[Data plane][Azure Cognitive Search] Add encryptionKey property to in…

…dexer, datasource and skillset metadata (#10839)

* Add encryption key to indexer, datasource and skillset metadata in 2020-06-30 API version

* Add encryption key to indexer, datasource and skillset metadata in 2020-06-30-preview API version

* change indexer description

* Fix examples

Co-authored-by: Arvind Krishnaa Jagannathan <arjagann@microsoft.com>

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceCreateDataSource.json

@@ -21,6 +21,15 @@
         "@odata.type": "#Microsoft.Azure.Search.SoftDeleteColumnDeletionDetectionPolicy",
         "softDeleteColumnName": "isDeleted",
         "softDeleteMarkerValue": "true"
+      },
+      "encryptionKey": {
+        "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+        "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+        "keyVaultUri": "https://myKeyVault.vault.azure.net",
+        "accessCredentials": {
+          "applicationId": "00000000-0000-0000-0000-000000000000",
+          "applicationSecret": "myapplicationsecret"
+        }
       }
     }
   },
@@ -45,6 +54,15 @@
           "@odata.type": "#Microsoft.Azure.Search.SoftDeleteColumnDeletionDetectionPolicy",
           "softDeleteColumnName": "isDeleted",
           "softDeleteMarkerValue": "true"
+        },
+        "encryptionKey": {
+          "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+          "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": {
+            "applicationId": "00000000-0000-0000-0000-000000000000",
+            "applicationSecret": null
+          }
         }
       }
     }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceCreateIndexer.json

@@ -14,6 +14,15 @@
       "parameters": {
         "maxFailedItems": 10,
         "maxFailedItemsPerBatch": 5
+      },
+      "encryptionKey": {
+        "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+        "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+        "keyVaultUri": "https://myKeyVault.vault.azure.net",
+        "accessCredentials": {
+          "applicationId": "00000000-0000-0000-0000-000000000000",
+          "applicationSecret": "myapplicationsecret"
+        }
       }
     }
   },
@@ -33,7 +42,16 @@
           "maxFailedItemsPerBatch": 5
         },
         "fieldMappings": [],
-        "disabled": false
+        "disabled": false,
+        "encryptionKey": {
+          "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+          "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": {
+            "applicationId": "00000000-0000-0000-0000-000000000000",
+            "applicationSecret": null
+          }
+        }
       }
     }
   }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceCreateOrUpdateDataSource.json

@@ -23,6 +23,12 @@
         "@odata.type": "#Microsoft.Azure.Search.SoftDeleteColumnDeletionDetectionPolicy",
         "softDeleteColumnName": "isDeleted",
         "softDeleteMarkerValue": "true"
+      },
+      "encryptionKey": {
+        "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+        "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+        "keyVaultUri": "https://myKeyVault.vault.azure.net",
+        "accessCredentials": null
       }
     }
   },
@@ -47,6 +53,12 @@
           "@odata.type": "#Microsoft.Azure.Search.SoftDeleteColumnDeletionDetectionPolicy",
           "softDeleteColumnName": "isDeleted",
           "softDeleteMarkerValue": "true"
+        },
+        "encryptionKey": {
+          "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+          "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": null
         }
       }
     },
@@ -70,6 +82,12 @@
           "@odata.type": "#Microsoft.Azure.Search.SoftDeleteColumnDeletionDetectionPolicy",
           "softDeleteColumnName": "isDeleted",
           "softDeleteMarkerValue": "true"
+        },
+        "encryptionKey": {
+          "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+          "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": null
         }
       }
     }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceCreateOrUpdateIndexer.json

@@ -16,6 +16,12 @@
       "parameters": {
         "maxFailedItems": 10,
         "maxFailedItemsPerBatch": 5
+      },
+      "encryptionKey": {
+        "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+        "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+        "keyVaultUri": "https://myKeyVault.vault.azure.net",
+        "accessCredentials": null
       }
     }
   },
@@ -35,7 +41,13 @@
           "maxFailedItemsPerBatch": 5
         },
         "fieldMappings": [],
-        "disabled": false
+        "disabled": false,
+        "encryptionKey": {
+          "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+          "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": null
+        }
       }
     },
     "201": {
@@ -53,7 +65,13 @@
           "maxFailedItemsPerBatch": 5
         },
         "fieldMappings": [],
-        "disabled": false
+        "disabled": false,
+        "encryptionKey": {
+          "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+          "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": null
+        }
       }
     }
   }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceCreateOrUpdateSkillset.json

