Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for encryption algorithms for symmetric keys #17209

Merged
merged 13 commits into from
Nov 13, 2020
Merged

Added support for encryption algorithms for symmetric keys #17209

merged 13 commits into from
Nov 13, 2020

Conversation

vcolin7
Copy link
Member

@vcolin7 vcolin7 commented Nov 5, 2020

Fixes #14805.

Tests are pending.

…pulated before attempting to perform any local cryptography operations on symmetric keys.
* authenticated crypto algorithms.
* @param tag The tag to authenticate when performing decryption with an authenticated algorithm.
*/
public CryptographyOptions(byte[] initializationVector, byte[] additionalAuthenticatedData, byte[] tag) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it always the case that the user must create an instance of this type by providing all three of these byte arrays? Is it not possible to provide just one or two of these? If so, having setters is more appropriate.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed this class to a model factory after talking with both @srnagar and @heaths.


// Create the cipher using the Provider if specified
if (provider == null) {
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher = Cipher.getInstance("AES/CBC/NoPadding");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lusitanian should this be zero-padding? When we spoke about .NET, you said zero-padding was what the service was using.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...if this is right, I'll have to change .NET's implementation to NoPadding as well.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Going from the name only it made sense to me that we should not use padding for AES-CBC and use padding for AES-CBC-PAD. Is that not the case?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I asked MHSM about it, the reply was that zero-padding seems to be closer. I'm honestly not sure. If you're writing tests, maybe try it against the service and see what it does with CBC vs CBCPAD.


// Create the cipher using the Provider if specified
if (provider == null) {
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be PKCS7 padding, though for 8-byte block sizes this should be equivalent. If PKCS7 is supported, it may be safer for future proofing.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The javax.crypto.Cipher class only provides support for PKCS5 :(

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case, it shouldn't matter. /cc @schaabs to confirm my understanding.

@@ -27,21 +27,22 @@
this.serviceClient = serviceClient;
}

abstract Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, Context context, JsonWebKey jsonWebKey);
abstract Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comments about using the EncryptOptions and similar should apply to the LocalCryptographyClient. In fact, I'm just noticing this says "LocalKeyCryptographyClient". It should be "LocalCryptographyClient" (that's what we shipped for betas for .NET and JS).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I see this isn't exposed. But I'll leave the comment here in case it still applies.

*/
public static final EncryptionAlgorithm A256CBC = fromString("A256CBC");

public static final EncryptionAlgorithm A256CBC_HS512 = fromString("A256CBC-HS512");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These aren't in the list to implement. Just AES-CBC, AES-CBCPAD, AES-KW, and AES-GCM.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those were already made public in a previous release to provide feature-parity with the Track 1 SDK, I don't think we should remove them.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understood (.NET track 1 did too), but they aren't in the swagger. My understanding was that they were proposed and may indeed be implemented, but never made it into the public swaggers. @AlexGhiondea, @schaabs what do you think here? If we're going with parity with track 1, adding support for AES-HMAC using SHA2 makes sense, but are we doing that now?

*
* @param iv Initialization vector for the decryption operation.
*/
public AesCbcDecryptOptions(byte[] iv) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think these will be discoverable? In .NET, we waffled on classes like this vs. factories and opted for the latter for discoverability. Would htat work better here. You could, for example, mix that and builders by having a factory returning the right class that you can then set options, e.t.:

EncryptOptions
  .createA128GcmOptions(iv, key)
  .setAdditionalAuthenticationData(data);

I'm also wondering how they specify the key size with this.

Copy link
Member Author

@vcolin7 vcolin7 Nov 11, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Key size is specified in the clients. For example:

CryptographyClient.encrypt(EncryptionAlgorithm algorithm, String plaintext, EncryptOptions options)

Copy link
Member Author

@vcolin7 vcolin7 Nov 11, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you have any thoughts on this @srnagar, @JonathanGiles?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since these are inputs to the API, how does the user know what are the available subtypes of EncryptOptions/DecryptOptions. In other places, we have used a type flag to switch between strongly typed sub-classes.
See example here:
https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/formrecognizer/azure-ai-formrecognizer/src/main/java/com/azure/ai/formrecognizer/models/FieldValue.java

@@ -357,15 +357,15 @@ private void initializeCryptoClients() {
* @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options) {
public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EncryptOptions and DecryptOptions should be the only parameter. See https://apiview.dev/Assemblies/Review/d74052731cb94759804beaa492b7a17a#Azure.Security.KeyVault.Keys.Cryptography.LocalCryptographyClient for an example. This requires them passing the right pairs of arguments, where as what we did in .NET leads them to the right answer by design.

