Model role scope, permissions, and role type as enum values

[christothes]

MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.

Changelog

Please ensure to add changelog with this PR by answering the following questions.

1. What's the purpose of the update?
   • new service onboarding
   • new API version
   • update existing version for new feature
   • update existing version to fix swagger quality issue in s360
   • Other, please clarify
2. When you are targeting to deploy new service/feature to public regions? Please provide date, or month to public if date is not available yet.
3. When you expect to publish swagger? Please provide date, or month to public if date is not available yet.
4. If it's an update to existing version, please select SDKs of specific language and CLIs that require refresh after swagger is published.
   • SDK of .NET (need service team to ensure code readiness)
   • SDK of Python
   • SDK of Java
   • SDK of Js
   • SDK of Go
   • PowerShell
   • CLI
   • Terraform
   • No, no need to refresh for updates in this PR

Contribution checklist:

• I commit to follow the Breaking Change Policy of “no breaking changes
• I have reviewed the documentation for the workflow.
• Validation tools were run on swagger spec(s) and errors have all been fixed in this PR. How to fix?

If any further question about AME onboarding or validation tools, please view the FAQ.

ARM API Review Checklist

• Ensure to check this box if one of the following scenarios meet updates in the PR, so that label “WaitForARMFeedback” will be added automatically to involve ARM API Review. Failure to comply may result in delays for manifest application. Note this does not apply to data plane APIs, all “removals” and “adding a new property” no more require ARM API review.

  • Adding new API(s)
  • Adding a new API version
  • Adding a new service

• Please ensure you've reviewed following guidelines including ARM resource provider contract and REST guidelines. Estimated time (4 hours). This is required before you can request review from ARM API Review board.

• If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.

Breaking Change Review Checklist

If there are following updates in the PR, ensure to request an approval from API Review Board as defined in the Breaking Change Policy.

• Removing API(s) in stable version
• Removing properties in stable version
• Removing API version(s) in stable version
• Updating API in stable version with Breaking Change Validation errors
• Updating API(s) in preview over 1 year

Action: to initiate an evaluation of the breaking change, create a new intake using the template for breaking changes. Addition details on the process and office hours are on the Breaking change Wiki.

Please follow the link to find more details on PR review process.

[openapi-workflow-bot]

Hi, @christothes Thanks for your PR. I am workflow bot for review process. Here are some small tips.

Please ensure to do self-check against checklists in first PR comment.

PR assignee is the person auto-assigned and responsible for your current PR reviewing and merging.

For specs comparison cross API versions, Use API Specs Comparison Report Generator

If there is CI failure(s), to fix CI error(s) is mandatory for PR merging; or you need to provide justification in PR comment for explanation. How to fix?

Any feedback about review process or workflow bot, pls contact swagger and tools team. vsswagger@microsoft.com

[openapi-pipeline-app]

Swagger Validation Report

️️✔️BreakingChange succeeded [Detail] [Expand]

There are no breaking changes.

• Compared Swaggers (Based on Oad v0.8.6)
  • original: preview/7.2-preview/rbac.json <---> new: preview/7.2-preview/rbac.json

️️✔️LintDiff succeeded [Detail] [Expand]

Validation passes for LintDiff.

• Linted configuring files (Based on source branch, openapi-validator v1.7.0 , classic-openapi-validator v1.1.5 )
  • keyvault/data-plane/readme.md tag:package-7.2-preview
• Linted configuring files (Based on target branch, openapi-validator v1.7.0 , classic-openapi-validator v1.1.5 )
  • keyvault/data-plane/readme.md tag:package-7.2-preview

️️✔️Avocado succeeded [Detail] [Expand]

Validation passes for Avocado.