@@ -109,7 +109,13 @@
           ],
           "httpHeaders": {}
         }
-      ]
+      ],
+      "encryptionKey": {
+        "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+        "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+        "keyVaultUri": "https://myKeyVault.vault.azure.net",
+        "accessCredentials": null
+      }
     }
   },
   "responses": {
@@ -236,7 +242,13 @@
             ],
             "httpHeaders": {}
           }
-        ]
+        ],
+        "encryptionKey": {
+          "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+          "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": null
+        }
       }
     },
     "201": {
@@ -362,7 +374,13 @@
             ],
             "httpHeaders": {}
           }
-        ]
+        ],
+        "encryptionKey": {
+          "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+          "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": null
+        }
       }
     }
   }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceCreateSkillset.json

@@ -109,7 +109,16 @@
           ],
           "httpHeaders": {}
         }
-      ]
+      ],
+      "encryptionKey": {
+        "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+        "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+        "keyVaultUri": "https://myKeyVault.vault.azure.net",
+        "accessCredentials": {
+          "applicationId": "00000000-0000-0000-0000-000000000000",
+          "applicationSecret": "myapplicationsecret"
+        }
+      }
     }
   },
   "responses": {
@@ -236,7 +245,16 @@
             ],
             "httpHeaders": {}
           }
-        ]
+        ],
+        "encryptionKey": {
+          "keyVaultKeyName": "myUserManagedEncryptionKey-createdinAzureKeyVault",
+          "keyVaultKeyVersion": "myKeyVersion-32charAlphaNumericString",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": {
+            "applicationId": "00000000-0000-0000-0000-000000000000",
+            "applicationSecret": null
+          }
+        }
       }
     }
   }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceGetDataSource.json

@@ -25,6 +25,15 @@
           "@odata.type": "#Microsoft.Azure.Search.SoftDeleteColumnDeletionDetectionPolicy",
           "softDeleteColumnName": "isDeleted",
           "softDeleteMarkerValue": "true"
+        },
+        "encryptionKey": {
+          "keyVaultKeyName": "myKeyName",
+          "keyVaultKeyVersion": "myKeyVersion",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": {
+            "applicationId": "00000000-0000-0000-0000-000000000000",
+            "applicationSecret": null
+          }
         }
       }
     }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceGetIndexer.json

@@ -20,7 +20,16 @@
           "maxFailedItemsPerBatch": 5
         },
         "fieldMappings": [],
-        "disabled": false
+        "disabled": false,
+        "encryptionKey": {
+          "keyVaultKeyName": "myKeyName",
+          "keyVaultKeyVersion": "myKeyVersion",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": {
+            "applicationId": "00000000-0000-0000-0000-000000000000",
+            "applicationSecret": null
+          }
+        }
       }
     }
   }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceGetSkillset.json

@@ -128,7 +128,16 @@
             ],
             "httpHeaders": {}
           }
-        ]
+        ],
+        "encryptionKey": {
+          "keyVaultKeyName": "myKeyName",
+          "keyVaultKeyVersion": "myKeyVersion",
+          "keyVaultUri": "https://myKeyVault.vault.azure.net",
+          "accessCredentials": {
+            "applicationId": "00000000-0000-0000-0000-000000000000",
+            "applicationSecret": null
+          }
+        }
       }
     }
   }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceListDataSources.json

@@ -27,6 +27,15 @@
               "@odata.type": "#Microsoft.Azure.Search.SoftDeleteColumnDeletionDetectionPolicy",
               "softDeleteColumnName": "isDeleted",
               "softDeleteMarkerValue": "true"
+            },
+            "encryptionKey": {
+              "keyVaultKeyName": "myKeyName",
+              "keyVaultKeyVersion": "myKeyVersion",
+              "keyVaultUri": "https://myKeyVault.vault.azure.net",
+              "accessCredentials": {
+                "applicationId": "00000000-0000-0000-0000-000000000000",
+                "applicationSecret": null
+              }
             }
           }
         ]