* authenticated crypto algorithms.
* @param authenticationTag The tag to authenticate when performing decryption with an authenticated algorithm.
*/
public DecryptOptions(byte[] iv, byte[] additionalAuthenticatedData, byte[] authenticationTag) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This requires them knowing what to pass for which algorithms. This is not a good customer UX. Please see https://apiview.dev/Assemblies/Review/d74052731cb94759804beaa492b7a17a#Azure.Security.KeyVault.Keys.Cryptography.DecryptOptions. Perhaps a builder would be more idiomatic, but the overall concept is to make sure they can only provide relevant arguments that also dictates the algorithm, rather than pairing them together correctly. We can make crypto easier in our limited APIs (compared to general crypto provided in our respective frameworks).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will evaluate a different approach. Probably what you suggested here.

*/
public EncryptOptions(byte[] iv, byte[] additionalAuthenticatedData) {
if (iv == null) {
this.iv = null;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See https://apiview.dev/Assemblies/Review/d74052731cb94759804beaa492b7a17a#Azure.Security.KeyVault.Keys.Cryptography.EncryptOptions. Where iv is optional (default parameter value of null), we should generate an appropriately long one. See https://github.com/Azure/azure-sdk-for-net/blob/275bad601e72a8e308a73aed621e838d1ae20e9b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/EncryptOptions.cs#L171-L179 for how/when I did this (I call Initialize from local and remote providers and let this class handle if and when it should generate an IV/nonce).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...generation of an IV could probably wait closer to GA, but I'd open a bug on that if you punt it for tracking.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do generate a random iv of appropriate size depending on the EncryptionAlgorithm, here's an example. Although, if the options types are going to also take the algorithm and plaintext/ciphertext we could move that here as well.

…e, as well as their children's, and made them have factory methods for creating the former to help with discoverability.
Copy link
Member

@heaths heaths left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few changes required yet, but I'm signing off to unblock. Also, LocalKeyCryptographyClient->LocalCryptographyClient if you haven't GA'd it yet.

Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
Objects.requireNonNull(encryptOptions.getPlainText(), "Plain text content to be encrypted cannot be null.");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: it's actually "plaintext" in crypto-speak.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll keep it as "plaintext" in the new code. Unfortunately, there's a couple APIs [1][2] that have already GA'd using plainText,

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After talking to @JonathanGiles, in this case he thinks is it's better we remain consistent with what's already been GA'd, given that the difference in capitalization does not make it confusing to understand what the terms refer to.

KeyOperationParameters parameters = new KeyOperationParameters()
.setAlgorithm(algorithm)
.setValue(plaintext)
.setValue(encryptOptions.getPlainText())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On that note, I guess I missed this before, but just getPlaintext (it's one word).

Mono<DecryptResult> decrypt(DecryptOptions decryptOptions, Context context) {
Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null.");
Objects.requireNonNull(decryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
Objects.requireNonNull(decryptOptions.getCipherText(), "Cipher text content to be decrypted cannot be null.");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getCiphertext (one word)

* @param iv Initialization vector for the decryption operation.
* @return The updated {@link AesCbcDecryptOptions} object.
*/
public AesCbcDecryptOptions setIv(byte[] iv) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

iv in all cases should be generated with a cryptographically random generator. See https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/EncryptOptions.cs. If necessary, you could open an issue and do this for GA.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If not provided, it gets generated here.

*/
public AesGcmDecryptOptions setAuthenticationTag(byte[] authenticationTag) {
if (authenticationTag == null) {
this.authenticationTag = null;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is required for GCM. Shouldn't this throw?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apparently the local Java implementation doesn't care about the contents but the size of the tag :S

Copy link
Member Author

@vcolin7 vcolin7 Nov 13, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can still throw if it's null.

*
* @return The content to be encrypted.
*/
public byte[] getCipherText() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As mentioned elsewhere, "Ciphertext" and "Plaintext".

if (iv == null) {
return null;
} else {
return iv.clone();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You cloned to set this. Do you need to clone again?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since array contents are not immutable we do not want to provide access to the original array.

if (iv == null) {
return null;
} else {
return iv.clone();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clone again? Also, this needs to be generated at the proper size with a proper RNG if null.