️❌ModelValidation: 2 Errors, 0 Warnings failed [Detail]

Rule	Message
❌ REQUIRED_PARAMETER_EXAMPLE_NOT_FOUND	In operation "RoleDefinitions_Delete", parameter scope is required in the swagger spec but is not present in the provided example parameter values. Url: Microsoft.KeyVault/preview/7.2-preview/rbac.json#L38
❌ REQUIRED_PARAMETER_EXAMPLE_NOT_FOUND	In operation "RoleDefinitions_Get", parameter scope is required in the swagger spec but is not present in the provided example parameter values. Url: Microsoft.KeyVault/preview/7.2-preview/rbac.json#L139

️️✔️SemanticValidation succeeded [Detail] [Expand]

Validation passes for SemanticValidation.

️️✔️[Staging] Cross Version BreakingChange (Base on preview version) succeeded [Detail] [Expand]

There are no breaking changes.

️️✔️[Staging] Cross Version BreakingChange (Base on stable version) succeeded [Detail] [Expand]

There are no breaking changes.

️️✔️CredScan succeeded [Detail] [Expand]

There is no credential detected.

_{Posted by Swagger Pipeline | How to fix these errors?}

[openapi-pipeline-app]

Swagger Generation Artifacts

️️✔️ azure-sdk-for-go succeeded [Detail] [Expand]

• ️✔️Succeeded [Logs]Release - Generate from f787971. SDK Automation 14.0.0

  command	sh ./initScript.sh ../../../../../azure-sdk-for-go_tmp/initInput.json ../../../../../azure-sdk-for-go_tmp/initOutput.json
  command	go run ./tools/generator/main.go ../../../../../azure-sdk-for-go_tmp/generateInput.json ../../../../../azure-sdk-for-go_tmp/generateOutput.json

• ️✔️keyvault/v7.1/keyvault [View full logs]  [Release SDK Changes]

  info	[Changelog] No exported changes

• ️✔️keyvault/v7.0/keyvault [View full logs]  [Release SDK Changes]

  info	[Changelog] No exported changes

• ️✔️keyvault/2016-10-01/keyvault [View full logs]  [Release SDK Changes]

  info	[Changelog] No exported changes

• ️✔️keyvault/2015-06-01/keyvault [View full logs]  [Release SDK Changes]

  info	[Changelog] No exported changes

• ️✔️preview/keyvault/v7.2-preview/keyvault [View full logs]  [Release SDK Changes] Breaking Change Detected
  Only show 24 items here, please refer to log for details.
  

  info	[Changelog] - New function `RoleDefinitionsClient.CreateOrUpdateSender(*http.Request) (*http.Response, error)`
  info	[Changelog] - New function `RoleDefinitionsClient.Delete(context.Context, string, string, string) (RoleDefinition, error)`
  info	[Changelog] - New function `RoleDefinitionsClient.CreateOrUpdatePreparer(context.Context, string, string, string, RoleDefinitionCreateParameters) (*http.Request, error)`
  info	[Changelog] - New function `RoleDefinitionsClient.DeleteSender(*http.Request) (*http.Response, error)`
  info	[Changelog] - New function `PossibleDataActionValues() []DataAction`
  info	[Changelog] - New function `RoleDefinitionsClient.GetPreparer(context.Context, string, string, string) (*http.Request, error)`
  info	[Changelog] - New function `RoleDefinitionsClient.CreateOrUpdate(context.Context, string, string, string, RoleDefinitionCreateParameters) (RoleDefinition, error)`
  info	[Changelog] - New function `RoleDefinitionsClient.DeletePreparer(context.Context, string, string, string) (*http.Request, error)`
  info	[Changelog] - New function `RoleDefinitionsClient.GetResponder(*http.Response) (RoleDefinition, error)`
  info	[Changelog] - New function `PossibleRoleDefinitionTypeValues() []RoleDefinitionType`
  info	[Changelog] - New function `RoleDefinitionsClient.CreateOrUpdateResponder(*http.Response) (RoleDefinition, error)`
  info	[Changelog] - New function `PossibleRoleScopeValues() []RoleScope`
  info	[Changelog] - New function `RoleDefinitionsClient.DeleteResponder(*http.Response) (RoleDefinition, error)`
  info	[Changelog] - New function `RoleDefinitionsClient.Get(context.Context, string, string, string) (RoleDefinition, error)`
  info	[Changelog] - New function `PossibleRoleTypeValues() []RoleType`
  info	[Changelog] - New function `RoleDefinitionsClient.GetSender(*http.Request) (*http.Response, error)`
  info	[Changelog] - New struct `RoleDefinitionCreateParameters`
  info	[Changelog] - New anonymous field `autorest.Response` in struct `RoleDefinition`
  info	[Changelog] - New field `AuthenticationTag` in struct `KeyOperationResult`
  info	[Changelog] - New field `AdditionalAuthenticatedData` in struct `KeyOperationResult`
  info	[Changelog] - New field `Iv` in struct `KeyOperationResult`
  info	[Changelog]
  info	[Changelog] Total 4 breaking change(s), 54 additive change(s).
  info	[Changelog]

