!, diff --git a/sdk/keyvault/keyvault-admin/swagger/README.md b/sdk/keyvault/keyvault-admin/swagger/README.md index 22ef45c4c3f6..e5f1a75f7bc9 100644 --- a/sdk/keyvault/keyvault-admin/swagger/README.md +++ b/sdk/keyvault/keyvault-admin/swagger/README.md @@ -2,32 +2,33 @@ > see https://aka.ms/autorest -``` yaml +```yaml package-name: "@azure/keyvault-admin" use-extension: - "@autorest/typescript": "6.0.0-dev.20200623.2" + "@autorest/typescript": "6.0.0-dev.20200917.1" azure-arm: false generate-metadata: false add-credentials: false license-header: MICROSOFT_MIT_NO_VERSION input-file: - - https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json - - https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/backuprestore.json + - https://raw.githubusercontent.com/Azure/azure-rest-api-specs/f7879713cbd89efb2c68c6b6f2566b49db97d832/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json + - https://raw.githubusercontent.com/Azure/azure-rest-api-specs/f7879713cbd89efb2c68c6b6f2566b49db97d832/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/backuprestore.json output-folder: ../ source-code-folder-path: ./src/generated ``` ### Hide LROs -``` yaml + +```yaml directive: -- from: swagger-document - where: $["paths"] - transform: > - for (var path in $) { - for (var op of Object.values($[path])) { - if (op["x-ms-long-running-operation"]) { - delete op["x-ms-long-running-operation"]; - } - } - } -``` \ No newline at end of file + - from: swagger-document + where: $["paths"] + transform: > + for (var path in $) { + for (var op of Object.values($[path])) { + if (op["x-ms-long-running-operation"]) { + delete op["x-ms-long-running-operation"]; + } + } + } +``` diff --git a/sdk/keyvault/keyvault-admin/test/public/accessControlClient.spec.ts b/sdk/keyvault/keyvault-admin/test/public/accessControlClient.spec.ts index 1d5a61014afb..eac973169df5 100644 --- a/sdk/keyvault/keyvault-admin/test/public/accessControlClient.spec.ts +++ b/sdk/keyvault/keyvault-admin/test/public/accessControlClient.spec.ts @@ -1,10 +1,12 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT license. -import { assert } from "chai"; +import chai, { assert } from "chai"; +import chaiAsPromised from "chai-as-promised"; +chai.use(chaiAsPromised); import { env, Recorder } from "@azure/test-utils-recorder"; -import { KeyVaultAccessControlClient, KeyVaultRoleDefinition } from "../../src"; +import { KeyVaultAccessControlClient, KeyVaultPermission, KeyVaultRoleDefinition } from "../../src"; import { authenticate } from "../utils/authentication"; describe("KeyVaultAccessControlClient", () => { @@ -24,27 +26,150 @@ describe("KeyVaultAccessControlClient", () => { await recorder.stop(); }); - it("listRoleDefinitions", async function() { - const expectedType = "Microsoft.Authorization/roleDefinitions"; - let receivedRoles: string[] = []; - - for await (const roleDefinition of client.listRoleDefinitions(globalScope)) { - // Each role definition will have the shape of: - // - // { - // id: 'Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/', - // name: '', - // type: '', - // roleName: '', - // // ... - // } - // - assert.equal(roleDefinition.type, expectedType); - receivedRoles.push(roleDefinition.roleName!); - } + describe("role definitions", function() { + const permissions: KeyVaultPermission[] = [ + { + actions: [], + dataActions: [ + "Microsoft.KeyVault/managedHsm/backup/start/action", + "Microsoft.KeyVault/managedHsm/backup/status/action" + ], + notActions: [], + notDataActions: [] + } + ]; + + it("listRoleDefinitions", async function() { + const expectedType = "Microsoft.Authorization/roleDefinitions"; + let receivedRoles: string[] = []; + + for await (const roleDefinition of client.listRoleDefinitions(globalScope)) { + // Each role definition will have the shape of: + // + // { + // id: 'Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/', + // name: '', + // type: '', + // roleName: '', + // // ... + // } + // + assert.equal(roleDefinition.kind, expectedType); + receivedRoles.push(roleDefinition.roleName!); + } - // Roles