Copy link
Member Author

@vcolin7 vcolin7 Nov 12, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If not provided, it gets generated here.

@vcolin7
Copy link
Member Author

vcolin7 commented Nov 13, 2020

A few changes required yet, but I'm signing off to unblock. Also, LocalKeyCryptographyClient->LocalCryptographyClient if you haven't GA'd it yet.

We have already GA'd a public LocalCryptographyClient. In the case of LocalKeyCryptographyClient, it's just an abstract class that we extend from for our different internal clients for EC, RSA and AES key operations.

@vcolin7 vcolin7 dismissed JonathanGiles’s stale review November 13, 2020 01:09

Applied suggestions where possible. Some questions no longer apply.

@vcolin7 vcolin7 merged commit b637d40 into Azure:master Nov 13, 2020
vcolin7 added a commit that referenced this pull request Nov 13, 2020
* Added support for encryption AES encryption algorithms.

* Added CryptographyOptions and ensured the initialization vector is populated before attempting to perform any local cryptography operations on symmetric keys.

* Added APIs that accept CryptographyOptions to CryptographyClient.

* Fixed Javadoc issues.

* Fixed checkstyle issues. Added samples.

* Added checkstyle exceptions.

* Fixed test and spotbugs issues.

* Applied PR feedback and added local tests.

* Made the EncryptOptions and DecryptOptions constructor package-private, as well as their children's, and made them have factory methods for creating the former to help with discoverability.

* Fixed build issues.

* Changed EncryptOptions and DecryptOptions to use a factory model.

* Added iv, additionalAuthenticatedDate and authenticationTag to EncryptResult.

* Made `plainText` and `cipherText` all lowercase.

* Reverted capitalization change.

* Added null check for `iv` in local decryption.
moderakh added a commit that referenced this pull request Nov 23, 2020
* Added support for key export. (#17183)

* Added support for exporting keys from an Azure Key Vault.

* Removed ExportKeyOptions.

* Fixed build error.

* Added samples.

* Fixed test issues.

* Fixed samples issues.

* Fixed checkstyle issues.

* Fixed spotbugs issues.

* Applied PR feedback: renamed KeyReleasePolicy to ReleasePolicy and removed it from KeyVaultKey.

* Fixed spotbugs issues.

* Added unit tests.

* Renamed ReleasePolicy to KeyReleasePolicy. Added tests for creating an RSA key with publicExponent.

* Added date for internal avro CHANGELOG (#17483)

* Sync eng/common directory with azure-sdk-tools for PR 1188 (#17488)

* Add debug flag to arm deployment command

* Only set debug preference when $CI is true

Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>

* Remove invalid characters in basename sourced from username (#17489)

Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>

* FixOfConnectionStateListenerTest (#17481)

* fix flakyness of connectionStateListener test

Co-authored-by: Annie Liang <xinlian@microsoft.com>

* Applied arch board feedback for Key Vault Administration (#17284)

* Removed exposure of implementation package and any usage of KeyVaultErrorException from public APIs.

* Renamed KeyVaultRoleAssignmentScope to KeyVaultRoleScope. Changed the name type from UUID to String in role assignment APIs.

* Renamed APIs for re-hydrating LROs.

* Added ServiceVersion support in the clients and their builders. Internally this will not be used until some changes in the code generation tool are applied.

* Annotated read-only classes with @immutable. Added the "allowed" prefix to some KeyVaultPermission properties. Change the type of `startTime` and `endTime` in KeyVaultLongRunningOperation from Long to OffsetDateTime.

* Changed the KeyVaultRoleScope enum from using URI to URL and added an overload that takes a the string representation of a URL.

* Added overloads that allow passing a custom polling interval to LROs.

* Removed the use of KeyVaultRoleAssignmentProperties in clients' public APIs in favor of using the `roleDefinitionId` and `servicePrincipalId` values directly.

* Fixed Javadoc and test issues.

* Fixed checkstyle issues.

* Applied arch board meeting and PR feedback:

* Renamed parameters containing the 'Uri' suffix to 'Url'.
* Changed the type of `startTime` and `endTime` in the constructor of KeyVaultLongRunningOperation and its subtypes from `Long` to `OffsetDateTime`.
* Removed unnecessary versions from KeyVaultAdministrationServiceVersion.