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceListIndexers.json

@@ -58,7 +58,16 @@
                 }
               }
             ],
-            "disabled": false
+            "disabled": false,
+            "encryptionKey": {
+              "keyVaultKeyName": "myKeyName",
+              "keyVaultKeyVersion": "myKeyVersion",
+              "keyVaultUri": "https://myKeyVault.vault.azure.net",
+              "accessCredentials": {
+                "applicationId": "00000000-0000-0000-0000-000000000000",
+                "applicationSecret": null
+              }
+            }
           }
         ]
       }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/examples/SearchServiceListSkillsets.json

@@ -130,7 +130,16 @@
                 ],
                 "httpHeaders": {}
               }
-            ]
+            ],
+            "encryptionKey": {
+              "keyVaultKeyName": "myKeyName",
+              "keyVaultKeyVersion": "myKeyVersion",
+              "keyVaultUri": "https://myKeyVault.vault.azure.net",
+              "accessCredentials": {
+                "applicationId": "00000000-0000-0000-0000-000000000000",
+                "applicationSecret": null
+              }
+            }
           }
         ]
       }

specification/search/data-plane/Azure.Search/preview/2020-06-30-Preview/searchservice.json

@@ -5711,6 +5711,14 @@
           "x-ms-client-name": "ETag",
           "type": "string",
           "description": "The ETag of the data source."
+        },
+        "encryptionKey": {
+          "$ref": "#/definitions/SearchResourceEncryptionKey",
+          "description": "A description of an encryption key that you create in Azure Key Vault. This key is used to provide an additional level of encryption-at-rest for your datasource definition when you want full assurance that no one, not even Microsoft, can decrypt your data source definition in Azure Cognitive Search. Once you have encrypted your data source definition, it will always remain encrypted. Azure Cognitive Search will ignore attempts to set this property to null. You can change this property as needed if you want to rotate your encryption key; Your datasource definition will be unaffected. Encryption with customer-managed keys is not available for free search services, and is only available for paid services created on or after January 1, 2019.",
+          "externalDocs": {
+            "url": "https://aka.ms/azure-search-encryption-with-cmk"
+          },
+          "x-nullable": true
         }
       },
       "required": [
@@ -6139,6 +6147,14 @@
           "x-ms-client-name": "ETag",
           "type": "string",
           "description": "The ETag of the indexer."
+        },
+        "encryptionKey": {
+          "$ref": "#/definitions/SearchResourceEncryptionKey",
+          "description": "A description of an encryption key that you create in Azure Key Vault. This key is used to provide an additional level of encryption-at-rest for your indexer definition (as well as indexer execution status) when you want full assurance that no one, not even Microsoft, can decrypt them in Azure Cognitive Search. Once you have encrypted your indexer definition, it will always remain encrypted. Azure Cognitive Search will ignore attempts to set this property to null. You can change this property as needed if you want to rotate your encryption key; Your indexer definition (and indexer execution status) will be unaffected. Encryption with customer-managed keys is not available for free search services, and is only available for paid services created on or after January 1, 2019.",
+          "externalDocs": {
+            "url": "https://aka.ms/azure-search-encryption-with-cmk"
+          },
+          "x-nullable": true
         }
       },
       "required": [
@@ -7083,6 +7099,14 @@
           "x-ms-client-name": "ETag",
           "type": "string",
           "description": "The ETag of the skillset."
+        },
+        "encryptionKey": {
+          "$ref": "#/definitions/SearchResourceEncryptionKey",
+          "description": "A description of an encryption key that you create in Azure Key Vault. This key is used to provide an additional level of encryption-at-rest for your skillset definition when you want full assurance that no one, not even Microsoft, can decrypt your skillset definition in Azure Cognitive Search. Once you have encrypted your skillset definition, it will always remain encrypted. Azure Cognitive Search will ignore attempts to set this property to null. You can change this property as needed if you want to rotate your encryption key; Your skillset definition will be unaffected. Encryption with customer-managed keys is not available for free search services, and is only available for paid services created on or after January 1, 2019.",
+          "externalDocs": {
+            "url": "https://aka.ms/azure-search-encryption-with-cmk"
+          },
+          "x-nullable": true
         }
       },
       "required": [