might change - assert.ok(receivedRoles.length); + // Roles might change + assert.ok(receivedRoles.length); + }); + + describe("getRoleDefinition", function() { + it("returns a role definition by name", async function() { + const anyRoleDefinition = (await client.listRoleDefinitions(globalScope).next()).value; + + const roleDefinition = await client.getRoleDefinition(globalScope, anyRoleDefinition.name); + + assert.deepEqual(roleDefinition, anyRoleDefinition); + }); + + it("errors when the role definition cannot be found", async function() { + await assert.isRejected(client.getRoleDefinition(globalScope, "does_not_exist")); + }); + }); + + it("can create, update, and delete a role definition (happy path)", async function() { + const name = generateFakeUUID(); + const description = "custom role description"; + let roleDefinition: KeyVaultRoleDefinition = await client.upsertRoleDefinition( + globalScope, + name, + permissions, + description + ); + + assert.equal(roleDefinition.name, name); + assert.equal(roleDefinition.description, description); + assert.deepEqual(roleDefinition.permissions, permissions); + assert.equal(roleDefinition.assignableScopes[0], globalScope); + assert.equal("Microsoft.Authorization/roleDefinitions", roleDefinition.kind); + assert.equal(roleDefinition.roleType, "CustomRole"); + + const id = roleDefinition.id; + + permissions.push({ + actions: [], + notActions: [], + dataActions: [], + notDataActions: ["Microsoft.KeyVault/managedHsm/keys/encrypt/action"] + }); + + roleDefinition = await client.upsertRoleDefinition( + globalScope, + name, + permissions, + description + ); + + assert.equal(roleDefinition.id, id); + assert.deepEqual(roleDefinition.permissions, permissions); + + await client.deleteRoleDefinition(globalScope, roleDefinition.name); + + for await (const definition of client.listRoleDefinitions(globalScope)) { + if (definition.id === roleDefinition.id) { + assert.fail( + "expected to successfully delete custom role definition, but it still exists." + ); + } + } + }); + + describe("upsertRoleDefinition", function() { + it.skip("errors when name is not a valid guid", async function() { + // There's a service issue preventing this test from running. + // Skipping until ADO 9226405 is resolved + await assert.isRejected(client.upsertRoleDefinition(globalScope, "foo", [])); + }); + + it("errors when updating a built-in role definition", async function() { + let builtInDefinition: KeyVaultRoleDefinition | undefined = undefined; + + for await (const definition of client.listRoleDefinitions(globalScope)) { + if (definition.roleType !== "CustomRole") { + builtInDefinition = definition; + } + } + + if (!builtInDefinition) { + assert.fail("Could not find a built in role definition to test against."); + } + + await assert.isRejected( + client.upsertRoleDefinition(globalScope, builtInDefinition.name, permissions) + ); + }); + }); + + describe("deleteRoleDefinition", function() { + it("errors when deleting a built-in role definition", async function() { + let builtInDefinition: KeyVaultRoleDefinition | undefined = undefined; + + for await (const definition of client.listRoleDefinitions(globalScope)) { + if (definition.roleType !== "CustomRole") { + builtInDefinition = definition; + } + } + + if (!builtInDefinition) { + assert.fail("Could not find a built in role definition to test against."); + } + + await assert.isRejected(client.deleteRoleDefinition(globalScope, builtInDefinition.name)); + }); + + it("errors when deleting a non-existent role definition", async function() { + await assert.isRejected(client.deleteRoleDefinition(globalScope, "foobar")); + }); + }); }); it("listRoleAssignments", async function() { @@ -61,7 +186,7 @@ describe("KeyVaultAccessControlClient", () => { // // ... // } // - assert.equal(roleAssignment.roleAssignmentType, expectedType); + assert.equal(roleAssignment.kind, expectedType); receivedRoles.push(roleAssignment.name); }