Additional changes:

* Renamed `scope` in KeyVaultRoleAssignment to `roleScope` to align with the access client APIs.
* Polished Javadoc

* Removed APIs to refresh LROs based on PR feedback.

* Removed unused import in KeyVaultBackupAsyncClientTest.

* Increment package version after release of com.azure azure-ai-metricsadvisor (#17456)

* Sync eng/common directory with azure-sdk-tools for PR 1170 (#17276)

* Added the preprocess scripts.

* string array to string

Co-authored-by: Sima Zhu <sizhu@microsoft.com>

* suppress the runtime exception in the KeyVaultClient class (#17401)

Co-authored-by: v-gaoh <v-gaoh@Microsoft.com>

* End to End TLS SSL step #8 - Add support for PEM based certificates (#17019)

* End to End TLS SSL - step #9 - add Azure AD authentication URL (#17074)

* Added Azure AD authentication URL

* Increment version for storage releases (#17485)

* Add Invoke-DevOpsAPI.ps1, Add functions for Canceling and Listing Builds (#17178)

Co-authored-by: Chidozie Ononiwu <chononiw@microsoft.com>

* Change live test resource DeleteAfterHours tag to 8 hours (#17537)

Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>

* add clientOptions for EventHubClientBuilder (#17519)

- add clientOptions for EventHubClientBuilder

* Increment Form Recognizer version post patch release 3.0.3 (#17540)

* Prepare tables for October release (#17541)

* store authorzied clients into http session (#17528)

* Increment package version after release of com.azure azure-data-tables (#17545)

* [TA] Merge Novermber patch to master branch (#17544)

* cherry-pick 16c8d5d and dfdc8c6

* Added collapsible GA and Preview in each artifact. (#17041)

* Added support for encryption algorithms for symmetric keys (#17209)

* Added support for encryption AES encryption algorithms.

* Added CryptographyOptions and ensured the initialization vector is populated before attempting to perform any local cryptography operations on symmetric keys.

* Added APIs that accept CryptographyOptions to CryptographyClient.

* Fixed Javadoc issues.

* Fixed checkstyle issues. Added samples.

* Added checkstyle exceptions.

* Fixed test and spotbugs issues.

* Applied PR feedback and added local tests.

* Made the EncryptOptions and DecryptOptions constructor package-private, as well as their children's, and made them have factory methods for creating the former to help with discoverability.

* Fixed build issues.

* Changed EncryptOptions and DecryptOptions to use a factory model.

* Added iv, additionalAuthenticatedDate and authenticationTag to EncryptResult.

* Made `plainText` and `cipherText` all lowercase.

* Sync eng/common directory with azure-sdk-tools for PR 1202 (#17547)

* Add debugging link on resource deployment failures to log output

* Update aka link for live test help docs. Use here string and empty throw.

Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>

* Added small changes that missed PR #17209 (#17552)

* Added support for encryption AES encryption algorithms.

* Added CryptographyOptions and ensured the initialization vector is populated before attempting to perform any local cryptography operations on symmetric keys.

* Added APIs that accept CryptographyOptions to CryptographyClient.

* Fixed Javadoc issues.

* Fixed checkstyle issues. Added samples.

* Added checkstyle exceptions.

* Fixed test and spotbugs issues.

* Applied PR feedback and added local tests.

* Made the EncryptOptions and DecryptOptions constructor package-private, as well as their children's, and made them have factory methods for creating the former to help with discoverability.

* Fixed build issues.

* Changed EncryptOptions and DecryptOptions to use a factory model.

* Added iv, additionalAuthenticatedDate and authenticationTag to EncryptResult.

* Made `plainText` and `cipherText` all lowercase.

* Reverted capitalization change.

* Added null check for `iv` in local decryption.

* Key Vault Beta release CHANGELOG and README updates - November 2020 (#17553)

* Updated CHANGELOGs for Beta releases of Key Vault Keys and Key Vault Administration.

* Updated READMEs.

* Updated the KV Administration CHANGELOG to abide by the guidelines.

* [AppConfig] App config apply released v1.1.7 patch to master (#17548)

* [AppConfig] Prepare for v1.1.7 patch release (#17534)

* upgrade release version to 1.1.7

* Change the method of obtaining tokens from implicit flow to pkce (#17530)

* Upgrade msal.js to a higher version to use PKCE.