️️✔️[Staging] ApiDocPreview succeeded [Detail] [Expand]

 Please click here to preview with your @microsoft account. 

_{Posted by Swagger Pipeline | How to fix these errors?}

[openapi-workflow-bot]

Hi @christothes, Your PR has some issues. Please fix the CI sequentially by following the order of Avocado, semantic validation, model validation, breaking change, lintDiff.

Task	How to fix	Priority	Support (Microsoft alias)
Avocado	Fix-Avocado	High	ruowan
Semantic validation	Fix-SemanticValidation-Error	High	raychen, jianyxi
Model validation	Fix-ModelValidation-Error	High	raychen,jianyxi
LintDiff	Fix-LintDiff	high	jianyxi, ruoxuan

If you need further help, please feedback via swagger feedback."

[christothes]

• Avocado : issue seems unrelated to this change

{"level":"Error","code":"MISSING_README","message":"Can not find readme.md in the folder. If no readme.md file, it will block SDK generation.","path":"C:\\src\\azure-rest-api-specs\\specification\\keyvault\\data-plane\\Microsoft.KeyVault\\preview\\7.2-preview","folderUrl":"C:\\src\\azure-rest-api-specs\\specification\\keyvault\\data-plane\\Microsoft.KeyVault\\preview\\7.2-preview"}
{"level":"Error","code":"MISSING_README","message":"Can not find readme.md in the folder. If no readme.md file, it will block SDK generation.","path":"C:\\src\\azure-rest-api-specs\\specification\\keyvault\\data-plane\\Microsoft.KeyVault\\preview\\7.2-preview\\examples","folderUrl":"C:\\src\\azure-rest-api-specs\\specification\\keyvault\\data-plane\\Microsoft.KeyVault\\preview\\7.2-preview\\examples"}

• Semantic validation: seems unrelated to this change:

 oav validate-spec .\rbac.json
{
  message: 'RESOLVE_SPEC_ERROR: unexpected token, token: }, line: 21, column: 25.',
  level: '\u001b[31merror\u001b[39m'
}

• Model validation: appears to be the same error as semantic validation
• Linter validation: errors seem unrelated to the changes

[jhendrixMSFT]

The model validation failures are being addressed in a separate PR, and we don't need to block on the Go SDK build error.

@ArcturusZhang do you know what this Go SDK failure means? It's unclear from the log.

[ArcturusZhang]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 2 pipeline(s).

[ArcturusZhang]

Hi @jhendrixMSFT the failure has been fixed which is caused by some bugs in the pipeline itself.
And the breaking changes are expected since in this PR we are introducing some new enum types and changing the types of some existing properties.

[mccoyp]

Should this be RestoreHsmKeys to align with BackupHsmKeys?

[mccoyp]

Another naming question: should this be changed to DataAction since it'll be prefixed with "KeyVault" in the SDK (and they describe action permissions in the same way KeyOperation describes operation permissions)?

[jhendrixMSFT]

@christothes any other pending changes or is this ready for merge?

[christothes]

@christothes any other pending changes or is this ready for merge?

Should be ready - thanks!