* [Communication] -Administration- Renaming the model from PhoneNumberSearch to PhoneNumberReservation (#17253)

* Renaming from PhoneNumberSearch to PhoneNumberReservation

* Renaming from PhoneNumberSearch to PhoneNumberReservation

* Renaming from PhoneNumberSearch to PhoneNumberReservation

* upadating readme samples

* Renaming the model CreateSearchReponse and CreateSearchOptions

* Fixing tests

* Fixing tests

* fixing typo un reservations

* Add AppConfig and Event Hubs samples for using Monitor exporter (#17565)

* Add AppConfig and Event Hubs samples for using exporters

* Fix compiler warnings

* Update sdk/monitor/microsoft-opentelemetry-exporter-azuremonitor/pom.xml

* Update method names

* Update amqp version post-1.7.0-beta.2 release (#17577)

* Sync eng/common directory with azure-sdk-tools for PR 1153 (#17578)

* Improve Update-ChangeLog Logic

* Updates to ChangeLog-Operations.ps1, copy-docs-to-blobstorage.ps1, Invoke-GitHubAPI.ps1 and Package-Properties.ps1

* More changeLog Logic Improvements

* Update date parsing

Co-authored-by: Chidozie Ononiwu <chononiw@microsoft.com>

* [Communication] -Administration- changing some createReservation from public to private (#17576)

* changing some public methods

* updating Reade file

* Fixing Readme

* November release changelog (#17571)

* [Service Bus] Remove viaPartitionKey (#17501)

* [Service Bus] Remove viaPartitionKey

* Remove unused imports

* Enable the del/rename files link check. (#17574)

* update readme for sample and fix some question (#17587)

* Add user name information when modifying todolist

* Modify the configuration information in the readme

* mgmt, improve readme in packages (#17251)

* add sample name with "resource-server" (#17589)

* change artifactId and module

* Update LanguageSetting.ps1 (#17583)

* Use BuildID to fix race ondition (#17459)

* Sync eng/common directory with azure-sdk-tools for PR 1210 (#17579)

* Cache created service principal for iteration

Useful when testing changes over and over again without passing your own -TestApplicationId and -TestApplicationSecret.

* Restore initial AzContext for New-TestResources

* Make sure PSBoundParameters is correct

Fixes #1177

Co-authored-by: Heath Stewart <heaths@microsoft.com>

* [Communication] - Administration - Disable Jacoco Coverage Check (#17596)

* Disable Adminiministrationg SDK  coverage check

* Adjusting min coverage checks

* Adjusting min coverage checks

* Adjusting min coverage checks

Co-authored-by: Minnie Liu <peiliu@microsoft.com>

* Fixed large file live test to add policy per call instead of per retry (#17593)

Co-authored-by: gapra <gapra@microsoft.com>

* fixes #17567 (#17588)

Add new configuration item: azure.activedirectory.jwk-set-cache-refresh-time

* [Communication] - SMS - Enabling SMS Live tests using Static Resources (#17599)

* Enabling SMS Live tests

* Clean up

* Adding more variables

* Fix SMS live test

* Clean up unneeded module from SMS pom

Co-authored-by: Minnie Liu <peiliu@microsoft.com>

* Increment package version after release of com.azure azure-security-keyvault-administration (#17600)

* User Oauth2 WebClient instead of msal to get groups from graph. (#17529)

* User Oauth2 WebClient instead of msal to get groups from graph.

* Increment key vault stable versions november 2020 (#17609)

* Updated the latest KV stable versions

* Corrected Key Vault Keys README version to the latest beta released.

* Mgmt: generate attestation.v2020_10_01 (#17611)

* add attestation/resource-manager

* generate attestation/resource-manager 2020 10

* add ci and pom

* remove unused configuration item (#17618)

* remove unused properties

* Fixed resource address in CosmosException.  (#17279)

* Fixed resource address in CosmosException. Added new API to expose regions contacted on CosmosDiagnostics

* Fixed resource address in GATEWAY mode to have full physical address

* Setting physical resource address in tests

* [service bus] Use ServiceBusException rather than AmqpException and rename ReceiveMode to ServiceBusReceiveMode (#17601)

ServiceBusException is basically a friendly envelope around an AmqpException. It's primary purpose is to give the user something simple they can try/catch that has a 'reason' code so they can programatically react to certain kinds of failures.

Also, renaming ReceiveMode to ServiceBusReceiveMode.

Fixes #17500 (exception type), #17555 (receive mode)

* update CHANGELOG (#17620)

- update Release history

* update CHANGELOG (#17634)

- update Release history

* Mgmt: GA all resourcemanager packages (#17619)

* Revert "Mgmt: GA azure, remove non-GA packages (#16499)"

This reverts commit 2756f50.

* fix spring cloud

* fix compile error

* update version

* fix spotbugs

* session record

* update readme version

* update Release history (#17646)

- update release history

* Increment package version after release of com.azure azure-security-keyvault-jca (#17644)

* Adding basic FeedRanges API (#17570)

* Initial draft of FeedRange artifacts

* Iterating on FeedRange Apis

* Adding public surface area

* Adding FeedRange unit tests

* Adding test FeedRangePKRangeId_GetEffectiveRangesAsync_Refresh

* Adding test FeedRangePKRangeId_GetEffectiveRangesAsync_Null

* Adding test feedRangeEPK_getPartitionKeyRangesAsync

* Adding test feedRangePK_getPartitionKeyRangesAsync

* Adding test feedRangePKRangeId_getPartitionKeyRangesAsync

* Adding request visitor unit tests

* Finishing FeedRange tests

* Cleanup and prettifying

* Prettifying feed range tests

* Fixes and new test for Conatiner.getFeedRanges()

* Addressing some SpotBug violations

* Reacting to code review feedback

* Update sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/implementation/feedranges/FeedRangeInternal.java

Co-authored-by: Mohammad Derakhshani <moderakh@users.noreply.github.com>

Co-authored-by: Mohammad Derakhshani <moderakh@users.noreply.github.com>

* [BlobStorage] Reuse the http client configured in the provided HttpPipeline during BlobBatch construction. (#17627)

* Reuse the http client configured in the provided HttpPipeline during BlobBatch construction.

* Include change log notes.

* Added ability to specify timeout unit in RequestRetryOptions (#17628)

* Add Update-java-CIConfig (#17631)

* Add Update-java-CIConfig

* Switch from BuildNumber to BuildID for test release versions

* Update EH versions to beta 2 (#17654)

`5.4.0-beta.1` and `1.4.0-beta.1` versions were released for EH and checkpointstore earlier this week from a release branch. So, the auto version increment PR was not created against `master` branch. This PR is to update the versions in `master` branch.

* Increment version for communication releases (#17608)

* Increment package version after release of com.azure azure-communication-sms

* Increment package version after release of com.azure azure-communication-administration

* Increment package version after release of com.azure azure-communication-common

* Increment package version after release of com.azure azure-communication-chat

* [service bus] Update ServiceBusProcessor sample to demo how to write a long-running processor. (#17633)

As part of the work to add in a ServiceBusErrorContext we also want to showcase how users can tease out the various errors that are reported. 

This PR updates the current processor sample to angle more towards how to keep a ServiceBusProcessor running long-term, including handling certain errors that _might_ be fatal (it's always up to the user to choose to terminate the processor).

Fix for #17490

* [service bus] Migration guide changes for errors, api changes, etc... (#17656)

Fixing some small stuff in the migration guide:

- processor error handler has a different signature, need to use the session builder, etc..
- some syntax errors (variable called client, usage uses 'sender')
- inconsistencies in some samples if they're pasted as is

* Replace the invalid open source link with working one. (#17602)

* Fixed bug where query params were being parsed incorrectly if an encoded comma was the query value (#17655)

* [service bus] Updating connection strings in migration guide to be consistent with readme (#17662)

Updating to the same string constant we use elsewhere in the SDK for samples.

Completes #17656

* Sync eng/common directory with azure-sdk-tools for PR 1203 (#17674)

* Refactoring artifact-metadata-parsing.ps1, update-docs-metadata.ps1, and create-tags-and-git-release.ps1

* Clean up common imports

* Refactor Update-docs-ci.ps1

Co-authored-by: Chidozie Ononiwu <chononiw@microsoft.com>

* Keep aad legacy code (#17664)

* checkout jialin's commit and make build pass.

* Change new property prefix from 'azure.activedirectory' to 'azure.active.directory'.

* Add resource searching sample description (#17615)

* Add resource searching sample description

* Add From Source Test Run to Live Tests (#17584)

* Add From Source test run to live tests

* Add From Source to matrix

* Amqp Message Update - API Change (#17464)

1. New Type AmqpMessageId ( Based on discussion from Clemens, dotnet had)

2. New Type AmqpAddress ( Based on discussion from Clemens, dotnet had)

3. Return type change in AmqpMessageProperties for above two new types.

3. Following changes are to keep consistency with dotnet and common prefix -> AmqpMessage

A. Renamed AmqpDataBody to AmqpMessageBody (to be same name as in dotnet)

B. Renamed AmqpBodyType to AmqpMessageBodyType (Same name in dotnet)

4. Added AmqpMessageBody .getFirstData () Based on team review

5. Returning IterableStream in AmqpMessageBody .getData () Based on team review

6. Removed Copy constructor AmqpAnnotatedMessage (matching with dotnet) and because it is servicebus specific . So moving this logic into servicebus

* [Communication] - Chat - Replaced ChatUserCredentialPolicy with BearerTokenAuthenticationPolicy (#17452)

* Replaced ChatUserCredentialPolicy with BearerTokenAuthenticationPolicy

* Removed ChatUserCredentialPolicy

* Added tests for CommunicationTokenCredential

* [TA] Healthcare recognition and Analyze LRO  (#17687)

* [TA] CodeGen based on 3.1-preview.3 (#17182)

- only codegen and fixes after codegen, there is no new implementation added.

* [TA] Healthcare Analyze feature (#17234)

* Added support for Healthcare Analyze and Cancellation endpoints

* [TA] Regenerate the swagger v3.1-Preview.3 with latest autorest version (#17358)

* regenerate with latest autorest and swagger, use 4.0.4 autorest to codegen instead of v4.0.2

* [TA] Add analyze tasks feature support (#17267)

* Add analyze multiple tasks and update healthcare features.

* Update test resource region to Central US for FormRecognizer (#17693)

* Vijay receive message ttl fix (#17678)

* Fixing a regresion in message converter.

* Changing version number.

* [TA] Prepare for November Release. (#17696)

* no AAD but add note for what reason AAD is not working for healthcare

* [service bus] Terminology clarification and small copy/paste errors in javadocs (#17691)

* Add tracing support for Service Bus processor (#17684)

* Add tracing support for SB processor

* Make addContext packag-private

* Resolve merge conflict

* Updated the Key Vault CHANGELOGs to include past stable releases. (#17701)

* Updated the Key Vault CHANGELOGs to include information about past stable releases.

* Updated Keys README.

* Increment package version after release of com.azure azure-ai-textanalytics (#17704)

* Swtich back to smoke-test before doc publishing error gets fixed. (#17697)

Co-authored-by: Sima Zhu <sizhu@microsoft.com>

* Increment package version after release of com.azure azure-security-keyvault-keys (#17705)

* Update '/eng/common/pipelines/templates/steps/create-pull-request.yml' to close test increment version pullrequests. (#17695)

* remove plugins to restore source and javadoc jar (#17680)

* Synapse: regenerate package-2019-06-01-preview (#17713)

* regenerate synapse package-2019-06-01-preview

* update version

* fix compile errors

* - update release history. (#17675)

- update release history

* Rename getAmqpAnnotatedMessage to getRawAmqpMessage (#17712)

Rename getAmqpAnnotatedMessage to getRawAmqpMessage

* Sync eng/common directory with azure-sdk-tools for PR 1219 (#17711)

* Move entire docgeneration into common tools

* Move docindex to common

* Added the package replacement logic

* Fixed on parameters

* Fixed param

* Change function to dash

* Added regex on function

* Added display name.

* Update eng/common/docgeneration/Generate-DocIndex.ps1

Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com>

* Deal with js

* Add no new line args

* revert some test changes

* Need to default to the double quotes for JS regex

* Update Generate-DocIndex.ps1

* Added the appTitle

* type

Co-authored-by: Sima Zhu <sizhu@microsoft.com>
Co-authored-by: Sima Zhu <48036328+sima-zhu@users.noreply.github.com>
Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com>

* [Service Bus] Allow 0 prefetch and dynamically use batch size to request link credits (#17546)

* Fix Connection Closing on Timeout (#17690)

* Close connection when timeout occurs

* Add CHANGELOG entry

Co-authored-by: vcolin7 <vicolina@microsoft.com>
Co-authored-by: Gauri Prasad <51212198+gapra-msft@users.noreply.github.com>
Co-authored-by: Azure SDK Bot <53356347+azure-sdk@users.noreply.github.com>
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
Co-authored-by: Annie Liang <64233642+xinlian12@users.noreply.github.com>
Co-authored-by: Annie Liang <xinlian@microsoft.com>
Co-authored-by: Sima Zhu <sizhu@microsoft.com>
Co-authored-by: gaohan <1135494872@qq.com>
Co-authored-by: v-gaoh <v-gaoh@Microsoft.com>
Co-authored-by: Manfred Riem <manfred.riem@microsoft.com>
Co-authored-by: Chidozie Ononiwu <chononiw@microsoft.com>
Co-authored-by: zhihaoguo <zhihaoguo@microsoft.com>
Co-authored-by: Sameeksha Vaity <savaity@microsoft.com>
Co-authored-by: Brandon Siegel <96068+bsiegel@users.noreply.github.com>
Co-authored-by: Yi Liu <yiliu6@microsoft.com>
Co-authored-by: Shawn Fang <45607042+mssfang@users.noreply.github.com>
Co-authored-by: Sima Zhu <48036328+sima-zhu@users.noreply.github.com>
Co-authored-by: lzc-1997-abel <70368631+lzc-1997-abel@users.noreply.github.com>
Co-authored-by: paola Mariana vicencio Hernandez <pvicencio@microsoft.com>
Co-authored-by: Srikanta <51379715+srnagar@users.noreply.github.com>
Co-authored-by: Jorge Beauregard <69869951+jbeauregardb@users.noreply.github.com>
Co-authored-by: Ramya Rao <ramya.rao.a@outlook.com>
Co-authored-by: Weidong Xu <weidxu@microsoft.com>
Co-authored-by: Chidozie Ononiwu <31145988+chidozieononiwu@users.noreply.github.com>
Co-authored-by: Heath Stewart <heaths@microsoft.com>
Co-authored-by: minnieliu <minnieliu96@hotmail.com>
Co-authored-by: Minnie Liu <peiliu@microsoft.com>
Co-authored-by: gapra <gapra@microsoft.com>
Co-authored-by: Jack Lu <dbqp99@msn.com>
Co-authored-by: Rujun Chen <Rujun.Chen@microsoft.com>
Co-authored-by: Tanyi Chen <tanchen@microsoft.com>
Co-authored-by: Kushagra Thapar <kuthapar@microsoft.com>
Co-authored-by: Richard Park <51494936+richardpark-msft@users.noreply.github.com>
Co-authored-by: Fabian Meiswinkel <fabianm@microsoft.com>
Co-authored-by: Francisco Fernández Castaño <francisco.fernandez.castano@gmail.com>
Co-authored-by: M <v-moaryc@microsoft.com>
Co-authored-by: Alan Zimmer <48699787+alzimmermsft@users.noreply.github.com>
Co-authored-by: Hemant Tanwar <hemant_tanwar@hotmail.com>
Co-authored-by: Vijaya Gopal Yarramneni <viyarr@microsoft.com>
Co-authored-by: Chuang <54572251+xccc-msft@users.noreply.github.com>
Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com>
Co-authored-by: Yijun Xie <48257664+YijunXieMS@users.noreply.github.com>
openapi-sdkautomation bot pushed a commit to AzureSDKAutomation/azure-sdk-for-java that referenced this pull request Feb 14, 2022
New review request for Microsoft.ContainerService to add version 2022-01-01 (Azure#17814)

* Adds base for updating Microsoft.ContainerService from version stable/2021-10-01 to version 2022-01-01

* Updates readme

* Updates API version in new specs and examples

* Update readme to help generate SDK (Azure#17371)

* update readme to help generate SDK

* update readme

* Support query parameter 'format' in listClusterUserCredential handler (Azure#17209)

* Support query parameter 'format' in listClusterUserCredential handler

* Add kubelogin to custom words

* Fix enum lint

* Fix typo

* Fix typo

* List admin credential should not have format parameter

* Add adminUsers in aadprofile (Azure#17402)

* Revert "Add adminUsers in aadprofile (Azure#17402)" (Azure#17523)

This reverts commit 1d8f262848ad55df67f60321e2ccc1232c7f746b.

* fix conflict (Azure#17623)

Co-authored-by: Tongyao Si <tosi@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add algorithms to EncryptionAlgorithm for Key Vault
4 participants